Source: http://attlevvbest.weeblysite.com/ |
SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social usering |
Source: https://attlevvbest.weeblysite.com/ |
LLM: Score: 9 Reasons: The legitimate domain for AT&T is att.com., The provided URL (attlevvbest.weeblysite.com) does not match the legitimate domain., The URL contains 'weeblysite.com', which is a free website hosting service and not associated with AT&T., The subdomain 'attlevvbest' is suspicious and does not align with AT&T's branding., Phishing sites often use free hosting services and include legitimate brand names in subdomains to deceive users. DOM: 0.1.pages.csv |
Source: https://attlevvbest.weeblysite.com/ |
LLM: Score: 9 Reasons: The brand AT&T is a well-known telecommunications company., The legitimate domain for AT&T is att.com., The provided URL (attlevvbest.weeblysite.com) does not match the legitimate domain., The URL contains suspicious elements such as 'weeblysite.com', which is a free website builder and not associated with AT&T., The subdomain 'attlevvbest' is unusual and not related to the legitimate AT&T domain., The presence of input fields for email address and password is common in phishing attempts to steal credentials. DOM: 0.2.pages.csv |
Source: Yara match |
File source: 0.1.pages.csv, type: HTML |
Source: Yara match |
File source: 0.2.pages.csv, type: HTML |
Source: Yara match |
File source: 0.0.pages.csv, type: HTML |
Source: Yara match |
File source: dropped/chromecache_552, type: DROPPED |
Source: https://signin.att.com/dynamic/iamLRR/LrrController?IAM_OP=login&appName=m40842&loginSuccessURL=https:%2F%2Foidc.idp.clogin.att.com%2Fmga%2Fsps%2Foauth%2Foauth20%2Fauthorize%3Fnonce%3DpsdLn2Vp3K%26SPRelayState%3Dhttps%25253A%25252F%25252Fcurrently.att.yahoo.com%25252F%26redirect_uri%3Dhttps%253A%252F%252Fatt-yahoo.att.net%252Fisam%252Fsps%252Foidc%252Frp%252FATT-HBO-RP%252Fredirect%252FYahoo%26response_mode%3Dform_post%26scope%3Dopenid%26response_type%3Did_token%26state%3DfSVaCvrJlK%26ForceAuthn%3Dtrue%26client_id%3Dm40842 |
HTTP Parser: Iframe src: https://cdn.quantummetric.com/helpers/blank |
Source: https://signin.att.com/dynamic/iamLRR/LrrController?IAM_OP=login&appName=m40842&loginSuccessURL=https:%2F%2Foidc.idp.clogin.att.com%2Fmga%2Fsps%2Foauth%2Foauth20%2Fauthorize%3Fnonce%3DpsdLn2Vp3K%26SPRelayState%3Dhttps%25253A%25252F%25252Fcurrently.att.yahoo.com%25252F%26redirect_uri%3Dhttps%253A%252F%252Fatt-yahoo.att.net%252Fisam%252Fsps%252Foidc%252Frp%252FATT-HBO-RP%252Fredirect%252FYahoo%26response_mode%3Dform_post%26scope%3Dopenid%26response_type%3Did_token%26state%3DfSVaCvrJlK%26ForceAuthn%3Dtrue%26client_id%3Dm40842 |
HTTP Parser: Number of links: 0 |
Source: https://app.squareup.com/signup?app=weebly&return_to=https%3A%2F%2Fwww.weebly.com%2Fapp%2Ffront-door%2Flogin%2Fsquare%3Fsso_intent%3Dsignup&v=weebly-sso&weebly_sso_enabled=true |
HTTP Parser: Number of links: 0 |
Source: https://app.squareup.com/signup?app=weebly&return_to=https%3A%2F%2Fwww.weebly.com%2Fapp%2Ffront-door%2Flogin%2Fsquare%3Fsso_intent%3Dsignup&v=weebly-sso&weebly_sso_enabled=true |
HTTP Parser: <input type="password" .../> found but no <form action="... |
Source: https://attlevvbest.weeblysite.com/ |
HTTP Parser: Total embedded SVG size: 159517 |
Source: https://attlevvbest.weeblysite.com/ |
HTTP Parser: Base64 decoded: <svg xmlns="http://www.w3.org/2000/svg" viewBox="-1 -1 2 2"><circle r="1"/></svg> |
Source: https://signin.att.com/dynamic/iamLRR/LrrController?IAM_OP=login&appName=m40842&loginSuccessURL=https:%2F%2Foidc.idp.clogin.att.com%2Fmga%2Fsps%2Foauth%2Foauth20%2Fauthorize%3Fnonce%3DpsdLn2Vp3K%26SPRelayState%3Dhttps%25253A%25252F%25252Fcurrently.att.yahoo.com%25252F%26redirect_uri%3Dhttps%253A%252F%252Fatt-yahoo.att.net%252Fisam%252Fsps%252Foidc%252Frp%252FATT-HBO-RP%252Fredirect%252FYahoo%26response_mode%3Dform_post%26scope%3Dopenid%26response_type%3Did_token%26state%3DfSVaCvrJlK%26ForceAuthn%3Dtrue%26client_id%3Dm40842 |
HTTP Parser: Title: Login Screen does not match URL |
Source: https://app.squareup.com/signup?app=weebly&return_to=https%3A%2F%2Fwww.weebly.com%2Fapp%2Ffront-door%2Flogin%2Fsquare%3Fsso_intent%3Dsignup&v=weebly-sso&weebly_sso_enabled=true |
HTTP Parser: <input type="password" .../> found |
Source: https://currently.att.yahoo.com/ |
HTTP Parser: No favicon |
Source: https://currently.att.yahoo.com/ |
HTTP Parser: No favicon |
Source: https://currently.att.yahoo.com/ |
HTTP Parser: No favicon |
Source: https://currently.att.yahoo.com/ |
HTTP Parser: No favicon |
Source: https://currently.att.yahoo.com/ |
HTTP Parser: No favicon |
Source: https://currently.att.yahoo.com/ |
HTTP Parser: No favicon |
Source: https://www.att.com/partners/currently/email-sign-up/?source=EnEmail2020000BDL&wtExtndSource=topnav |
HTTP Parser: No favicon |
Source: https://www.att.com/partners/currently/email-sign-up/?source=EnEmail2020000BDL&wtExtndSource=topnav |
HTTP Parser: No favicon |
Source: https://www.att.com/partners/currently/email-sign-up/?source=EnEmail2020000BDL&wtExtndSource=topnav |
HTTP Parser: No favicon |
Source: https://www.att.com/partners/currently/email-sign-up/?source=EnEmail2020000BDL&wtExtndSource=topnav |
HTTP Parser: No favicon |
Source: https://www.att.com/partners/currently/email-sign-up/?source=EnEmail2020000BDL&wtExtndSource=topnav |
HTTP Parser: No favicon |
Source: https://www.att.com/partners/currently/email-sign-up/?source=EnEmail2020000BDL&wtExtndSource=topnav |
HTTP Parser: No favicon |
Source: https://www.att.com/partners/currently/email-sign-up/?source=EnEmail2020000BDL&wtExtndSource=topnav |
HTTP Parser: No favicon |
Source: https://www.att.com/partners/currently/email-sign-up/?source=EnEmail2020000BDL&wtExtndSource=topnav |
HTTP Parser: No favicon |
Source: https://www.att.com/partners/currently/email-sign-up/?source=EnEmail2020000BDL&wtExtndSource=topnav |
HTTP Parser: No favicon |
Source: https://www.att.com/partners/currently/email-sign-up/?source=EnEmail2020000BDL&wtExtndSource=topnav |
HTTP Parser: No favicon |
Source: https://www.att.com/partners/currently/email-sign-up/?source=EnEmail2020000BDL&wtExtndSource=topnav |
HTTP Parser: No favicon |
Source: https://www.att.com/partners/currently/email-sign-up/?source=EnEmail2020000BDL&wtExtndSource=topnav |
HTTP Parser: No favicon |
Source: https://www.att.com/partners/currently/email-sign-up/?source=EnEmail2020000BDL&wtExtndSource=topnav |
HTTP Parser: No favicon |
Source: https://www.att.com/partners/currently/email-sign-up/?source=EnEmail2020000BDL&wtExtndSource=topnav |
HTTP Parser: No favicon |
Source: https://www.weebly.com/?utm_source=internal&utm_medium=footer&utm_campaign=7 |
HTTP Parser: No favicon |
Source: https://www.weebly.com/?utm_source=internal&utm_medium=footer&utm_campaign=7 |
HTTP Parser: No favicon |
Source: https://www.weebly.com/?utm_source=internal&utm_medium=footer&utm_campaign=7 |
HTTP Parser: No favicon |
Source: https://www.weebly.com/?utm_source=internal&utm_medium=footer&utm_campaign=7 |
HTTP Parser: No favicon |
Source: https://www.weebly.com/?utm_source=internal&utm_medium=footer&utm_campaign=7 |
HTTP Parser: No favicon |
Source: https://www.weebly.com/?utm_source=internal&utm_medium=footer&utm_campaign=7 |
HTTP Parser: No favicon |
Source: https://www.weebly.com/?utm_source=internal&utm_medium=footer&utm_campaign=7 |
HTTP Parser: No favicon |
Source: https://www.weebly.com/?utm_source=internal&utm_medium=footer&utm_campaign=7 |
HTTP Parser: No favicon |
Source: https://attlevvbest.weeblysite.com/ |
HTTP Parser: No <meta name="author".. found |
Source: https://signin.att.com/dynamic/iamLRR/LrrController?IAM_OP=login&appName=m40842&loginSuccessURL=https:%2F%2Foidc.idp.clogin.att.com%2Fmga%2Fsps%2Foauth%2Foauth20%2Fauthorize%3Fnonce%3DpsdLn2Vp3K%26SPRelayState%3Dhttps%25253A%25252F%25252Fcurrently.att.yahoo.com%25252F%26redirect_uri%3Dhttps%253A%252F%252Fatt-yahoo.att.net%252Fisam%252Fsps%252Foidc%252Frp%252FATT-HBO-RP%252Fredirect%252FYahoo%26response_mode%3Dform_post%26scope%3Dopenid%26response_type%3Did_token%26state%3DfSVaCvrJlK%26ForceAuthn%3Dtrue%26client_id%3Dm40842 |
HTTP Parser: No <meta name="author".. found |
Source: https://signin.att.com/dynamic/iamLRR/LrrController?IAM_OP=login&appName=m40842&loginSuccessURL=https:%2F%2Foidc.idp.clogin.att.com%2Fmga%2Fsps%2Foauth%2Foauth20%2Fauthorize%3Fnonce%3DpsdLn2Vp3K%26SPRelayState%3Dhttps%25253A%25252F%25252Fcurrently.att.yahoo.com%25252F%26redirect_uri%3Dhttps%253A%252F%252Fatt-yahoo.att.net%252Fisam%252Fsps%252Foidc%252Frp%252FATT-HBO-RP%252Fredirect%252FYahoo%26response_mode%3Dform_post%26scope%3Dopenid%26response_type%3Did_token%26state%3DfSVaCvrJlK%26ForceAuthn%3Dtrue%26client_id%3Dm40842 |
HTTP Parser: No <meta name="author".. found |
Source: https://signin.att.com/dynamic/iamLRR/LrrController?IAM_OP=login&appName=m40842&loginSuccessURL=https:%2F%2Foidc.idp.clogin.att.com%2Fmga%2Fsps%2Foauth%2Foauth20%2Fauthorize%3Fnonce%3DpsdLn2Vp3K%26SPRelayState%3Dhttps%25253A%25252F%25252Fcurrently.att.yahoo.com%25252F%26redirect_uri%3Dhttps%253A%252F%252Fatt-yahoo.att.net%252Fisam%252Fsps%252Foidc%252Frp%252FATT-HBO-RP%252Fredirect%252FYahoo%26response_mode%3Dform_post%26scope%3Dopenid%26response_type%3Did_token%26state%3DfSVaCvrJlK%26ForceAuthn%3Dtrue%26client_id%3Dm40842 |
HTTP Parser: No <meta name="author".. found |
Source: https://signin.att.com/dynamic/iamLRR/LrrController?IAM_OP=login&appName=m40842&loginSuccessURL=https:%2F%2Foidc.idp.clogin.att.com%2Fmga%2Fsps%2Foauth%2Foauth20%2Fauthorize%3Fnonce%3DpsdLn2Vp3K%26SPRelayState%3Dhttps%25253A%25252F%25252Fcurrently.att.yahoo.com%25252F%26redirect_uri%3Dhttps%253A%252F%252Fatt-yahoo.att.net%252Fisam%252Fsps%252Foidc%252Frp%252FATT-HBO-RP%252Fredirect%252FYahoo%26response_mode%3Dform_post%26scope%3Dopenid%26response_type%3Did_token%26state%3DfSVaCvrJlK%26ForceAuthn%3Dtrue%26client_id%3Dm40842 |
HTTP Parser: No <meta name="author".. found |
Source: https://signin.att.com/dynamic/iamLRR/LrrController?IAM_OP=login&appName=m40842&loginSuccessURL=https:%2F%2Foidc.idp.clogin.att.com%2Fmga%2Fsps%2Foauth%2Foauth20%2Fauthorize%3Fnonce%3DpsdLn2Vp3K%26SPRelayState%3Dhttps%25253A%25252F%25252Fcurrently.att.yahoo.com%25252F%26redirect_uri%3Dhttps%253A%252F%252Fatt-yahoo.att.net%252Fisam%252Fsps%252Foidc%252Frp%252FATT-HBO-RP%252Fredirect%252FYahoo%26response_mode%3Dform_post%26scope%3Dopenid%26response_type%3Did_token%26state%3DfSVaCvrJlK%26ForceAuthn%3Dtrue%26client_id%3Dm40842 |
HTTP Parser: No <meta name="author".. found |
Source: https://app.squareup.com/signup?app=weebly&return_to=https%3A%2F%2Fwww.weebly.com%2Fapp%2Ffront-door%2Flogin%2Fsquare%3Fsso_intent%3Dsignup&v=weebly-sso&weebly_sso_enabled=true |
HTTP Parser: No <meta name="author".. found |
Source: https://attlevvbest.weeblysite.com/ |
HTTP Parser: No <meta name="copyright".. found |
Source: https://signin.att.com/dynamic/iamLRR/LrrController?IAM_OP=login&appName=m40842&loginSuccessURL=https:%2F%2Foidc.idp.clogin.att.com%2Fmga%2Fsps%2Foauth%2Foauth20%2Fauthorize%3Fnonce%3DpsdLn2Vp3K%26SPRelayState%3Dhttps%25253A%25252F%25252Fcurrently.att.yahoo.com%25252F%26redirect_uri%3Dhttps%253A%252F%252Fatt-yahoo.att.net%252Fisam%252Fsps%252Foidc%252Frp%252FATT-HBO-RP%252Fredirect%252FYahoo%26response_mode%3Dform_post%26scope%3Dopenid%26response_type%3Did_token%26state%3DfSVaCvrJlK%26ForceAuthn%3Dtrue%26client_id%3Dm40842 |
HTTP Parser: No <meta name="copyright".. found |
Source: https://signin.att.com/dynamic/iamLRR/LrrController?IAM_OP=login&appName=m40842&loginSuccessURL=https:%2F%2Foidc.idp.clogin.att.com%2Fmga%2Fsps%2Foauth%2Foauth20%2Fauthorize%3Fnonce%3DpsdLn2Vp3K%26SPRelayState%3Dhttps%25253A%25252F%25252Fcurrently.att.yahoo.com%25252F%26redirect_uri%3Dhttps%253A%252F%252Fatt-yahoo.att.net%252Fisam%252Fsps%252Foidc%252Frp%252FATT-HBO-RP%252Fredirect%252FYahoo%26response_mode%3Dform_post%26scope%3Dopenid%26response_type%3Did_token%26state%3DfSVaCvrJlK%26ForceAuthn%3Dtrue%26client_id%3Dm40842 |
HTTP Parser: No <meta name="copyright".. found |
Source: https://signin.att.com/dynamic/iamLRR/LrrController?IAM_OP=login&appName=m40842&loginSuccessURL=https:%2F%2Foidc.idp.clogin.att.com%2Fmga%2Fsps%2Foauth%2Foauth20%2Fauthorize%3Fnonce%3DpsdLn2Vp3K%26SPRelayState%3Dhttps%25253A%25252F%25252Fcurrently.att.yahoo.com%25252F%26redirect_uri%3Dhttps%253A%252F%252Fatt-yahoo.att.net%252Fisam%252Fsps%252Foidc%252Frp%252FATT-HBO-RP%252Fredirect%252FYahoo%26response_mode%3Dform_post%26scope%3Dopenid%26response_type%3Did_token%26state%3DfSVaCvrJlK%26ForceAuthn%3Dtrue%26client_id%3Dm40842 |
HTTP Parser: No <meta name="copyright".. found |
Source: https://signin.att.com/dynamic/iamLRR/LrrController?IAM_OP=login&appName=m40842&loginSuccessURL=https:%2F%2Foidc.idp.clogin.att.com%2Fmga%2Fsps%2Foauth%2Foauth20%2Fauthorize%3Fnonce%3DpsdLn2Vp3K%26SPRelayState%3Dhttps%25253A%25252F%25252Fcurrently.att.yahoo.com%25252F%26redirect_uri%3Dhttps%253A%252F%252Fatt-yahoo.att.net%252Fisam%252Fsps%252Foidc%252Frp%252FATT-HBO-RP%252Fredirect%252FYahoo%26response_mode%3Dform_post%26scope%3Dopenid%26response_type%3Did_token%26state%3DfSVaCvrJlK%26ForceAuthn%3Dtrue%26client_id%3Dm40842 |
HTTP Parser: No <meta name="copyright".. found |
Source: https://signin.att.com/dynamic/iamLRR/LrrController?IAM_OP=login&appName=m40842&loginSuccessURL=https:%2F%2Foidc.idp.clogin.att.com%2Fmga%2Fsps%2Foauth%2Foauth20%2Fauthorize%3Fnonce%3DpsdLn2Vp3K%26SPRelayState%3Dhttps%25253A%25252F%25252Fcurrently.att.yahoo.com%25252F%26redirect_uri%3Dhttps%253A%252F%252Fatt-yahoo.att.net%252Fisam%252Fsps%252Foidc%252Frp%252FATT-HBO-RP%252Fredirect%252FYahoo%26response_mode%3Dform_post%26scope%3Dopenid%26response_type%3Did_token%26state%3DfSVaCvrJlK%26ForceAuthn%3Dtrue%26client_id%3Dm40842 |
HTTP Parser: No <meta name="copyright".. found |
Source: https://app.squareup.com/signup?app=weebly&return_to=https%3A%2F%2Fwww.weebly.com%2Fapp%2Ffront-door%2Flogin%2Fsquare%3Fsso_intent%3Dsignup&v=weebly-sso&weebly_sso_enabled=true |
HTTP Parser: No <meta name="copyright".. found |
Source: chromecache_546.2.dr |
String found in binary or memory: <a id="facebook-social-link-footer" rel="noopener" class="social__item" href="https://www.facebook.com/weebly" target="_blank"> equals www.facebook.com (Facebook) |
Source: chromecache_546.2.dr |
String found in binary or memory: <a id="youtube-social-link-footer" rel="noopener" class="social__item" href="https://www.youtube.com/user/weebly" target="_blank"> equals www.youtube.com (Youtube) |
Source: chromecache_546.2.dr |
String found in binary or memory: "https://www.facebook.com/weebly", equals www.facebook.com (Facebook) |
Source: chromecache_546.2.dr |
String found in binary or memory: "https://www.linkedin.com/company/weebly", equals www.linkedin.com (Linkedin) |
Source: chromecache_546.2.dr |
String found in binary or memory: "https://www.twitter.com/weebly", equals www.twitter.com (Twitter) |
Source: chromecache_546.2.dr |
String found in binary or memory: "https://www.youtube.com/user/weebly", equals www.youtube.com (Youtube) |
Source: chromecache_900.2.dr, chromecache_650.2.dr |
String found in binary or memory: return b}bD.D="internal.enableAutoEventOnTimer";var xc=ca(["data-gtm-yt-inspected-"]),cD=["www.youtube.com","www.youtube-nocookie.com"],dD,eD=!1; equals www.youtube.com (Youtube) |
Source: chromecache_459.2.dr, chromecache_1146.2.dr |
String found in binary or memory: Card from Citi"}],"sectionListClass":"no-bullet"}},"column3":{"columnSection2":{"sectionLinks":[{"desktopLink":"https://currently.att.yahoo.com/?source=En0025675T000000L&wtExtndSource=att_homepage_currently","linkTarget":"_blank","_type":"footerLinkFields","label":"Currently.com"},{"iconClass":"icon-bubble-speech","desktopLink":"https://techbuzz.att.com","linkTarget":"_self","_type":"footerLinkFields","label":"TechBuzz blog"},{"_type":"footerLinkFields","label":"Feedback","desktopLink":"https://secure.opinionlab.com/ccc01/o.asp?id=fXJtjaWr","linkTarget":"_self"},{"label":"FREE AT&T Email with 1TB storage","desktopLink":"https://www.att.com/partners/currently/email-sign-up/?source=EnEmail2020000BDL&wtExtndSource=myattglobalfooter","linkTarget":"_self","_type":"footerLinkFields"}],"sectionListClass":"no-bullet"},"columnSection1":{"sectionLinks":[{"linkTarget":"_blank","_type":"footerLinkFields","label":"Follow us on Facebook","iconClass":"icon-social-facebookL","desktopLink":"https://www.facebook.com/ATT","svgPath":"M15 0C6.7 0 0 6.7 0 15s6.7 15 15 15 15-6.7 15-15c-.1-8.3-6.8-15-15-15zm0 29C7.3 29 1 22.7 1 15S7.3 1 15 1s14 6.3 14 14-6.3 14-14 14z M15.9 10.9c0-.6.3-.7.6-.7h1.6V7.8h-2.2c-1.6-.1-2.9 1.1-3 2.7v2h-1.5V15h1.5v7.2h3V15h2l.2-2.5h-2.2v-1.6z","svgFill":"#1d2329"},{"label":"Follow us on Twitter","iconClass":"icon-social-twitterL","desktopLink":"https://twitter.com/att","svgPath":"M0 15C0 6.7 6.7 0 15 0c8.2 0 14.9 6.7 15 15 0 8.3-6.7 15-15 15S0 23.3 0 15Zm1 0c0 7.7 6.3 14 14 14s14-6.3 14-14S22.7 1 15 1 1 7.3 1 15Zm20.193-5.827h-2.147l-3.537 4.043-3.059-4.043H8.02l5.293 6.92-5.016 5.734h2.148l3.871-4.424 3.384 4.424h4.32l-5.517-7.294 4.69-5.36Zm-1.71 11.37h-1.19L10.527 10.39h1.277l7.678 10.152Z","svgFill":"#1d2329","linkTarget":"_blank","_type":"footerLinkFields"},{"iconClass":"icon-social-instagramL","desktopLink":"https://www.instagram.com/att/","svgPath":"M15 0C6.7 0 0 6.7 0 15s6.7 15 15 15 15-6.7 15-15c-.1-8.3-6.8-15-15-15zm0 29C7.3 29 1 22.7 1 15S7.2.9 15 .9s14 6.3 14 14C29 22.7 22.7 29 15 29zm0-19.8h2.8c.4 0 .9.1 1.3.2.6.2 1.1.7 1.3 1.3.2.4.2.9.2 1.3v5.6c0 .4-.1.9-.2 1.3-.2.6-.7 1.1-1.3 1.3-.4.2-.9.2-1.3.2h-5.6c-.4 0-.9-.1-1.3-.2-.6-.2-1.1-.7-1.3-1.3-.2-.4-.2-.9-.2-1.3v-2.8V12c0-.4.1-.9.2-1.3.2-.6.7-1.1 1.3-1.3.4-.2.9-.2 1.3-.2H15m0-1.3h-2.9c-.6 0-1.2.1-1.7.3-.9.4-1.7 1.1-2.1 2.1-.1.6-.3 1.2-.3 1.8v5.8c0 .6.1 1.2.3 1.7.4.9 1.1 1.7 2.1 2.1.5.2 1.1.3 1.7.3h5.8c.6 0 1.2-.1 1.7-.3.9-.4 1.7-1.1 2.1-2.1. |