oxydium.net
Open in
urlscan Pro
205.236.58.185
Malicious Activity!
Public Scan
Submission: On May 03 via automatic, source openphish
Summary
This is the only time oxydium.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: AT&T (Telecommunication)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
13 | 205.236.58.185 205.236.58.185 | 53757 (UNILINK) (UNILINK - Unilink Networks Inc.) | |
1 | 87.248.118.23 87.248.118.23 | 10310 (YAHOO-1) (YAHOO-1 - Yahoo!) | |
1 3 | 216.77.188.90 216.77.188.90 | 6389 (BELLSOUTH...) (BELLSOUTH-NET-BLK - BellSouth.net Inc.) | |
16 | 3 |
ASN53757 (UNILINK - Unilink Networks Inc., CA)
PTR: wh30.unilink.net
oxydium.net |
ASN10310 (YAHOO-1 - Yahoo!, US)
PTR: e2.ycpi.vip.deb.yahoo.com
open.ad.yieldmanager.net |
ASN6389 (BELLSOUTH-NET-BLK - BellSouth.net Inc., US)
PTR: home.secureapp.att.net
home.secureapp.att.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
13 |
oxydium.net
oxydium.net |
151 KB |
3 |
att.net
1 redirects
home.secureapp.att.net |
23 KB |
1 |
yieldmanager.net
open.ad.yieldmanager.net |
264 B |
16 | 3 |
Domain | Requested by | |
---|---|---|
13 | oxydium.net |
oxydium.net
|
3 | home.secureapp.att.net |
1 redirects
oxydium.net
|
1 | open.ad.yieldmanager.net |
oxydium.net
|
16 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.att.net |
www.att.com |
home.secureapp.att.net |
Subject Issuer | Validity | Valid |
---|
This page contains 1 frames:
Primary Page:
http://oxydium.net/index.html
Frame ID: 1B6AE240AB124FD5544F1E58C4DB9E2
Requests: 16 HTTP requests in this frame
Screenshot
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
Webtrends (Analytics) Expand
Detected patterns
- env /^(?:WTOptimize|WebTrends)/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery(?:\-|\.)([\d.]*\d)[^\/]*\.js/i
- script /jquery.*\.js/i
- env /^jQuery$/i
Page Statistics
12 Outgoing links
These are links going to different origins than the main page.
Title: AT&T
Search URL Search Domain Scan URL
Title: AT&T Support
Search URL Search Domain Scan URL
Title: Forgot Password?
Search URL Search Domain Scan URL
Title: Sign Up Now
Search URL Search Domain Scan URL
Title: AT&T Support
Search URL Search Domain Scan URL
Title: Advertise with Us
Search URL Search Domain Scan URL
Title: Terms of Service
Search URL Search Domain Scan URL
Title: Copyright
Search URL Search Domain Scan URL
Title: Privacy Policy
Search URL Search Domain Scan URL
Title: About Our Ads
Search URL Search Domain Scan URL
Title: Acceptable Use Policy
Search URL Search Domain Scan URL
Title: Copyright © 2012 AT&T Intellectual Property
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 14- https://home.secureapp.att.net/attportal/s/context.dll?id=9002001&type=clickthru&name=cgate.signIn.Pageviews.www-att-net&redirecturl=/i/s.gif?nocache=8667 HTTP 302
- https://home.secureapp.att.net/i/s.gif?nocache=8667
16 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
index.html
oxydium.net/ |
5 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main0000.css
oxydium.net/index_files/ |
12 KB 13 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-1.js
oxydium.net/index_files/ |
83 KB 84 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery00.js
oxydium.net/index_files/ |
9 KB 9 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
script00.js
oxydium.net/index_files/ |
24 KB 24 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
script01.js
oxydium.net/index_files/ |
6 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mobile00.css
oxydium.net/index_files/ |
3 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
footerBg.png
oxydium.net/index_files/ |
560 B 801 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
pageBg00.png
oxydium.net/index_files/ |
169 B 410 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
btnSumbi.png
oxydium.net/index_files/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ques0000.png
oxydium.net/index_files/ |
363 B 604 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
a1
open.ad.yieldmanager.net/ |
0 264 B |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
support-.jpg
oxydium.net/index_files/ |
2 KB 2 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
attLogo_.png
oxydium.net/index_files/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.0 |
webtrends.min.js
home.secureapp.att.net/js/Webtrends/ |
22 KB 22 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.0 |
s.gif
home.secureapp.att.net/i/ Redirect Chain
|
43 B 269 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: AT&T (Telecommunication)23 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery string| agent function| setRegURL function| logPgvw function| refer function| submitForm function| trimAll function| chkTick function| unchkTick function| getElementsByClassName function| btnChange function| acctSelBtnEnable function| ie6Img function| getYadContents function| init object| yld_mgr function| dcsMultiTrack object| Webtrends object| WebTrends object| WT function| dcsDebug function| webtrendsAsyncInit0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
home.secureapp.att.net
open.ad.yieldmanager.net
oxydium.net
205.236.58.185
216.77.188.90
87.248.118.23
01a7e22fd83c617ff55898233518c54a9ecce7e0de3e8a63c4fa59315b029c6b
127fe9de2d9d6428b15fbfc4ffcfc6d458a4d17da78161242af5cbd9ce147b0e
1645c94b11bdb18706dbac8070a38315e357431cc6ba20758f1e6f8bf84d89e6
27da51ec2023f96407f92161ddda0e290b0661a765822ff03e5d61f3aecf8aa0
3412b58250db94b87846ce76d50f4139b249c8c839897b2e8c9021126de30b93
579275a096880d9f9c6d8a91efe4c9416434814294034a894f58a09361330861
5fd69c4fa9f1a2a6fbdab11ff45053dbd08237e6190dfc9c071fadd08fe9b7d5
61e91515aaf72cba3014a136331a138eca6b27831c8f2e6b0c128825243f5263
61eba2a6c6c3148f624347072bffc96751be68fadd6315e187c38402432e4dc1
70b5a6613f03d3c015d826185e39839e6dbc2d03871f151bafbed5cc58503f69
7116d27c9082ba2c634e147add9f2da39e20bb175689fd1bc156ebfafe6f2f12
764b9e9f3ad386aaa5cdeae9368353994de61c0bede087c8f7e3579cb443de3b
8d31dade64b13391cb000d84241e2ca5c22919bee38f0a3973346e8944a30212
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
c537cf7e2770d1b4953255dfccff8e0bdbfd4adb4e88d868e353208ae7ff13c1
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855