helpdesk-att.com
Open in
urlscan Pro
198.54.115.213
Malicious Activity!
Public Scan
Effective URL: http://helpdesk-att.com/login.php?e40ce60f5880cec5ce2de332c128cd5fb421ba88
Submission: On May 13 via manual from US
Summary
This is the only time helpdesk-att.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: AT&T (Telecommunication)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 | 198.54.115.213 198.54.115.213 | 22612 (NAMECHEAP...) (NAMECHEAP-NET - Namecheap) | |
2 | 2001:1890:1c0... 2001:1890:1c00:3221::4:1068 | 7018 (ATT-INTER...) (ATT-INTERNET4 - AT&T Services) | |
4 | 2 |
ASN22612 (NAMECHEAP-NET - Namecheap, Inc., US)
PTR: server209-3.web-hosting.com
helpdesk-att.com |
ASN7018 (ATT-INTERNET4 - AT&T Services, Inc., US)
oidc.idp.elogin.att.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
2 |
att.com
oidc.idp.elogin.att.com |
4 KB |
2 |
helpdesk-att.com
helpdesk-att.com |
22 KB |
4 | 2 |
Domain | Requested by | |
---|---|---|
2 | oidc.idp.elogin.att.com |
helpdesk-att.com
|
2 | helpdesk-att.com |
helpdesk-att.com
|
4 | 2 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.att.com |
oidc.idp.elogin.att.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
oidc.idp.elogin.att.com DigiCert SHA2 Secure Server CA |
2018-12-11 - 2020-02-27 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
http://helpdesk-att.com/login.php?e40ce60f5880cec5ce2de332c128cd5fb421ba88
Frame ID: A814A04F95EC8F505808D346420D3593
Requests: 4 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- http://helpdesk-att.com/ Page URL
- http://helpdesk-att.com/login.php?e40ce60f5880cec5ce2de332c128cd5fb421ba88 Page URL
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
Page Statistics
2 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Title: SAFENet® Token
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://helpdesk-att.com/ Page URL
- http://helpdesk-att.com/login.php?e40ce60f5880cec5ce2de332c128cd5fb421ba88 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
4 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
/
helpdesk-att.com/ |
447 B 541 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
login.php
helpdesk-att.com/ |
103 KB 22 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
common.js
oidc.idp.elogin.att.com/lrr/attLRR/resources/js/ |
490 B 900 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo_homepage2.gif
oidc.idp.elogin.att.com//faq/eiam/static/en/csp/default/images/ |
3 KB 3 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: AT&T (Telecommunication)147 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask function| validateUserId function| getSQIndex boolean| bShowNonPrimaryUsage boolean| bNoLoginButton boolean| bIsIphone string| agent string| strReqLnkCookie string| strCSPEnvURLCookie string| strPKMSLogin object| astrShowBD object| astrBDOnly object| astrTokenOnly object| astrBDAppName object| astrIsurvey object| astrATTOnly object| astrATTOnlyExc object| astrHideATT object| astrShowCricket string| strUserIDText string| strBDUserIDText string| strATTUserIDText object| strCookieDomain string| strUserIDCookie string| strTokenUserCookie string| strTokenPINCookie string| strStateCookie string| strHlte26Cookie string| strHlte26CookieFT string| strV1StateCookie string| strPwd string| strToken string| strTokenGemalto string| strTokenMTips string| strMobileKey string| strAutoMK string| strTokenBasic string| strTokenAdvanced string| strTokenHard string| strTokenSoft string| strStateRemember string| mobileKeyUserId string| strStateForget string| strV1StateSep string| strStateSep string| strStateVersion string| strWriteStateVersion string| strStateSessionLifetime string| strWinAuthAlways string| strWinAuthDisabled string| strUserIDVal string| strTokenUserVal string| strTokenPINVal string| strStateVal string| strPwdOrTokenVal string| strTokenTypeVal string| strSoftOrHardTokenVal string| strWinAuthVal string| strVersionVal string| strAutoMKVal boolean| bcsplastlogincookieExistsMock number| strAutoMKLocalVal boolean| bSetupRememberMe boolean| bAllowTokenPINSave boolean| bSetupSoftwareToken boolean| bSupportSafenet boolean| bWriteSessionCookies boolean| bcsplastlogincookieExists string| strAuthnLevel string| strAuthnLevel2 string| strAuthnLevel3 string| strAuthnLevel4 string| strAuthnLevel5 string| strAuthnLevel6 string| strAuthnLevel7 string| strAuthnLevel8 string| strAuthnLevel9 string| redirectUrl string| mklauncherUrl string| strAACMtipsUrl string| strAACGemaltoUrl string| strLoginErrorCookie string| strLoginErrorTag function| isIE function| isNS function| isIOS function| delay function| getCookieExpiration function| setInputFocus function| checkSubmit function| checkFormSubmit function| checkCookiesOnLoad function| checkCookiesAtField function| ns4ElementById function| getObject function| getCookieVal function| getCookie function| setCookie function| setReqURL function| correctURLContainHashSymbol function| getTargetURL function| getRequestParamFromQueryString function| getReqURL function| setCSPEnvURL function| getShowBD function| getBDOnly function| showUserID function| getLoginError function| getBDUserID function| doBD function| handlePwdOrToken function| handleAdvanced function| handleTokenDefault function| handleSoftwareToken function| handleRememberMe function| isCSPTestSystem function| readStateCookies function| setStateCookies function| setAutoMKVal function| setMobileKeyFlow function| deleteStateCookies function| getUserName function| trim function| setFocus function| getUserIDText function| getTokenOnly function| getATTOnly function| getIsurvey function| getHideATT function| getShowCricket function| doSubmit function| decryptCookie function| start function| setCurrentLocale function| getIamlangCookie function| selectedLanguage function| saveButtonClick function| openPopupWindow function| closePopupWindow function| showLogin function| showPwd function| showToken function| showIsurveyLogin function| DeviceTypeChangeCss number| nCheckCSPAttCom3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
helpdesk-att.com/ | Name: PinLogin Value: TestCookies |
|
helpdesk-att.com/ | Name: cspURL Value: http%3A//helpdesk-att.com |
|
helpdesk-att.com/ | Name: cspReqLnk Value: /usersvcs/accountmgt/loginRedir/loginredir.ashx%3FretURL%3D/accountmgt/acctMgtMenu/%26sysName%3DCSP |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
helpdesk-att.com
oidc.idp.elogin.att.com
198.54.115.213
2001:1890:1c00:3221::4:1068
3205bb376c025f50b7a923bbfb3def0b641a937d1c8c2766344bf92808befa45
62ece50520583637972b2e4e00959c5f661002c79ca07be8290e8cdaae812aae
6af62124f222b73ff5a777574dcccfedd892dd0a7dbfddf41fe6ccf99eec7b33
6dcc98508e51ac1e3182428cf6c3663c1d9d2d1b43266c4a50dc72f99d24f9dd