loginprodx-att.com Open in urlscan Pro
194.61.24.196 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://loginprodx-att.com/mail/a/mail/sbcglobal/index.php?id=lippejo@bellsouth.net
Submission Tags: @ipnigh
Submission: On August 22 via api (August 22nd 2019, 12:43:39 pm UTC) from GB

Summary HTTP 14 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 14 HTTP transactions. The main IP is 194.61.24.196, located in Netherlands and belongs to ERAHOST-AS, NL. The main domain is loginprodx-att.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on August 20th 2019. Valid for: 3 months.

This is the only time loginprodx-att.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: AT&T (Telecommunication)

Domain & IP information

	IP Address		AS Autonomous System
14	194.61.24.196 194.61.24.196		38994 (ERAHOST-AS) (ERAHOST-AS)
14	1

14 194.61.24.196 (Netherlands)

ASN38994 (ERAHOST-AS, NL)

loginprodx-att.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
14	loginprodx-att.com loginprodx-att.com	27 KB
14	1

	Domain	Requested by
14	loginprodx-att.com	loginprodx-att.com
14	1

This site contains no links.

Subject Issuer	Validity	Valid
loginprodx-att.com Let's Encrypt Authority X3	`2019-08-20` - `2019-11-18`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://loginprodx-att.com/mail/a/mail/sbcglobal/index.php?id=lippejo@bellsouth.net
Frame ID: EB46E63F011295085BB53254E149E893
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

url /\.php(?:$|\?)/i

Debian (Operating Systems) Expand

Overall confidence: 100%
Detected patterns

headers server /Debian/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i

Page Statistics

14
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

27 kB
Transfer

55 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

14 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request index.php Show response loginprodx-att.com/mail/a/mail/sbcglobal/	10 KB 3 KB	1219ms 20ms	Document text/html	194.61.24.196 ERAHOST-AS
General Check archive.org Show headers Download Go to Full URL https://loginprodx-att.com/mail/a/mail/sbcglobal/index.php?id=lippejo@bellsouth.net Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 194.61.24.196 , Netherlands, ASN38994 (ERAHOST-AS, NL), Reverse DNS Software Apache/2.4.25 (Debian) / Resource Hash `84d551802cc34dd0245c5311c854365aeb798f2968c0bd687bc08ffbcee15eab` Request headers Host loginprodx-att.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Mode navigate Sec-Fetch-User ?1 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3 Sec-Fetch-Site none Accept-Encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Mode navigate Sec-Fetch-User ?1 Response headers Date Thu, 22 Aug 2019 12:43:12 GMT Server Apache/2.4.25 (Debian) Vary Accept-Encoding Content-Encoding gzip Content-Length 3181 Keep-Alive timeout=5, max=100 Connection Keep-Alive Content-Type text/html; charset=UTF-8
GET H/1.1	200 OK	_fontface.css loginprodx-att.com/mail/a/mail/sbcglobal/files/	0 279 B	17ms 16ms	Stylesheet text/css	194.61.24.196 ERAHOST-AS
General Check archive.org Show headers Download Go to Full URL https://loginprodx-att.com/mail/a/mail/sbcglobal/files/_fontface.css Requested by Host: loginprodx-att.com URL: https://loginprodx-att.com/mail/a/mail/sbcglobal/index.php?id=lippejo@bellsouth.net Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 194.61.24.196 , Netherlands, ASN38994 (ERAHOST-AS, NL), Reverse DNS Software Apache/2.4.25 (Debian) / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Sec-Fetch-Mode no-cors Referer https://loginprodx-att.com/mail/a/mail/sbcglobal/index.php?id=lippejo@bellsouth.net User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Thu, 22 Aug 2019 12:43:12 GMT Last-Modified Tue, 20 Aug 2019 17:16:56 GMT Server Apache/2.4.25 (Debian) ETag "0-5908f9f9f2619" Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 0
GET H/1.1	200 OK	main.css loginprodx-att.com/mail/a/mail/sbcglobal/files/	28 KB 6 KB	35ms 18ms	Stylesheet text/css	194.61.24.196 ERAHOST-AS
General Check archive.org Show headers Download Go to Full URL https://loginprodx-att.com/mail/a/mail/sbcglobal/files/main.css Requested by Host: loginprodx-att.com URL: https://loginprodx-att.com/mail/a/mail/sbcglobal/index.php?id=lippejo@bellsouth.net Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 194.61.24.196 , Netherlands, ASN38994 (ERAHOST-AS, NL), Reverse DNS Software Apache/2.4.25 (Debian) / Resource Hash `51526425f58f13797fb6885eececd674152a66149db68e04174afc72d84e74a1` Request headers Sec-Fetch-Mode no-cors Referer https://loginprodx-att.com/mail/a/mail/sbcglobal/index.php?id=lippejo@bellsouth.net User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Thu, 22 Aug 2019 12:43:12 GMT Content-Encoding gzip Last-Modified Tue, 20 Aug 2019 17:16:53 GMT Server Apache/2.4.25 (Debian) ETag "6e79-5908f9f7c4c0a-gzip" Vary Accept-Encoding Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 5724
GET H/1.1	200 OK	Button.png loginprodx-att.com/mail/a/mail/sbcglobal/files/	2 KB 3 KB	51ms 15ms	Image image/png	194.61.24.196 ERAHOST-AS
General Check archive.org Show headers Download Go to Show image Full URL https://loginprodx-att.com/mail/a/mail/sbcglobal/files/Button.png Requested by Host: loginprodx-att.com URL: https://loginprodx-att.com/mail/a/mail/sbcglobal/index.php?id=lippejo@bellsouth.net Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 194.61.24.196 , Netherlands, ASN38994 (ERAHOST-AS, NL), Reverse DNS Software Apache/2.4.25 (Debian) / Resource Hash `8e6ec1efd720fba57823309829b05bb57ebb5716c813c88b3c88cf36ab9aa5e9` Request headers Sec-Fetch-Mode no-cors Referer https://loginprodx-att.com/mail/a/mail/sbcglobal/index.php?id=lippejo@bellsouth.net User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Thu, 22 Aug 2019 12:43:12 GMT Last-Modified Tue, 20 Aug 2019 17:16:53 GMT Server Apache/2.4.25 (Debian) ETag "9a2-5908f9f7bcf09" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=97 Content-Length 2466
GET H/1.1	200 OK	AT&T_logo.png loginprodx-att.com/mail/a/mail/sbcglobal/files/	3 KB 4 KB	68ms 15ms	Image image/png	194.61.24.196 ERAHOST-AS
General Check archive.org Show headers Download Go to Show image Full URL https://loginprodx-att.com/mail/a/mail/sbcglobal/files/AT&T_logo.png Requested by Host: loginprodx-att.com URL: https://loginprodx-att.com/mail/a/mail/sbcglobal/index.php?id=lippejo@bellsouth.net Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 194.61.24.196 , Netherlands, ASN38994 (ERAHOST-AS, NL), Reverse DNS Software Apache/2.4.25 (Debian) / Resource Hash `a8c89bb3937cdc4a70b3568eae5a390d918433be78f89deba07846932ae7c695` Request headers Sec-Fetch-Mode no-cors Referer https://loginprodx-att.com/mail/a/mail/sbcglobal/index.php?id=lippejo@bellsouth.net User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Thu, 22 Aug 2019 12:43:12 GMT Last-Modified Tue, 20 Aug 2019 17:16:53 GMT Server Apache/2.4.25 (Debian) ETag "d37-5908f9f7556c1" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=96 Content-Length 3383
GET H/1.1	200 OK	mobile.css loginprodx-att.com/mail/a/mail/sbcglobal/files/	4 KB 2 KB	234ms 19ms	Stylesheet text/css	194.61.24.196 ERAHOST-AS
General Check archive.org Show headers Download Go to Full URL https://loginprodx-att.com/mail/a/mail/sbcglobal/files/mobile.css Requested by Host: loginprodx-att.com URL: https://loginprodx-att.com/mail/a/mail/sbcglobal/index.php?id=lippejo@bellsouth.net Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 194.61.24.196 , Netherlands, ASN38994 (ERAHOST-AS, NL), Reverse DNS Software Apache/2.4.25 (Debian) / Resource Hash `30a949cc26cd4f709fa897313f8d448b2cb724a40a170c4b8e8ce6b3aa890fd1` Request headers Sec-Fetch-Mode no-cors Referer https://loginprodx-att.com/mail/a/mail/sbcglobal/index.php?id=lippejo@bellsouth.net User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Thu, 22 Aug 2019 12:43:13 GMT Content-Encoding gzip Last-Modified Tue, 20 Aug 2019 17:16:52 GMT Server Apache/2.4.25 (Debian) ETag "fa3-5908f9f6057a4-gzip" Vary Accept-Encoding Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=87 Content-Length 1312
GET H/1.1	200 OK	attGlobalNavHeader-bg.gif loginprodx-att.com/mail/a/mail/sbcglobal/files/	149 B 432 B	45ms 16ms	Image image/gif	194.61.24.196 ERAHOST-AS
General Check archive.org Show headers Download Go to Show image Full URL https://loginprodx-att.com/mail/a/mail/sbcglobal/files/attGlobalNavHeader-bg.gif Requested by Host: loginprodx-att.com URL: https://loginprodx-att.com/mail/a/mail/sbcglobal/index.php?id=lippejo@bellsouth.net Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 194.61.24.196 , Netherlands, ASN38994 (ERAHOST-AS, NL), Reverse DNS Software Apache/2.4.25 (Debian) / Resource Hash `9880eb5b6a6b1dec8f568c14a1a5be755c460d2ea2df66fa7b5e6b99227f7128` Request headers Sec-Fetch-Mode no-cors Referer https://loginprodx-att.com/mail/a/mail/sbcglobal/files/main.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Thu, 22 Aug 2019 12:43:12 GMT Last-Modified Tue, 20 Aug 2019 17:16:55 GMT Server Apache/2.4.25 (Debian) ETag "95-5908f9f8e2e42" Content-Type image/gif Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=95 Content-Length 149
GET H/1.1	404 Not Found	att_globe_blue_80x80.png loginprodx-att.com/design/CDLS10/img/logos/	331 B 331 B	64ms 18ms	Image text/html	194.61.24.196 ERAHOST-AS
General Check archive.org Show headers Download Go to Show image Full URL https://loginprodx-att.com/design/CDLS10/img/logos/att_globe_blue_80x80.png Requested by Host: loginprodx-att.com URL: https://loginprodx-att.com/mail/a/mail/sbcglobal/index.php?id=lippejo@bellsouth.net Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 194.61.24.196 , Netherlands, ASN38994 (ERAHOST-AS, NL), Reverse DNS Software Apache/2.4.25 (Debian) / Resource Hash `428e3b14efa803c2f626504a16d931295476d916d025b40a8fc7da6ed51960f1` Request headers Sec-Fetch-Mode no-cors Referer https://loginprodx-att.com/mail/a/mail/sbcglobal/files/main.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Thu, 22 Aug 2019 12:43:12 GMT Server Apache/2.4.25 (Debian) Connection Keep-Alive Keep-Alive timeout=5, max=94 Content-Length 331 Content-Type text/html; charset=iso-8859-1
GET H/1.1	200 OK	support-icon.jpg loginprodx-att.com/mail/a/mail/sbcglobal/files/	2 KB 2 KB	115ms 15ms	Image image/jpeg	194.61.24.196 ERAHOST-AS
General Check archive.org Show headers Download Go to Show image Full URL https://loginprodx-att.com/mail/a/mail/sbcglobal/files/support-icon.jpg Requested by Host: loginprodx-att.com URL: https://loginprodx-att.com/mail/a/mail/sbcglobal/index.php?id=lippejo@bellsouth.net Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 194.61.24.196 , Netherlands, ASN38994 (ERAHOST-AS, NL), Reverse DNS Software Apache/2.4.25 (Debian) / Resource Hash `01a7e22fd83c617ff55898233518c54a9ecce7e0de3e8a63c4fa59315b029c6b` Request headers Sec-Fetch-Mode no-cors Referer https://loginprodx-att.com/mail/a/mail/sbcglobal/files/main.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Thu, 22 Aug 2019 12:43:12 GMT Last-Modified Tue, 20 Aug 2019 17:16:52 GMT Server Apache/2.4.25 (Debian) ETag "615-5908f9f68180f" Content-Type image/jpeg Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=91 Content-Length 1557
GET H/1.1	200 OK	pageBg.png loginprodx-att.com/mail/a/mail/sbcglobal/files/	169 B 452 B	122ms 15ms	Image image/png	194.61.24.196 ERAHOST-AS
General Check archive.org Show headers Download Go to Show image Full URL https://loginprodx-att.com/mail/a/mail/sbcglobal/files/pageBg.png Requested by Host: loginprodx-att.com URL: https://loginprodx-att.com/mail/a/mail/sbcglobal/index.php?id=lippejo@bellsouth.net Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 194.61.24.196 , Netherlands, ASN38994 (ERAHOST-AS, NL), Reverse DNS Software Apache/2.4.25 (Debian) / Resource Hash `c537cf7e2770d1b4953255dfccff8e0bdbfd4adb4e88d868e353208ae7ff13c1` Request headers Sec-Fetch-Mode no-cors Referer https://loginprodx-att.com/mail/a/mail/sbcglobal/files/main.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Thu, 22 Aug 2019 12:43:12 GMT Last-Modified Tue, 20 Aug 2019 17:16:55 GMT Server Apache/2.4.25 (Debian) ETag "a9-5908f9f99e652" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=90 Content-Length 169
GET H/1.1	200 OK	txt-clear.png loginprodx-att.com/mail/a/mail/sbcglobal/files/	3 KB 3 KB	123ms 15ms	Image image/png	194.61.24.196 ERAHOST-AS
General Check archive.org Show headers Download Go to Show image Full URL https://loginprodx-att.com/mail/a/mail/sbcglobal/files/txt-clear.png Requested by Host: loginprodx-att.com URL: https://loginprodx-att.com/mail/a/mail/sbcglobal/index.php?id=lippejo@bellsouth.net Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 194.61.24.196 , Netherlands, ASN38994 (ERAHOST-AS, NL), Reverse DNS Software Apache/2.4.25 (Debian) / Resource Hash `fdee766a03e4032897a2cd75326c135d8e938592bfb00f12ed5b4eb223f54c3f` Request headers Sec-Fetch-Mode no-cors Referer https://loginprodx-att.com/mail/a/mail/sbcglobal/files/main.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Thu, 22 Aug 2019 12:43:12 GMT Last-Modified Tue, 20 Aug 2019 17:16:56 GMT Server Apache/2.4.25 (Debian) ETag "cda-5908f9fa0cbfc" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=89 Content-Length 3290
GET H/1.1	404 Not Found	ques.png loginprodx-att.com/mail/a/mail/sbcglobal/files/	319 B 319 B	131ms 23ms	Image text/html	194.61.24.196 ERAHOST-AS
General Check archive.org Show headers Download Go to Show image Full URL https://loginprodx-att.com/mail/a/mail/sbcglobal/files/ques.png Requested by Host: loginprodx-att.com URL: https://loginprodx-att.com/mail/a/mail/sbcglobal/index.php?id=lippejo@bellsouth.net Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 194.61.24.196 , Netherlands, ASN38994 (ERAHOST-AS, NL), Reverse DNS Software Apache/2.4.25 (Debian) / Resource Hash `32163aa9f604a97f2abeeb134da063134bdc19a2359b1b70fb22aa3f8a655401` Request headers Sec-Fetch-Mode no-cors Referer https://loginprodx-att.com/mail/a/mail/sbcglobal/files/main.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Thu, 22 Aug 2019 12:43:13 GMT Server Apache/2.4.25 (Debian) Connection Keep-Alive Keep-Alive timeout=5, max=88 Content-Length 319 Content-Type text/html; charset=iso-8859-1
GET H/1.1	200 OK	btnSumbit.png loginprodx-att.com/mail/a/mail/sbcglobal/files/	1 KB 2 KB	49ms 15ms	Image image/png	194.61.24.196 ERAHOST-AS
General Check archive.org Show headers Download Go to Show image Full URL https://loginprodx-att.com/mail/a/mail/sbcglobal/files/btnSumbit.png Requested by Host: loginprodx-att.com URL: https://loginprodx-att.com/mail/a/mail/sbcglobal/index.php?id=lippejo@bellsouth.net Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 194.61.24.196 , Netherlands, ASN38994 (ERAHOST-AS, NL), Reverse DNS Software Apache/2.4.25 (Debian) / Resource Hash `27da51ec2023f96407f92161ddda0e290b0661a765822ff03e5d61f3aecf8aa0` Request headers Sec-Fetch-Mode no-cors Referer https://loginprodx-att.com/mail/a/mail/sbcglobal/files/main.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Thu, 22 Aug 2019 12:43:12 GMT Last-Modified Tue, 20 Aug 2019 17:16:56 GMT Server Apache/2.4.25 (Debian) ETag "573-5908f9fa79265" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=92 Content-Length 1395
GET H/1.1	200 OK	footerBg.png loginprodx-att.com/mail/a/mail/sbcglobal/files/	560 B 844 B	32ms 17ms	Image image/png	194.61.24.196 ERAHOST-AS
General Check archive.org Show headers Download Go to Show image Full URL https://loginprodx-att.com/mail/a/mail/sbcglobal/files/footerBg.png Requested by Host: loginprodx-att.com URL: https://loginprodx-att.com/mail/a/mail/sbcglobal/index.php?id=lippejo@bellsouth.net Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 194.61.24.196 , Netherlands, ASN38994 (ERAHOST-AS, NL), Reverse DNS Software Apache/2.4.25 (Debian) / Resource Hash `61e91515aaf72cba3014a136331a138eca6b27831c8f2e6b0c128825243f5263` Request headers Sec-Fetch-Mode no-cors Referer https://loginprodx-att.com/mail/a/mail/sbcglobal/files/main.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Thu, 22 Aug 2019 12:43:12 GMT Last-Modified Tue, 20 Aug 2019 17:16:55 GMT Server Apache/2.4.25 (Debian) ETag "230-5908f9f9206a8" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=93 Content-Length 560

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: AT&T (Telecommunication)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

loginprodx-att.com
194.61.24.196
01a7e22fd83c617ff55898233518c54a9ecce7e0de3e8a63c4fa59315b029c6b
27da51ec2023f96407f92161ddda0e290b0661a765822ff03e5d61f3aecf8aa0
30a949cc26cd4f709fa897313f8d448b2cb724a40a170c4b8e8ce6b3aa890fd1
32163aa9f604a97f2abeeb134da063134bdc19a2359b1b70fb22aa3f8a655401
428e3b14efa803c2f626504a16d931295476d916d025b40a8fc7da6ed51960f1
51526425f58f13797fb6885eececd674152a66149db68e04174afc72d84e74a1
61e91515aaf72cba3014a136331a138eca6b27831c8f2e6b0c128825243f5263
84d551802cc34dd0245c5311c854365aeb798f2968c0bd687bc08ffbcee15eab
8e6ec1efd720fba57823309829b05bb57ebb5716c813c88b3c88cf36ab9aa5e9
9880eb5b6a6b1dec8f568c14a1a5be755c460d2ea2df66fa7b5e6b99227f7128
a8c89bb3937cdc4a70b3568eae5a390d918433be78f89deba07846932ae7c695
c537cf7e2770d1b4953255dfccff8e0bdbfd4adb4e88d868e353208ae7ff13c1
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
fdee766a03e4032897a2cd75326c135d8e938592bfb00f12ed5b4eb223f54c3f

loginprodx-att.com Open in urlscan Pro 194.61.24.196 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

14 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

27 kBTransfer

55 kBSize

0 Cookies

0 Outgoing links

Redirected requests

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

0 Cookies

Indicators

loginprodx-att.com Open in urlscan Pro
194.61.24.196 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

14
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

27 kB
Transfer

55 kB
Size

0
Cookies

14 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!