urlscan.io logo urlscan.io
SecurityTrails logo

pub-46b789e61d3349d2931a4bff9fef900a.r2.dev Open in urlscan Pro
104.18.3.35  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://come.to/adqbndtq
Effective URL: https://pub-46b789e61d3349d2931a4bff9fef900a.r2.dev/att.com/home.html
Submission: On July 13 via api from JP — Scanned from JP
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 3 countries across 4 domains to perform 20 HTTP transactions. The main IP is 104.18.3.35, located in and belongs to CLOUDFLARENET, US. The main domain is pub-46b789e61d3349d2931a4bff9fef900a.r2.dev.
TLS certificate: Issued by E1 on June 15th 2023. Valid for: 3 months.
This is the only time pub-46b789e61d3349d2931a4bff9fef900a.r2.dev was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: AT&T (Telecommunication)

Domain & IP information

IP Address AS Autonomous System
1 1 104.26.7.49 13335 (CLOUDFLAR...)
1 104.18.3.35 13335 (CLOUDFLAR...)
15 144.160.125.207 797 (AMERITECH-AS)
3 23.44.53.191 20940 (AKAMAI-ASN1)
1 142.250.198.6 15169 (GOOGLE)
20 5
1    104.26.7.49 (None, )

ASN13335 (CLOUDFLARENET, US)
come.to
1    104.18.3.35 (None, )

ASN13335 (CLOUDFLARENET, US)
pub-46b789e61d3349d2931a4bff9fef900a.r2.dev
15    144.160.125.207 (United States)

ASN797 (AMERITECH-AS, US)
PTR: clcontent-da.att.com
signin-static-js.att.com
signin.att.com
3    23.44.53.191 (Tokyo, Japan)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-44-53-191.deploy.static.akamaitechnologies.com
www.att.com
1    142.250.198.6 (United States)

ASN15169 (GOOGLE, US)
PTR: nrt12s58-in-f6.1e100.net
fls.doubleclick.net
Apex Domain
Subdomains		 Transfer
18 att.com
signin-static-js.att.com — Cisco Umbrella Rank: 42232
www.att.com — Cisco Umbrella Rank: 14596
signin.att.com — Cisco Umbrella Rank: 22215
1 MB
1 doubleclick.net
fls.doubleclick.net — Cisco Umbrella Rank: 488
609 B
1 r2.dev
pub-46b789e61d3349d2931a4bff9fef900a.r2.dev
8 KB
1 come.to
come.to
538 B
20 4
Domain Requested by
10 signin.att.com pub-46b789e61d3349d2931a4bff9fef900a.r2.dev
signin.att.com
signin-static-js.att.com
5 signin-static-js.att.com pub-46b789e61d3349d2931a4bff9fef900a.r2.dev
signin-static-js.att.com
3 www.att.com pub-46b789e61d3349d2931a4bff9fef900a.r2.dev
www.att.com
1 fls.doubleclick.net www.att.com
1 pub-46b789e61d3349d2931a4bff9fef900a.r2.dev
1 come.to 1 redirects
20 6

This site contains links to these domains. Also see Links.

Domain
identity.att.com
www.att.com
about.att.com
Subject Issuer Validity Valid
*.r2.dev
E1		 2023-06-15 -
2023-09-13		 3 months crt.sh
*.att.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-05-01 -
2024-05-31		 a year crt.sh
*.doubleclick.net
GTS CA 1C3		 2023-06-19 -
2023-09-11		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://pub-46b789e61d3349d2931a4bff9fef900a.r2.dev/att.com/home.html
Frame ID: D0EBDF7F3180D3D26AD44C433DBE64BE
Requests: 21 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Login Screen

Page URL History Show full URLs

  1. https://come.to/adqbndtq HTTP 302
    https://pub-46b789e61d3349d2931a4bff9fef900a.r2.dev/att.com/home.html Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • https?://fls\.doubleclick\.net

Page Statistics

20
Requests

100 %
HTTPS

0 %
IPv6

4
Domains

6
Subdomains

5
IPs

3
Countries

1046 kB
Transfer

2442 kB
Size

5
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://come.to/adqbndtq HTTP 302
    https://pub-46b789e61d3349d2931a4bff9fef900a.r2.dev/att.com/home.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

20 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request home.html
pub-46b789e61d3349d2931a4bff9fef900a.r2.dev/att.com/
Redirect Chain
  • https://come.to/adqbndtq
  • https://pub-46b789e61d3349d2931a4bff9fef900a.r2.dev/att.com/home.html
86 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://pub-46b789e61d3349d2931a4bff9fef900a.r2.dev/att.com/home.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
104.18.3.35 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
14714e8e2cd0ef8697120e2760c76b583b99e0a01a77a989b100ac592163f069

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language
jp-jp,jp;q=0.9

Response headers

CF-RAY
7e6269355f7e8334-KIX
Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html
Date
Thu, 13 Jul 2023 15:03:08 GMT
ETag
W/"3c7daf5e91bef5c389a3a2fda51f10b6"
Last-Modified
Thu, 13 Jul 2023 02:49:35 GMT
Server
cloudflare
Transfer-Encoding
chunked
Vary
Accept-Encoding

Redirect headers

cache-control
no-store, no-cache, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
7e626931afcd19d5-KIX
content-type
text/html; charset=UTF-8
date
Thu, 13 Jul 2023 15:03:07 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
location
https://pub-46b789e61d3349d2931a4bff9fef900a.r2.dev/att.com/home.html
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WleNLvGLLZ9Hj3JjoaaDktKN3k18f3Smiwa4oD8yPW3Q00N5iERB1Pz7q1tAevIrIBT9pDLDnraR8zS0H%2FHhwU7p7G6cuizI5Ll5siUsRvfg5j8vl5%2FxxH8%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000
att_common.js
signin-static-js.att.com/scripts/ 		427 KB
249 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://signin-static-js.att.com/scripts/att_common.js?apg
Requested by
Host: pub-46b789e61d3349d2931a4bff9fef900a.r2.dev
URL: https://pub-46b789e61d3349d2931a4bff9fef900a.r2.dev/att.com/home.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
144.160.125.207 , United States, ASN797 (AMERITECH-AS, US),
Reverse DNS
clcontent-da.att.com
Software
/
Resource Hash
c2eb39ee130a5b2f8fc823f8bfa06f527bc9708f024ed5b9904e23039fd1f086
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Frame-Options SAMEORIGIN

Request headers

accept-language
jp-jp,jp;q=0.9
Referer
https://pub-46b789e61d3349d2931a4bff9fef900a.r2.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Thu, 13 Jul 2023 15:03:09 GMT
content-encoding
gzip
via
1.1 google
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
2596
iam_on
D508
p3p
CP="NON CUR OTPi OUR NOR UNI"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
pragma
no-cache
last-modified
Thu, 01 Sep 2022 03:51:39 GMT
vary
Accept-Encoding, Origin
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
https://signin.att.com
cache-control
no-cache, no-store, must-revalidate
accept-ranges
bytes
expires
0
detm-container-hdr.js
www.att.com/scripts/adobe/prod/ 		144 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.att.com/scripts/adobe/prod/detm-container-hdr.js
Requested by
Host: pub-46b789e61d3349d2931a4bff9fef900a.r2.dev
URL: https://pub-46b789e61d3349d2931a4bff9fef900a.r2.dev/att.com/home.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.44.53.191 Tokyo, Japan, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-44-53-191.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
eb634adc88c3df1ae4b93fb81434190416cf0f047a20729bb3b08c09466fb3c0
Security Headers
Name Value
Strict-Transport-Security max-age=15768000 ; preload

Request headers

Referer
https://pub-46b789e61d3349d2931a4bff9fef900a.r2.dev/
accept-language
jp-jp,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date
Thu, 13 Jul 2023 15:03:09 GMT
content-encoding
gzip
strict-transport-security
max-age=15768000 ; preload
last-modified
Thu, 13 Jul 2023 04:33:30 GMT
server
AkamaiNetStorage
etag
"ae76e8995d5d0376668fbfa9437cbeea:1689222810.331309"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
no-cache, private, max-age=7776000
x-employment
If you are reading this, please consider a technology job at AT&T www.att.jobs
server-timing
cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="469239_388772789_526195639_34_17795_21_0_-";dur=1
accept-ranges
bytes
aka-global-request-id-uxtime
0.b5332c17.1689260589.1f5d1bb7
content-length
36549
att_common.js
signin-static-js.att.com/scripts/ 		239 KB
138 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://signin-static-js.att.com/scripts/att_common.js
Requested by
Host: pub-46b789e61d3349d2931a4bff9fef900a.r2.dev
URL: https://pub-46b789e61d3349d2931a4bff9fef900a.r2.dev/att.com/home.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
144.160.125.207 , United States, ASN797 (AMERITECH-AS, US),
Reverse DNS
clcontent-da.att.com
Software
/
Resource Hash
d48682a2da12d24bdee1cc8dce0120e782001f1c45d9b9cab3c31a06f3a5962c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://pub-46b789e61d3349d2931a4bff9fef900a.r2.dev/
accept-language
jp-jp,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

pragma
no-cache
date
Thu, 13 Jul 2023 15:03:09 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-frame-options
SAMEORIGIN
iam_on
D508
content-type
application/javascript; charset=UTF-8
p3p
CP="NON CUR OTPi OUR NOR UNI"
cache-control
no-cache, no-store, must-revalidate
expires
0
ssaf-uc.js
www.att.com/scripts/ssaf_universal_client/prod/ 		123 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.att.com/scripts/ssaf_universal_client/prod/ssaf-uc.js
Requested by
Host: pub-46b789e61d3349d2931a4bff9fef900a.r2.dev
URL: https://pub-46b789e61d3349d2931a4bff9fef900a.r2.dev/att.com/home.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.44.53.191 Tokyo, Japan, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-44-53-191.deploy.static.akamaitechnologies.com
Software
Akamai Resource Optimizer /
Resource Hash
7ee0f0e8db7b91a922fecac7c9b2c771ccad36e69b41dc1d66ea75cf3c2eebcf
Security Headers
Name Value
Strict-Transport-Security max-age=15768000 ; preload

Request headers

accept-language
jp-jp,jp;q=0.9
Referer
https://pub-46b789e61d3349d2931a4bff9fef900a.r2.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Thu, 13 Jul 2023 15:03:10 GMT
content-encoding
br
strict-transport-security
max-age=15768000 ; preload
last-modified
Tue, 11 Jul 2023 05:55:04 GMT
server
Akamai Resource Optimizer
etag
"4f79d599529b618b93cf69f77baa795c:1687911963.48778"
content-type
application/x-javascript
x-employment
If you are reading this, please consider a technology job at AT&T www.att.jobs, If you are reading this, please consider a technology job at AT&T www.att.jobs
cache-control
max-age=3600
aka-global-request-id-uxtime
0.675fcc17.1689054902.68cd66, 0.b5332c17.1689260590.1f5d1f4d
accept-ranges
bytes
server-timing
cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="469239_388772789_526196557_41_16826_11_0_-";dur=1
content-length
25034
styles.css
signin.att.com/static/siam/en/halo_c/halo-c-login/ 		126 KB
30 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://signin.att.com/static/siam/en/halo_c/halo-c-login/styles.css?v=16.4.3
Requested by
Host: pub-46b789e61d3349d2931a4bff9fef900a.r2.dev
URL: https://pub-46b789e61d3349d2931a4bff9fef900a.r2.dev/att.com/home.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
144.160.125.207 , United States, ASN797 (AMERITECH-AS, US),
Reverse DNS
clcontent-da.att.com
Software
/
Resource Hash
eb48f86c2dbc2dc7df49ae98ec97654be4a49854a366cd0324fa536d0ee48aca
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Frame-Options SAMEORIGIN

Request headers

accept-language
jp-jp,jp;q=0.9
Referer
https://pub-46b789e61d3349d2931a4bff9fef900a.r2.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Thu, 13 Jul 2023 15:03:09 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains; preload
last-modified
Wed, 12 Jul 2023 04:45:50 GMT
etag
"1f635-60042e3cd7b80"
x-frame-options
SAMEORIGIN
iam_on
D508
p3p
CP="NON CUR OTPi OUR NOR UNI"
access-control-allow-origin
*
content-type
text/css
accept-ranges
bytes
apser
p514
att-logo.svg
signin.att.com/static/siam/en/halo_c/images/logos/ 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://signin.att.com/static/siam/en/halo_c/images/logos/att-logo.svg
Requested by
Host: pub-46b789e61d3349d2931a4bff9fef900a.r2.dev
URL: https://pub-46b789e61d3349d2931a4bff9fef900a.r2.dev/att.com/home.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
144.160.125.207 , United States, ASN797 (AMERITECH-AS, US),
Reverse DNS
clcontent-da.att.com
Software
/
Resource Hash
6982fbe858e30068de9301b49438c83838bc7beb058146703b22b701e6709c7e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Frame-Options SAMEORIGIN

Request headers

accept-language
jp-jp,jp;q=0.9
Referer
https://pub-46b789e61d3349d2931a4bff9fef900a.r2.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Thu, 13 Jul 2023 15:03:10 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
last-modified
Wed, 12 Jul 2023 04:45:50 GMT
etag
"20b1-60042e3cd7b80"
x-frame-options
SAMEORIGIN
iam_on
D508
p3p
CP="NON CUR OTPi OUR NOR UNI"
access-control-allow-origin
*
content-type
image/svg+xml
accept-ranges
bytes
apser
p211
content-length
8369
checkmark.svg
signin.att.com/static/siam/en/halo_c/cms/login/default/images/ 		350 B
440 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://signin.att.com/static/siam/en/halo_c/cms/login/default/images/checkmark.svg
Requested by
Host: pub-46b789e61d3349d2931a4bff9fef900a.r2.dev
URL: https://pub-46b789e61d3349d2931a4bff9fef900a.r2.dev/att.com/home.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
144.160.125.207 , United States, ASN797 (AMERITECH-AS, US),
Reverse DNS
clcontent-da.att.com
Software
/
Resource Hash
b589ac98cac6d578082d9d2e8bb354abcab6f41f25a081a613227a37def44c9a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Frame-Options SAMEORIGIN

Request headers

accept-language
jp-jp,jp;q=0.9
Referer
https://pub-46b789e61d3349d2931a4bff9fef900a.r2.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Thu, 13 Jul 2023 15:03:10 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
last-modified
Wed, 12 Jul 2023 04:45:50 GMT
etag
"15e-60042e3cd7b80"
x-frame-options
SAMEORIGIN
iam_on
D508
p3p
CP="NON CUR OTPi OUR NOR UNI"
access-control-allow-origin
*
content-type
image/svg+xml
accept-ranges
bytes
apser
p893
content-length
350
runtime.js
signin.att.com/static/siam/en/halo_c/halo-c-login/ 		1 KB
837 B 		Script
General
Check archive.org
Download Go to
Full URL
https://signin.att.com/static/siam/en/halo_c/halo-c-login/runtime.js?v=16.4.3
Requested by
Host: pub-46b789e61d3349d2931a4bff9fef900a.r2.dev
URL: https://pub-46b789e61d3349d2931a4bff9fef900a.r2.dev/att.com/home.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
144.160.125.207 , United States, ASN797 (AMERITECH-AS, US),
Reverse DNS
clcontent-da.att.com
Software
/
Resource Hash
6c5acbb82a46a4971660f65131241dffcc28828f4dbd76b8ec7bab0b468250f8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Frame-Options SAMEORIGIN

Request headers

accept-language
jp-jp,jp;q=0.9
Referer
https://pub-46b789e61d3349d2931a4bff9fef900a.r2.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Thu, 13 Jul 2023 15:03:10 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains; preload
last-modified
Wed, 12 Jul 2023 04:45:50 GMT
etag
"5cd-60042e3cd7b80"
x-frame-options
SAMEORIGIN
iam_on
D508
p3p
CP="NON CUR OTPi OUR NOR UNI"
access-control-allow-origin
*
content-type
application/javascript
accept-ranges
bytes
apser
p192
polyfills.js
signin.att.com/static/siam/en/halo_c/halo-c-login/ 		45 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://signin.att.com/static/siam/en/halo_c/halo-c-login/polyfills.js?v=16.4.3
Requested by
Host: pub-46b789e61d3349d2931a4bff9fef900a.r2.dev
URL: https://pub-46b789e61d3349d2931a4bff9fef900a.r2.dev/att.com/home.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
144.160.125.207 , United States, ASN797 (AMERITECH-AS, US),
Reverse DNS
clcontent-da.att.com
Software
/
Resource Hash
caa22a11a7d51983bd572bcf5c6ac58daeb82e5cd5ac15191870f18ee3d9546d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Frame-Options SAMEORIGIN

Request headers

accept-language
jp-jp,jp;q=0.9
Referer
https://pub-46b789e61d3349d2931a4bff9fef900a.r2.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Thu, 13 Jul 2023 15:03:10 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains; preload
last-modified
Wed, 12 Jul 2023 04:45:50 GMT
etag
"b346-60042e3cd7b80"
x-frame-options
SAMEORIGIN
iam_on
D508
p3p
CP="NON CUR OTPi OUR NOR UNI"
access-control-allow-origin
*
content-type
application/javascript
accept-ranges
bytes
apser
p211
vendor.js
signin.att.com/static/siam/en/halo_c/halo-c-login/ 		474 KB
154 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://signin.att.com/static/siam/en/halo_c/halo-c-login/vendor.js?v=16.4.3
Requested by
Host: pub-46b789e61d3349d2931a4bff9fef900a.r2.dev
URL: https://pub-46b789e61d3349d2931a4bff9fef900a.r2.dev/att.com/home.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
144.160.125.207 , United States, ASN797 (AMERITECH-AS, US),
Reverse DNS
clcontent-da.att.com
Software
/
Resource Hash
0740424e021df161ae810336dceb4da7c49cc0fc0480e9340f2bdaa9007fd06a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Frame-Options SAMEORIGIN

Request headers

accept-language
jp-jp,jp;q=0.9
Referer
https://pub-46b789e61d3349d2931a4bff9fef900a.r2.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Thu, 13 Jul 2023 15:03:10 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains; preload
last-modified
Wed, 12 Jul 2023 04:45:50 GMT
etag
"76716-60042e3cd7b80"
x-frame-options
SAMEORIGIN
iam_on
D508
p3p
CP="NON CUR OTPi OUR NOR UNI"
access-control-allow-origin
*
content-type
application/javascript
accept-ranges
bytes
apser
p211
main.js
signin.att.com/static/siam/en/halo_c/halo-c-login/ 		188 KB
50 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://signin.att.com/static/siam/en/halo_c/halo-c-login/main.js?v=16.4.3
Requested by
Host: pub-46b789e61d3349d2931a4bff9fef900a.r2.dev
URL: https://pub-46b789e61d3349d2931a4bff9fef900a.r2.dev/att.com/home.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
144.160.125.207 , United States, ASN797 (AMERITECH-AS, US),
Reverse DNS
clcontent-da.att.com
Software
/
Resource Hash
3f7a87bd74d69b165f90bb3814473c87b743bfec072c2b1d681123ae6ea03415
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Frame-Options SAMEORIGIN

Request headers

accept-language
jp-jp,jp;q=0.9
Referer
https://pub-46b789e61d3349d2931a4bff9fef900a.r2.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Thu, 13 Jul 2023 15:03:10 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains; preload
last-modified
Wed, 12 Jul 2023 04:45:50 GMT
etag
"2ef2a-60042e3cd7b80"
x-frame-options
SAMEORIGIN
iam_on
D508
p3p
CP="NON CUR OTPi OUR NOR UNI"
access-control-allow-origin
*
content-type
application/javascript
accept-ranges
bytes
apser
p001
mbox-contents.js
www.att.com/scripts/adobe/prod/ 		111 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.att.com/scripts/adobe/prod/mbox-contents.js
Requested by
Host: www.att.com
URL: https://www.att.com/scripts/adobe/prod/detm-container-hdr.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.44.53.191 Tokyo, Japan, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-44-53-191.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
104267837493f75c2b7aaac567b83b8f6d19e290240cd3f323dff7b9f395aff7
Security Headers
Name Value
Strict-Transport-Security max-age=15768000 ; preload

Request headers

Referer
https://pub-46b789e61d3349d2931a4bff9fef900a.r2.dev/
accept-language
jp-jp,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date
Thu, 13 Jul 2023 15:03:09 GMT
content-encoding
gzip
strict-transport-security
max-age=15768000 ; preload
last-modified
Wed, 28 Jun 2023 04:42:43 GMT
server
AkamaiNetStorage
etag
"f7078bf950a53c1d03bcf46d4a0d62b3:1687927363.884064"
vary
Accept-Encoding
content-type
application/x-javascript
x-employment
If you are reading this, please consider a technology job at AT&T www.att.jobs, If you are reading this, please consider a technology job at AT&T www.att.jobs
cache-control
no-cache, private, max-age=7776000
aka-global-request-id-uxtime
0.9d66cd17.1689222875.1840a5b6, 0.b5332c17.1689260589.1f5d1c0a
accept-ranges
bytes
server-timing
cdn-cache; desc=HIT, edge; dur=8, origin; dur=0, ak_p; desc="469239_388772789_526195722_835_13723_12_0_-";dur=1
content-length
36253
expires
Sat, 12 Aug 2023 15:03:09 GMT
att_common.js
signin-static-js.att.com/scripts/ 		427 KB
249 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://signin-static-js.att.com/scripts/att_common.js?apg
Requested by
Host: signin-static-js.att.com
URL: https://signin-static-js.att.com/scripts/att_common.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
144.160.125.207 , United States, ASN797 (AMERITECH-AS, US),
Reverse DNS
clcontent-da.att.com
Software
/
Resource Hash
c2eb39ee130a5b2f8fc823f8bfa06f527bc9708f024ed5b9904e23039fd1f086
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Frame-Options SAMEORIGIN

Request headers

accept-language
jp-jp,jp;q=0.9
Referer
https://pub-46b789e61d3349d2931a4bff9fef900a.r2.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Thu, 13 Jul 2023 15:03:10 GMT
content-encoding
gzip
via
1.1 google
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
1998
iam_on
D508
p3p
CP="NON CUR OTPi OUR NOR UNI"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
pragma
no-cache
last-modified
Thu, 01 Sep 2022 03:51:39 GMT
vary
Accept-Encoding, Origin
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
https://signin.att.com
cache-control
no-cache, no-store, must-revalidate
accept-ranges
bytes
expires
0
ATTAleckSans_W_Rg.woff2
signin.att.com/static/siam/en/halo_c/halo-c-login/assets/fonts/att/ATTAleckSans/woff2/ 		18 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://signin.att.com/static/siam/en/halo_c/halo-c-login/assets/fonts/att/ATTAleckSans/woff2/ATTAleckSans_W_Rg.woff2
Requested by
Host: signin.att.com
URL: https://signin.att.com/static/siam/en/halo_c/halo-c-login/styles.css?v=16.4.3
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
144.160.125.207 , United States, ASN797 (AMERITECH-AS, US),
Reverse DNS
clcontent-da.att.com
Software
/
Resource Hash
e2740c7b209e33aca7176250d80f94b4924e5e5d18076ee3b95f32a0e20d1f58
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://signin.att.com/static/siam/en/halo_c/halo-c-login/styles.css?v=16.4.3
Origin
https://pub-46b789e61d3349d2931a4bff9fef900a.r2.dev
accept-language
jp-jp,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Thu, 13 Jul 2023 15:03:11 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
last-modified
Wed, 12 Jul 2023 04:45:50 GMT
etag
"4830-60042e3cd7b80"
x-frame-options
SAMEORIGIN
iam_on
D508
p3p
CP="NON CUR OTPi OUR NOR UNI"
access-control-allow-origin
*
accept-ranges
bytes
apser
p211
content-length
18480
ATTAleckSans_W_Bd.woff2
signin.att.com/static/siam/en/halo_c/halo-c-login/assets/fonts/att/ATTAleckSans/woff2/ 		18 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://signin.att.com/static/siam/en/halo_c/halo-c-login/assets/fonts/att/ATTAleckSans/woff2/ATTAleckSans_W_Bd.woff2
Requested by
Host: signin.att.com
URL: https://signin.att.com/static/siam/en/halo_c/halo-c-login/styles.css?v=16.4.3
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
144.160.125.207 , United States, ASN797 (AMERITECH-AS, US),
Reverse DNS
clcontent-da.att.com
Software
/
Resource Hash
37a1212cc1ab5c935d9a3fee05c98c940eaa895a23510e5f83d550dfbb0d763f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://signin.att.com/static/siam/en/halo_c/halo-c-login/styles.css?v=16.4.3
Origin
https://pub-46b789e61d3349d2931a4bff9fef900a.r2.dev
accept-language
jp-jp,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Thu, 13 Jul 2023 15:03:11 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
last-modified
Wed, 12 Jul 2023 04:45:50 GMT
etag
"48d8-60042e3cd7b80"
x-frame-options
SAMEORIGIN
iam_on
D508
p3p
CP="NON CUR OTPi OUR NOR UNI"
access-control-allow-origin
*
accept-ranges
bytes
apser
p514
content-length
18648
json
fls.doubleclick.net/ 		40 B
609 B 		Script
General
Check archive.org
Download Go to
Full URL
https://fls.doubleclick.net/json?spot=6100125&src=&var=s_3_Integrate_DFA_get_0&host=integrate.112.2o7.net%2Fdfa_echo%3Fvar%3Ds_3_Integrate_DFA_get_0%26AQE%3D1%26A2S%3D1&ord=1689260590501
Requested by
Host: www.att.com
URL: https://www.att.com/scripts/ssaf_universal_client/prod/ssaf-uc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.198.6 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
nrt12s58-in-f6.1e100.net
Software
cafe /
Resource Hash
e32a6ae5e43f7f652674e0f03dc23f86839f839b29ee4e63c01c93da180bb0d0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
jp-jp,jp;q=0.9
Referer
https://pub-46b789e61d3349d2931a4bff9fef900a.r2.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Thu, 13 Jul 2023 15:03:10 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
44
x-xss-protection
0
pragma
no-cache
server
cafe
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
no-cache, must-revalidate
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
en.json
signin.att.com/static/siam/en/halo_c/cms/login/default/i18n/ 		6 KB
6 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://signin.att.com/static/siam/en/halo_c/cms/login/default/i18n/en.json
Requested by
Host: signin-static-js.att.com
URL: https://signin-static-js.att.com/scripts/att_common.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
144.160.125.207 , United States, ASN797 (AMERITECH-AS, US),
Reverse DNS
clcontent-da.att.com
Software
/
Resource Hash
07f0ea32a4274ad8530d0f90e28db8252809a381a8455399f386742d2a53ca6a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Frame-Options SAMEORIGIN

Request headers

Accept
application/json, text/plain, */*
Referer
https://pub-46b789e61d3349d2931a4bff9fef900a.r2.dev/
accept-language
jp-jp,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Thu, 13 Jul 2023 15:03:11 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
last-modified
Wed, 12 Jul 2023 04:45:50 GMT
etag
"16d2-60042e3cd7b80"
x-frame-options
SAMEORIGIN
iam_on
D508
p3p
CP="NON CUR OTPi OUR NOR UNI"
access-control-allow-origin
*
content-type
application/json
accept-ranges
bytes
apser
p514
content-length
5842
truncated
/ 		89 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
50e6072d26098d48004a30addeecabd5b22b91e5ccdf9dd86f96459783e3ac23

Request headers

accept-language
jp-jp,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type
image/png
dip
signin-static-js.att.com/__imp_apg__/api/dip/v1/ 		206 B
582 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://signin-static-js.att.com/__imp_apg__/api/dip/v1/dip
Requested by
Host: signin-static-js.att.com
URL: https://signin-static-js.att.com/scripts/att_common.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
144.160.125.207 , United States, ASN797 (AMERITECH-AS, US),
Reverse DNS
clcontent-da.att.com
Software
/
Resource Hash
033ee498e3661d5dad203eb0494d894fda77ddcea9e07552a82760cb9a7145b9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://pub-46b789e61d3349d2931a4bff9fef900a.r2.dev/
accept-language
jp-jp,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Thu, 13 Jul 2023 15:03:12 GMT
via
1.1 google
strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
Origin
x-frame-options
SAMEORIGIN
content-type
text/html; charset=UTF-8
access-control-allow-origin
https://pub-46b789e61d3349d2931a4bff9fef900a.r2.dev
iam_on
D508
p3p
CP="NON CUR OTPi OUR NOR UNI"
cache-control
no-cache, no-store, must-revalidate
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
206
expires
0
/
signin-static-js.att.com/__imp_apg__/api/imp/v1.0/report/ 		265 B
654 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://signin-static-js.att.com/__imp_apg__/api/imp/v1.0/report/?m&fq=load
Requested by
Host: signin-static-js.att.com
URL: https://signin-static-js.att.com/scripts/att_common.js?apg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
144.160.125.207 , United States, ASN797 (AMERITECH-AS, US),
Reverse DNS
clcontent-da.att.com
Software
/
Resource Hash
5865bd71edede7f98039b0c261c991ffa216102711301c54cb81241094c35dff
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Frame-Options SAMEORIGIN

Request headers

accept
text/plain,*/*;q=0.9
Referer
https://pub-46b789e61d3349d2931a4bff9fef900a.r2.dev/
accept-language
jp-jp,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
content-type
text/plain;charset=UTF-8

Response headers

date
Thu, 13 Jul 2023 15:03:12 GMT
content-encoding
gzip
via
1.1 google
strict-transport-security
max-age=31536000; includeSubDomains; preload
iam_on
D508
p3p
CP="NON CUR OTPi OUR NOR UNI"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
pragma
no-cache
x-frame-options
SAMEORIGIN
access-control-allow-methods
OPTIONS, GET, POST
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://pub-46b789e61d3349d2931a4bff9fef900a.r2.dev
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
access-control-allow-headers
Accept,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
expires
0

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: AT&T (Telecommunication)

259 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 boolean| credentialless object| onbeforetoggle object| onscrollend string| dataParameter function| _0x319076 string| result function| _0x3d25 function| _0x3fb7 string| detmScriptLoadType string| hcc string| mid string| adobe_mc number| ts string| href object| hcc_check undefined| analytics_app_visitor_id undefined| newurl undefined| halo_app_visitor_id object| detm_last_link_info function| isIE function| _pageLoadDetector function| _earlyAnalytics function| e boolean| disableAudienceManager object| visitor object| DataMappingInterface string| detm_tag_notification_key string| legacyModeKey string| retireDLKey object| scripts object| script string| src function| satelliteDetector function| scriptExecutor string| filesadded boolean| monecontwatched function| loadAdsFile function| injectHtmlTag function| executeMonetizationTagInjection function| injectMonetization function| iterateANConfigObj function| findAccurateConfig object| detmScriptLoaderConfig function| enableGPI undefined| gpcPrivacyCookie function| detmScriptLoader object| detmLoader boolean| AllowDelayedLoad function| dunBradstreet undefined| dnbvid undefined| andiPresent undefined| scriptFiles undefined| vameg object| earlyAnalytics object| chatAnalytics function| Visitor object| s_c_il number| s_c_in boolean| detmDisabled object| detmScriptExecutor object| QMATT function| detmDomainMapper object| detmTagControls string| path object| _satellite object| head_ab boolean| pageLoadFired function| targetView function| listAbVariants function| targetPageParams object| targetGlobalSettings function| ab$ function| ABJSFrameworkLibrary object| adobe function| mboxCreate function| mboxDefine function| mboxUpdate string| AB_LOCATION_CHANGE string| sdidUrl object| loginJspEnvVars string| loginLanguage object| timeoutJspVars function| docReady object| ddo object| ssaf function| AnalyticsNotificationFramework object| s_3_Integrate_DFA_get_0 object| uc_dfa_val number| dfaSuccess object| webpackJsonp function| Zone function| __zone_symbol__Promise function| __zone_symbol__fetch function| __zone_symbol__legacyPatch function| __zone_symbol__queueMicrotask function| __zone_symbol__setTimeout function| __zone_symbol__clearTimeout function| __zone_symbol__setInterval function| __zone_symbol__clearInterval function| __zone_symbol__requestAnimationFrame function| __zone_symbol__cancelAnimationFrame function| __zone_symbol__webkitRequestAnimationFrame function| __zone_symbol__webkitCancelAnimationFrame function| __zone_symbol__alert function| __zone_symbol__prompt function| __zone_symbol__confirm function| __zone_symbol__MutationObserver function| __zone_symbol__WebKitMutationObserver function| __zone_symbol__IntersectionObserver function| __zone_symbol__FileReader boolean| __zone_symbol__ononsearchpatched boolean| __zone_symbol__ononappinstalledpatched boolean| __zone_symbol__ononbeforeinstallpromptpatched boolean| __zone_symbol__ononbeforexrselectpatched boolean| __zone_symbol__ononabortpatched boolean| __zone_symbol__ononbeforeinputpatched boolean| __zone_symbol__ononblurpatched boolean| __zone_symbol__ononcancelpatched boolean| __zone_symbol__ononcanplaypatched boolean| __zone_symbol__ononcanplaythroughpatched boolean| __zone_symbol__ononchangepatched boolean| __zone_symbol__ononclickpatched boolean| __zone_symbol__ononclosepatched boolean| __zone_symbol__ononcontextlostpatched boolean| __zone_symbol__ononcontextmenupatched boolean| __zone_symbol__ononcontextrestoredpatched boolean| __zone_symbol__ononcuechangepatched boolean| __zone_symbol__onondblclickpatched boolean| __zone_symbol__onondragpatched boolean| __zone_symbol__onondragendpatched boolean| __zone_symbol__onondragenterpatched boolean| __zone_symbol__onondragleavepatched boolean| __zone_symbol__onondragoverpatched boolean| __zone_symbol__onondragstartpatched boolean| __zone_symbol__onondroppatched boolean| __zone_symbol__onondurationchangepatched boolean| __zone_symbol__ononemptiedpatched boolean| __zone_symbol__ononendedpatched boolean| __zone_symbol__ononerrorpatched boolean| __zone_symbol__ononfocuspatched boolean| __zone_symbol__ononformdatapatched boolean| __zone_symbol__ononinputpatched boolean| __zone_symbol__ononinvalidpatched boolean| __zone_symbol__ononkeydownpatched boolean| __zone_symbol__ononkeypresspatched boolean| __zone_symbol__ononkeyuppatched boolean| __zone_symbol__ononloadpatched boolean| __zone_symbol__ononloadeddatapatched boolean| __zone_symbol__ononloadedmetadatapatched boolean| __zone_symbol__ononloadstartpatched boolean| __zone_symbol__ononmousedownpatched boolean| __zone_symbol__ononmouseenterpatched boolean| __zone_symbol__ononmouseleavepatched boolean| __zone_symbol__ononmousemovepatched boolean| __zone_symbol__ononmouseoutpatched boolean| __zone_symbol__ononmouseoverpatched boolean| __zone_symbol__ononmouseuppatched boolean| __zone_symbol__ononmousewheelpatched boolean| __zone_symbol__ononpausepatched boolean| __zone_symbol__ononplaypatched boolean| __zone_symbol__ononplayingpatched boolean| __zone_symbol__ononprogresspatched boolean| __zone_symbol__ononratechangepatched boolean| __zone_symbol__ononresetpatched boolean| __zone_symbol__ononresizepatched boolean| __zone_symbol__ononscrollpatched boolean| __zone_symbol__ononsecuritypolicyviolationpatched boolean| __zone_symbol__ononseekedpatched boolean| __zone_symbol__ononseekingpatched boolean| __zone_symbol__ononselectpatched boolean| __zone_symbol__ononslotchangepatched boolean| __zone_symbol__ononstalledpatched boolean| __zone_symbol__ononsubmitpatched boolean| __zone_symbol__ononsuspendpatched boolean| __zone_symbol__onontimeupdatepatched boolean| __zone_symbol__onontogglepatched boolean| __zone_symbol__ononvolumechangepatched boolean| __zone_symbol__ononwaitingpatched boolean| __zone_symbol__ononwebkitanimationendpatched boolean| __zone_symbol__ononwebkitanimationiterationpatched boolean| __zone_symbol__ononwebkitanimationstartpatched boolean| __zone_symbol__ononwebkittransitionendpatched boolean| __zone_symbol__ononwheelpatched boolean| __zone_symbol__ononauxclickpatched boolean| __zone_symbol__onongotpointercapturepatched boolean| __zone_symbol__ononlostpointercapturepatched boolean| __zone_symbol__ononpointerdownpatched boolean| __zone_symbol__ononpointermovepatched boolean| __zone_symbol__ononpointerrawupdatepatched boolean| __zone_symbol__ononpointeruppatched boolean| __zone_symbol__ononpointercancelpatched boolean| __zone_symbol__ononpointeroverpatched boolean| __zone_symbol__ononpointeroutpatched boolean| __zone_symbol__ononpointerenterpatched boolean| __zone_symbol__ononpointerleavepatched boolean| __zone_symbol__ononselectstartpatched boolean| __zone_symbol__ononselectionchangepatched boolean| __zone_symbol__ononanimationendpatched boolean| __zone_symbol__ononanimationiterationpatched boolean| __zone_symbol__ononanimationstartpatched boolean| __zone_symbol__onontransitionrunpatched boolean| __zone_symbol__onontransitionstartpatched boolean| __zone_symbol__onontransitionendpatched boolean| __zone_symbol__onontransitioncancelpatched boolean| __zone_symbol__ononafterprintpatched boolean| __zone_symbol__ononbeforeprintpatched boolean| __zone_symbol__ononbeforeunloadpatched boolean| __zone_symbol__ononhashchangepatched boolean| __zone_symbol__ononlanguagechangepatched boolean| __zone_symbol__ononmessagepatched boolean| __zone_symbol__ononmessageerrorpatched boolean| __zone_symbol__ononofflinepatched boolean| __zone_symbol__onononlinepatched boolean| __zone_symbol__ononpagehidepatched boolean| __zone_symbol__ononpageshowpatched boolean| __zone_symbol__ononpopstatepatched boolean| __zone_symbol__ononrejectionhandledpatched boolean| __zone_symbol__ononstoragepatched boolean| __zone_symbol__ononunhandledrejectionpatched boolean| __zone_symbol__ononunloadpatched boolean| __zone_symbol__onondevicemotionpatched boolean| __zone_symbol__onondeviceorientationpatched boolean| __zone_symbol__onondeviceorientationabsolutepatched boolean| __zone_symbol__ononbeforematchpatched boolean| __zone_symbol__ononbeforetogglepatched boolean| __zone_symbol__ononcontentvisibilityautostatechangepatched boolean| __zone_symbol__ononscrollendpatched object| __zone_symbol__beforeunloadfalse boolean| ‮saFelNds‭ object| __zone_symbol__keydownfalse object| __zone_symbol__keyupfalse object| __zone_symbol__keypressfalse object| __zone_symbol__clickfalse object| __zone_symbol__mousedownfalse object| __zone_symbol__mouseupfalse object| __zone_symbol__mousemovefalse object| __zone_symbol__touchstartfalse object| __zone_symbol__touchendfalse object| __zone_symbol__touchmovefalse object| __zone_symbol__loadfalse object| __zone_symbol__DM_DOC_READYfalse object| __zone_symbol__popstatefalse function| getAngularTestability function| getAllAngularTestabilities function| getAllAngularRootElements object| frameworkStabilizers object| __zone_symbol__orientationchangefalse object| __zone_symbol__visibilitychangefalse object| __zone_symbol__touchstarttrue object| __zone_symbol__focustrue object| __zone_symbol__blurtrue number| ‮chXsmTds‭ function| __zone_symbol__addEventListener function| __zone_symbol__removeEventListener undefined| __zone_symbol__eventListeners undefined| __zone_symbol__removeAllListeners function| eventListeners function| removeAllListeners

5 Cookies

Domain/Path Name / Value
come.to/ Name: PHPSESSID
Value: t5gpohja0sba0caqk0gd3clo7o
.doubleclick.net/ Name: test_cookie
Value: CheckForPermission
.pub-46b789e61d3349d2931a4bff9fef900a.r2.dev/ Name: _imp_di_pc_
Value: ATASsGQAAAAAtvz3R7nFljKbnd583JLu
.pub-46b789e61d3349d2931a4bff9fef900a.r2.dev/ Name: __ts_xfdF3__
Value: 605878892
.pub-46b789e61d3349d2931a4bff9fef900a.r2.dev/ Name: _imp_apg_r_
Value: %7B%22_fr%22%3A20000%2C%22diA%22%3A%22ATASsGQAAAAAtvz3R7nFljKbnd583JLu%22%2C%22diB%22%3A%22AR9vQKi%2F0yll8lRnl6ugx4RtVg3VceSv%22%2C%22fr%22%3A%22xupyv71KtUvOQJJ5CAPUXQ%3D%3DDYtnaMKGqsWaH_wnxJSzAnFbGtUC8xbY2a4dTTsGOfztqCE0Wic6Tjjf9yCSNfPrJAHEmz3Ob8VOxFGkb_Y7hDgqD988xOoT3Cny19sQEBL9k-R80PJ8XIxtjg74QXaY_3rLeBfEXhPLttjpz3i54nfEcSOPMs1uEEPXclV4sdxHheNIC2rpsmQ%3D%22%2C%22ct%22%3A%22N0xqfP9dvTHN%2FDf8tmCks8VeDv%2Bc6hmo33oC9U8%3D%22%7D

7 Console Messages

Source Level URL
Text
javascript warning (Line 2)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://www.att.com/scripts/adobe/prod/detm-container-hdr.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning (Line 2)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://www.att.com/scripts/adobe/prod/detm-container-hdr.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning (Line 2)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://signin-static-js.att.com/scripts/att_common.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://www.att.com/scripts/adobe/prod/detm-container-hdr.js(Line 7)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://www.att.com/scripts/adobe/prod/mbox-contents.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://www.att.com/scripts/adobe/prod/detm-container-hdr.js(Line 7)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://www.att.com/scripts/adobe/prod/mbox-contents.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
rendering warning URL: https://signin-static-js.att.com/scripts/att_common.js
Message:
Canvas2D: Multiple readback operations using getImageData are faster with the willReadFrequently attribute set to true. See: https://html.spec.whatwg.org/multipage/canvas.html#concept-canvas-will-read-frequently
rendering warning URL: https://signin-static-js.att.com/scripts/att_common.js
Message:
Canvas2D: Multiple readback operations using getImageData are faster with the willReadFrequently attribute set to true. See: https://html.spec.whatwg.org/multipage/canvas.html#concept-canvas-will-read-frequently

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

come.to
fls.doubleclick.net
pub-46b789e61d3349d2931a4bff9fef900a.r2.dev
signin-static-js.att.com
signin.att.com
www.att.com
104.18.3.35
104.26.7.49
142.250.198.6
144.160.125.207
23.44.53.191
033ee498e3661d5dad203eb0494d894fda77ddcea9e07552a82760cb9a7145b9
0740424e021df161ae810336dceb4da7c49cc0fc0480e9340f2bdaa9007fd06a
07f0ea32a4274ad8530d0f90e28db8252809a381a8455399f386742d2a53ca6a
104267837493f75c2b7aaac567b83b8f6d19e290240cd3f323dff7b9f395aff7
14714e8e2cd0ef8697120e2760c76b583b99e0a01a77a989b100ac592163f069
37a1212cc1ab5c935d9a3fee05c98c940eaa895a23510e5f83d550dfbb0d763f
3f7a87bd74d69b165f90bb3814473c87b743bfec072c2b1d681123ae6ea03415
50e6072d26098d48004a30addeecabd5b22b91e5ccdf9dd86f96459783e3ac23
5865bd71edede7f98039b0c261c991ffa216102711301c54cb81241094c35dff
6982fbe858e30068de9301b49438c83838bc7beb058146703b22b701e6709c7e
6c5acbb82a46a4971660f65131241dffcc28828f4dbd76b8ec7bab0b468250f8
7ee0f0e8db7b91a922fecac7c9b2c771ccad36e69b41dc1d66ea75cf3c2eebcf
b589ac98cac6d578082d9d2e8bb354abcab6f41f25a081a613227a37def44c9a
c2eb39ee130a5b2f8fc823f8bfa06f527bc9708f024ed5b9904e23039fd1f086
caa22a11a7d51983bd572bcf5c6ac58daeb82e5cd5ac15191870f18ee3d9546d
d48682a2da12d24bdee1cc8dce0120e782001f1c45d9b9cab3c31a06f3a5962c
e2740c7b209e33aca7176250d80f94b4924e5e5d18076ee3b95f32a0e20d1f58
e32a6ae5e43f7f652674e0f03dc23f86839f839b29ee4e63c01c93da180bb0d0
eb48f86c2dbc2dc7df49ae98ec97654be4a49854a366cd0324fa536d0ee48aca
eb634adc88c3df1ae4b93fb81434190416cf0f047a20729bb3b08c09466fb3c0