18upz.com
Open in
urlscan Pro
150.95.30.173
Malicious Activity!
Public Scan
Submitted URL: http://18upz.com/attRR
Effective URL: http://18upz.com/attRR/adfs/index.html
Submission: On April 21 via automatic, source phishtank
Effective URL: http://18upz.com/attRR/adfs/index.html
Submission: On April 21 via automatic, source phishtank
Summary
This website contacted 1 IPs
in 1 countries
across 1 domains to perform 18 HTTP transactions.
The main IP is 150.95.30.173, located in
Bangkok, Thailand and
belongs to GMO-Z-COM-TH GMO-Z com NetDesign Holdings Co., Ltd., SG.
The main domain is 18upz.com.
This is the only time 18upz.com was scanned on urlscan.io!
This is the only time 18upz.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: AT&T (Telecommunication)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 2 20 | 150.95.30.173 150.95.30.173 | 135161 (GMO-Z-COM...) (GMO-Z-COM-TH GMO-Z com NetDesign Holdings Co.) | |
| 18 | 1 |
20
150.95.30.173
(Bangkok, Thailand)
ASN135161 (GMO-Z-COM-TH GMO-Z com NetDesign Holdings Co., Ltd., SG)
PTR: v150-95-30-173.a005.g.bkk1.static.cnode.io
ASN135161 (GMO-Z-COM-TH GMO-Z com NetDesign Holdings Co., Ltd., SG)
PTR: v150-95-30-173.a005.g.bkk1.static.cnode.io
| 18upz.com |
| Domain | Requested by | |
|---|---|---|
| 20 | 18upz.com |
2 redirects
18upz.com
|
| 18 | 1 |
This site contains links to these domains. Also see Links.
| Domain |
|---|
| oidc.idp.elogin.att.com |
| Subject Issuer | Validity | Valid |
|---|
This page contains 1 frames:
Primary Page:
http://18upz.com/attRR/adfs/index.html
Frame ID: 2C7D06C669D392D8E1149354106E2821
Requests: 18 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://18upz.com/attRR
HTTP 301
http://18upz.com/attRR/ HTTP 302
http://18upz.com/attRR/adfs/index.html Page URL
Detected technologies
Nginx
(Web Servers)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- headers server /nginx(?:\/([\d.]+))?/i
jQuery
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- script /jquery[.-]([\d.]*\d)[^/]*\.js/i
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
3 Outgoing links
These are links going to different origins than the main page.
URL: https://oidc.idp.elogin.att.com///iamportal-prod/iampwdmgmt/home#/home
Title: Click Here
Title: Click Here
Search URL Search Domain Scan URL
URL: https://oidc.idp.elogin.att.com/usersvcs/accountmgt/acctmgtMenu/
Title: Forgot Password?
Title: Forgot Password?
Search URL Search Domain Scan URL
URL: https://oidc.idp.elogin.att.com/lrr/attLRR/LrrController?TAM_OP=token_login&USERNAME=unauthenticated&ERROR_CODE=0x00000000&ERROR_TEXT=HPDBA0521I%20%20%20Successful%20completion&METHOD=GET&URL=%2Fmga%2Fsps%2Foauth%2Foauth20%2Fauthorize%3Fnonce%3DY6mwo6Y7uV%26redirect_uri%3Dhttps%253A%252F%252Fwww.e-access.att.com%252Fisam%252Fsps%252Foidc%252Frp%252FATT-RP%252Fredirect%252FATT-Password%26response_mode%3Dform_post%26scope%3Dopenid%26Target%3Dhttps%253A%252F%252Fwww.e-access.att.com%252Fhronestop%252F%26response_type%3Did_token%26state%3DFWjRC3Q9TU%26client_id%3DPassword-ATT&HOSTNAME=oidc.idp.elogin.att.com&AUTHNLEVEL=&FAILREASON=&PROTOCOL=https&OLDSESSION=&EXPIRE_SECS=0
Title: Return to legacy Global Logon
Title: Return to legacy Global Logon
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://18upz.com/attRR
HTTP 301
http://18upz.com/attRR/ HTTP 302
http://18upz.com/attRR/adfs/index.html Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
18 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
Primary Request
index.html
18upz.com/attRR/adfs/ Redirect Chain
|
89 KB 15 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
main4b6d.css
18upz.com/attRR/adfs/resources/static/styles/ |
21 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
fonts4b6d.css
18upz.com/attRR/adfs/resources/static/styles/ |
820 B 536 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
jquery-1.12.4.min4b6d.js
18upz.com/attRR/adfs/resources/js/ |
95 KB 34 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
jquery.blockUI4b6d.js
18upz.com/attRR/adfs/resources/js/ |
19 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
mk4b6d.js
18upz.com/attRR/adfs/resources/js/ |
19 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
ua-parser4b6d.js
18upz.com/attRR/adfs/resources/js/ua-parser-js-master/src/ |
51 KB 12 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
json24b6d.js
18upz.com/attRR/adfs/resources/js/JSON-js-master/ |
18 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
script4b6d.js
18upz.com/attRR/adfs/resources/static/scripts/ |
45 KB 9 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
backEndFunctions4b6d.js
18upz.com/attRR/adfs/resources/static/scripts/ |
14 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
ie74b6d.js
18upz.com/attRR/adfs/resources/js/ |
9 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
att_logo_97x40.png
18upz.com/attRR/adfs/resources/images/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
GLO_Question_Icon.png
18upz.com/attRR/adfs/resources/images/ |
223 B 520 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
flat_down_icon_rgb_blu_modified_12x12.png
18upz.com/attRR/adfs/resources/images/ |
623 B 920 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
flat_faq-reverse_icon_rgb_blu_modified_18x18.png
18upz.com/attRR/adfs/resources/images/ |
1023 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
ATTAleckSans_W_Rg.woff
18upz.com/attRR/adfs/resources/static/fonts/WOFF/ |
22 KB 23 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
ATTAleckSans_W_Md.woff
18upz.com/attRR/adfs/resources/static/fonts/WOFF/ |
23 KB 24 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
flat_check_icon_rgb_wht_16x16.png
18upz.com/attRR/adfs/resources/images/ |
472 B 769 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: AT&T (Telecommunication)197 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate function| $ function| jQuery object| constants function| MobileKeyHandler function| MobileKeyVerifier function| UAParser boolean| g_MockMobile object| g_StateCookieHandler object| g_SessionCookieHandler function| changeVerificationForm function| mobileKeyChangeForm function| changeForm function| doChangeForm function| toggleBusinessDirectSettings function| hideQuestionSelector function| showQuestionSelector function| setMockMobile function| onMobile boolean| g_isMobileDevice function| isMobileDevice function| isDeskTop function| hardOrSoft function| toggleSelectDiv function| changeSecretQuestion function| generateSecretQuestions function| enableSubmit function| disableSubmit function| glopasswordButtonEnabler function| glopasswordButtonEnablerOnPaste function| glopasswordVerificationButtonEnabler function| glopasswordVerificationButtonEnablerOnPaste function| mobileKeyButtonEnabler function| mobileKeyButtonEnablerOnPaste function| mobileKeyMFAButtonEnabler function| mobileKeyMFAButtonEnablerOnPaste function| mtipsButtonEnabler function| mtipsButtonEnablerOnPaste function| mtipsMFAButtonEnabler function| mtipsMFAButtonEnablerOnPaste function| safenetButtonEnabler function| safenetButtonEnablerOnPaste function| safenetMFAButtonEnabler function| safenetMFAButtonEnablerOnPaste function| securIDsoftwareTokenButtonEnabler function| securIDsoftwareTokenButtonEnablerOnPaste function| securIDhardwareTokenButtonEnabler function| securIDhardwareTokenButtonEnablerOnPaste function| securIDMFAsoftwareTokenButtonEnabler function| securIDMFAsoftwareTokenOnPaste function| securIDMFAhardwareTokenButtonEnabler function| securIDMFAhardwareTokenButtonEnablerOnPaste function| secondaryAuthButtonEnabler function| secondaryAuthButtonEnablerOnPaste function| mobileCancelFrontEnd function| mobileTimeOutFrontEnd function| mobileDeniedFrontEnd function| mobileErrorFrontEnd function| sendPushFrontEnd function| hideDropdown function| showDropdown function| doMobileKeyOnclick function| doMobileKeyPassCodeOnclick function| doPasswordOnclick function| doWindowsOnclick function| setPageUsedCookie function| setCSPEnvURL function| setStateCookie function| setPageReqCookie function| getWinAuthAlways function| getHardTokenPin function| getSoftOrHardToken function| getUserId function| chkRememberMe function| doSafenetOnClick function| doMtipsOnclick function| doSecuridSoftTokenOnClick function| doSecuridHardTokenOnClick function| doSecondaryAuthFormOnClick function| setCookie function| deleteCookie function| enableRememeberMe function| getCookie function| translateToSpanish function| translateToEnglish function| removeError_script function| setBackgroundToDevRed function| changeUserId function| toggleCheckBoxClass function| toggleRememberMe function| toggleBDUserId function| updateRememberMe function| setRememberMe function| toggleMobileKeyPasscode function| StateCookieHandler function| SessionCookieHandler function| switchTokenStepEnabled function| setBDUserId function| sendBDUserId function| displayError function| displayInfo function| loginError function| pushDeniedError function| passwordExpirationInfo function| removeError function| displaySecondaryAuth function| enableBusinessDirect function| displayCricketLogo function| displayATTLogo function| mobileCancel function| mobileTimeOut function| mobileDenied function| mobileResend function| setSuccessName function| setMobileKeyUID function| enableDevStyling function| updateInnerHTML function| displayBanner function| displayPresetBannerMessage function| displayInfoSection function| displayInfoSectionMessage function| changeMobileKeySubmitValue function| getUserIdText function| changeLanguage function| switchLanguage function| setLanguageDisplayText object| g_validLanguages object| g_javascriptMessages function| initLanguage function| initJavascriptMessages function| setLink function| displayMFA function| hasClass function| addClass function| removeClass function| IeVersion object| IE boolean| g_isIECompatablityMode function| getFaqLink string| strReqLnkCookieForWinAuth string| strWinAuthURL function| isInputNumber string| strWinAuthErrorNoError string| strWinAuthErrorOccured string| strWinAuthErrorCancelled string| strWinAuthErrorWindowsAuthFailed string| strWinAuthErrorInvalidDomain string| strWinAuthErrorCantFindATTUID string| strWinAuthErrorIDNotInCSP string| strWinAuthErrorInvalidCSPDomain string| strWinAuthErrorPwdExpired string| strWinAuthErrorBlockedAutoAuth string| strWinAuthErrorCantAutoAuth string| strMobileKeyErrorHlte26NotFound string| strMobileKeyErrorRememberMeNotFound string| strMobileKeyErrorExcessiveFailures string| strMobileKeyErrorLoginWithAnotherMethod string| strMobileKeyErrorNoDevicesRegistered string| strMobileKeyErrorUnableToInitiate string| strMobileKeyErrorNoSessionId string| strMobileKeyErrorStatusDenied string| strMobileKeyErrorInvalidAction string| strMobileKeyErrorInvalidValues string| strTokenOnly string| strLogonOption string| strRememberMe string| strUserId string| strPwdPlusStepEnabled string| SQ1 string| SQ2 string| strTokenStepEnabled string| strWinAuthAlwaysEnabled string| strShowBd string| strShowBanner string| strExternalRequest string| strShowCricket string| strHideATT string| strAttOnly string| statusCookieName string| hlte26CookieName boolean| strMobileKeyEnabled boolean| strMobileKeyPasscodeEnabled object| javascriptMessages string| bannerMessage undefined| d undefined| expires undefined| selectobject undefined| hlte26Value undefined| secretQuestionsArr object| g_MobileKeyHandler function| initMobileKeyHandler function| jspSendPush function| jspCancelMobileKey function| verifyMKUser function| getErrorMessage function| doGlobalLoginPasswordOnclick0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
| Header | Value |
|---|---|
| X-Content-Type-Options | nosniff |
| X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
18upz.com
150.95.30.173
07b3a3d0f02092988f8b70fa51992fa109b23bbc82638fc857dee5ee0e3ad5dc
0e1a5ab44e620c7a5412e625a748636ade95ad9345392aa621b048375d87b241
0ff42599ca3f4d81ba97a622cac5035262cf3af9db0a04d37bf541b2969b2f8d
287e57ae4b394a4912f51899e4537fb4a9c3a9f307ad0e1f539f8aeb46bdb042
3571629e1a1388a9d16740f2f50a5ef540ded04d6930db9bc97f67a1b4fd9321
3d8b2a38b0f975d28c48d85c6a1fe494c0dff18054814ef24be879ce998d5114
45d927a482326cc94769d1295e7dbc7a40ce62c9c68897c2f51eb9a9ecfbf985
46ae8c20ff718133d1b34e09314a6636df03de7a39e84a459ee38bb06c05e885
4a6500fffb1823beca8bd2c203014d05111e97a82dbbb8516a642abb03bf7bf2
5e4b3f7da07ff693285db4cecbb566d82a665853f97f01d83a20d6ab9b840cb7
5f43c44a03507663f45f0275597874d6ed132cf38a09775d997ba3669f64edb4
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404
6cc43eb82e2962dc58fe514b01377194e65f0b735a36d2b6647cd4923f8cb6b0
820dd504313cbb867c7aa8a53349c99dc994f544580de0b1372012838b634f94
a106b0f8926e51c250f5055831c1673f12020d3fa1bfcfa4bb14f614dcd31a17
c9c46bcfe2b827be80003c1a393900040ae01a6cf996ac007e3b95cef554460a
cc7ddc2da053a7b922bc0da7023f734bb80d6e00b87926715206d530664bc415
d0c4812c9f1b672a7ea3420b10ea389cabb4b50694418965003250c876a2b13b