ticketsatt.com Open in urlscan Pro
2606:4700:3034::ac43:be1e Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://ticketsatt.com/
Submission: On October 17 via manual (October 17th 2022, 11:39:17 am UTC) from US — Scanned from DE

Summary HTTP 18 Redirects Links 5 Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 18 HTTP transactions. The main IP is 2606:4700:3034::ac43:be1e, located in United States and belongs to CLOUDFLARENET, US. The main domain is ticketsatt.com.
TLS certificate: Issued by GTS CA 1P5 on October 14th 2022. Valid for: 3 months.

This is the only time ticketsatt.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: AT&T (Telecommunication)

Domain & IP information

	IP Address		AS Autonomous System
18	2606:4700:303... 2606:4700:3034::ac43:be1e		13335 (CLOUDFLAR...) (CLOUDFLARENET)
18	1

18 2606:4700:3034::ac43:be1e (United States)

ASN13335 (CLOUDFLARENET, US)

ticketsatt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
18	ticketsatt.com ticketsatt.com	62 KB
18	1

	Domain	Requested by
18	ticketsatt.com	ticketsatt.com
18	1

This site contains links to these domains. Also see Links.

Domain
oidc.idp.elogin.att.com

Subject Issuer	Validity	Valid
*.ticketsatt.com GTS CA 1P5	`2022-10-14` - `2023-01-12`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://ticketsatt.com/
Frame ID: DD2B7A0320F47789A2108F4A4D867156
Requests: 15 HTTP requests in this frame

Frame: https://ticketsatt.com/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1665993600
Frame ID: D076F853A0048D525634AE57AF7A483F
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

AT&T Security Server: Login

Page Statistics

18
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

62 kB
Transfer

197 kB
Size

1
Cookies

5 Outgoing links

These are links going to different origins than the main page.

URL: https://oidc.idp.elogin.att.com///iamportal-prod/iampwdmgmt/home#/home
Title: Click Here

Search URL Search Domain Scan URL

URL: https://oidc.idp.elogin.att.com/usersvcs/accountmgt/acctmgtMenu/
Title: Forgot Password?

Search URL Search Domain Scan URL

URL: https://oidc.idp.elogin.att.com/iamportal-prod/iampwdmgmt/home#/home
Title: Password help for AT&T Employees/Contractors

Search URL Search Domain Scan URL

URL: https://oidc.idp.elogin.att.com/lrrnew/attLRR/LrrController?TAM_OP=token_login&USERNAME=unauthenticated&ERROR_CODE=0x00000000&ERROR_TEXT=HPDBA0521I%20%20%20Successful%20completion&METHOD=GET&URL=%2Fmga%2Fsps%2Foauth%2Foauth20%2Fauthorize%3Fnonce%3DTjB8f6AZUv%26redirect_uri%3Dhttps%253A%252F%252Fwww.e-access.att.com%252Fisam%252Fsps%252Foidc%252Frp%252FATT-RP%252Fredirect%252FATT-Password%26response_mode%3Dform_post%26scope%3Dopenid%26Target%3Dhttps%253A%252F%252Fwww.e-access.att.com%252Fmycsp%252Fmycspportal%252Fsettings.do%26response_type%3Did_token%26state%3Dd6bxnnMTPH%26client_id%3DPassword-ATT&HOSTNAME=oidc.idp.elogin.att.com&AUTHNLEVEL=&FAILREASON=&PROTOCOL=https&OLDSESSION=&EXPIRE_SECS=0
Title: Log on

Search URL Search Domain Scan URL

URL: https://oidc.idp.elogin.att.com/lrr/attLRR/LrrController?TAM_OP=token_login&USERNAME=unauthenticated&ERROR_CODE=0x00000000&ERROR_TEXT=HPDBA0521I%20%20%20Successful%20completion&METHOD=GET&URL=%2Fmga%2Fsps%2Foauth%2Foauth20%2Fauthorize%3Fnonce%3DTjB8f6AZUv%26redirect_uri%3Dhttps%253A%252F%252Fwww.e-access.att.com%252Fisam%252Fsps%252Foidc%252Frp%252FATT-RP%252Fredirect%252FATT-Password%26response_mode%3Dform_post%26scope%3Dopenid%26Target%3Dhttps%253A%252F%252Fwww.e-access.att.com%252Fmycsp%252Fmycspportal%252Fsettings.do%26response_type%3Did_token%26state%3Dd6bxnnMTPH%26client_id%3DPassword-ATT&HOSTNAME=oidc.idp.elogin.att.com&AUTHNLEVEL=&FAILREASON=&PROTOCOL=https&OLDSESSION=&EXPIRE_SECS=0
Title: Return to legacy Global Logon

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

18 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response ticketsatt.com/	90 KB 14 KB	246ms 209ms	Document text/html	2606:4700:3034::ac43:be1e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ticketsatt.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3034::ac43:be1e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `d70f4108718970d0623cecae5d2dc8a1a38ad034dd4d59079e0b0ed3836ee4d1` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 75b8c098c8fd915e-FRA content-encoding br content-type text/html date Mon, 17 Oct 2022 11:39:12 GMT last-modified Thu, 13 Oct 2022 13:23:12 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0hEI1c%2FWemfyIzZnsUhL1Fh8aOXUXmIaScydt6ukjCW5uWjdx93X8Q8tHVaasZnum0dqKOUh3c1O0L2Eq1si%2FjRb2AVsRnvkb3vKVO1U3eAtANy9ExjyiPoge0359kigrRka0xhgZlJKC7xqsA%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding
GET H2	200	main.css ticketsatt.com/AT%26T%20Security%20Server_%20Login_files/	21 KB 5 KB	197ms 196ms	Stylesheet text/css	2606:4700:3034::ac43:be1e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ticketsatt.com/AT%26T%20Security%20Server_%20Login_files/main.css Requested by Host: ticketsatt.com URL: https://ticketsatt.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3034::ac43:be1e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `c41481de4849386293a1c4d39814b5760e27248e080bd33f24e95089c0a0c3c4` Request headers accept-language de-DE,de;q=0.9 Referer https://ticketsatt.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Mon, 17 Oct 2022 11:39:12 GMT content-encoding br cf-cache-status EXPIRED last-modified Thu, 13 Oct 2022 13:19:45 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"5449-5eaea5ce69505-gzip" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=py8z6xl6gGBARKBTGnxURwIu9xPnaOOKtIWrbWyRZF15OhVSHZ4PzaBERRWbA4FECZCfiPxjVkK3Er%2BGBJPVYyooET%2BgNruc0jj9EwAirAWDkyKwz1kvmAn%2BAxwUk9cR%2F5F9JdsGSku892jWHA%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 cf-ray 75b8c09a1bde915e-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H2	200	fonts.css ticketsatt.com/AT%26T%20Security%20Server_%20Login_files/	823 B 500 B	213ms 213ms	Stylesheet text/css	2606:4700:3034::ac43:be1e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ticketsatt.com/AT%26T%20Security%20Server_%20Login_files/fonts.css Requested by Host: ticketsatt.com URL: https://ticketsatt.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3034::ac43:be1e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `58a0b4bfbb00810bfa147c8e32d7646cef1570d2d487b8b14d1af06e638e58a1` Request headers accept-language de-DE,de;q=0.9 Referer https://ticketsatt.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Mon, 17 Oct 2022 11:39:12 GMT content-encoding br cf-cache-status EXPIRED last-modified Thu, 13 Oct 2022 13:19:44 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"337-5eaea5cdc82dd-gzip" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HCZDhww2ykobOKtD0D5WqYgNe1Lrh0mkaMJUPa6AAPpj4%2FeyuS%2Fpk4gZDW7iekselAOXgNbGNGwMsTghAfZf9l0xK%2FNH48jgEngBxuJvt36%2F5a5nRSm25gNR6shi%2FJP15X7ly7j4vRgLL2FhLw%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 cf-ray 75b8c09a1be0915e-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H2	200	att_logo_97x40.png ticketsatt.com/AT%26T%20Security%20Server_%20Login_files/	3 KB 4 KB	205ms 204ms	Image image/png	2606:4700:3034::ac43:be1e CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://ticketsatt.com/AT%26T%20Security%20Server_%20Login_files/att_logo_97x40.png Requested by Host: ticketsatt.com URL: https://ticketsatt.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3034::ac43:be1e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `5f43c44a03507663f45f0275597874d6ed132cf38a09775d997ba3669f64edb4` Request headers accept-language de-DE,de;q=0.9 Referer https://ticketsatt.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Mon, 17 Oct 2022 11:39:12 GMT cf-cache-status REVALIDATED last-modified Thu, 13 Oct 2022 13:19:42 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "cf0-5eaea5cc030c5" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Akj4AfCPC%2BeaJm7ms80JA9wyKIxYof%2FJmEoJkxIb8PRrvK%2Bzwmlnmt9%2Bj%2Bqh%2FOi7sQZ7LhPK%2Fk3Z1d6CFZ5aaieBuV7GDsNNPeD5yZzo8EnX2BaPPY3sB6NS5iAuq1RvfRAwMdWY%2Bt1NCmxtJg%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 accept-ranges bytes cf-ray 75b8c09a3c22915e-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 3312
GET H2	200	GLO_Question_Icon.png ticketsatt.com/AT%26T%20Security%20Server_%20Login_files/	223 B 532 B	196ms 195ms	Image image/png	2606:4700:3034::ac43:be1e CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://ticketsatt.com/AT%26T%20Security%20Server_%20Login_files/GLO_Question_Icon.png Requested by Host: ticketsatt.com URL: https://ticketsatt.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3034::ac43:be1e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `4a6500fffb1823beca8bd2c203014d05111e97a82dbbb8516a642abb03bf7bf2` Request headers accept-language de-DE,de;q=0.9 Referer https://ticketsatt.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Mon, 17 Oct 2022 11:39:12 GMT cf-cache-status REVALIDATED last-modified Thu, 13 Oct 2022 13:19:45 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "df-5eaea5ce1a361" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cDhKAAmsVN6FHIF4o%2BvPMkzppG71M2j3mS4%2BajIzNsFG80Gqa0Tl0Tmw%2F9DnrAp0Zk2h1asoKHCgE%2BgTt9OL%2B%2BA9fBWN7WnrVgT4Lel5H%2BEQ0D6wM2XUXmN2jRtLUTAzYJxmGRgvDn6lwZ%2Bj4w%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 accept-ranges bytes cf-ray 75b8c09a3c27915e-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 223
GET H2	200	flat_down_icon_rgb_blu_modified_12x12.png ticketsatt.com/AT%26T%20Security%20Server_%20Login_files/	623 B 930 B	212ms 211ms	Image image/png	2606:4700:3034::ac43:be1e CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://ticketsatt.com/AT%26T%20Security%20Server_%20Login_files/flat_down_icon_rgb_blu_modified_12x12.png Requested by Host: ticketsatt.com URL: https://ticketsatt.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3034::ac43:be1e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `46ae8c20ff718133d1b34e09314a6636df03de7a39e84a459ee38bb06c05e885` Request headers accept-language de-DE,de;q=0.9 Referer https://ticketsatt.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Mon, 17 Oct 2022 11:39:12 GMT cf-cache-status REVALIDATED last-modified Thu, 13 Oct 2022 13:19:43 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "26f-5eaea5cc7260b" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wrTJFCBM1RqAWUPP%2B7j7WUtdze6KIyxOXMBW0EIg1X5v8Gn3Yo0%2BwoLCyUkg51zWQlWJ7zHlwYzCh4MHYMVzxqpSgA2VIuggxPpz%2BZgFLzH%2BcYsdGfLlglFsrruA25wJG4ORnL7fISGdLSnZbA%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 accept-ranges bytes cf-ray 75b8c09a3c2b915e-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 623
GET H2	200	flat_faq-reverse_icon_rgb_blu_modified_18x18.png ticketsatt.com/AT%26T%20Security%20Server_%20Login_files/	1023 B 1 KB	195ms 194ms	Image image/png	2606:4700:3034::ac43:be1e CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://ticketsatt.com/AT%26T%20Security%20Server_%20Login_files/flat_faq-reverse_icon_rgb_blu_modified_18x18.png Requested by Host: ticketsatt.com URL: https://ticketsatt.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3034::ac43:be1e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `287e57ae4b394a4912f51899e4537fb4a9c3a9f307ad0e1f539f8aeb46bdb042` Request headers accept-language de-DE,de;q=0.9 Referer https://ticketsatt.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Mon, 17 Oct 2022 11:39:12 GMT cf-cache-status REVALIDATED last-modified Thu, 13 Oct 2022 13:19:43 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "3ff-5eaea5ccbf86f" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nl7nHy3U8kbjWnBDOuvJlBgUuMhUcLuO6yKrWGw1nuABWDPUIDlrCsCYzV9qf4CYBgCLpqd5F51VoT4Ykvmtb%2BZwMXWayFiUR1tPW6M5m2OOZyDy9eg7FBq2h6dKvlVuHtPli7FMOgiq2oRWrw%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 accept-ranges bytes cf-ray 75b8c09a3c2d915e-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 1023
GET H3	200	ATTAleckSans_W_Rg.html ticketsatt.com/fonts/WOFF/	2 KB 1 KB	222ms 222ms	Font text/html	2606:4700:3034::ac43:be1e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ticketsatt.com/fonts/WOFF/ATTAleckSans_W_Rg.html Requested by Host: ticketsatt.com URL: https://ticketsatt.com/AT%26T%20Security%20Server_%20Login_files/fonts.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::ac43:be1e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `9ba3c51fd5d8ee6c13df1d771f1042b4493aebc5e79866d1c5665283a1a9981c` Request headers Referer https://ticketsatt.com/AT%26T%20Security%20Server_%20Login_files/fonts.css Origin https://ticketsatt.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Mon, 17 Oct 2022 11:39:12 GMT content-encoding br cf-cache-status DYNAMIC last-modified Thu, 13 Oct 2022 13:19:54 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VcY1jDkvreCpF6dCGnsHOoidzz2LVhyE%2F1kQz4WeSF6yzvWU2QGBfF6ojGU407xSWwDWBZvQMpwglI1TrQ4%2FvaHMmC60RrFcg0dAyT01RYJJ40wPL8NOTLpPqEFw1%2FfNEofwPGxYdL2trqAHhw%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/html cf-ray 75b8c09b9ec48fe8-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	200	ATTAleckSans_W_Md.html ticketsatt.com/fonts/WOFF/	2 KB 1 KB	212ms 211ms	Font text/html	2606:4700:3034::ac43:be1e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ticketsatt.com/fonts/WOFF/ATTAleckSans_W_Md.html Requested by Host: ticketsatt.com URL: https://ticketsatt.com/AT%26T%20Security%20Server_%20Login_files/fonts.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::ac43:be1e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `13f9bdafcd83209f440c4f14c1b1e647e496534122e309d7c936a80afcde7c2f` Request headers Referer https://ticketsatt.com/AT%26T%20Security%20Server_%20Login_files/fonts.css Origin https://ticketsatt.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Mon, 17 Oct 2022 11:39:12 GMT content-encoding br cf-cache-status DYNAMIC last-modified Thu, 13 Oct 2022 13:19:54 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DT0JybB%2BaRqX2Prs3a%2Bh210eDoI7ysHXNxEeIyvYtCl5Thej2FwVG6lrJTMpOTLMBY%2FhgsSt8vt54ZJOZOm7mphWGcySk%2FIuZnEw2XTlookGCMpgV8a8biAVDUOAydz0TIeBt2LQO5J92IKpdA%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/html cf-ray 75b8c09b9ec98fe8-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	200	invisible.js Show response ticketsatt.com/cdn-cgi/challenge-platform/h/b/scripts/alpha/ Frame D076	43 KB 15 KB	85ms 84ms	Script application/javascript	2606:4700:3034::ac43:be1e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ticketsatt.com/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1665993600 Requested by Host: ticketsatt.com URL: https://ticketsatt.com/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::ac43:be1e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `2bd4436d5aa4a1560fe808ba06d4bec80c4e4108c633a8bc744dff568385350b` Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Mon, 17 Oct 2022 11:39:12 GMT content-encoding br nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary accept-encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iGBdL39LS8KTE1IoTzHBIr4Ij6GA2vJp2IhMD4ns%2FMVt6XAdOfM5XrUdrnyNZ1a2jnKm59BMzkTjn8CqhIugsR0QkRJGNGxdOgo7WutOxtLBtsGoB%2FGJuygkZJXfX4YwlFU%2BXlE7S1r9E%2FEk5g%3D%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=UTF-8 cache-control max-age=14400, public x-control-type-options nosniff cf-ray 75b8c09bdf4a8fe8-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	200	ATTAleckSans_W_Md.html ticketsatt.com/fonts/WOFF2/	2 KB 1 KB	104ms 104ms	Font text/html	2606:4700:3034::ac43:be1e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ticketsatt.com/fonts/WOFF2/ATTAleckSans_W_Md.html Requested by Host: ticketsatt.com URL: https://ticketsatt.com/AT%26T%20Security%20Server_%20Login_files/fonts.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::ac43:be1e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `ebaa2cf2eca2ffdef644dea781bf966f835ac25a61cf95fde44d9c89455a6a51` Request headers Referer https://ticketsatt.com/AT%26T%20Security%20Server_%20Login_files/fonts.css Origin https://ticketsatt.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Mon, 17 Oct 2022 11:39:12 GMT content-encoding br cf-cache-status DYNAMIC last-modified Thu, 13 Oct 2022 13:19:55 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xU6qO4HYdQk2c%2F3koxgyqKst47SNpN3QSbrtDtdq%2Fi%2FJxSsvms%2FnFbg8Y52yNt9Hq0yW5faSYZlsinBNTy5ew6tBksUb7dKTbU2mEfwjzDZCk4RDQw9bgn%2BdDpf3Pj8EBR0w7lc7vd3jg5xEzw%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/html cf-ray 75b8c09cc9618fe8-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	200	ATTAleckSans_W_Rg.html ticketsatt.com/fonts/WOFF2/	2 KB 1 KB	123ms 123ms	Font text/html	2606:4700:3034::ac43:be1e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ticketsatt.com/fonts/WOFF2/ATTAleckSans_W_Rg.html Requested by Host: ticketsatt.com URL: https://ticketsatt.com/AT%26T%20Security%20Server_%20Login_files/fonts.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::ac43:be1e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `911d8e6841a6ccf7a65dd0220e8acf13d801a7cae38c525e4eb30fc04d0aaf00` Request headers Referer https://ticketsatt.com/AT%26T%20Security%20Server_%20Login_files/fonts.css Origin https://ticketsatt.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Mon, 17 Oct 2022 11:39:12 GMT content-encoding br cf-cache-status DYNAMIC last-modified Thu, 13 Oct 2022 13:19:55 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k6%2FLtlTPMVt%2F9ten7UXKlKHSrsrM0xA%2FkjVO6RCLin1v7vwKe%2B0OmPPEjT2bL9v6EIi6WcQGYEP%2FjYnVRAnSWfrjeltU9fDsHu0sXbOcBpErLgtq1wGPJtAf%2Fsjf4gxj0j3BPzRgH2wR8h%2BZSg%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/html cf-ray 75b8c09cd97c8fe8-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	200	pica.js ticketsatt.com/cdn-cgi/challenge-platform/h/b/scripts/ Frame D076	22 KB 8 KB	13ms 13ms	Other application/javascript	2606:4700:3034::ac43:be1e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ticketsatt.com/cdn-cgi/challenge-platform/h/b/scripts/pica.js Requested by Host: ticketsatt.com URL: https://ticketsatt.com/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::ac43:be1e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `cb84bb97d40c7674097723159aeb683789ed0eb1b57196fa00b7761132401a17` Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Mon, 17 Oct 2022 11:39:12 GMT content-encoding br nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary accept-encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1mLi%2BIW15lpX3KPgEIxkO8h5J%2BgeKXAYcEvWerZjTz4Zu8xkYYNJYNYN3dpsc9V6KDFrpXNAFu6Mr%2FNk9MyvHdwzdHWE5NkWw5HJo8RDv0%2BwYWtVo7Qvie8%2FjdeG95txQiEsPMP9KGD3xPtEHA%3D%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=UTF-8 cache-control max-age=14400, public x-control-type-options nosniff cf-ray 75b8c09d2a048fe8-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	200	ATTAleckSans_W_Md.html ticketsatt.com/fonts/TTF/	2 KB 1 KB	99ms 99ms	Font text/html	2606:4700:3034::ac43:be1e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ticketsatt.com/fonts/TTF/ATTAleckSans_W_Md.html Requested by Host: ticketsatt.com URL: https://ticketsatt.com/AT%26T%20Security%20Server_%20Login_files/fonts.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::ac43:be1e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `b06559957f14141d12d56fa4d6b0c69daeabc3562eb59473d9e5fa92399f0923` Request headers Referer https://ticketsatt.com/AT%26T%20Security%20Server_%20Login_files/fonts.css Origin https://ticketsatt.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Mon, 17 Oct 2022 11:39:12 GMT content-encoding br cf-cache-status DYNAMIC last-modified Thu, 13 Oct 2022 13:19:53 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BI5CP8Do7ODbzQU7eRLvfK3OvW343NKFhnGgSW%2Bx4ryG%2BW0FgaHC4jz5%2FoRxDZUKDOuslJVc2%2FaEfMt7RQcn0y45SgkbnRWKAlNma2PLtOoJWJTUBuixo6Wk1SWvhmwJ5l6z%2BUWZMWLC3IUNUw%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/html cf-ray 75b8c09d7aa88fe8-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	200	ATTAleckSans_W_Rg.html ticketsatt.com/fonts/TTF/	2 KB 1 KB	111ms 111ms	Font text/html	2606:4700:3034::ac43:be1e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ticketsatt.com/fonts/TTF/ATTAleckSans_W_Rg.html Requested by Host: ticketsatt.com URL: https://ticketsatt.com/AT%26T%20Security%20Server_%20Login_files/fonts.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::ac43:be1e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `80260e43eb1e7bac34453057702a1eeca9a37ff029540f67cd9f32d08b739a28` Request headers Referer https://ticketsatt.com/AT%26T%20Security%20Server_%20Login_files/fonts.css Origin https://ticketsatt.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Mon, 17 Oct 2022 11:39:13 GMT content-encoding br cf-cache-status DYNAMIC last-modified Thu, 13 Oct 2022 13:19:53 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8seVN2111lWm0pBFSk49RuauR8se%2FjlTxfDE52YzqTgaOHK35NFl%2BSwBj8htHVGB4vjwH3VYgW4iH6tQO6WsqUJeaDZc2Ykh8Rrt2R3UAI3L60ed%2FW%2Bj7swaHY2M1P5CT0qRVxXpkHkm21DTJA%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/html cf-ray 75b8c09dab178fe8-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	200	ATTAleckSans_W_Md.html ticketsatt.com/fonts/EOT/	2 KB 1 KB	104ms 104ms	Font text/html	2606:4700:3034::ac43:be1e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ticketsatt.com/fonts/EOT/ATTAleckSans_W_Md.html Requested by Host: ticketsatt.com URL: https://ticketsatt.com/AT%26T%20Security%20Server_%20Login_files/fonts.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::ac43:be1e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `18cc3a258aea68d754ec811cae13febe460b116eb3407815d1e5a7fa0ee75d7f` Request headers Referer https://ticketsatt.com/AT%26T%20Security%20Server_%20Login_files/fonts.css Origin https://ticketsatt.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Mon, 17 Oct 2022 11:39:13 GMT content-encoding br cf-cache-status DYNAMIC last-modified Thu, 13 Oct 2022 13:19:51 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ooLzliLIj%2FBRb%2FmeCD3GTPbwNP2YdGuNavQ2iJRe5o%2BiBaK%2BWQTfO1lorcLwuJBgH3NXPRVOkDIEQcf4g8Mm7Zbb%2F1WCzqM6Hjvwiu4L%2BPOUUlEVtIb73CKU%2F2nKq2oHu09slhCrzkzF30YCVw%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/html cf-ray 75b8c09e1c0f8fe8-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	200	ATTAleckSans_W_Rg.html ticketsatt.com/fonts/EOT/	2 KB 1 KB	110ms 110ms	Font text/html	2606:4700:3034::ac43:be1e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ticketsatt.com/fonts/EOT/ATTAleckSans_W_Rg.html Requested by Host: ticketsatt.com URL: https://ticketsatt.com/AT%26T%20Security%20Server_%20Login_files/fonts.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::ac43:be1e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `3a56a222d3fcc7c778ba448299edac3ef8ffd9a4a97e9b4daaff67ba25f061e4` Request headers Referer https://ticketsatt.com/AT%26T%20Security%20Server_%20Login_files/fonts.css Origin https://ticketsatt.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Mon, 17 Oct 2022 11:39:13 GMT content-encoding br cf-cache-status DYNAMIC last-modified Thu, 13 Oct 2022 13:19:51 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Xiy2ey7%2BD25GY87a3lBKp%2BO2KWY6MxJ2vRCJqhmZnGRigUarL7qgBt4dVGlzX7UoGYUPL96%2FifinDhEo4%2F8EvMWo7BST7NE3goUjtOvcO6h19gQefTbeNq5cl%2BGkBd%2Fzm1yBhtUg2TH3O6%2B0IA%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/html cf-ray 75b8c09e5c8f8fe8-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
POST H3	200	75b8c098c8fd915e Show response ticketsatt.com/cdn-cgi/challenge-platform/h/b/cv/result/ Frame D076	2 B 660 B	35ms 35ms	XHR text/plain	2606:4700:3034::ac43:be1e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ticketsatt.com/cdn-cgi/challenge-platform/h/b/cv/result/75b8c098c8fd915e Requested by Host: ticketsatt.com URL: https://ticketsatt.com/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1665993600 Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3034::ac43:be1e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df` Request headers Referer accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Content-Type application/json Response headers date Mon, 17 Oct 2022 11:39:13 GMT content-encoding br nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nCcWHEnduY53jMQ%2B96WdhzrmL5rHNNapxfjoLfjOGapNBP7ykb%2Bc5hM%2BzJDtjgkIFtKs23ui%2FrveV3OnmDCbwq4%2FyyYvRdwcCOpmXri%2FG66KGRxsniNs5taTLD4EmoAxiVLgst9g3ULRgtkSmQ%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/plain; charset=UTF-8 cf-ray 75b8c09fbf758fe8-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: AT&T (Telecommunication)

64 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.ticketsatt.com/	1970-01-20 06:46:48	Name: __cf_bm Value: ITiE8Ihgpz.UEr2X69.IPFEjsxjerLRKr2B2OM4PMy0-1666006753-0-AWKJzjaF11/I7Wk00CqjHdk50xPxNNJ8njlwbP0n2LIEvN4QCUPS4LXZGF13Qb7D6QMGKKY5Tydh42L3sgFlsA9CzUhbALxS0PRDk2RT8G71BvR7oc68xGbfnC2LQAnsWg==

17 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	URL: https://ticketsatt.com/(Line 223) Message: Mixed Content: The page at 'https://ticketsatt.com/' was loaded over a secure connection, but contains a form that targets an insecure endpoint 'http://159.223.99.81/redirect.php'. This endpoint should be made available over a secure connection.
other	warning	URL: https://ticketsatt.com/ Message: Failed to decode downloaded font: https://ticketsatt.com/fonts/WOFF/ATTAleckSans_W_Md.html
other	warning	URL: https://ticketsatt.com/ Message: OTS parsing error: invalid sfntVersion: 1008813135
other	warning	URL: https://ticketsatt.com/ Message: Failed to decode downloaded font: https://ticketsatt.com/fonts/WOFF/ATTAleckSans_W_Rg.html
other	warning	URL: https://ticketsatt.com/ Message: OTS parsing error: invalid sfntVersion: 1008813135
other	warning	URL: https://ticketsatt.com/ Message: Failed to decode downloaded font: https://ticketsatt.com/fonts/WOFF2/ATTAleckSans_W_Md.html
other	warning	URL: https://ticketsatt.com/ Message: OTS parsing error: invalid sfntVersion: 1008813135
other	warning	URL: https://ticketsatt.com/ Message: Failed to decode downloaded font: https://ticketsatt.com/fonts/WOFF2/ATTAleckSans_W_Rg.html
other	warning	URL: https://ticketsatt.com/ Message: OTS parsing error: invalid sfntVersion: 1008813135
other	warning	URL: https://ticketsatt.com/ Message: Failed to decode downloaded font: https://ticketsatt.com/fonts/TTF/ATTAleckSans_W_Md.html
other	warning	URL: https://ticketsatt.com/ Message: OTS parsing error: invalid sfntVersion: 1008813135
other	warning	URL: https://ticketsatt.com/ Message: Failed to decode downloaded font: https://ticketsatt.com/fonts/TTF/ATTAleckSans_W_Rg.html
other	warning	URL: https://ticketsatt.com/ Message: OTS parsing error: invalid sfntVersion: 1008813135
other	warning	URL: https://ticketsatt.com/ Message: Failed to decode downloaded font: https://ticketsatt.com/fonts/EOT/ATTAleckSans_W_Md.html
other	warning	URL: https://ticketsatt.com/ Message: OTS parsing error: invalid sfntVersion: 1008813135
other	warning	URL: https://ticketsatt.com/ Message: Failed to decode downloaded font: https://ticketsatt.com/fonts/EOT/ATTAleckSans_W_Rg.html
other	warning	URL: https://ticketsatt.com/ Message: OTS parsing error: invalid sfntVersion: 1008813135

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ticketsatt.com
2606:4700:3034::ac43:be1e
13f9bdafcd83209f440c4f14c1b1e647e496534122e309d7c936a80afcde7c2f
18cc3a258aea68d754ec811cae13febe460b116eb3407815d1e5a7fa0ee75d7f
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
287e57ae4b394a4912f51899e4537fb4a9c3a9f307ad0e1f539f8aeb46bdb042
2bd4436d5aa4a1560fe808ba06d4bec80c4e4108c633a8bc744dff568385350b
3a56a222d3fcc7c778ba448299edac3ef8ffd9a4a97e9b4daaff67ba25f061e4
46ae8c20ff718133d1b34e09314a6636df03de7a39e84a459ee38bb06c05e885
4a6500fffb1823beca8bd2c203014d05111e97a82dbbb8516a642abb03bf7bf2
58a0b4bfbb00810bfa147c8e32d7646cef1570d2d487b8b14d1af06e638e58a1
5f43c44a03507663f45f0275597874d6ed132cf38a09775d997ba3669f64edb4
80260e43eb1e7bac34453057702a1eeca9a37ff029540f67cd9f32d08b739a28
911d8e6841a6ccf7a65dd0220e8acf13d801a7cae38c525e4eb30fc04d0aaf00
9ba3c51fd5d8ee6c13df1d771f1042b4493aebc5e79866d1c5665283a1a9981c
b06559957f14141d12d56fa4d6b0c69daeabc3562eb59473d9e5fa92399f0923
c41481de4849386293a1c4d39814b5760e27248e080bd33f24e95089c0a0c3c4
cb84bb97d40c7674097723159aeb683789ed0eb1b57196fa00b7761132401a17
d70f4108718970d0623cecae5d2dc8a1a38ad034dd4d59079e0b0ed3836ee4d1
ebaa2cf2eca2ffdef644dea781bf966f835ac25a61cf95fde44d9c89455a6a51

ticketsatt.com Open in urlscan Pro 2606:4700:3034::ac43:be1e Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

18 Requests

100 %HTTPS

100 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

62 kBTransfer

197 kBSize

1 Cookies

5 Outgoing links

Redirected requests

18 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

64 JavaScript Global Variables

1 Cookies

17 Console Messages

Indicators

ticketsatt.com Open in urlscan Pro
2606:4700:3034::ac43:be1e Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

18
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

62 kB
Transfer

197 kB
Size

1
Cookies

18 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!