helpdesk-att.com Open in urlscan Pro
198.54.115.213  Malicious Activity! Public Scan

2 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

1. http://helpdesk-att.com/ Page URL
2. http://helpdesk-att.com/login.php?e40ce60f5880cec5ce2de332c128cd5fb421ba88 Page URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

4 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	/ Show response helpdesk-att.com/	447 B 541 B	770ms 509ms	Document text/html	198.54.115.213 Namecheap
General Check archive.org Show headers Download Go to Full URL http://helpdesk-att.com/ Protocol HTTP/1.1 Server 198.54.115.213 Los Angeles, United States, ASN22612 (NAMECHEAP-NET - Namecheap, Inc., US), Reverse DNS server209-3.web-hosting.com Software Apache / PHP/7.2.18 Resource Hash 62ece50520583637972b2e4e00959c5f661002c79ca07be8290e8cdaae812aae Request headers Host helpdesk-att.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3 Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Mon, 13 May 2019 19:09:04 GMT Server Apache X-Powered-By PHP/7.2.18 Accept-Ranges none Vary Accept-Encoding Content-Encoding gzip Content-Length 314 Content-Type text/html; charset=UTF-8
GET H/1.1	200 OK	Primary Request login.php Show response helpdesk-att.com/	103 KB 22 KB	499ms 499ms	Document text/html	198.54.115.213 Namecheap
General Check archive.org Show headers Download Go to Full URL http://helpdesk-att.com/login.php?e40ce60f5880cec5ce2de332c128cd5fb421ba88 Requested by Host: helpdesk-att.com URL: http://helpdesk-att.com/ Protocol HTTP/1.1 Server 198.54.115.213 Los Angeles, United States, ASN22612 (NAMECHEAP-NET - Namecheap, Inc., US), Reverse DNS server209-3.web-hosting.com Software Apache / PHP/7.2.18 Resource Hash 3205bb376c025f50b7a923bbfb3def0b641a937d1c8c2766344bf92808befa45 Request headers Host helpdesk-att.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3 Referer http://helpdesk-att.com/ Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Referer http://helpdesk-att.com/ Response headers Date Mon, 13 May 2019 19:09:04 GMT Server Apache X-Powered-By PHP/7.2.18 Accept-Ranges none Vary Accept-Encoding Content-Encoding gzip Content-Length 21802 Content-Type text/html; charset-UTF-8;charset=UTF-8
GET H/1.1	200 OK	common.js Show response oidc.idp.elogin.att.com/lrr/attLRR/resources/js/	490 B 900 B	1132ms 177ms	Script application/javascript	2001:1890:1c00:3221::4:1068 AT&T Services
General Check archive.org Show headers Download Go to Full URL https://oidc.idp.elogin.att.com/lrr/attLRR/resources/js/common.js Requested by Host: helpdesk-att.com URL: http://helpdesk-att.com/login.php?e40ce60f5880cec5ce2de332c128cd5fb421ba88 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2001:1890:1c00:3221::4:1068 , United States, ASN7018 (ATT-INTERNET4 - AT&T Services, Inc., US), Reverse DNS Software / Resource Hash 6dcc98508e51ac1e3182428cf6c3663c1d9d2d1b43266c4a50dc72f99d24f9dd Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Frame-Options SAMEORIGIN Request headers Referer http://helpdesk-att.com/login.php?e40ce60f5880cec5ce2de332c128cd5fb421ba88 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Mon, 13 May 2019 19:09:05 GMT via 1.1 flpv0698-ffjs02-app.ffdc.sbc.com:9010 (Apache/2.4.33) last-modified Mon, 11 Feb 2019 16:05:30 GMT x-frame-options SAMEORIGIN p3p CP="NON CUR OTPi OUR NOR UNI" cache-control no-store strict-transport-security max-age=31536000; includeSubDomains; preload accept-ranges bytes content-type application/javascript content-length 490
GET H/1.1	200 OK	logo_homepage2.gif oidc.idp.elogin.att.com//faq/eiam/static/en/csp/default/images/	3 KB 3 KB	172ms 171ms	Image image/gif	2001:1890:1c00:3221::4:1068 AT&T Services
General Check archive.org Show headers Download Go to Show image Full URL https://oidc.idp.elogin.att.com//faq/eiam/static/en/csp/default/images/logo_homepage2.gif Requested by Host: helpdesk-att.com URL: http://helpdesk-att.com/login.php?e40ce60f5880cec5ce2de332c128cd5fb421ba88 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2001:1890:1c00:3221::4:1068 , United States, ASN7018 (ATT-INTERNET4 - AT&T Services, Inc., US), Reverse DNS Software / Resource Hash 6af62124f222b73ff5a777574dcccfedd892dd0a7dbfddf41fe6ccf99eec7b33 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Frame-Options SAMEORIGIN Request headers Referer http://helpdesk-att.com/login.php?e40ce60f5880cec5ce2de332c128cd5fb421ba88 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Mon, 13 May 2019 19:09:05 GMT via 1.1 flpv0698-ffjs02-app.ffdc.sbc.com:9020 (Apache/2.4.33) last-modified Wed, 08 May 2019 03:06:28 GMT etag W/"2643-1557284788000" x-frame-options SAMEORIGIN p3p CP="NON CUR OTPi OUR NOR UNI" strict-transport-security max-age=31536000; includeSubDomains; preload accept-ranges bytes content-type image/gif content-length 2643

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: AT&T (Telecommunication)

147 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask function| validateUserId function| getSQIndex boolean| bShowNonPrimaryUsage boolean| bNoLoginButton boolean| bIsIphone string| agent string| strReqLnkCookie string| strCSPEnvURLCookie string| strPKMSLogin object| astrShowBD object| astrBDOnly object| astrTokenOnly object| astrBDAppName object| astrIsurvey object| astrATTOnly object| astrATTOnlyExc object| astrHideATT object| astrShowCricket string| strUserIDText string| strBDUserIDText string| strATTUserIDText object| strCookieDomain string| strUserIDCookie string| strTokenUserCookie string| strTokenPINCookie string| strStateCookie string| strHlte26Cookie string| strHlte26CookieFT string| strV1StateCookie string| strPwd string| strToken string| strTokenGemalto string| strTokenMTips string| strMobileKey string| strAutoMK string| strTokenBasic string| strTokenAdvanced string| strTokenHard string| strTokenSoft string| strStateRemember string| mobileKeyUserId string| strStateForget string| strV1StateSep string| strStateSep string| strStateVersion string| strWriteStateVersion string| strStateSessionLifetime string| strWinAuthAlways string| strWinAuthDisabled string| strUserIDVal string| strTokenUserVal string| strTokenPINVal string| strStateVal string| strPwdOrTokenVal string| strTokenTypeVal string| strSoftOrHardTokenVal string| strWinAuthVal string| strVersionVal string| strAutoMKVal boolean| bcsplastlogincookieExistsMock number| strAutoMKLocalVal boolean| bSetupRememberMe boolean| bAllowTokenPINSave boolean| bSetupSoftwareToken boolean| bSupportSafenet boolean| bWriteSessionCookies boolean| bcsplastlogincookieExists string| strAuthnLevel string| strAuthnLevel2 string| strAuthnLevel3 string| strAuthnLevel4 string| strAuthnLevel5 string| strAuthnLevel6 string| strAuthnLevel7 string| strAuthnLevel8 string| strAuthnLevel9 string| redirectUrl string| mklauncherUrl string| strAACMtipsUrl string| strAACGemaltoUrl string| strLoginErrorCookie string| strLoginErrorTag function| isIE function| isNS function| isIOS function| delay function| getCookieExpiration function| setInputFocus function| checkSubmit function| checkFormSubmit function| checkCookiesOnLoad function| checkCookiesAtField function| ns4ElementById function| getObject function| getCookieVal function| getCookie function| setCookie function| setReqURL function| correctURLContainHashSymbol function| getTargetURL function| getRequestParamFromQueryString function| getReqURL function| setCSPEnvURL function| getShowBD function| getBDOnly function| showUserID function| getLoginError function| getBDUserID function| doBD function| handlePwdOrToken function| handleAdvanced function| handleTokenDefault function| handleSoftwareToken function| handleRememberMe function| isCSPTestSystem function| readStateCookies function| setStateCookies function| setAutoMKVal function| setMobileKeyFlow function| deleteStateCookies function| getUserName function| trim function| setFocus function| getUserIDText function| getTokenOnly function| getATTOnly function| getIsurvey function| getHideATT function| getShowCricket function| doSubmit function| decryptCookie function| start function| setCurrentLocale function| getIamlangCookie function| selectedLanguage function| saveButtonClick function| openPopupWindow function| closePopupWindow function| showLogin function| showPwd function| showToken function| showIsurveyLogin function| DeviceTypeChangeCss number| nCheckCSPAttCom

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			helpdesk-att.com/	1969-12-31 23:59:59	Name: PinLogin Value: TestCookies
			helpdesk-att.com/	1969-12-31 23:59:59	Name: cspURL Value: http%3A//helpdesk-att.com
			helpdesk-att.com/	1969-12-31 23:59:59	Name: cspReqLnk Value: /usersvcs/accountmgt/loginRedir/loginredir.ashx%3FretURL%3D/accountmgt/acctMgtMenu/%26sysName%3DCSP

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

helpdesk-att.com
oidc.idp.elogin.att.com
198.54.115.213
2001:1890:1c00:3221::4:1068
3205bb376c025f50b7a923bbfb3def0b641a937d1c8c2766344bf92808befa45
62ece50520583637972b2e4e00959c5f661002c79ca07be8290e8cdaae812aae
6af62124f222b73ff5a777574dcccfedd892dd0a7dbfddf41fe6ccf99eec7b33
6dcc98508e51ac1e3182428cf6c3663c1d9d2d1b43266c4a50dc72f99d24f9dd