EN ES PT

Phishing Analysis

Detailed analysis of captured phishing page

Back to Stats

Captura Visual

Screenshot of att-bonus.com.mx

Información de Detección

https://att-bonus.com.mx/?t=vLBfip1qdWbeqgFh
Detected Brand
AT&T
Country
International
Confianza
100%
HTTP Status
200
Report ID
3690fdb0-1d2…
Analyzed
2026-02-22 12:26
Final URL (after redirects)
https://att-bonus.com.mx/splash

Hashes de Contenido (Similitud HTML)

Used to detect similar phishing pages based on HTML content

Algorithm Hash Value
CONTENT TLSH
T12141CEB10204641B1BC3AAD085C77F4B95F3ECEBE2992CE856E941AC4ED0BB5E4D07E5
CONTENT ssdeep
48:H5GSxAcTNmTNMTNmTNMwGDPG37jG3GAOARAWG+OAkVwKyZ6IGmOoGIT30kUexCj:Z+kDu37SWAZRAX+ZkVwKyZOmNGIjAexI

Hashes Visuales (Similitud de Captura)

Used to detect visually similar phishing pages based on screenshots

Algorithm Hash Value
VISUAL pHash
e63366336699cc32
VISUAL aHash
e7e7e7e7e7e7e7e7
VISUAL dHash
4d4d4d4d4d4d4d4d
VISUAL wHash
c3c3c3c3c3c3c3c3
VISUAL colorHash
060000000b8
VISUAL cropResistant
0202020202020202,a0a0a0a0a0a0a0a0,a2147061066905a4

Análisis de Código

Risk Score 100/100
Nivel de Amenaza ALTO
⚠️ Phishing Confirmed
🎣 Credential Harvester 🎣 OTP Stealer 🎣 Banking 🎣 Personal Info

🔬 Threat Analysis Report

• Amenaza: Phishing
• Objetivo: Clientes de AT&T
• Método: Suplantación de identidad a través de un sitio web similar.
• Exfil: Desconocido, probablemente robo de credenciales y posibles datos personales.
• Indicadores: Discordancia del dominio, uso de la marca AT&T, ofuscación.
• Riesgo: ALTO

🔒 Obfuscation Detected

  • atob
  • fromCharCode
  • base64_strings

📡 API Calls Detected

  • https://tu.att.com.mx/recarga
  • https://www.google.com/ccm/geo
  • GET

📊 Desglose de Puntuación de Riesgo

Total Risk Score
90/100

Contributing Factors

Domain mismatch
The domain does not belong to AT&T.
Obfuscation Detected
Obfuscated code is a common technique used by attackers to hide malicious code from detection.
Impersonation
The website attempts to impersonate AT&T.

🔬 Análisis Integral de Amenazas

Tipo de Amenaza
Banking Credential Harvester
Objetivo
AT&T users (International)
Método de Ataque
Brand impersonation + credential harvesting forms + obfuscated JavaScript
Canal de Exfiltración
Form submission (backend endpoint not detected - likely JavaScript-based)
Evaluación de Riesgo
CRITICAL - Automated credential harvesting with Form submission (backend endpoint not detected - likely JavaScript-based)

⚠️ Indicators of Compromise

  • Kit types: Credential Harvester, OTP Stealer, Banking, Personal Info
  • 32 obfuscation techniques

🏢 Análisis de Suplantación de Marca

Impersonated Brand
AT&T
Official Website
att.com
Fake Service
AT&T Bonus campaign

⚔️ Metodología de Ataque

Primary Method: Credential Harvesting

The attacker likely uses a fake login page to trick users into entering their AT&T credentials, possibly including a PIN or verification codes. This information is then used to gain access to the user's AT&T account.

🌐 Indicadores de Compromiso de Infraestructura

Domain Information

Dominio
att-bonus.com.mx
Registered
2022-09-02
Registrar
Unknown
Estado
active

🤖 AI-Extracted Threat Intelligence

Similar Websites

Pages with identical visual appearance (based on perceptual hash)

Screenshot
AT&T
https://att-bonus.com.mx/?t=AkGLfgPpeumGwDo5
Mar 20, 2026
 Screenshot
AT&T
https://att-bonus.com.mx/?t=vlbfip1qdwbeqgfh
Feb 24, 2026
 Screenshot
AT&T
https://att-bonus.com.mx/?t=dfLdG0vYPOP9CRN8
Feb 07, 2026
 Screenshot
AT&T
https://att-bonus.com.mx/?t=Yuzz0uOu5bdPsCzE
Ene 19, 2026
 Screenshot
AT&T
https://att-bonus.com.mx/?t=tjrky2y2dtesg8ab
Ene 04, 2026

Scan History for att-bonus.com.mx

Found 10 other scans for this domain

😰
"Nunca pensé que me pasaría a mí"
Esto dicen las 2.3 millones de víctimas cada año. No esperes a ser una estadística.