pub-1eaff2394f6c4323ab5abb5837ca1205.r2.dev
Open in
urlscan Pro
2606:4700:7::eb
Malicious Activity!
Public Scan
URL:
https://pub-1eaff2394f6c4323ab5abb5837ca1205.r2.dev/lgins/at&t/index.html
Submission: On September 26 via api from US — Scanned from DE
Submission: On September 26 via api from US — Scanned from DE
Summary
This website contacted 3 IPs
in 1 countries
across 2 domains to perform 10 HTTP transactions.
The main IP is 2606:4700:7::eb, located in
United States and
belongs to CLOUDFLARENET, US.
The main domain is pub-1eaff2394f6c4323ab5abb5837ca1205.r2.dev.
TLS certificate: Issued by E6 on August 1st 2024. Valid for: 3 months.
This is the only time pub-1eaff2394f6c4323ab5abb5837ca1205.r2.dev was scanned on urlscan.io!
TLS certificate: Issued by E6 on August 1st 2024. Valid for: 3 months.
This is the only time pub-1eaff2394f6c4323ab5abb5837ca1205.r2.dev was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: AT&T (Telecommunication)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 1 | 2606:4700:7::eb 2606:4700:7::eb | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
| 5 | 2a02:4780:b:1... 2a02:4780:b:1306:0:a13:ad6c:2 | 47583 (AS-HOSTINGER) (AS-HOSTINGER) | |
| 10 | 3 |
1
2606:4700:7::eb
(United States)
ASN13335 (CLOUDFLARENET, US)
ASN13335 (CLOUDFLARENET, US)
| pub-1eaff2394f6c4323ab5abb5837ca1205.r2.dev |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 5 |
wafsd.com
wafsd.com |
27 KB |
| 1 |
r2.dev
pub-1eaff2394f6c4323ab5abb5837ca1205.r2.dev |
77 KB |
| 10 | 2 |
| Domain | Requested by | |
|---|---|---|
| 5 | wafsd.com |
pub-1eaff2394f6c4323ab5abb5837ca1205.r2.dev
wafsd.com |
| 1 | pub-1eaff2394f6c4323ab5abb5837ca1205.r2.dev | |
| 10 | 2 |
This site contains links to these domains. Also see Links.
| Domain |
|---|
| identity.att.com |
| www.att.com |
| about.att.com |
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| *.r2.dev E6 |
2024-08-01 - 2024-10-30 |
3 months | crt.sh |
| wafsd.com R10 |
2024-08-15 - 2024-11-13 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://pub-1eaff2394f6c4323ab5abb5837ca1205.r2.dev/lgins/at&t/index.html
Frame ID: 19F9C0197B8EA9AC2BC069F115A376C0
Requests: 10 HTTP requests in this frame
6 Outgoing links
These are links going to different origins than the main page.
URL: https://identity.att.com/identity-ui/fpwd/lander?origination_point=tguard&trid=eea938ea1647a8da3d0d3c35b4f647592746aba6&appName=aaid_client&Return_URL=https%3A%2F%2Foidc.idp.clogin.att.com%2Fmga%2Fsps%2Foauth%2Foauth20%2Fauthorize%3Fnonce%3DChEfrTGsEu%26redirect_uri%3Dhttps%253A%252F%252Fcaaid.att.com%252Fisam%252Fsps%252Foidc%252Frp%252Fconsumerfed%252Fredirect%252Faaidpartner%26response_mode%3Dform_post%26alt_dest%3Dhttps%25253A%25252F%25252Fcaaid.att.com%25252FiamLRR%25252Fheaderdump.jsp%26scope%3Dopenid%26response_type%3Did_token%26state%3Da8DLB45xp8%26client_id%3Daaid_client&Cancel_URL=https%3A%2F%2Foidc.idp.clogin.att.com%2Fmga%2Fsps%2Foauth%2Foauth20%2Fauthorize%3Fnonce%3DChEfrTGsEu%26redirect_uri%3Dhttps%253A%252F%252Fcaaid.att.com%252Fisam%252Fsps%252Foidc%252Frp%252Fconsumerfed%252Fredirect%252Faaidpartner%26response_mode%3Dform_post%26alt_dest%3Dhttps%25253A%25252F%25252Fcaaid.att.com%25252FiamLRR%25252Fheaderdump.jsp%26scope%3Dopenid%26response_type%3Did_token%26state%3Da8DLB45xp8%26client_id%3Daaid_client&lang=en-us
Title: Forgot password?
Title: Forgot password?
Search URL Search Domain Scan URL
URL: https://www.att.com/legal/legal-policy-center.html
Title: Legal policy center
Title: Legal policy center
Search URL Search Domain Scan URL
URL: https://about.att.com/sites/privacy_policy
Title: Privacy policy
Title: Privacy policy
Search URL Search Domain Scan URL
URL: https://www.att.com/legal/terms.attWebsiteTermsOfUse.html
Title: Terms of use
Title: Terms of use
Search URL Search Domain Scan URL
URL: https://www.att.com/features/accessibility.html
Title: Accessibility
Title: Accessibility
Search URL Search Domain Scan URL
URL: https://about.att.com/csr/home/privacy/rights_choices.html
Title: Your privacy choices
Title: Your privacy choices
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
10 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
Primary Request
index.html
pub-1eaff2394f6c4323ab5abb5837ca1205.r2.dev/lgins/at&t/ |
76 KB 77 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
att_hz_lg_lkp_rgb_pos.svg
wafsd.com/app/atnt/media/ |
5 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
styles.css
wafsd.com/app/atnt/media/ |
151 KB 23 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
arrow-left-circle_24.svg
wafsd.com/app/atnt/media/ |
744 B 432 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
arrow-left-circle-filled_24.svg
wafsd.com/app/atnt/media/ |
516 B 332 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
ATTAleckSans_W_Rg.woff2
wafsd.com/app/atnt/media/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
ATTAleckSans_W_Bd.woff2
wafsd.com/app/atnt/media/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
favicon.ico
wafsd.com/app/atnt/media/ |
1 KB 713 B |
Other
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
ATTAleckSans_W_Rg.woff
wafsd.com/app/atnt/media/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
ATTAleckSans_W_Bd.woff
wafsd.com/app/atnt/media/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- wafsd.com
- URL
- https://wafsd.com/app/atnt/media/ATTAleckSans_W_Rg.woff2
- Domain
- wafsd.com
- URL
- https://wafsd.com/app/atnt/media/ATTAleckSans_W_Bd.woff2
- Domain
- wafsd.com
- URL
- https://wafsd.com/app/atnt/media/ATTAleckSans_W_Rg.woff
- Domain
- wafsd.com
- URL
- https://wafsd.com/app/atnt/media/ATTAleckSans_W_Bd.woff
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: AT&T (Telecommunication)5 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
string| url function| submitFormAndToggleClass function| sendData function| loading function| seePassword0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
9 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
| Source | Level | URL Text |
|---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
pub-1eaff2394f6c4323ab5abb5837ca1205.r2.dev
wafsd.com
wafsd.com
2606:4700:7::eb
2a02:4780:b:1306:0:a13:ad6c:2
00660f62aa2d41eb36fa676ea93567fbd5e674d7e2a08d33a6400d116b692ae5
35fc1d56846855d5215c533d00027da3a0185785af48171b37dbbef60e648ef2
42938b72e2ec54515eb9c49145f42b8728cfc0b70170f80aef58ce93032b1c1d
967bd86ba1ee654aff93603b101206fd63580fe128285fe6d21839ce26cdef5c
af83c2f915939a0224e1adf481bed72dd24cbc1105388be62b5a9d9c0cd3a294
ecc6e5c037a4e54c1ed4052c9880d55c27187bf709fb82fae2709c92d3a3a563