www-loginprodx-att.com Open in urlscan Pro
194.61.24.196 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://bit.ly/2Mt6urV
Effective URL:
https://www-loginprodx-att.com/mail/a/mail/sbcglobal/index.php?id=hansen_erika@sbcglobal.net
Submission: On August 28 via manual (August 28th 2019, 8:59:14 pm UTC) from US

Summary HTTP 14 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 2 countries across 3 domains to perform 14 HTTP transactions. The main IP is 194.61.24.196, located in Netherlands and belongs to ERAHOST-AS, NL. The main domain is www-loginprodx-att.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on August 28th 2019. Valid for: 3 months.

This is the only time www-loginprodx-att.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: AT&T (Telecommunication)

Domain & IP information

	IP Address	AS Autonomous System
1 1	67.199.248.11 67.199.248.11	395224 (BITLY-AS) (BITLY-AS - Bitly Inc)
2 16	194.61.24.196 194.61.24.196	38994 (ERAHOST-AS) (ERAHOST-AS)
14	1

1 67.199.248.11 (United States) 1 redirects

ASN395224 (BITLY-AS - Bitly Inc, US)
PTR: bit.ly

bit.ly	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 194.61.24.196 (Netherlands) 2 redirects

ASN38994 (ERAHOST-AS, NL)

cg6ymarb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www-loginprodx-att.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
14	www-loginprodx-att.com www-loginprodx-att.com	27 KB
2	cg6ymarb.com 2 redirects cg6ymarb.com	570 B
1	bit.ly 1 redirects bit.ly	390 B
14	3

	Domain	Requested by
14	www-loginprodx-att.com	www-loginprodx-att.com
2	cg6ymarb.com	2 redirects
1	bit.ly	1 redirects
14	3

This site contains no links.

Subject Issuer	Validity	Valid
www-loginprodx-att.com Let's Encrypt Authority X3	`2019-08-28` - `2019-11-26`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://www-loginprodx-att.com/mail/a/mail/sbcglobal/index.php?id=hansen_erika@sbcglobal.net
Frame ID: 6DA07FEC80EB7D8E4D4C6316149A0422
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://bit.ly/2Mt6urV HTTP 301
http://cg6ymarb.com/mail/a/in/index.php?id=hansen_erika@sbcglobal.net HTTP 302
http://cg6ymarb.com/mail/a/mail/i.php?id=hansen_erika@sbcglobal.net HTTP 302
https://www-loginprodx-att.com/mail/a/mail/sbcglobal/index.php?id=hansen_erika@sbcglobal.net Page URL

Detected technologies

Debian (Operating Systems) Expand

Overall confidence: 100%
Detected patterns

headers server /Debian/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i

Page Statistics

14
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

1
IPs

2
Countries

27 kB
Transfer

55 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://bit.ly/2Mt6urV HTTP 301
http://cg6ymarb.com/mail/a/in/index.php?id=hansen_erika@sbcglobal.net HTTP 302
http://cg6ymarb.com/mail/a/mail/i.php?id=hansen_erika@sbcglobal.net HTTP 302
https://www-loginprodx-att.com/mail/a/mail/sbcglobal/index.php?id=hansen_erika@sbcglobal.net Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

14 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request index.php Show response www-loginprodx-att.com/mail/a/mail/sbcglobal/ Redirect Chain http://bit.ly/2Mt6urV http://cg6ymarb.com/mail/a/in/index.php?id=hansen_erika@sbcglobal.net http://cg6ymarb.com/mail/a/mail/i.php?id=hansen_erika@sbcglobal.net https://www-loginprodx-att.com/mail/a/mail/sbcglobal/index.php?id=hansen_erika@sbcglobal.net	10 KB 3 KB	239ms 69ms	Document text/html	194.61.24.196 ERAHOST-AS
General Check archive.org Show headers Download Go to Full URL https://www-loginprodx-att.com/mail/a/mail/sbcglobal/index.php?id=hansen_erika@sbcglobal.net Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 194.61.24.196 , Netherlands, ASN38994 (ERAHOST-AS, NL), Reverse DNS Software Apache/2.4.25 (Debian) / Resource Hash `800ae5031022afc3e45624634782b281648cc496a8508ffb42bd8e97f5f6cfb3` Request headers Host www-loginprodx-att.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3 Sec-Fetch-Site none Accept-Encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Wed, 28 Aug 2019 20:58:58 GMT Server Apache/2.4.25 (Debian) Vary Accept-Encoding Content-Encoding gzip Content-Length 3182 Keep-Alive timeout=5, max=100 Connection Keep-Alive Content-Type text/html; charset=UTF-8 Redirect headers Date Wed, 28 Aug 2019 20:58:58 GMT Server Apache/2.4.25 (Debian) Location https://www-loginprodx-att.com/mail/a/mail/sbcglobal/index.php?id=hansen_erika@sbcglobal.net Content-Length 0 Keep-Alive timeout=5, max=99 Connection Keep-Alive Content-Type text/html; charset=UTF-8
GET H/1.1	200 OK	_fontface.css www-loginprodx-att.com/mail/a/mail/sbcglobal/files/	0 279 B	69ms 66ms	Stylesheet text/css	194.61.24.196 ERAHOST-AS
General Check archive.org Show headers Download Go to Full URL https://www-loginprodx-att.com/mail/a/mail/sbcglobal/files/_fontface.css Requested by Host: www-loginprodx-att.com URL: https://www-loginprodx-att.com/mail/a/mail/sbcglobal/index.php?id=hansen_erika@sbcglobal.net Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 194.61.24.196 , Netherlands, ASN38994 (ERAHOST-AS, NL), Reverse DNS Software Apache/2.4.25 (Debian) / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Sec-Fetch-Mode no-cors Referer https://www-loginprodx-att.com/mail/a/mail/sbcglobal/index.php?id=hansen_erika@sbcglobal.net User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Wed, 28 Aug 2019 20:58:58 GMT Last-Modified Wed, 28 Aug 2019 13:19:33 GMT Server Apache/2.4.25 (Debian) ETag "0-5912d3d6e3f7f" Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 0
GET H/1.1	200 OK	main.css www-loginprodx-att.com/mail/a/mail/sbcglobal/files/	28 KB 6 KB	140ms 68ms	Stylesheet text/css	194.61.24.196 ERAHOST-AS
General Check archive.org Show headers Download Go to Full URL https://www-loginprodx-att.com/mail/a/mail/sbcglobal/files/main.css Requested by Host: www-loginprodx-att.com URL: https://www-loginprodx-att.com/mail/a/mail/sbcglobal/index.php?id=hansen_erika@sbcglobal.net Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 194.61.24.196 , Netherlands, ASN38994 (ERAHOST-AS, NL), Reverse DNS Software Apache/2.4.25 (Debian) / Resource Hash `51526425f58f13797fb6885eececd674152a66149db68e04174afc72d84e74a1` Request headers Sec-Fetch-Mode no-cors Referer https://www-loginprodx-att.com/mail/a/mail/sbcglobal/index.php?id=hansen_erika@sbcglobal.net User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Wed, 28 Aug 2019 20:58:58 GMT Content-Encoding gzip Last-Modified Wed, 28 Aug 2019 13:19:29 GMT Server Apache/2.4.25 (Debian) ETag "6e79-5912d3d3210ea-gzip" Vary Accept-Encoding Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 5724
GET H/1.1	200 OK	Button.png www-loginprodx-att.com/mail/a/mail/sbcglobal/files/	2 KB 3 KB	199ms 66ms	Image image/png	194.61.24.196 ERAHOST-AS
General Check archive.org Show headers Download Go to Show image Full URL https://www-loginprodx-att.com/mail/a/mail/sbcglobal/files/Button.png Requested by Host: www-loginprodx-att.com URL: https://www-loginprodx-att.com/mail/a/mail/sbcglobal/index.php?id=hansen_erika@sbcglobal.net Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 194.61.24.196 , Netherlands, ASN38994 (ERAHOST-AS, NL), Reverse DNS Software Apache/2.4.25 (Debian) / Resource Hash `8e6ec1efd720fba57823309829b05bb57ebb5716c813c88b3c88cf36ab9aa5e9` Request headers Sec-Fetch-Mode no-cors Referer https://www-loginprodx-att.com/mail/a/mail/sbcglobal/index.php?id=hansen_erika@sbcglobal.net User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Wed, 28 Aug 2019 20:58:58 GMT Last-Modified Wed, 28 Aug 2019 13:19:29 GMT Server Apache/2.4.25 (Debian) ETag "9a2-5912d3d324f6b" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 2466
GET H/1.1	200 OK	AT&T_logo.png www-loginprodx-att.com/mail/a/mail/sbcglobal/files/	3 KB 4 KB	199ms 67ms	Image image/png	194.61.24.196 ERAHOST-AS
General Check archive.org Show headers Download Go to Show image Full URL https://www-loginprodx-att.com/mail/a/mail/sbcglobal/files/AT&T_logo.png Requested by Host: www-loginprodx-att.com URL: https://www-loginprodx-att.com/mail/a/mail/sbcglobal/index.php?id=hansen_erika@sbcglobal.net Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 194.61.24.196 , Netherlands, ASN38994 (ERAHOST-AS, NL), Reverse DNS Software Apache/2.4.25 (Debian) / Resource Hash `a8c89bb3937cdc4a70b3568eae5a390d918433be78f89deba07846932ae7c695` Request headers Sec-Fetch-Mode no-cors Referer https://www-loginprodx-att.com/mail/a/mail/sbcglobal/index.php?id=hansen_erika@sbcglobal.net User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Wed, 28 Aug 2019 20:58:58 GMT Last-Modified Wed, 28 Aug 2019 13:19:28 GMT Server Apache/2.4.25 (Debian) ETag "d37-5912d3d201f11" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 3383
GET H/1.1	200 OK	mobile.css www-loginprodx-att.com/mail/a/mail/sbcglobal/files/	4 KB 2 KB	201ms 67ms	Stylesheet text/css	194.61.24.196 ERAHOST-AS
General Check archive.org Show headers Download Go to Full URL https://www-loginprodx-att.com/mail/a/mail/sbcglobal/files/mobile.css Requested by Host: www-loginprodx-att.com URL: https://www-loginprodx-att.com/mail/a/mail/sbcglobal/index.php?id=hansen_erika@sbcglobal.net Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 194.61.24.196 , Netherlands, ASN38994 (ERAHOST-AS, NL), Reverse DNS Software Apache/2.4.25 (Debian) / Resource Hash `30a949cc26cd4f709fa897313f8d448b2cb724a40a170c4b8e8ce6b3aa890fd1` Request headers Sec-Fetch-Mode no-cors Referer https://www-loginprodx-att.com/mail/a/mail/sbcglobal/index.php?id=hansen_erika@sbcglobal.net User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Wed, 28 Aug 2019 20:58:58 GMT Content-Encoding gzip Last-Modified Wed, 28 Aug 2019 13:19:26 GMT Server Apache/2.4.25 (Debian) ETag "fa3-5912d3cfc2bbf-gzip" Vary Accept-Encoding Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 1312
GET H/1.1	200 OK	attGlobalNavHeader-bg.gif www-loginprodx-att.com/mail/a/mail/sbcglobal/files/	149 B 432 B	66ms 66ms	Image image/gif	194.61.24.196 ERAHOST-AS
General Check archive.org Show headers Download Go to Show image Full URL https://www-loginprodx-att.com/mail/a/mail/sbcglobal/files/attGlobalNavHeader-bg.gif Requested by Host: www-loginprodx-att.com URL: https://www-loginprodx-att.com/mail/a/mail/sbcglobal/index.php?id=hansen_erika@sbcglobal.net Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 194.61.24.196 , Netherlands, ASN38994 (ERAHOST-AS, NL), Reverse DNS Software Apache/2.4.25 (Debian) / Resource Hash `9880eb5b6a6b1dec8f568c14a1a5be755c460d2ea2df66fa7b5e6b99227f7128` Request headers Sec-Fetch-Mode no-cors Referer https://www-loginprodx-att.com/mail/a/mail/sbcglobal/files/main.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Wed, 28 Aug 2019 20:58:58 GMT Last-Modified Wed, 28 Aug 2019 13:19:31 GMT Server Apache/2.4.25 (Debian) ETag "95-5912d3d5102f6" Content-Type image/gif Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=97 Content-Length 149
GET H/1.1	404 Not Found	att_globe_blue_80x80.png www-loginprodx-att.com/design/CDLS10/img/logos/	335 B 335 B	67ms 67ms	Image text/html	194.61.24.196 ERAHOST-AS
General Check archive.org Show headers Download Go to Show image Full URL https://www-loginprodx-att.com/design/CDLS10/img/logos/att_globe_blue_80x80.png Requested by Host: www-loginprodx-att.com URL: https://www-loginprodx-att.com/mail/a/mail/sbcglobal/index.php?id=hansen_erika@sbcglobal.net Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 194.61.24.196 , Netherlands, ASN38994 (ERAHOST-AS, NL), Reverse DNS Software Apache/2.4.25 (Debian) / Resource Hash `0063790e61a9b1999c524036f37298a7520ccd3556495967d7869f6778037f2a` Request headers Sec-Fetch-Mode no-cors Referer https://www-loginprodx-att.com/mail/a/mail/sbcglobal/files/main.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Wed, 28 Aug 2019 20:58:58 GMT Server Apache/2.4.25 (Debian) Connection Keep-Alive Keep-Alive timeout=5, max=100 Content-Length 335 Content-Type text/html; charset=iso-8859-1
GET H/1.1	200 OK	support-icon.jpg www-loginprodx-att.com/mail/a/mail/sbcglobal/files/	2 KB 2 KB	195ms 66ms	Image image/jpeg	194.61.24.196 ERAHOST-AS
General Check archive.org Show headers Download Go to Show image Full URL https://www-loginprodx-att.com/mail/a/mail/sbcglobal/files/support-icon.jpg Requested by Host: www-loginprodx-att.com URL: https://www-loginprodx-att.com/mail/a/mail/sbcglobal/index.php?id=hansen_erika@sbcglobal.net Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 194.61.24.196 , Netherlands, ASN38994 (ERAHOST-AS, NL), Reverse DNS Software Apache/2.4.25 (Debian) / Resource Hash `01a7e22fd83c617ff55898233518c54a9ecce7e0de3e8a63c4fa59315b029c6b` Request headers Sec-Fetch-Mode no-cors Referer https://www-loginprodx-att.com/mail/a/mail/sbcglobal/files/main.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Wed, 28 Aug 2019 20:58:58 GMT Last-Modified Wed, 28 Aug 2019 13:19:27 GMT Server Apache/2.4.25 (Debian) ETag "615-5912d3d08aef0" Content-Type image/jpeg Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 1557
GET H/1.1	200 OK	pageBg.png www-loginprodx-att.com/mail/a/mail/sbcglobal/files/	169 B 452 B	111ms 65ms	Image image/png	194.61.24.196 ERAHOST-AS
General Check archive.org Show headers Download Go to Show image Full URL https://www-loginprodx-att.com/mail/a/mail/sbcglobal/files/pageBg.png Requested by Host: www-loginprodx-att.com URL: https://www-loginprodx-att.com/mail/a/mail/sbcglobal/index.php?id=hansen_erika@sbcglobal.net Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 194.61.24.196 , Netherlands, ASN38994 (ERAHOST-AS, NL), Reverse DNS Software Apache/2.4.25 (Debian) / Resource Hash `c537cf7e2770d1b4953255dfccff8e0bdbfd4adb4e88d868e353208ae7ff13c1` Request headers Sec-Fetch-Mode no-cors Referer https://www-loginprodx-att.com/mail/a/mail/sbcglobal/files/main.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Wed, 28 Aug 2019 20:58:58 GMT Last-Modified Wed, 28 Aug 2019 13:19:33 GMT Server Apache/2.4.25 (Debian) ETag "a9-5912d3d652752" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 169
GET H/1.1	200 OK	txt-clear.png www-loginprodx-att.com/mail/a/mail/sbcglobal/files/	3 KB 3 KB	117ms 66ms	Image image/png	194.61.24.196 ERAHOST-AS
General Check archive.org Show headers Download Go to Show image Full URL https://www-loginprodx-att.com/mail/a/mail/sbcglobal/files/txt-clear.png Requested by Host: www-loginprodx-att.com URL: https://www-loginprodx-att.com/mail/a/mail/sbcglobal/index.php?id=hansen_erika@sbcglobal.net Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 194.61.24.196 , Netherlands, ASN38994 (ERAHOST-AS, NL), Reverse DNS Software Apache/2.4.25 (Debian) / Resource Hash `fdee766a03e4032897a2cd75326c135d8e938592bfb00f12ed5b4eb223f54c3f` Request headers Sec-Fetch-Mode no-cors Referer https://www-loginprodx-att.com/mail/a/mail/sbcglobal/files/main.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Wed, 28 Aug 2019 20:58:58 GMT Last-Modified Wed, 28 Aug 2019 13:19:33 GMT Server Apache/2.4.25 (Debian) ETag "cda-5912d3d714cc3" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=96 Content-Length 3290
GET H/1.1	404 Not Found	ques.png www-loginprodx-att.com/mail/a/mail/sbcglobal/files/	323 B 323 B	118ms 66ms	Image text/html	194.61.24.196 ERAHOST-AS
General Check archive.org Show headers Download Go to Show image Full URL https://www-loginprodx-att.com/mail/a/mail/sbcglobal/files/ques.png Requested by Host: www-loginprodx-att.com URL: https://www-loginprodx-att.com/mail/a/mail/sbcglobal/index.php?id=hansen_erika@sbcglobal.net Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 194.61.24.196 , Netherlands, ASN38994 (ERAHOST-AS, NL), Reverse DNS Software Apache/2.4.25 (Debian) / Resource Hash `23e80bca95de6a965c1e11608166704ab9a4ef2dc784a539f9932d9dd3fa554c` Request headers Sec-Fetch-Mode no-cors Referer https://www-loginprodx-att.com/mail/a/mail/sbcglobal/files/main.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Wed, 28 Aug 2019 20:58:58 GMT Server Apache/2.4.25 (Debian) Connection Keep-Alive Keep-Alive timeout=5, max=99 Content-Length 323 Content-Type text/html; charset=iso-8859-1
GET H/1.1	200 OK	btnSumbit.png www-loginprodx-att.com/mail/a/mail/sbcglobal/files/	1 KB 2 KB	112ms 66ms	Image image/png	194.61.24.196 ERAHOST-AS
General Check archive.org Show headers Download Go to Show image Full URL https://www-loginprodx-att.com/mail/a/mail/sbcglobal/files/btnSumbit.png Requested by Host: www-loginprodx-att.com URL: https://www-loginprodx-att.com/mail/a/mail/sbcglobal/index.php?id=hansen_erika@sbcglobal.net Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 194.61.24.196 , Netherlands, ASN38994 (ERAHOST-AS, NL), Reverse DNS Software Apache/2.4.25 (Debian) / Resource Hash `27da51ec2023f96407f92161ddda0e290b0661a765822ff03e5d61f3aecf8aa0` Request headers Sec-Fetch-Mode no-cors Referer https://www-loginprodx-att.com/mail/a/mail/sbcglobal/files/main.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Wed, 28 Aug 2019 20:58:58 GMT Last-Modified Wed, 28 Aug 2019 13:19:34 GMT Server Apache/2.4.25 (Debian) ETag "573-5912d3d7dcff5" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 1395
GET H/1.1	200 OK	footerBg.png www-loginprodx-att.com/mail/a/mail/sbcglobal/files/	560 B 844 B	110ms 66ms	Image image/png	194.61.24.196 ERAHOST-AS
General Check archive.org Show headers Download Go to Show image Full URL https://www-loginprodx-att.com/mail/a/mail/sbcglobal/files/footerBg.png Requested by Host: www-loginprodx-att.com URL: https://www-loginprodx-att.com/mail/a/mail/sbcglobal/index.php?id=hansen_erika@sbcglobal.net Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 194.61.24.196 , Netherlands, ASN38994 (ERAHOST-AS, NL), Reverse DNS Software Apache/2.4.25 (Debian) / Resource Hash `61e91515aaf72cba3014a136331a138eca6b27831c8f2e6b0c128825243f5263` Request headers Sec-Fetch-Mode no-cors Referer https://www-loginprodx-att.com/mail/a/mail/sbcglobal/files/main.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Wed, 28 Aug 2019 20:58:58 GMT Last-Modified Wed, 28 Aug 2019 13:19:32 GMT Server Apache/2.4.25 (Debian) ETag "230-5912d3d573cbf" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 560

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: AT&T (Telecommunication)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bit.ly
cg6ymarb.com
www-loginprodx-att.com
194.61.24.196
67.199.248.11
0063790e61a9b1999c524036f37298a7520ccd3556495967d7869f6778037f2a
01a7e22fd83c617ff55898233518c54a9ecce7e0de3e8a63c4fa59315b029c6b
23e80bca95de6a965c1e11608166704ab9a4ef2dc784a539f9932d9dd3fa554c
27da51ec2023f96407f92161ddda0e290b0661a765822ff03e5d61f3aecf8aa0
30a949cc26cd4f709fa897313f8d448b2cb724a40a170c4b8e8ce6b3aa890fd1
51526425f58f13797fb6885eececd674152a66149db68e04174afc72d84e74a1
61e91515aaf72cba3014a136331a138eca6b27831c8f2e6b0c128825243f5263
800ae5031022afc3e45624634782b281648cc496a8508ffb42bd8e97f5f6cfb3
8e6ec1efd720fba57823309829b05bb57ebb5716c813c88b3c88cf36ab9aa5e9
9880eb5b6a6b1dec8f568c14a1a5be755c460d2ea2df66fa7b5e6b99227f7128
a8c89bb3937cdc4a70b3568eae5a390d918433be78f89deba07846932ae7c695
c537cf7e2770d1b4953255dfccff8e0bdbfd4adb4e88d868e353208ae7ff13c1
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
fdee766a03e4032897a2cd75326c135d8e938592bfb00f12ed5b4eb223f54c3f

www-loginprodx-att.com Open in urlscan Pro 194.61.24.196 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

14 Requests

100 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

1 IPs

2 Countries

27 kBTransfer

55 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

0 Cookies

Indicators

www-loginprodx-att.com Open in urlscan Pro
194.61.24.196 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

14
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

1
IPs

2
Countries

27 kB
Transfer

55 kB
Size

0
Cookies

14 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!