dc02eja.cormagdalena.gov.co Open in urlscan Pro
198.187.29.65 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://dc02eja.cormagdalena.gov.co/prueba/vn-audio/
Submission: On January 10 via manual (January 10th 2023, 1:20:50 pm UTC) from US — Scanned from DE

Summary HTTP 8 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 8 HTTP transactions. The main IP is 198.187.29.65, located in United States and belongs to NAMECHEAP-NET, US. The main domain is dc02eja.cormagdalena.gov.co.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on October 25th 2022. Valid for: a year.

This is the only time dc02eja.cormagdalena.gov.co was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: AT&T (Telecommunication)

Domain & IP information

	IP Address	AS Autonomous System
5	198.187.29.65 198.187.29.65	22612 (NAMECHEAP...) (NAMECHEAP-NET)
3	144.160.19.173 144.160.19.173	797 (AMERITECH-AS) (AMERITECH-AS)
8	2

5 198.187.29.65 (United States)

ASN22612 (NAMECHEAP-NET, US)
PTR: host75-4.registrar-servers.com

dc02eja.cormagdalena.gov.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 144.160.19.173 (Upper Marlboro, United States)

ASN797 (AMERITECH-AS, US)
PTR: clcontent-sf.att.com

signin.att.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	cormagdalena.gov.co dc02eja.cormagdalena.gov.co	49 KB
3	att.com signin.att.com — Cisco Umbrella Rank: 32764	71 KB
8	2

	Domain	Requested by
5	dc02eja.cormagdalena.gov.co	dc02eja.cormagdalena.gov.co
3	signin.att.com	dc02eja.cormagdalena.gov.co signin.att.com
8	2

This site contains no links.

Subject Issuer	Validity	Valid
dc02eja.cormagdalena.gov.co Sectigo RSA Domain Validation Secure Server CA	`2022-10-25` - `2023-10-25`	a year	crt.sh
*.att.com DigiCert TLS RSA SHA256 2020 CA1	`2022-06-30` - `2023-06-30`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://dc02eja.cormagdalena.gov.co/prueba/vn-audio/
Frame ID: 6375B598F89AAF808F8E3B4980685627
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Login Screen

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

8
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

120 kB
Transfer

340 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
dc02eja.cormagdalena.gov.co/prueba/vn-audio/ 6 KB
2 KB 802ms
197ms Document
text/html 198.187.29.65
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://dc02eja.cormagdalena.gov.co/prueba/vn-audio/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 198.187.29.65 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: host75-4.registrar-servers.com
Software: Apache /
Resource Hash: 90f9d143b8fc0a1b0d2dffc23c0fa36c57d424cc7c0f3a5b1c7d47a70776afdb

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
content-encoding: gzip
content-length: 1862
content-type: text/html
date: Tue, 10 Jan 2023 13:20:44 GMT
last-modified: Thu, 29 Dec 2022 16:26:03 GMT
server: Apache
vary: Accept-Encoding

GET
H/1.1 200
OK styles.css
signin.att.com/static/siam/en/halo_c/halo-c-login/ 155 KB
33 KB 1555ms
156ms Stylesheet
text/css 144.160.19.173
AMERITECH-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://signin.att.com/static/siam/en/halo_c/halo-c-login/styles.css?v=16.4.3

Requested by

Host: dc02eja.cormagdalena.gov.co
URL: https://dc02eja.cormagdalena.gov.co/prueba/vn-audio/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

144.160.19.173 Upper Marlboro, United States, ASN797 (AMERITECH-AS, US),

Reverse DNS

clcontent-sf.att.com

Software

Resource Hash

29e632695962fcaea41235d17fa0772cadb8eafa92e479df6e350f458df61a61

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dc02eja.cormagdalena.gov.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Tue, 10 Jan 2023 13:20:45 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
last-modified: Wed, 19 Oct 2022 07:31:40 GMT
etag: "26ad9-5eb5e3314af00"
transfer-encoding: chunked
x-frame-options: SAMEORIGIN
p3p: CP="NON CUR OTPi OUR NOR UNI"
content-type: text/css
access-control-allow-origin: *
iam_on: 99
accept-ranges: bytes
apser: p770

GET
H2 200 logos-att-logo.svg
dc02eja.cormagdalena.gov.co/prueba/vn-audio/images/ 8 KB
3 KB 197ms
196ms Image
image/svg+xml 198.187.29.65
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dc02eja.cormagdalena.gov.co/prueba/vn-audio/images/logos-att-logo.svg
Requested by: Host: dc02eja.cormagdalena.gov.co
URL: https://dc02eja.cormagdalena.gov.co/prueba/vn-audio/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 198.187.29.65 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: host75-4.registrar-servers.com
Software: Apache /
Resource Hash: 6982fbe858e30068de9301b49438c83838bc7beb058146703b22b701e6709c7e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dc02eja.cormagdalena.gov.co/prueba/vn-audio/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Tue, 10 Jan 2023 13:20:44 GMT
content-encoding: gzip
last-modified: Sat, 24 Dec 2022 11:46:12 GMT
server: Apache
vary: Accept-Encoding
content-type: image/svg+xml
accept-ranges: bytes
content-length: 3428

GET
H2 200 images-checkmark.svg
dc02eja.cormagdalena.gov.co/prueba/vn-audio/images/ 350 B
389 B 195ms
194ms Image
image/svg+xml 198.187.29.65
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dc02eja.cormagdalena.gov.co/prueba/vn-audio/images/images-checkmark.svg
Requested by: Host: dc02eja.cormagdalena.gov.co
URL: https://dc02eja.cormagdalena.gov.co/prueba/vn-audio/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 198.187.29.65 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: host75-4.registrar-servers.com
Software: Apache /
Resource Hash: b589ac98cac6d578082d9d2e8bb354abcab6f41f25a081a613227a37def44c9a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dc02eja.cormagdalena.gov.co/prueba/vn-audio/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Tue, 10 Jan 2023 13:20:44 GMT
content-encoding: gzip
last-modified: Sat, 24 Dec 2022 11:46:12 GMT
server: Apache
vary: Accept-Encoding
content-type: image/svg+xml
accept-ranges: bytes
content-length: 250

GET
H2 200 2.2.4-jquery.min.js Show response
dc02eja.cormagdalena.gov.co/prueba/vn-audio/js/ 84 KB
29 KB 552ms
552ms Script
application/javascript 198.187.29.65
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://dc02eja.cormagdalena.gov.co/prueba/vn-audio/js/2.2.4-jquery.min.js
Requested by: Host: dc02eja.cormagdalena.gov.co
URL: https://dc02eja.cormagdalena.gov.co/prueba/vn-audio/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 198.187.29.65 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: host75-4.registrar-servers.com
Software: Apache /
Resource Hash: 05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dc02eja.cormagdalena.gov.co/prueba/vn-audio/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Tue, 10 Jan 2023 13:20:44 GMT
content-encoding: gzip
last-modified: Sat, 24 Dec 2022 11:46:12 GMT
server: Apache
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
content-length: 29822

GET
H2 200 js-bootstrap.min.js Show response
dc02eja.cormagdalena.gov.co/prueba/vn-audio/js/ 50 KB
14 KB 381ms
380ms Script
application/javascript 198.187.29.65
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://dc02eja.cormagdalena.gov.co/prueba/vn-audio/js/js-bootstrap.min.js
Requested by: Host: dc02eja.cormagdalena.gov.co
URL: https://dc02eja.cormagdalena.gov.co/prueba/vn-audio/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 198.187.29.65 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS: host75-4.registrar-servers.com
Software: Apache /
Resource Hash: 56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dc02eja.cormagdalena.gov.co/prueba/vn-audio/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Tue, 10 Jan 2023 13:20:44 GMT
content-encoding: gzip
last-modified: Sat, 24 Dec 2022 11:46:12 GMT
server: Apache
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
content-length: 14085

GET
H/1.1 200
OK ATTAleckSans_W_Rg.woff2
signin.att.com/static/siam/en/halo_c/halo-c-login/assets/fonts/att/ATTAleckSans/woff2/ 18 KB
18 KB 619ms
155ms Font
application/octet-stream 144.160.19.173
AMERITECH-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://signin.att.com/static/siam/en/halo_c/halo-c-login/assets/fonts/att/ATTAleckSans/woff2/ATTAleckSans_W_Rg.woff2

Requested by

Host: signin.att.com
URL: https://signin.att.com/static/siam/en/halo_c/halo-c-login/styles.css?v=16.4.3

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

144.160.19.173 Upper Marlboro, United States, ASN797 (AMERITECH-AS, US),

Reverse DNS

clcontent-sf.att.com

Software

Resource Hash

e2740c7b209e33aca7176250d80f94b4924e5e5d18076ee3b95f32a0e20d1f58

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://signin.att.com/static/siam/en/halo_c/halo-c-login/styles.css?v=16.4.3
Origin: https://dc02eja.cormagdalena.gov.co
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Tue, 10 Jan 2023 13:20:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
last-modified: Wed, 19 Oct 2022 07:31:40 GMT
etag: "4830-5eb5e3314af00"
x-frame-options: SAMEORIGIN
iam_on: 99
p3p: CP="NON CUR OTPi OUR NOR UNI"
access-control-allow-origin: *
accept-ranges: bytes
apser: p767
content-length: 18480

GET
H/1.1 200
OK ATTAleckSans_W_Md.woff2
signin.att.com/static/siam/en/halo_c/halo-c-login/assets/fonts/att/ATTAleckSans/woff2/ 19 KB
19 KB 622ms
156ms Font
application/octet-stream 144.160.19.173
AMERITECH-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://signin.att.com/static/siam/en/halo_c/halo-c-login/assets/fonts/att/ATTAleckSans/woff2/ATTAleckSans_W_Md.woff2

Requested by

Host: signin.att.com
URL: https://signin.att.com/static/siam/en/halo_c/halo-c-login/styles.css?v=16.4.3

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

144.160.19.173 Upper Marlboro, United States, ASN797 (AMERITECH-AS, US),

Reverse DNS

clcontent-sf.att.com

Software

Resource Hash

59ea63b5ffe0f060e37c24a44b6406943df9e4fca39e2ef43023c2ae9783f220

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://signin.att.com/static/siam/en/halo_c/halo-c-login/styles.css?v=16.4.3
Origin: https://dc02eja.cormagdalena.gov.co
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Tue, 10 Jan 2023 13:20:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
last-modified: Wed, 19 Oct 2022 07:31:40 GMT
etag: "4c8c-5eb5e3314af00"
x-frame-options: SAMEORIGIN
iam_on: 99
p3p: CP="NON CUR OTPi OUR NOR UNI"
access-control-allow-origin: *
accept-ranges: bytes
apser: p766
content-length: 19596

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: AT&T (Telecommunication)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontentvisibilityautostatechange function| $ function| jQuery object| bootstrap

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

dc02eja.cormagdalena.gov.co
signin.att.com
144.160.19.173
198.187.29.65
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
29e632695962fcaea41235d17fa0772cadb8eafa92e479df6e350f458df61a61
56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4
59ea63b5ffe0f060e37c24a44b6406943df9e4fca39e2ef43023c2ae9783f220
6982fbe858e30068de9301b49438c83838bc7beb058146703b22b701e6709c7e
90f9d143b8fc0a1b0d2dffc23c0fa36c57d424cc7c0f3a5b1c7d47a70776afdb
b589ac98cac6d578082d9d2e8bb354abcab6f41f25a081a613227a37def44c9a
e2740c7b209e33aca7176250d80f94b4924e5e5d18076ee3b95f32a0e20d1f58

dc02eja.cormagdalena.gov.co Open in urlscan Pro 198.187.29.65 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

8 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

1 Countries

120 kBTransfer

340 kBSize

0 Cookies

0 Outgoing links

Redirected requests

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

4 JavaScript Global Variables

0 Cookies

Indicators

dc02eja.cormagdalena.gov.co Open in urlscan Pro
198.187.29.65 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

8
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

120 kB
Transfer

340 kB
Size

0
Cookies

8 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!