webdisk.tickets-att.com
Open in
urlscan Pro
181.174.165.122
Malicious Activity!
Public Scan
Submission: On June 04 via manual from US
Summary
This is the only time webdisk.tickets-att.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: AT&T (Telecommunication)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 181.174.165.122 181.174.165.122 | 52469 (Offshore ...) (Offshore Racks S.A) | |
8 | 144.161.200.106 144.161.200.106 | 797 (AMERITECH-AS) (AMERITECH-AS - AT&T Services) | |
9 | 2 |
ASN52469 (Offshore Racks S.A, PA)
PTR: cpanel12.offshoreracks.com
webdisk.tickets-att.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
att.net
opus.att.net |
18 KB |
1 |
tickets-att.com
webdisk.tickets-att.com |
2 KB |
9 | 2 |
Domain | Requested by | |
---|---|---|
8 | opus.att.net |
webdisk.tickets-att.com
|
1 | webdisk.tickets-att.com | |
9 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
opus.att.net DigiCert SHA2 Secure Server CA |
2018-07-16 - 2020-07-16 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
http://webdisk.tickets-att.com/
Frame ID: 9C7232E3F776C99FC06E601F3FCD4C10
Requests: 9 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
9 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
webdisk.tickets-att.com/ |
4 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login.css
opus.att.net/opus/newlnf/common/css/ |
4 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login_att_logo_transp.gif
opus.att.net/opus/newlnf/common/images/login/ |
4 KB 5 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
buttons.css
opus.att.net/opus/newlnf/common/css/ |
2 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login_box.gif
opus.att.net/opus/newlnf/common/images/login/ |
1 KB 2 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login_hdrRight.gif
opus.att.net/opus/newlnf/common/images/login/ |
2 KB 2 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login_hdrLeft.gif
opus.att.net/opus/newlnf/common/images/login/ |
884 B 1 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
btn_orange_left.gif
opus.att.net/opus/newlnf/common/images/btn/ |
394 B 636 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
btn_orange_right.gif
opus.att.net/opus/newlnf/common/images/btn/ |
1 KB 1 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: AT&T (Telecommunication)3 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Frame-Options | SAMEORIGIN |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
opus.att.net
webdisk.tickets-att.com
144.161.200.106
181.174.165.122
42caf65fb1b92a4b194306e828ddc2e262aff6d94383fc488b85b4c52fc8c2ba
46ba56c15f0971a5a0853079cb584bf89aa18f4679d4aa971f4d70b5347f333c
54dc9271b7b1a3edbe2137b9ced6b1f3f81006b53beff83a1512fb388ae1bda1
684a7fbf6aade434db61528ea38da5605c50ae361ce650291f03fccd7eb76799
7b5d643e0bd4d6d012ce9ee12b90376ab42b5ee9f07fd1f2c918185768d88862
964b84ec9e395a1036983047510d5ce3ab4577597bbfa4f41037cc3f69718122
a80aa647835daff153b7c9743c1740de76611f41b60c8c8a10cc2e00e6631a7d
f66938aa3ce5a8b3988fa3e433c70de530c7a50fea10f276654b25b3174569ba
fa5436f6541f9f66aba15e61bad0e69d9e11b8e76b3b82fe79acb0be76022071