atc5.findsome.ca
Open in
urlscan Pro
198.251.89.205
Malicious Activity!
Public Scan
URL:
https://atc5.findsome.ca/
Submission Tags: phishing
Submission: On December 14 via api from US — Scanned from CA
Submission Tags: phishing
Submission: On December 14 via api from US — Scanned from CA
Summary
This website contacted 4 IPs
in 3 countries
across 3 domains to perform 7 HTTP transactions.
The main IP is 198.251.89.205, located in
Luxembourg, Luxembourg and
belongs to PONYNET, US.
The main domain is atc5.findsome.ca.
TLS certificate: Issued by E6 on December 13th 2024. Valid for: 3 months.
This is the only time atc5.findsome.ca was scanned on urlscan.io!
TLS certificate: Issued by E6 on December 13th 2024. Valid for: 3 months.
This is the only time atc5.findsome.ca was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: AT&T (Telecommunication)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 2 | 198.251.89.205 198.251.89.205 | 53667 (PONYNET) (PONYNET) | |
| 4 | 144.160.125.207 144.160.125.207 | 797 (AMERITECH-AS) (AMERITECH-AS) | |
| 1 | 104.26.12.205 104.26.12.205 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
| 7 | 4 |
2
198.251.89.205
(Luxembourg, Luxembourg)
ASN53667 (PONYNET, US)
PTR: d6.my-control-panel.com
ASN53667 (PONYNET, US)
PTR: d6.my-control-panel.com
| atc5.findsome.ca |
4
144.160.125.207
(Dallas, United States)
ASN797 (AMERITECH-AS, US)
PTR: clcontent-da.att.com
ASN797 (AMERITECH-AS, US)
PTR: clcontent-da.att.com
| signin.att.com |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 4 |
att.com
signin.att.com — Cisco Umbrella Rank: 27121 |
73 KB |
| 2 |
findsome.ca
atc5.findsome.ca |
9 KB |
| 1 |
ipify.org
api.ipify.org — Cisco Umbrella Rank: 2001 |
317 B |
| 7 | 3 |
| Domain | Requested by | |
|---|---|---|
| 4 | signin.att.com |
atc5.findsome.ca
|
| 2 | atc5.findsome.ca | |
| 1 | api.ipify.org |
atc5.findsome.ca
|
| 7 | 3 |
This site contains links to these domains. Also see Links.
| Domain |
|---|
| www.att.com |
| about.att.com |
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| findsome.ca E6 |
2024-12-13 - 2025-03-13 |
3 months | crt.sh |
| *.att.com DigiCert Global G2 TLS RSA SHA256 2020 CA1 |
2024-06-20 - 2025-06-19 |
a year | crt.sh |
| ipify.org WE1 |
2024-11-13 - 2025-02-11 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://atc5.findsome.ca/
Frame ID: AC03829738F297F6F6ECFE0B6E89A286
Requests: 8 HTTP requests in this frame
5 Outgoing links
These are links going to different origins than the main page.
URL: https://www.att.com/legal/legal-policy-center.html
Title: Legal policy center
Title: Legal policy center
Search URL Search Domain Scan URL
URL: https://about.att.com/sites/privacy_policy
Title: Privacy policy
Title: Privacy policy
Search URL Search Domain Scan URL
URL: https://www.att.com/legal/terms.attWebsiteTermsOfUse.html
Title: Terms of use
Title: Terms of use
Search URL Search Domain Scan URL
URL: https://www.att.com/features/accessibility.html
Title: Accessibility
Title: Accessibility
Search URL Search Domain Scan URL
URL: https://about.att.com/csr/home/privacy/rights_choices.html
Title: Your privacy choices
Title: Your privacy choices
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
7 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
Primary Request
/
atc5.findsome.ca/ |
27 KB 8 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
ATTAleckSans_W_Rg.woff2
signin.att.com/static/siam/en/halo_c/halo-c-login/assets/fonts/att/ATTAleckSans/woff2/ |
18 KB 18 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
ATTAleckSans_W_Bd.woff2
signin.att.com/static/siam/en/halo_c/halo-c-login/assets/fonts/att/ATTAleckSans/woff2/ |
18 KB 18 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
att_hz_lg_lkp_rgb_pos.svg
signin.att.com/static/siam/en/halo_c/images/logos/ |
5 KB 5 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
styles.css
signin.att.com/static/siam/en/halo_c/halo-c-login/ |
128 KB 31 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
851 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
/
api.ipify.org/ |
24 B 317 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
favicon.ico
atc5.findsome.ca/ |
1 KB 1 KB |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: AT&T (Telecommunication)6 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 function| fetchIp function| showOverlay function| sendToTelegram function| showError function| formatUserID0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
| Source | Level | URL Text |
|---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
api.ipify.org
atc5.findsome.ca
signin.att.com
104.26.12.205
144.160.125.207
198.251.89.205
21f0f2c6966c8e5bd36d501b1ea5d741cb75a059d9ddf320f7086da3fcefb67d
37a1212cc1ab5c935d9a3fee05c98c940eaa895a23510e5f83d550dfbb0d763f
4c13d452dd5d49671bd93ca32f2b4f85c78e39b6ab0ad1f38d98ed267f8fd896
9e9c9fb9ef1efe583c2f373fa0976b41a9c14ab5e7b5bc052b56b289151afee1
d42963d04775f09b1f7834b7fc62019aca171c718b81f5b895ccafa44b20fcda
e2740c7b209e33aca7176250d80f94b4924e5e5d18076ee3b95f32a0e20d1f58
e9d64ddc98959fb478cc1e10b665c237608386ce7820cbfa5b4c502567642d22
ecc6e5c037a4e54c1ed4052c9880d55c27187bf709fb82fae2709c92d3a3a563