oxydium.net Open in urlscan Pro
205.236.58.185 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://oxydium.net/index.html
Submission: On May 03 via automatic, source openphish (May 3rd 2018, 1:56:29 pm UTC)

Summary HTTP 16 Redirects Links 12 Behaviour Indicators

Summary

This website contacted 3 IPs in 3 countries across 3 domains to perform 16 HTTP transactions. The main IP is 205.236.58.185, located in Montréal, Canada and belongs to UNILINK - Unilink Networks Inc., CA. The main domain is oxydium.net.

This is the only time oxydium.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: AT&T (Telecommunication)

Domain & IP information

	IP Address	AS Autonomous System
13	205.236.58.185 205.236.58.185	53757 (UNILINK) (UNILINK - Unilink Networks Inc.)
1	87.248.118.23 87.248.118.23	10310 (YAHOO-1) (YAHOO-1 - Yahoo!)
1 3	216.77.188.90 216.77.188.90	6389 (BELLSOUTH...) (BELLSOUTH-NET-BLK - BellSouth.net Inc.)
16	3

13 205.236.58.185 (Montréal, Canada)

ASN53757 (UNILINK - Unilink Networks Inc., CA)
PTR: wh30.unilink.net

oxydium.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 87.248.118.23 (United Kingdom)

ASN10310 (YAHOO-1 - Yahoo!, US)
PTR: e2.ycpi.vip.deb.yahoo.com

open.ad.yieldmanager.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 216.77.188.90 (United States) 1 redirects

ASN6389 (BELLSOUTH-NET-BLK - BellSouth.net Inc., US)
PTR: home.secureapp.att.net

home.secureapp.att.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
13	oxydium.net oxydium.net	151 KB
3	att.net 1 redirects home.secureapp.att.net	23 KB
1	yieldmanager.net open.ad.yieldmanager.net	264 B
16	3

	Domain	Requested by
13	oxydium.net	oxydium.net
3	home.secureapp.att.net	1 redirects oxydium.net
1	open.ad.yieldmanager.net	oxydium.net
16	3

This site contains links to these domains. Also see Links.

Domain
www.att.net
www.att.com
home.secureapp.att.net

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://oxydium.net/index.html
Frame ID: 1B6AE240AB124FD5544F1E58C4DB9E2
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

Webtrends (Analytics) Expand

Overall confidence: 100%
Detected patterns

env /^(?:WTOptimize|WebTrends)/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery(?:\-|\.)([\d.]*\d)[^\/]*\.js/i
script /jquery.*\.js/i
env /^jQuery$/i

Page Statistics

16
Requests

0 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

173 kB
Transfer

170 kB
Size

0
Cookies

12 Outgoing links

These are links going to different origins than the main page.

URL: http://www.att.net/
Title: AT&T

Search URL Search Domain Scan URL

URL: http://www.att.com/esupport/main.jsp?App_ID=PBY
Title: AT&T Support

Search URL Search Domain Scan URL

URL: https://www.att.com/olam/enterUserIdSlidFpwd.myworld?origination_point=&Return_URL=https://http://ohtttest=success&Cancel_URL=
Title: Forgot Password?

Search URL Search Domain Scan URL

URL: https://home.secureapp.att.net/attportal/s/context.dll?id=9002001&type=clickthru&name=cgate.Register.Pageviews.www-att-net&redirecturl=https://attreg.att.net/PortalRegWeb/PortalRegController?callingAppId=ME&returnUrl=
Title: Sign Up Now

Search URL Search Domain Scan URL

URL: http://www.att.net/s/context.dll?id=1400&type=clickthru&name=global.footer.att.support&redirecturl=http://www.att.com/esupport/main.jsp?App_ID=PBY
Title: AT&T Support

Search URL Search Domain Scan URL

URL: http://www.att.net/s/context.dll?id=1400&type=clickthru&name=global.footer.att.adinfo&redirecturl=http://www.att.net/legal/advertising
Title: Advertise with Us

Search URL Search Domain Scan URL

URL: http://www.att.net/s/context.dll?id=1400&type=clickthru&name=global.footer.att.TOS&redirecturl=http://www.att.com/shop/internet/att-internet-terms-of-service.jsp
Title: Terms of Service

Search URL Search Domain Scan URL

URL: http://www.att.net/s/context.dll?id=1400&type=clickthru&name=global.footer.att.copyright&redirecturl=http://info.yahoo.com/copyright/details.html
Title: Copyright

Search URL Search Domain Scan URL

URL: http://www.att.net/s/context.dll?id=1400&type=clickthru&name=global.footer.att.privacy&redirecturl=http://att.yahoo.com/privacy
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: http://www.att.net/s/context.dll?id=1400&type=clickthru&name=global.footer.att.aboutourads&redirecturl=http://info.yahoo.com/privacy/us/yahoo/attandyahoo/adchoices.html
Title: About Our Ads

Search URL Search Domain Scan URL

URL: http://www.att.net/s/context.dll?id=1400&type=clickthru&name=global.footer.att.AUP&redirecturl=http://www.corp.att.com/aup/
Title: Acceptable Use Policy

Search URL Search Domain Scan URL

URL: http://www.att.net/s/context.dll?id=1400&type=clickthru&name=global.footer.att.IP&redirecturl=http://www.att.com/gen/privacy-policy?pid=2587
Title: Copyright © 2012 AT&T Intellectual Property

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 14

https://home.secureapp.att.net/attportal/s/context.dll?id=9002001&type=clickthru&name=cgate.signIn.Pageviews.www-att-net&redirecturl=/i/s.gif?nocache=8667 HTTP 302
https://home.secureapp.att.net/i/s.gif?nocache=8667

16 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request index.html Show response oxydium.net/	5 KB 5 KB	217ms 109ms	Document text/html	205.236.58.185 Unilink Networks ...
General Check archive.org Show headers Download Go to Full URL http://oxydium.net/index.html Protocol HTTP/1.1 Server 205.236.58.185 Montréal, Canada, ASN53757 (UNILINK - Unilink Networks Inc., CA), Reverse DNS wh30.unilink.net Software Apache / Resource Hash `8d31dade64b13391cb000d84241e2ca5c22919bee38f0a3973346e8944a30212` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host oxydium.net Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 Cache-Control no-cache Connection keep-alive Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Response headers Date Thu, 03 May 2018 13:56:16 GMT Last-Modified Sat, 24 Feb 2018 10:02:02 GMT Server Apache Content-Type text/html Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 4934
GET H/1.1	200 OK	main0000.css oxydium.net/index_files/	12 KB 13 KB	108ms 108ms	Stylesheet text/css	205.236.58.185 Unilink Networks ...
General Check archive.org Show headers Download Go to Full URL http://oxydium.net/index_files/main0000.css Requested by Host: oxydium.net URL: http://oxydium.net/index.html Protocol HTTP/1.1 Server 205.236.58.185 Montréal, Canada, ASN53757 (UNILINK - Unilink Networks Inc., CA), Reverse DNS wh30.unilink.net Software Apache / Resource Hash `579275a096880d9f9c6d8a91efe4c9416434814294034a894f58a09361330861` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host oxydium.net User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Accept text/css,/;q=0.1 Referer http://oxydium.net/index.html Connection keep-alive Cache-Control no-cache Referer http://oxydium.net/index.html User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Response headers Date Thu, 03 May 2018 13:56:17 GMT Last-Modified Sat, 24 Feb 2018 10:06:52 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 12690
GET H/1.1	200 OK	jquery-1.js Show response oxydium.net/index_files/	83 KB 84 KB	192ms 97ms	Script application/javascript	205.236.58.185 Unilink Networks ...
General Check archive.org Show headers Download Go to Full URL http://oxydium.net/index_files/jquery-1.js Requested by Host: oxydium.net URL: http://oxydium.net/index.html Protocol HTTP/1.1 Server 205.236.58.185 Montréal, Canada, ASN53757 (UNILINK - Unilink Networks Inc., CA), Reverse DNS wh30.unilink.net Software Apache / Resource Hash `764b9e9f3ad386aaa5cdeae9368353994de61c0bede087c8f7e3579cb443de3b` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host oxydium.net User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Accept / Referer http://oxydium.net/index.html Connection keep-alive Cache-Control no-cache Referer http://oxydium.net/index.html User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Response headers Date Thu, 03 May 2018 13:56:17 GMT Last-Modified Sat, 24 Feb 2018 10:06:48 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 85260
GET H/1.1	200 OK	jquery00.js Show response oxydium.net/index_files/	9 KB 9 KB	189ms 95ms	Script application/javascript	205.236.58.185 Unilink Networks ...
General Check archive.org Show headers Download Go to Full URL http://oxydium.net/index_files/jquery00.js Requested by Host: oxydium.net URL: http://oxydium.net/index.html Protocol HTTP/1.1 Server 205.236.58.185 Montréal, Canada, ASN53757 (UNILINK - Unilink Networks Inc., CA), Reverse DNS wh30.unilink.net Software Apache / Resource Hash `70b5a6613f03d3c015d826185e39839e6dbc2d03871f151bafbed5cc58503f69` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host oxydium.net User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Accept / Referer http://oxydium.net/index.html Connection keep-alive Cache-Control no-cache Referer http://oxydium.net/index.html User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Response headers Date Thu, 03 May 2018 13:56:17 GMT Last-Modified Sat, 24 Feb 2018 10:06:27 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 9469
GET H/1.1	200 OK	script00.js Show response oxydium.net/index_files/	24 KB 24 KB	190ms 96ms	Script application/javascript	205.236.58.185 Unilink Networks ...
General Check archive.org Show headers Download Go to Full URL http://oxydium.net/index_files/script00.js Requested by Host: oxydium.net URL: http://oxydium.net/index.html Protocol HTTP/1.1 Server 205.236.58.185 Montréal, Canada, ASN53757 (UNILINK - Unilink Networks Inc., CA), Reverse DNS wh30.unilink.net Software Apache / Resource Hash `61eba2a6c6c3148f624347072bffc96751be68fadd6315e187c38402432e4dc1` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host oxydium.net User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Accept / Referer http://oxydium.net/index.html Connection keep-alive Cache-Control no-cache Referer http://oxydium.net/index.html User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Response headers Date Thu, 03 May 2018 13:56:17 GMT Last-Modified Sat, 24 Feb 2018 10:07:24 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 24425
GET H/1.1	200 OK	script01.js Show response oxydium.net/index_files/	6 KB 6 KB	228ms 120ms	Script application/javascript	205.236.58.185 Unilink Networks ...
General Check archive.org Show headers Download Go to Full URL http://oxydium.net/index_files/script01.js Requested by Host: oxydium.net URL: http://oxydium.net/index.html Protocol HTTP/1.1 Server 205.236.58.185 Montréal, Canada, ASN53757 (UNILINK - Unilink Networks Inc., CA), Reverse DNS wh30.unilink.net Software Apache / Resource Hash `3412b58250db94b87846ce76d50f4139b249c8c839897b2e8c9021126de30b93` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host oxydium.net User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Accept / Referer http://oxydium.net/index.html Connection keep-alive Cache-Control no-cache Referer http://oxydium.net/index.html User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Response headers Date Thu, 03 May 2018 13:56:17 GMT Last-Modified Sat, 24 Feb 2018 10:07:40 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 6067
GET H/1.1	200 OK	mobile00.css oxydium.net/index_files/	3 KB 3 KB	97ms 97ms	Stylesheet text/css	205.236.58.185 Unilink Networks ...
General Check archive.org Show headers Download Go to Full URL http://oxydium.net/index_files/mobile00.css Requested by Host: oxydium.net URL: http://oxydium.net/index.html Protocol HTTP/1.1 Server 205.236.58.185 Montréal, Canada, ASN53757 (UNILINK - Unilink Networks Inc., CA), Reverse DNS wh30.unilink.net Software Apache / Resource Hash `127fe9de2d9d6428b15fbfc4ffcfc6d458a4d17da78161242af5cbd9ce147b0e` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host oxydium.net User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Accept text/css,/;q=0.1 Referer http://oxydium.net/index.html Connection keep-alive Cache-Control no-cache Referer http://oxydium.net/index.html User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Response headers Date Thu, 03 May 2018 13:56:17 GMT Last-Modified Sat, 24 Feb 2018 10:06:57 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 2778
GET H/1.1	200 OK	footerBg.png oxydium.net/index_files/	560 B 801 B	95ms 94ms	Image image/png	205.236.58.185 Unilink Networks ...
General Check archive.org Show headers Download Go to Show image Full URL http://oxydium.net/index_files/footerBg.png Requested by Host: oxydium.net URL: http://oxydium.net/index.html Protocol HTTP/1.1 Server 205.236.58.185 Montréal, Canada, ASN53757 (UNILINK - Unilink Networks Inc., CA), Reverse DNS wh30.unilink.net Software Apache / Resource Hash `61e91515aaf72cba3014a136331a138eca6b27831c8f2e6b0c128825243f5263` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host oxydium.net User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* http://oxydium.net/index_files/main0000.css Connection keep-alive Cache-Control no-cache Referer http://oxydium.net/index_files/main0000.css User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Response headers Date Thu, 03 May 2018 13:56:17 GMT Last-Modified Sat, 24 Feb 2018 10:06:15 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 560
GET H/1.1	200 OK	pageBg00.png oxydium.net/index_files/	169 B 410 B	95ms 94ms	Image image/png	205.236.58.185 Unilink Networks ...
General Check archive.org Show headers Download Go to Show image Full URL http://oxydium.net/index_files/pageBg00.png Requested by Host: oxydium.net URL: http://oxydium.net/index.html Protocol HTTP/1.1 Server 205.236.58.185 Montréal, Canada, ASN53757 (UNILINK - Unilink Networks Inc., CA), Reverse DNS wh30.unilink.net Software Apache / Resource Hash `c537cf7e2770d1b4953255dfccff8e0bdbfd4adb4e88d868e353208ae7ff13c1` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host oxydium.net User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* http://oxydium.net/index_files/main0000.css Connection keep-alive Cache-Control no-cache Referer http://oxydium.net/index_files/main0000.css User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Response headers Date Thu, 03 May 2018 13:56:17 GMT Last-Modified Sat, 24 Feb 2018 10:07:02 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 169
GET H/1.1	200 OK	btnSumbi.png oxydium.net/index_files/	1 KB 2 KB	116ms 116ms	Image image/png	205.236.58.185 Unilink Networks ...
General Check archive.org Show headers Download Go to Show image Full URL http://oxydium.net/index_files/btnSumbi.png Requested by Host: oxydium.net URL: http://oxydium.net/index.html Protocol HTTP/1.1 Server 205.236.58.185 Montréal, Canada, ASN53757 (UNILINK - Unilink Networks Inc., CA), Reverse DNS wh30.unilink.net Software Apache / Resource Hash `27da51ec2023f96407f92161ddda0e290b0661a765822ff03e5d61f3aecf8aa0` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host oxydium.net User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* http://oxydium.net/index_files/main0000.css Connection keep-alive Cache-Control no-cache Referer http://oxydium.net/index_files/main0000.css User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Response headers Date Thu, 03 May 2018 13:56:17 GMT Last-Modified Sat, 24 Feb 2018 10:06:07 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 1395
GET H/1.1	200 OK	ques0000.png oxydium.net/index_files/	363 B 604 B	96ms 96ms	Image image/png	205.236.58.185 Unilink Networks ...
General Check archive.org Show headers Download Go to Show image Full URL http://oxydium.net/index_files/ques0000.png Requested by Host: oxydium.net URL: http://oxydium.net/index.html Protocol HTTP/1.1 Server 205.236.58.185 Montréal, Canada, ASN53757 (UNILINK - Unilink Networks Inc., CA), Reverse DNS wh30.unilink.net Software Apache / Resource Hash `5fd69c4fa9f1a2a6fbdab11ff45053dbd08237e6190dfc9c071fadd08fe9b7d5` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host oxydium.net User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* http://oxydium.net/index_files/main0000.css Connection keep-alive Cache-Control no-cache Referer http://oxydium.net/index_files/main0000.css User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Response headers Date Thu, 03 May 2018 13:56:17 GMT Last-Modified Sat, 24 Feb 2018 10:07:08 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 363
GET H/1.1	200 OK	a1 Show response open.ad.yieldmanager.net/	0 264 B	91ms 34ms	Script text/plain	87.248.118.23 Yahoo!
General Check archive.org Show headers Download Go to Full URL http://open.ad.yieldmanager.net/a1?V=5&pubId=26747832978&site=att.net%20log%20in&cntTy=js&cTopId=4234000&tagTy=multi_secure&nAdP=1&rFrame=1&flv=nf&cb=1525355778138&url=http%3A%2F%2Foxydium.net%2Findex.html&sz0=1440x1024&conTy0=fn_news&sltId0=0 Requested by Host: oxydium.net URL: http://oxydium.net/index_files/script01.js Protocol HTTP/1.1 Server 87.248.118.23 , United Kingdom, ASN10310 (YAHOO-1 - Yahoo!, US), Reverse DNS e2.ycpi.vip.deb.yahoo.com Software ATS / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Referer http://oxydium.net/index.html User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Intervention <https://www.chromestatus.com/feature/5718547946799104>; level="warning" Response headers Date Thu, 03 May 2018 13:56:18 GMT Via http/1.1 e17.ycpi.deb.yahoo.com (ApacheTrafficServer [cMsSf ]) X-ATS-Disc-Connection 127.0.0.1:9090 Server ATS Age 0 Connection keep-alive Content-Length 0 X-ATS-DiscPlugin-Version 1.3.0.32
GET H/1.1	200 OK	support-.jpg oxydium.net/index_files/	2 KB 2 KB	108ms 108ms	Image image/jpeg	205.236.58.185 Unilink Networks ...
General Check archive.org Show headers Download Go to Show image Full URL http://oxydium.net/index_files/support-.jpg Requested by Host: oxydium.net URL: http://oxydium.net/index_files/jquery-1.js Protocol HTTP/1.1 Server 205.236.58.185 Montréal, Canada, ASN53757 (UNILINK - Unilink Networks Inc., CA), Reverse DNS wh30.unilink.net Software Apache / Resource Hash `01a7e22fd83c617ff55898233518c54a9ecce7e0de3e8a63c4fa59315b029c6b` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host oxydium.net User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* http://oxydium.net/index_files/main0000.css Cookie IV_JCT=%2FcommonLogin Connection keep-alive Cache-Control no-cache Referer http://oxydium.net/index_files/main0000.css User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Response headers Date Thu, 03 May 2018 13:56:17 GMT Last-Modified Sat, 24 Feb 2018 10:07:53 GMT Server Apache Content-Type image/jpeg Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 1557
GET H/1.1	200 OK	attLogo_.png oxydium.net/index_files/	1 KB 2 KB	96ms 96ms	Image image/png	205.236.58.185 Unilink Networks ...
General Check archive.org Show headers Download Go to Show image Full URL http://oxydium.net/index_files/attLogo_.png Requested by Host: oxydium.net URL: http://oxydium.net/index_files/jquery-1.js Protocol HTTP/1.1 Server 205.236.58.185 Montréal, Canada, ASN53757 (UNILINK - Unilink Networks Inc., CA), Reverse DNS wh30.unilink.net Software Apache / Resource Hash `7116d27c9082ba2c634e147add9f2da39e20bb175689fd1bc156ebfafe6f2f12` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host oxydium.net User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* http://oxydium.net/index_files/main0000.css Cookie IV_JCT=%2FcommonLogin Connection keep-alive Cache-Control no-cache Referer http://oxydium.net/index_files/main0000.css User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Response headers Date Thu, 03 May 2018 13:56:17 GMT Last-Modified Sat, 24 Feb 2018 10:06:01 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 1535
GET H/1.0	200 OK	webtrends.min.js Show response home.secureapp.att.net/js/Webtrends/	22 KB 22 KB	1139ms 229ms	Script application/x-javascript	216.77.188.90 BellSouth.net Inc.
General Check archive.org Show headers Download Go to Full URL https://home.secureapp.att.net/js/Webtrends/webtrends.min.js?_=1525355778251 Requested by Host: oxydium.net URL: http://oxydium.net/index_files/jquery-1.js Protocol HTTP/1.0 Server 216.77.188.90 , United States, ASN6389 (BELLSOUTH-NET-BLK - BellSouth.net Inc., US), Reverse DNS home.secureapp.att.net Software "" / Resource Hash `1645c94b11bdb18706dbac8070a38315e357431cc6ba20758f1e6f8bf84d89e6` Request headers Referer http://oxydium.net/index.html User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Response headers Date Thu, 03 May 2018 13:53:33 GMT Last-modified Mon, 21 May 2012 14:46:02 GMT Server "" Etag "5759-4fba552a" Content-type application/x-javascript Connection keep-alive Accept-ranges bytes Content-length 22361
GET H/1.0	200 OK	s.gif home.secureapp.att.net/i/ Redirect Chain https://home.secureapp.att.net/attportal/s/context.dll?id=9002001&type=clickthru&name=cgate.signIn.Pageviews.www-att-net&redirecturl=/i/s.gif?nocache=8667 https://home.secureapp.att.net/i/s.gif?nocache=8667	43 B 269 B	115ms 114ms	Image image/gif	216.77.188.90 BellSouth.net Inc.
General Check archive.org Show headers Download Go to Show image Full URL https://home.secureapp.att.net/i/s.gif?nocache=8667 Protocol HTTP/1.0 Server 216.77.188.90 , United States, ASN6389 (BELLSOUTH-NET-BLK - BellSouth.net Inc., US), Reverse DNS home.secureapp.att.net Software "" / Resource Hash `b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b` Request headers Referer http://oxydium.net/index.html User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Response headers Date Thu, 03 May 2018 13:53:34 GMT Last-modified Thu, 25 Sep 2003 20:17:53 GMT Server "" Etag "2b-3f734d71" Content-type image/gif Connection keep-alive Accept-ranges bytes Content-length 43 Redirect headers Location https://home.secureapp.att.net/i/s.gif?nocache=8667 Date Thu, 03 May 2018 13:53:34 GMT Server "" Connection keep-alive Content-length 0

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: AT&T (Telecommunication)

23 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

home.secureapp.att.net
open.ad.yieldmanager.net
oxydium.net
205.236.58.185
216.77.188.90
87.248.118.23
01a7e22fd83c617ff55898233518c54a9ecce7e0de3e8a63c4fa59315b029c6b
127fe9de2d9d6428b15fbfc4ffcfc6d458a4d17da78161242af5cbd9ce147b0e
1645c94b11bdb18706dbac8070a38315e357431cc6ba20758f1e6f8bf84d89e6
27da51ec2023f96407f92161ddda0e290b0661a765822ff03e5d61f3aecf8aa0
3412b58250db94b87846ce76d50f4139b249c8c839897b2e8c9021126de30b93
579275a096880d9f9c6d8a91efe4c9416434814294034a894f58a09361330861
5fd69c4fa9f1a2a6fbdab11ff45053dbd08237e6190dfc9c071fadd08fe9b7d5
61e91515aaf72cba3014a136331a138eca6b27831c8f2e6b0c128825243f5263
61eba2a6c6c3148f624347072bffc96751be68fadd6315e187c38402432e4dc1
70b5a6613f03d3c015d826185e39839e6dbc2d03871f151bafbed5cc58503f69
7116d27c9082ba2c634e147add9f2da39e20bb175689fd1bc156ebfafe6f2f12
764b9e9f3ad386aaa5cdeae9368353994de61c0bede087c8f7e3579cb443de3b
8d31dade64b13391cb000d84241e2ca5c22919bee38f0a3973346e8944a30212
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
c537cf7e2770d1b4953255dfccff8e0bdbfd4adb4e88d868e353208ae7ff13c1
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

oxydium.net Open in urlscan Pro 205.236.58.185 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

16 Requests

0 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

3 IPs

3 Countries

173 kBTransfer

170 kBSize

0 Cookies

12 Outgoing links

Redirected requests

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

23 JavaScript Global Variables

0 Cookies

Indicators

oxydium.net Open in urlscan Pro
205.236.58.185 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

16
Requests

0 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

173 kB
Transfer

170 kB
Size

0
Cookies

16 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!