ScanMalware.com

Security Scan Report: att-prod-forms.ksacms.com

Site favicon
Submitted: Oct 9, 2025, 2:36:30 PMCompleted: Oct 9, 2025, 2:37:08 PMpubliccompleted
Loading additional data...

Summary

This website contacted 6 IPs in 1 country across 2 domains to perform 158 HTTP transactions. The main domain is att-prod-forms.ksacms.com and was registered NaN years ago.

Submitted URL: https://att-prod-forms.ksacms.com/efiling/fr/eform/telecomdatasettlement_claimform/new?form-version=1&fr-wizard-page=section-1

The Cisco Umbrella rank of the primary domain is #208,965 of the top 1 million websites

AI Security Verdict

High Risk

Confidence: 80%

6
Risk Score

High risk phishing site impersonating AT&T

Risk Factors
Brand impersonation on a low‑ranking domain
Credential‑harvesting login form without password field
Domain does not match the displayed brand (AT&T)
Low Cisco Umbrella ranking for a site claiming a major brand
Domain age information unavailable

Details

Page Title

AT&T Data Incident Settlement Claim Form

Scan Type

public

Language

🇺🇸

English

(80% confidence)

Category

finance banking

(39%)

Domain Information

The domain name 'att-prod-forms.ksacms.com' uses the commercial generic top-level domain (.com) and includes subdomain 'att-prod-forms'. The registrable portion 'ksacms' spans 6 characters containing 1 vowel alongside five consonants. Breaking it apart gives two words: ksa, cms. Median word length comes out to three characters. The linguistic tilt is Vietnamese for 'aksa'. Secondary signals appear in Tagalog and Malay.

Screenshot

Security scan screenshot of https://att-prod-forms.ksacms.com/efiling/fr/eform/telecomdatasettlement_claimform/new?form-version=1&fr-wizard-page=section-1

Page Load Overview

21.19s
Total Load Time
158
HTTP Requests
2
Domains
11 KB
Total Size

Language Analysis

Primary Language

🇺🇸English
Code: en
Confidence:80%
Script:Latin
Direction:ltr

Detection Details

Language Code:en
Detection Confidence:80%
Script Type:Latin
HTML Lang Attribute:en
Text Length:2,259 chars
Detector Agreement:100%

Website Classification

Primary Category

finance banking39% confidence
Type: spa
Method: ml+structural

All Detected Categories

finance banking
39%
documentation technical
39%
real estate property
36%
technology software
33%
government public service
32%

Detected Features

No structural features detected

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
28172.64.151.43United States
AS13335CLOUDFLARENET
26162.247.243.39United States
AS54113FASTLY
26104.18.36.213United States
AS13335CLOUDFLARENET
262a06:98c1:3105::ac40:972bUnited StatesUnknown
262a06:98c1:310b::6812:24d5United StatesUnknown
262602:816:5001::39United StatesUnknown
1586--

Detected Technologies7

JQueryv3.6.1
100%
Cloudflare Bot Management
55%
HSTS
40%
Cloudflare
40%
YUI
20%
TinyMCE
20%
Select2
20%

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T1A48313230C1925B6D19F4DC9F1EB7F81B1F6414DCA906890B2AC759F1FEADD4380BA62

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

1536:cir9utaGj3ZsefH7vXSElSVr5L2jOE3oTzz/h4Ya84eY695xQ/+ep6QOkI8Ssynv:1r9yra

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:83943:uwWmBKHUBgEEIYam4MDphBIgBgFPAA4TFsMAWByCgEAE+JDRBigQA2IWDPEhgQnpkFwyCCQI7hcKDBkCuQ0KMAAMLcDD80kl

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:00ffeffbffffffff
Perceptual Hash:f938325c6c6d7252
Difference Hash:b6180c0202000000
Wavelet Hash:0083030300000000
Color Hash:#4ed22d

Other Hashes

Crop Resistant:3e080a0200020000,8000919040b630b6

Scan History

Scan history not available

Unable to load historical scan data