desentupidorasembrasilia.com.br Open in urlscan Pro
192.99.8.151 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://desentupidorasembrasilia.com.br/ss/at&t%20file/attiinnddeexx.php
Submission: On May 28 via manual (May 28th 2019, 5:40:26 pm UTC) from US

Summary HTTP 17 Redirects Links 15 Behaviour Indicators

Summary

This website contacted 4 IPs in 3 countries across 3 domains to perform 17 HTTP transactions. The main IP is 192.99.8.151, located in Montreal, Canada and belongs to OVH, FR. The main domain is desentupidorasembrasilia.com.br.

This is the only time desentupidorasembrasilia.com.br was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: AT&T (Telecommunication)

Domain & IP information

	IP Address	AS Autonomous System
1	192.99.8.151 192.99.8.151	16276 (OVH) (OVH)
13	144.160.36.70 144.160.36.70	797 (AMERITECH-AS) (AMERITECH-AS - AT&T Services)
2	2a00:1288:84:... 2a00:1288:84:800::1002	203219 (YAHOO-AMA) (YAHOO-AMA)
1	144.160.155.70 144.160.155.70	797 (AMERITECH-AS) (AMERITECH-AS - AT&T Services)
17	4

1 192.99.8.151 (Montreal, Canada)

ASN16276 (OVH, FR)
PTR: puma.br-rgt.net

desentupidorasembrasilia.com.br	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 144.160.36.70 (United States)

ASN797 (AMERITECH-AS - AT&T Services, Inc., US)

home.secureapp.att.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1288:84:800::1002 (United Kingdom)

ASN203219 (YAHOO-AMA, NL)

s.yimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 144.160.155.70 (United States)

ASN797 (AMERITECH-AS - AT&T Services, Inc., US)

home.secureapp.att.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
14	att.net home.secureapp.att.net	202 KB
2	yimg.com s.yimg.com
1	desentupidorasembrasilia.com.br desentupidorasembrasilia.com.br	4 KB
17	3

	Domain	Requested by
14	home.secureapp.att.net	desentupidorasembrasilia.com.br home.secureapp.att.net
2	s.yimg.com	desentupidorasembrasilia.com.br
1	desentupidorasembrasilia.com.br
17	3

This site contains links to these domains. Also see Links.

Domain
www.att.net
www.att.com
uverseonline.att.net
elportal.att.net
home.secureapp.att.net

Subject Issuer	Validity	Valid
home.secureapp.att.net DigiCert SHA2 Secure Server CA	`2018-09-17` - `2020-09-17`	2 years	crt.sh
*.yahoo.com DigiCert SHA2 High Assurance Server CA	`2019-04-22` - `2019-06-06`	a month	crt.sh

This page contains 1 frames:

Primary Page: http://desentupidorasembrasilia.com.br/ss/at&t%20file/attiinnddeexx.php
Frame ID: 37FCAB91BC5DABF8F856345BA37369E9
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

url /\.php(?:$|\?)/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery(?:\-|\.)([\d.]*\d)[^\/]*\.js/i
script /jquery.*\.js/i
env /^jQuery$/i

Page Statistics

17
Requests

94 %
HTTPS

25 %
IPv6

3
Domains

3
Subdomains

4
IPs

3
Countries

207 kB
Transfer

199 kB
Size

1
Cookies

15 Outgoing links

These are links going to different origins than the main page.

URL: http://www.att.net/
Title: att.net

Search URL Search Domain Scan URL

URL: http://www.att.com/
Title: att.com

Search URL Search Domain Scan URL

URL: http://uverseonline.att.net/
Title: uverse.com

Search URL Search Domain Scan URL

URL: http://elportal.att.net/
Title: En Español

Search URL Search Domain Scan URL

URL: https://www.att.com/esupport/index.jsp?App_ID=PBY
Title: AT&T Support

Search URL Search Domain Scan URL

URL: https://www.att.com/esupport/article.html#!/wireless/KM1187387
Title: Learn about shared passwords for AT&T email and your AT&T Access ID

Search URL Search Domain Scan URL

URL: https://home.secureapp.att.net/attportal/s/context.dll?id=9002001&type=clickthru&name=cgate.Register.Pageviews.www-att-net&redirecturl=https://attreg.att.net/PortalRegWeb/PortalRegController?callingAppId=OP&returnUrl=

Search URL Search Domain Scan URL

URL: http://www.att.net/s/context.dll?id=1400&type=clickthru&name=global.footer.att.support&redirecturl=https://www.att.com/esupport/index.jsp?App_ID=PBY
Title: AT&T Support

Search URL Search Domain Scan URL

URL: http://www.att.net/s/context.dll?id=1400&type=clickthru&name=global.footer.att.adinfo&redirecturl=http://www.att.net/legal/advertising
Title: Advertise with Us

Search URL Search Domain Scan URL

URL: http://www.att.net/s/context.dll?id=1400&type=clickthru&name=global.footer.att.TOS&redirecturl=http://www.att.com/shop/internet/att-internet-terms-of-service.jsp
Title: Terms of Service

Search URL Search Domain Scan URL

URL: http://www.att.net/s/context.dll?id=1400&type=clickthru&name=global.footer.att.copyright&redirecturl=http://info.yahoo.com/copyright/details.html
Title: Copyright

Search URL Search Domain Scan URL

URL: http://www.att.net/s/context.dll?id=1400&type=clickthru&name=global.footer.att.privacy&redirecturl=http://att.yahoo.com/privacy
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: http://www.att.net/s/context.dll?id=1400&type=clickthru&name=global.footer.att.aboutourads&redirecturl=http://info.yahoo.com/privacy/us/yahoo/attandyahoo/adchoices.html
Title: About Our Ads

Search URL Search Domain Scan URL

URL: http://www.att.net/s/context.dll?id=1400&type=clickthru&name=global.footer.att.AUP&redirecturl=https://www.att.com/legal/terms.aup.html
Title: Acceptable Use Policy

Search URL Search Domain Scan URL

URL: http://www.att.net/s/context.dll?id=1400&type=clickthru&name=global.footer.att.IP&redirecturl=http://www.att.com/gen/privacy-policy?pid=2587
Title: © 2018 AT&T Intellectual Property

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

17 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request attiinnddeexx.php Show response
desentupidorasembrasilia.com.br/ss/at&t%20file/ 4 KB
4 KB 426ms
167ms Document
text/html 192.99.8.151
OVH

General

Check archive.org

Show headers Download Go to

Full URL: http://desentupidorasembrasilia.com.br/ss/at&t%20file/attiinnddeexx.php
Protocol: HTTP/1.1
Server: 192.99.8.151 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: puma.br-rgt.net
Software: Apache / PHP/5.6.40
Resource Hash: b91a7eb2681d41598967d967e404730ad045c48933b54a86d9a74335962017a8

Request headers

Host: desentupidorasembrasilia.com.br
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Tue, 28 May 2019 17:40:09 GMT
Server: Apache
X-Powered-By: PHP/5.6.40
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Keep-Alive: timeout=5, max=100
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK main.css
home.secureapp.att.net/css/sso/slid/1201/ 28 KB
29 KB 646ms
132ms Stylesheet
text/css 144.160.36.70
AT&T Services

General

Check archive.org

Show headers Download Go to

Full URL

https://home.secureapp.att.net/css/sso/slid/1201/main.css

Requested by

Host: desentupidorasembrasilia.com.br
URL: http://desentupidorasembrasilia.com.br/ss/at&t%20file/attiinnddeexx.php

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

144.160.36.70 , United States, ASN797 (AMERITECH-AS - AT&T Services, Inc., US),

Reverse DNS

Software

Resource Hash

dfa2be020e3374a4b1c871c88ada990120fb198d4e8ff685ad35cfae88ad3466

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors http://.att.com/ https://.att.com/ http://.att.com:/ https://.att.com:/
X-Frame-Options	ALLOW-FROM http://.att.com/ https://.att.com/ http://.att.com:/ https://.att.com:/
X-Xss-Protection	1; mode=block

Request headers

Referer: http://desentupidorasembrasilia.com.br/ss/at&t%20file/attiinnddeexx.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Tue, 28 May 2019 11:34:16 GMT
Last-Modified: Wed, 06 Jun 2018 16:59:50 GMT
Age: 21954
ETag: "bc1054-6fd5-56dfc18464d80"
X-Frame-Options: ALLOW-FROM http://*.att.com/ https://*.att.com/ http://*.att.com:*/ https://*.att.com:*/
Content-Type: text/css
Content-Security-Policy: frame-ancestors http://*.att.com/ https://*.att.com/ http://*.att.com:*/ https://*.att.com:*/
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 28629
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK jquery-1.5.1.min.js Show response
home.secureapp.att.net/js/jquery/ 83 KB
84 KB 653ms
134ms Script
application/x-javascript 144.160.36.70
AT&T Services

General

Check archive.org

Show headers Download Go to

Full URL

https://home.secureapp.att.net/js/jquery/jquery-1.5.1.min.js

Requested by

Host: desentupidorasembrasilia.com.br
URL: http://desentupidorasembrasilia.com.br/ss/at&t%20file/attiinnddeexx.php

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

144.160.36.70 , United States, ASN797 (AMERITECH-AS - AT&T Services, Inc., US),

Reverse DNS

Software

Resource Hash

764b9e9f3ad386aaa5cdeae9368353994de61c0bede087c8f7e3579cb443de3b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors http://.att.com/ https://.att.com/ http://.att.com:/ https://.att.com:/
X-Frame-Options	ALLOW-FROM http://.att.com/ https://.att.com/ http://.att.com:/ https://.att.com:/
X-Xss-Protection	1; mode=block

Request headers

Referer: http://desentupidorasembrasilia.com.br/ss/at&t%20file/attiinnddeexx.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 22 May 2019 08:42:08 GMT
Last-Modified: Wed, 06 Jun 2018 16:49:55 GMT
Age: 550682
ETag: "b007e2-14d0c-56dfbf4cf52c0"
X-Frame-Options: ALLOW-FROM http://*.att.com/ https://*.att.com/ http://*.att.com:*/ https://*.att.com:*/
Content-Type: application/x-javascript
Content-Security-Policy: frame-ancestors http://*.att.com/ https://*.att.com/ http://*.att.com:*/ https://*.att.com:*/
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 85260
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK jquery.simplemodal.js Show response
home.secureapp.att.net/js/jquery/simplemodal/ 9 KB
10 KB 655ms
136ms Script
application/x-javascript 144.160.36.70
AT&T Services

General

Check archive.org

Show headers Download Go to

Full URL

https://home.secureapp.att.net/js/jquery/simplemodal/jquery.simplemodal.js

Requested by

Host: desentupidorasembrasilia.com.br
URL: http://desentupidorasembrasilia.com.br/ss/at&t%20file/attiinnddeexx.php

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

144.160.36.70 , United States, ASN797 (AMERITECH-AS - AT&T Services, Inc., US),

Reverse DNS

Software

Resource Hash

70b5a6613f03d3c015d826185e39839e6dbc2d03871f151bafbed5cc58503f69

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors http://.att.com/ https://.att.com/ http://.att.com:/ https://.att.com:/
X-Frame-Options	ALLOW-FROM http://.att.com/ https://.att.com/ http://.att.com:/ https://.att.com:/
X-Xss-Protection	1; mode=block

Request headers

Referer: http://desentupidorasembrasilia.com.br/ss/at&t%20file/attiinnddeexx.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Tue, 28 May 2019 08:44:11 GMT
Last-Modified: Wed, 06 Jun 2018 16:50:06 GMT
Age: 32159
ETag: "b009b9-24fd-56dfbf5772b80"
X-Frame-Options: ALLOW-FROM http://*.att.com/ https://*.att.com/ http://*.att.com:*/ https://*.att.com:*/
Content-Type: application/x-javascript
Content-Security-Policy: frame-ancestors http://*.att.com/ https://*.att.com/ http://*.att.com:*/ https://*.att.com:*/
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 9469
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK script.js Show response
home.secureapp.att.net/js/sso/slid/1201/ 47 KB
48 KB 686ms
143ms Script
application/x-javascript 144.160.36.70
AT&T Services

General

Check archive.org

Show headers Download Go to

Full URL

https://home.secureapp.att.net/js/sso/slid/1201/script.js

Requested by

Host: desentupidorasembrasilia.com.br
URL: http://desentupidorasembrasilia.com.br/ss/at&t%20file/attiinnddeexx.php

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

144.160.36.70 , United States, ASN797 (AMERITECH-AS - AT&T Services, Inc., US),

Reverse DNS

Software

Resource Hash

db2a3260d580716fb8dae973b1b994f799f545d520b7a1636d473ecbdbdd2223

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors http://.att.com/ https://.att.com/ http://.att.com:/ https://.att.com:/
X-Frame-Options	ALLOW-FROM http://.att.com/ https://.att.com/ http://.att.com:/ https://.att.com:/
X-Xss-Protection	1; mode=block

Request headers

Referer: http://desentupidorasembrasilia.com.br/ss/at&t%20file/attiinnddeexx.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 22 May 2019 16:15:26 GMT
Last-Modified: Wed, 06 Jun 2018 16:50:27 GMT
Age: 523484
ETag: "bc10bc-bdff-56dfbf6b79ac0"
X-Frame-Options: ALLOW-FROM http://*.att.com/ https://*.att.com/ http://*.att.com:*/ https://*.att.com:*/
Content-Type: application/x-javascript
Content-Security-Policy: frame-ancestors http://*.att.com/ https://*.att.com/ http://*.att.com:*/ https://*.att.com:*/
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 48639
X-XSS-Protection: 1; mode=block

GET
H2 404 script.js
s.yimg.com/ik/ 0
0 80ms
21ms Script
text/html 2a00:1288:84:800::1002
YAHOO-AMA

General

Check archive.org

Show headers Download Go to

Full URL: https://s.yimg.com/ik/script.js
Requested by: Host: desentupidorasembrasilia.com.br
URL: http://desentupidorasembrasilia.com.br/ss/at&t%20file/attiinnddeexx.php
Protocol: H2
Security: TLS 1.3, , CHACHA20_POLY1305
Server: 2a00:1288:84:800::1002 , United Kingdom, ASN203219 (YAHOO-AMA, NL),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: http://desentupidorasembrasilia.com.br/ss/at&t%20file/attiinnddeexx.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

GET
H/1.1 200
OK mobile.css
home.secureapp.att.net/css/sso/slid/1201/ 4 KB
4 KB 688ms
144ms Stylesheet
text/css 144.160.36.70
AT&T Services

General

Check archive.org

Show headers Download Go to

Full URL

https://home.secureapp.att.net/css/sso/slid/1201/mobile.css

Requested by

Host: desentupidorasembrasilia.com.br
URL: http://desentupidorasembrasilia.com.br/ss/at&t%20file/attiinnddeexx.php

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

144.160.36.70 , United States, ASN797 (AMERITECH-AS - AT&T Services, Inc., US),

Reverse DNS

Software

Resource Hash

30a949cc26cd4f709fa897313f8d448b2cb724a40a170c4b8e8ce6b3aa890fd1

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors http://.att.com/ https://.att.com/ http://.att.com:/ https://.att.com:/
X-Frame-Options	ALLOW-FROM http://.att.com/ https://.att.com/ http://.att.com:/ https://.att.com:/
X-Xss-Protection	1; mode=block

Request headers

Referer: http://desentupidorasembrasilia.com.br/ss/at&t%20file/attiinnddeexx.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Tue, 28 May 2019 13:18:56 GMT
Last-Modified: Wed, 06 Jun 2018 16:59:52 GMT
Age: 15674
ETag: "b00a52-fa3-56dfc1864d200"
X-Frame-Options: ALLOW-FROM http://*.att.com/ https://*.att.com/ http://*.att.com:*/ https://*.att.com:*/
Content-Type: text/css
Content-Security-Policy: frame-ancestors http://*.att.com/ https://*.att.com/ http://*.att.com:*/ https://*.att.com:*/
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 4003
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK pageBg.png
home.secureapp.att.net/design/cdls10/img/ui/ 169 B
670 B 140ms
139ms Image
image/png 144.160.36.70
AT&T Services

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://home.secureapp.att.net/design/cdls10/img/ui/pageBg.png

Requested by

Host: desentupidorasembrasilia.com.br
URL: http://desentupidorasembrasilia.com.br/ss/at&t%20file/attiinnddeexx.php

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

144.160.36.70 , United States, ASN797 (AMERITECH-AS - AT&T Services, Inc., US),

Reverse DNS

Software

Resource Hash

c537cf7e2770d1b4953255dfccff8e0bdbfd4adb4e88d868e353208ae7ff13c1

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors http://.att.com/ https://.att.com/ http://.att.com:/ https://.att.com:/
X-Frame-Options	ALLOW-FROM http://.att.com/ https://.att.com/ http://.att.com:/ https://.att.com:/
X-Xss-Protection	1; mode=block

Request headers

Referer: https://home.secureapp.att.net/css/sso/slid/1201/main.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Tue, 28 May 2019 13:19:11 GMT
Last-Modified: Tue, 19 Mar 2019 02:26:29 GMT
Age: 15659
ETag: "b20a88-a9-584693b8bbf40"
X-Frame-Options: ALLOW-FROM http://*.att.com/ https://*.att.com/ http://*.att.com:*/ https://*.att.com:*/
Content-Type: image/png
Content-Security-Policy: frame-ancestors http://*.att.com/ https://*.att.com/ http://*.att.com:*/ https://*.att.com:*/
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 169
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK btnSumbit.png
home.secureapp.att.net/img/sso/slid/ 1 KB
2 KB 148ms
146ms Image
image/png 144.160.36.70
AT&T Services

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://home.secureapp.att.net/img/sso/slid/btnSumbit.png

Requested by

Host: desentupidorasembrasilia.com.br
URL: http://desentupidorasembrasilia.com.br/ss/at&t%20file/attiinnddeexx.php

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

144.160.36.70 , United States, ASN797 (AMERITECH-AS - AT&T Services, Inc., US),

Reverse DNS

Software

Resource Hash

27da51ec2023f96407f92161ddda0e290b0661a765822ff03e5d61f3aecf8aa0

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors http://.att.com/ https://.att.com/ http://.att.com:/ https://.att.com:/
X-Frame-Options	ALLOW-FROM http://.att.com/ https://.att.com/ http://.att.com:/ https://.att.com:/
X-Xss-Protection	1; mode=block

Request headers

Referer: https://home.secureapp.att.net/css/sso/slid/1201/main.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 23 May 2019 19:37:22 GMT
Last-Modified: Mon, 11 Mar 2019 18:27:40 GMT
Age: 424968
ETag: "b20b44-573-583d5ba465f00"
X-Frame-Options: ALLOW-FROM http://*.att.com/ https://*.att.com/ http://*.att.com:*/ https://*.att.com:*/
Content-Type: image/png
Content-Security-Policy: frame-ancestors http://*.att.com/ https://*.att.com/ http://*.att.com:*/ https://*.att.com:*/
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 1395
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK footerBg.png
home.secureapp.att.net/design/CDLS10/img/ui/ 560 B
1 KB 138ms
137ms Image
image/png 144.160.36.70
AT&T Services

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://home.secureapp.att.net/design/CDLS10/img/ui/footerBg.png

Requested by

Host: desentupidorasembrasilia.com.br
URL: http://desentupidorasembrasilia.com.br/ss/at&t%20file/attiinnddeexx.php

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

144.160.36.70 , United States, ASN797 (AMERITECH-AS - AT&T Services, Inc., US),

Reverse DNS

Software

Resource Hash

61e91515aaf72cba3014a136331a138eca6b27831c8f2e6b0c128825243f5263

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors http://.att.com/ https://.att.com/ http://.att.com:/ https://.att.com:/
X-Frame-Options	ALLOW-FROM http://.att.com/ https://.att.com/ http://.att.com:/ https://.att.com:/
X-Xss-Protection	1; mode=block

Request headers

Referer: https://home.secureapp.att.net/css/sso/slid/1201/main.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Tue, 28 May 2019 13:19:00 GMT
Last-Modified: Tue, 19 Mar 2019 01:02:12 GMT
Age: 15670
ETag: "c00a60-230-584680e200d00"
X-Frame-Options: ALLOW-FROM http://*.att.com/ https://*.att.com/ http://*.att.com:*/ https://*.att.com:*/
Content-Type: image/png
Content-Security-Policy: frame-ancestors http://*.att.com/ https://*.att.com/ http://*.att.com:*/ https://*.att.com:*/
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 560
X-XSS-Protection: 1; mode=block

GET
H2 404 script.js
s.yimg.com/ik/ 0
0 21ms
21ms Script
text/html 2a00:1288:84:800::1002
YAHOO-AMA

General

Check archive.org

Show headers Download Go to

Full URL: https://s.yimg.com/ik/script.js
Requested by: Host: desentupidorasembrasilia.com.br
URL: http://desentupidorasembrasilia.com.br/ss/at&t%20file/attiinnddeexx.php
Protocol: H2
Security: TLS 1.3, , CHACHA20_POLY1305
Server: 2a00:1288:84:800::1002 , United Kingdom, ASN203219 (YAHOO-AMA, NL),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: http://desentupidorasembrasilia.com.br/ss/at&t%20file/attiinnddeexx.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

GET
H/1.1 200
OK attGlobalNavHeader-bg.gif
home.secureapp.att.net/design/cdls20/img/ui/ 149 B
651 B 152ms
151ms Image
image/gif 144.160.36.70
AT&T Services

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://home.secureapp.att.net/design/cdls20/img/ui/attGlobalNavHeader-bg.gif

Requested by

Host: home.secureapp.att.net
URL: https://home.secureapp.att.net/js/jquery/jquery-1.5.1.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

144.160.36.70 , United States, ASN797 (AMERITECH-AS - AT&T Services, Inc., US),

Reverse DNS

Software

Resource Hash

9880eb5b6a6b1dec8f568c14a1a5be755c460d2ea2df66fa7b5e6b99227f7128

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors http://.att.com/ https://.att.com/ http://.att.com:/ https://.att.com:/
X-Frame-Options	ALLOW-FROM http://.att.com/ https://.att.com/ http://.att.com:/ https://.att.com:/
X-Xss-Protection	1; mode=block

Request headers

Referer: https://home.secureapp.att.net/css/sso/slid/1201/main.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Sun, 26 May 2019 12:40:01 GMT
Last-Modified: Tue, 19 Mar 2019 02:29:51 GMT
Age: 190809
ETag: "b20b1e-95-58469479605c0"
X-Frame-Options: ALLOW-FROM http://*.att.com/ https://*.att.com/ http://*.att.com:*/ https://*.att.com:*/
Content-Type: image/gif
Content-Security-Policy: frame-ancestors http://*.att.com/ https://*.att.com/ http://*.att.com:*/ https://*.att.com:*/
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 149
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK att_globe_blue_80x80.png
home.secureapp.att.net/design/CDLS10/img/logos/ 16 KB
17 KB 154ms
152ms Image
image/png 144.160.36.70
AT&T Services

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://home.secureapp.att.net/design/CDLS10/img/logos/att_globe_blue_80x80.png

Requested by

Host: home.secureapp.att.net
URL: https://home.secureapp.att.net/js/jquery/jquery-1.5.1.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

144.160.36.70 , United States, ASN797 (AMERITECH-AS - AT&T Services, Inc., US),

Reverse DNS

Software

Resource Hash

dfa35aa4643a991e1d2ec6e3562e1a0465174c7200a7572c92619904bb08530f

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors http://.att.com/ https://.att.com/ http://.att.com:/ https://.att.com:/
X-Frame-Options	ALLOW-FROM http://.att.com/ https://.att.com/ http://.att.com:/ https://.att.com:/
X-Xss-Protection	1; mode=block

Request headers

Referer: https://home.secureapp.att.net/css/sso/slid/1201/main.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Tue, 28 May 2019 11:34:39 GMT
Last-Modified: Mon, 11 Mar 2019 18:21:09 GMT
Age: 21932
ETag: "b20897-40c4-583d5a2f82f40"
X-Frame-Options: ALLOW-FROM http://*.att.com/ https://*.att.com/ http://*.att.com:*/ https://*.att.com:*/
Content-Type: image/png
Content-Security-Policy: frame-ancestors http://*.att.com/ https://*.att.com/ http://*.att.com:*/ https://*.att.com:*/
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 16580
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK support-icon.jpg
home.secureapp.att.net/img/sso/slid/ 2 KB
2 KB 189ms
187ms Image
image/jpeg 144.160.155.70
AT&T Services

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://home.secureapp.att.net/img/sso/slid/support-icon.jpg

Requested by

Host: home.secureapp.att.net
URL: https://home.secureapp.att.net/js/jquery/jquery-1.5.1.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

144.160.155.70 , United States, ASN797 (AMERITECH-AS - AT&T Services, Inc., US),

Reverse DNS

Software

unknown / unknown

Resource Hash

01a7e22fd83c617ff55898233518c54a9ecce7e0de3e8a63c4fa59315b029c6b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors http://.att.com/ https://.att.com/ http://.att.com:/ https://.att.com:/
X-Frame-Options	ALLOW-FROM http://.att.com/ https://.att.com/ http://.att.com:/ https://.att.com:/
X-Xss-Protection	1; mode=block

Request headers

Referer: https://home.secureapp.att.net/css/sso/slid/1201/main.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Tue, 28 May 2019 17:40:11 GMT
Last-Modified: Mon, 11 Mar 2019 18:27:44 GMT
Server: unknown
x-powered-by: unknown
ETag: "8e05dd-615-583d5ba836800"
X-Frame-Options: ALLOW-FROM http://*.att.com/ https://*.att.com/ http://*.att.com:*/ https://*.att.com:*/
Content-Type: image/jpeg
x-generator: unknown
Content-Security-Policy: frame-ancestors http://*.att.com/ https://*.att.com/ http://*.att.com:*/ https://*.att.com:*/
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 1557
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK txt-clear.png
home.secureapp.att.net/img/sso/slid/ 3 KB
4 KB 228ms
139ms Image
image/png 144.160.36.70
AT&T Services

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://home.secureapp.att.net/img/sso/slid/txt-clear.png

Requested by

Host: home.secureapp.att.net
URL: https://home.secureapp.att.net/js/jquery/jquery-1.5.1.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

144.160.36.70 , United States, ASN797 (AMERITECH-AS - AT&T Services, Inc., US),

Reverse DNS

Software

Resource Hash

fdee766a03e4032897a2cd75326c135d8e938592bfb00f12ed5b4eb223f54c3f

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors http://.att.com/ https://.att.com/ http://.att.com:/ https://.att.com:/
X-Frame-Options	ALLOW-FROM http://.att.com/ https://.att.com/ http://.att.com:/ https://.att.com:/
X-Xss-Protection	1; mode=block

Request headers

Referer: https://home.secureapp.att.net/css/sso/slid/1201/main.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Thu, 23 May 2019 19:37:22 GMT
Last-Modified: Mon, 11 Mar 2019 18:27:44 GMT
Age: 424969
ETag: "b210b2-cda-583d5ba836800"
X-Frame-Options: ALLOW-FROM http://*.att.com/ https://*.att.com/ http://*.att.com:*/ https://*.att.com:*/
Content-Type: image/png
Content-Security-Policy: frame-ancestors http://*.att.com/ https://*.att.com/ http://*.att.com:*/ https://*.att.com:*/
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 3290
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK ques.png
home.secureapp.att.net/img/sso/slid/ 363 B
865 B 229ms
137ms Image
image/png 144.160.36.70
AT&T Services

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://home.secureapp.att.net/img/sso/slid/ques.png

Requested by

Host: home.secureapp.att.net
URL: https://home.secureapp.att.net/js/sso/slid/1201/script.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

144.160.36.70 , United States, ASN797 (AMERITECH-AS - AT&T Services, Inc., US),

Reverse DNS

Software

Resource Hash

5fd69c4fa9f1a2a6fbdab11ff45053dbd08237e6190dfc9c071fadd08fe9b7d5

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors http://.att.com/ https://.att.com/ http://.att.com:/ https://.att.com:/
X-Frame-Options	ALLOW-FROM http://.att.com/ https://.att.com/ http://.att.com:/ https://.att.com:/
X-Xss-Protection	1; mode=block

Request headers

Referer: https://home.secureapp.att.net/css/sso/slid/1201/main.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Tue, 28 May 2019 11:35:05 GMT
Last-Modified: Mon, 11 Mar 2019 18:27:43 GMT
Age: 21906
ETag: "b20fad-16b-583d5ba7425c0"
X-Frame-Options: ALLOW-FROM http://*.att.com/ https://*.att.com/ http://*.att.com:*/ https://*.att.com:*/
Content-Type: image/png
Content-Security-Policy: frame-ancestors http://*.att.com/ https://*.att.com/ http://*.att.com:*/ https://*.att.com:*/
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 363
X-XSS-Protection: 1; mode=block

GET
H/1.1 404
Not Found context.dll
home.secureapp.att.net/attportal/s/ 0
0 158ms
157ms Image
text/html 144.160.36.70
AT&T Services

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://home.secureapp.att.net/attportal/s/context.dll?id=9002001&type=clickthru&name=cgate.signIn.Pageviews.www-att-net&redirecturl=/i/s.gif?nocache=6091
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 144.160.36.70 , United States, ASN797 (AMERITECH-AS - AT&T Services, Inc., US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://desentupidorasembrasilia.com.br/ss/at&t%20file/attiinnddeexx.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: AT&T (Telecommunication)

34 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			desentupidorasembrasilia.com.br/	1969-12-31 23:59:59	Name: IV_JCT Value: %2FcommonLogin

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

desentupidorasembrasilia.com.br
home.secureapp.att.net
s.yimg.com
144.160.155.70
144.160.36.70
192.99.8.151
2a00:1288:84:800::1002
01a7e22fd83c617ff55898233518c54a9ecce7e0de3e8a63c4fa59315b029c6b
27da51ec2023f96407f92161ddda0e290b0661a765822ff03e5d61f3aecf8aa0
30a949cc26cd4f709fa897313f8d448b2cb724a40a170c4b8e8ce6b3aa890fd1
5fd69c4fa9f1a2a6fbdab11ff45053dbd08237e6190dfc9c071fadd08fe9b7d5
61e91515aaf72cba3014a136331a138eca6b27831c8f2e6b0c128825243f5263
70b5a6613f03d3c015d826185e39839e6dbc2d03871f151bafbed5cc58503f69
764b9e9f3ad386aaa5cdeae9368353994de61c0bede087c8f7e3579cb443de3b
9880eb5b6a6b1dec8f568c14a1a5be755c460d2ea2df66fa7b5e6b99227f7128
b91a7eb2681d41598967d967e404730ad045c48933b54a86d9a74335962017a8
c537cf7e2770d1b4953255dfccff8e0bdbfd4adb4e88d868e353208ae7ff13c1
db2a3260d580716fb8dae973b1b994f799f545d520b7a1636d473ecbdbdd2223
dfa2be020e3374a4b1c871c88ada990120fb198d4e8ff685ad35cfae88ad3466
dfa35aa4643a991e1d2ec6e3562e1a0465174c7200a7572c92619904bb08530f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
fdee766a03e4032897a2cd75326c135d8e938592bfb00f12ed5b4eb223f54c3f

desentupidorasembrasilia.com.br Open in urlscan Pro 192.99.8.151 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

17 Requests

94 %HTTPS

25 %IPv6

3 Domains

3 Subdomains

4 IPs

3 Countries

207 kBTransfer

199 kBSize

1 Cookies

15 Outgoing links

Redirected requests

17 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

34 JavaScript Global Variables

1 Cookies

Indicators

desentupidorasembrasilia.com.br Open in urlscan Pro
192.99.8.151 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

17
Requests

94 %
HTTPS

25 %
IPv6

3
Domains

3
Subdomains

4
IPs

3
Countries

207 kB
Transfer

199 kB
Size

1
Cookies

17 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!