pub-493ed05ca0194ff0a7dc9f81dfddba1c.r2.dev Open in urlscan Pro
2606:4700:7::eb  Malicious Activity! Public Scan

8 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

19 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request home.html Show response pub-493ed05ca0194ff0a7dc9f81dfddba1c.r2.dev/att.com/	86 KB 86 KB	603ms 545ms	Document text/html	2606:4700:7::eb CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://pub-493ed05ca0194ff0a7dc9f81dfddba1c.r2.dev/att.com/home.html Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 2606:4700:7::eb , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 2d508afadc988ec21541854a08e3e7580ed6d8208af7da2a83611d0b6be4958b Request headers Upgrade-Insecure-Requests 1 User-Agent ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com) Response headers Accept-Ranges bytes CF-RAY 8ce6f3285c1d18af-FRA Connection keep-alive Content-Length 87869 Content-Type text/html Date Sun, 06 Oct 2024 16:15:23 GMT ETag "c429404bc695b1766beff94a9532f9aa" Last-Modified Mon, 19 Jun 2023 20:37:35 GMT Server cloudflare Vary Accept-Encoding
GET H2	200	att_common.js Show response signin-static-js.att.com/scripts/	300 KB 177 KB	955ms 196ms	Script application/javascript	144.160.19.173 AMERITECH-AS
General Check archive.org Show headers Download Go to Full URL https://signin-static-js.att.com/scripts/att_common.js?apg Requested by Host: pub-493ed05ca0194ff0a7dc9f81dfddba1c.r2.dev URL: https://pub-493ed05ca0194ff0a7dc9f81dfddba1c.r2.dev/att.com/home.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 144.160.19.173 Dunellen, United States, ASN797 (AMERITECH-AS, US), Reverse DNS clcontent-sf.att.com Software / Resource Hash 289dd5bba9703f56037aeac3b2cebe359b20ba7b14a57c229b724f4be8ffb80b Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Frame-Options SAMEORIGIN Request headers User-Agent ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com) Referer https://pub-493ed05ca0194ff0a7dc9f81dfddba1c.r2.dev/ Response headers strict-transport-security max-age=31536000; includeSubDomains; preload cache-control no-cache, no-store, must-revalidate content-encoding gzip iam_on 97 pragma no-cache expires 0 p3p CP="NON CUR OTPi OUR NOR UNI" date Sun, 06 Oct 2024 16:15:24 GMT content-type application/javascript; charset=UTF-8 x-frame-options SAMEORIGIN
GET H2	200	detm-container-hdr.js Show response www.att.com/scripts/adobe/prod/	156 KB 39 KB	200ms 59ms	Script application/x-javascript	2a02:26f0:3100:793::2db1 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://www.att.com/scripts/adobe/prod/detm-container-hdr.js Requested by Host: pub-493ed05ca0194ff0a7dc9f81dfddba1c.r2.dev URL: https://pub-493ed05ca0194ff0a7dc9f81dfddba1c.r2.dev/att.com/home.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:3100:793::2db1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software AkamaiNetStorage / Resource Hash 945dd621b1e7863febf5b4d865a0eee356df8d0fe9a8241ce97a5d10f746e872 Security Headers Name Value Strict-Transport-Security max-age=15768000 ; preload Request headers User-Agent ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com) Intervention <https://www.chromestatus.com/feature/5718547946799104>; level="warning" Referer https://pub-493ed05ca0194ff0a7dc9f81dfddba1c.r2.dev/ Response headers strict-transport-security max-age=15768000 ; preload aka-global-request-id-uxtime 0.17071702.1728231323.28474de4 cache-control no-cache, private, max-age=7776000 content-encoding gzip etag "a1c7fb7f8ba54794927a71d15cc6741c:1727913893.274223" accept-ranges bytes server-timing cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1728231323678_35063575_675761636_59_27179_28_33_219";dur=1 content-length 39305 date Sun, 06 Oct 2024 16:15:23 GMT content-type application/x-javascript last-modified Thu, 03 Oct 2024 00:04:53 GMT server AkamaiNetStorage vary Accept-Encoding
GET H2	200	att_common.js Show response signin-static-js.att.com/scripts/	300 KB 176 KB	956ms 197ms	Script application/javascript	144.160.19.173 AMERITECH-AS
General Check archive.org Show headers Download Go to Full URL https://signin-static-js.att.com/scripts/att_common.js Requested by Host: pub-493ed05ca0194ff0a7dc9f81dfddba1c.r2.dev URL: https://pub-493ed05ca0194ff0a7dc9f81dfddba1c.r2.dev/att.com/home.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 144.160.19.173 Dunellen, United States, ASN797 (AMERITECH-AS, US), Reverse DNS clcontent-sf.att.com Software / Resource Hash 75b7616d50c847fac6e11abba6019552b41dbc44c289ecbbeaab14df513e6285 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Frame-Options SAMEORIGIN Request headers User-Agent ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com) Intervention <https://www.chromestatus.com/feature/5718547946799104>; level="warning" Referer https://pub-493ed05ca0194ff0a7dc9f81dfddba1c.r2.dev/ Response headers strict-transport-security max-age=31536000; includeSubDomains; preload cache-control no-cache, no-store, must-revalidate content-encoding gzip iam_on 97 pragma no-cache expires 0 p3p CP="NON CUR OTPi OUR NOR UNI" date Sun, 06 Oct 2024 16:15:24 GMT content-type application/javascript; charset=UTF-8 x-frame-options SAMEORIGIN
GET H2	200	ssaf-uc.js Show response www.att.com/scripts/ssaf_universal_client/prod/	126 KB 25 KB	58ms 58ms	Script application/x-javascript	2a02:26f0:3100:793::2db1 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://www.att.com/scripts/ssaf_universal_client/prod/ssaf-uc.js Requested by Host: pub-493ed05ca0194ff0a7dc9f81dfddba1c.r2.dev URL: https://pub-493ed05ca0194ff0a7dc9f81dfddba1c.r2.dev/att.com/home.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:3100:793::2db1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software Akamai Resource Optimizer / Resource Hash dd9d21e8fa9b6aebf8174a7fcf93f11415058cb5a192bf1cc3fd5aafc629d6cd Security Headers Name Value Strict-Transport-Security max-age=15768000 ; preload Request headers User-Agent ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com) Referer https://pub-493ed05ca0194ff0a7dc9f81dfddba1c.r2.dev/ Response headers strict-transport-security max-age=15768000 ; preload aka-global-request-id-uxtime 0.91c3c117.1725095473.a145d45, 0.17071702.1728231324.2847621d cache-control max-age=3600 content-encoding br etag "5128aae7d81cf1433303ebdaf28ae6f2:1724890466.748679" x-check-cacheable YES accept-ranges bytes server-timing cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1728231324972_35063575_675766813_57_26978_29_0_146";dur=1 content-length 25635 date Sun, 06 Oct 2024 16:15:25 GMT content-type application/x-javascript last-modified Sat, 31 Aug 2024 09:11:14 GMT server Akamai Resource Optimizer
GET H2	200	styles.css signin.att.com/static/siam/en/halo_c/halo-c-login/	128 KB 32 KB	845ms 120ms	Stylesheet text/css	144.160.19.173 AMERITECH-AS
General Check archive.org Show headers Download Go to Full URL https://signin.att.com/static/siam/en/halo_c/halo-c-login/styles.css?v=16.4.3 Requested by Host: pub-493ed05ca0194ff0a7dc9f81dfddba1c.r2.dev URL: https://pub-493ed05ca0194ff0a7dc9f81dfddba1c.r2.dev/att.com/home.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 144.160.19.173 Dunellen, United States, ASN797 (AMERITECH-AS, US), Reverse DNS clcontent-sf.att.com Software / Resource Hash e9d64ddc98959fb478cc1e10b665c237608386ce7820cbfa5b4c502567642d22 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Frame-Options SAMEORIGIN Request headers User-Agent ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com) Referer https://pub-493ed05ca0194ff0a7dc9f81dfddba1c.r2.dev/ Response headers strict-transport-security max-age=31536000; includeSubDomains; preload content-encoding gzip iam_on 97 etag "1fe79-61f2d4f8e9e40" accept-ranges bytes access-control-allow-origin * p3p CP="NON CUR OTPi OUR NOR UNI" date Sun, 06 Oct 2024 16:15:24 GMT apser p771 content-type text/css last-modified Thu, 08 Aug 2024 15:02:09 GMT x-frame-options SAMEORIGIN
GET H2	200	att-logo.svg signin.att.com/static/siam/en/halo_c/images/logos/	8 KB 8 KB	113ms 113ms	Image image/svg+xml	144.160.19.173 AMERITECH-AS
General Check archive.org Show headers Download Go to Show image Full URL https://signin.att.com/static/siam/en/halo_c/images/logos/att-logo.svg Requested by Host: pub-493ed05ca0194ff0a7dc9f81dfddba1c.r2.dev URL: https://pub-493ed05ca0194ff0a7dc9f81dfddba1c.r2.dev/att.com/home.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 144.160.19.173 Dunellen, United States, ASN797 (AMERITECH-AS, US), Reverse DNS clcontent-sf.att.com Software / Resource Hash 6982fbe858e30068de9301b49438c83838bc7beb058146703b22b701e6709c7e Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Frame-Options SAMEORIGIN Request headers User-Agent ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com) Referer https://pub-493ed05ca0194ff0a7dc9f81dfddba1c.r2.dev/ Response headers strict-transport-security max-age=31536000; includeSubDomains; preload iam_on 97 etag "20b1-61f2d4f8e9e40" age 76748 accept-ranges bytes access-control-allow-origin * content-length 8369 p3p CP="NON CUR OTPi OUR NOR UNI" date Sat, 05 Oct 2024 18:56:17 GMT apser p767 content-type image/svg+xml last-modified Thu, 08 Aug 2024 15:02:09 GMT x-frame-options SAMEORIGIN
GET H2	200	checkmark.svg signin.att.com/static/siam/en/halo_c/cms/login/default/images/	350 B 440 B	115ms 115ms	Image image/svg+xml	144.160.19.173 AMERITECH-AS
General Check archive.org Show headers Download Go to Show image Full URL https://signin.att.com/static/siam/en/halo_c/cms/login/default/images/checkmark.svg Requested by Host: pub-493ed05ca0194ff0a7dc9f81dfddba1c.r2.dev URL: https://pub-493ed05ca0194ff0a7dc9f81dfddba1c.r2.dev/att.com/home.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 144.160.19.173 Dunellen, United States, ASN797 (AMERITECH-AS, US), Reverse DNS clcontent-sf.att.com Software / Resource Hash b589ac98cac6d578082d9d2e8bb354abcab6f41f25a081a613227a37def44c9a Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Frame-Options SAMEORIGIN Request headers User-Agent ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com) Referer https://pub-493ed05ca0194ff0a7dc9f81dfddba1c.r2.dev/ Response headers strict-transport-security max-age=31536000; includeSubDomains; preload iam_on 97 etag "15e-61f2d4f8e9e40" accept-ranges bytes access-control-allow-origin * content-length 350 p3p CP="NON CUR OTPi OUR NOR UNI" date Sun, 06 Oct 2024 16:15:25 GMT apser p766 content-type image/svg+xml last-modified Thu, 08 Aug 2024 15:02:09 GMT x-frame-options SAMEORIGIN
GET H2	200	runtime.js Show response signin.att.com/static/siam/en/halo_c/halo-c-login/	1 KB 820 B	115ms 114ms	Script application/javascript	144.160.19.173 AMERITECH-AS
General Check archive.org Show headers Download Go to Full URL https://signin.att.com/static/siam/en/halo_c/halo-c-login/runtime.js?v=16.4.3 Requested by Host: pub-493ed05ca0194ff0a7dc9f81dfddba1c.r2.dev URL: https://pub-493ed05ca0194ff0a7dc9f81dfddba1c.r2.dev/att.com/home.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 144.160.19.173 Dunellen, United States, ASN797 (AMERITECH-AS, US), Reverse DNS clcontent-sf.att.com Software / Resource Hash 6c5acbb82a46a4971660f65131241dffcc28828f4dbd76b8ec7bab0b468250f8 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Frame-Options SAMEORIGIN Request headers User-Agent ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com) Referer https://pub-493ed05ca0194ff0a7dc9f81dfddba1c.r2.dev/ Response headers strict-transport-security max-age=31536000; includeSubDomains; preload content-encoding gzip iam_on 97 etag "5cd-60277a4b5b700" accept-ranges bytes access-control-allow-origin * p3p CP="NON CUR OTPi OUR NOR UNI" date Sun, 06 Oct 2024 16:15:25 GMT apser p770 content-type application/javascript last-modified Wed, 09 Aug 2023 06:32:28 GMT x-frame-options SAMEORIGIN
GET H2	200	polyfills.js Show response signin.att.com/static/siam/en/halo_c/halo-c-login/	45 KB 17 KB	114ms 113ms	Script application/javascript	144.160.19.173 AMERITECH-AS
General Check archive.org Show headers Download Go to Full URL https://signin.att.com/static/siam/en/halo_c/halo-c-login/polyfills.js?v=16.4.3 Requested by Host: pub-493ed05ca0194ff0a7dc9f81dfddba1c.r2.dev URL: https://pub-493ed05ca0194ff0a7dc9f81dfddba1c.r2.dev/att.com/home.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 144.160.19.173 Dunellen, United States, ASN797 (AMERITECH-AS, US), Reverse DNS clcontent-sf.att.com Software / Resource Hash caa22a11a7d51983bd572bcf5c6ac58daeb82e5cd5ac15191870f18ee3d9546d Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Frame-Options SAMEORIGIN Request headers User-Agent ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com) Referer https://pub-493ed05ca0194ff0a7dc9f81dfddba1c.r2.dev/ Response headers strict-transport-security max-age=31536000; includeSubDomains; preload content-encoding gzip iam_on 97 etag "b346-60277a4b5b700" accept-ranges bytes access-control-allow-origin * p3p CP="NON CUR OTPi OUR NOR UNI" date Sun, 06 Oct 2024 16:15:25 GMT apser p766 content-type application/javascript last-modified Wed, 09 Aug 2023 06:32:28 GMT x-frame-options SAMEORIGIN
GET H2	200	vendor.js Show response signin.att.com/static/siam/en/halo_c/halo-c-login/	474 KB 154 KB	114ms 114ms	Script application/javascript	144.160.19.173 AMERITECH-AS
General Check archive.org Show headers Download Go to Full URL https://signin.att.com/static/siam/en/halo_c/halo-c-login/vendor.js?v=16.4.3 Requested by Host: pub-493ed05ca0194ff0a7dc9f81dfddba1c.r2.dev URL: https://pub-493ed05ca0194ff0a7dc9f81dfddba1c.r2.dev/att.com/home.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 144.160.19.173 Dunellen, United States, ASN797 (AMERITECH-AS, US), Reverse DNS clcontent-sf.att.com Software / Resource Hash a886cc3be70243d7b9e40f7fcdbadf4eaa4481c1bd73bd962da15ee450b78366 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Frame-Options SAMEORIGIN Request headers User-Agent ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com) Referer https://pub-493ed05ca0194ff0a7dc9f81dfddba1c.r2.dev/ Response headers strict-transport-security max-age=31536000; includeSubDomains; preload content-encoding gzip iam_on 97 etag "7670e-60277a4b5b700" accept-ranges bytes access-control-allow-origin * p3p CP="NON CUR OTPi OUR NOR UNI" date Sun, 06 Oct 2024 16:15:25 GMT apser p767 content-type application/javascript last-modified Wed, 09 Aug 2023 06:32:28 GMT x-frame-options SAMEORIGIN
GET H2	200	main.js Show response signin.att.com/static/siam/en/halo_c/halo-c-login/	190 KB 51 KB	115ms 114ms	Script application/javascript	144.160.19.173 AMERITECH-AS
General Check archive.org Show headers Download Go to Full URL https://signin.att.com/static/siam/en/halo_c/halo-c-login/main.js?v=16.4.3 Requested by Host: pub-493ed05ca0194ff0a7dc9f81dfddba1c.r2.dev URL: https://pub-493ed05ca0194ff0a7dc9f81dfddba1c.r2.dev/att.com/home.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 144.160.19.173 Dunellen, United States, ASN797 (AMERITECH-AS, US), Reverse DNS clcontent-sf.att.com Software / Resource Hash 7edc87464e3806857a05ea621ad81cecfc6ba7e51a347493ead3f8235e537d0c Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Frame-Options SAMEORIGIN Request headers User-Agent ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com) Referer https://pub-493ed05ca0194ff0a7dc9f81dfddba1c.r2.dev/ Response headers strict-transport-security max-age=31536000; includeSubDomains; preload content-encoding gzip iam_on 97 etag "2f67f-60277a4b5b700" accept-ranges bytes access-control-allow-origin * p3p CP="NON CUR OTPi OUR NOR UNI" date Sun, 06 Oct 2024 16:15:25 GMT apser p771 content-type application/javascript last-modified Wed, 09 Aug 2023 06:32:28 GMT x-frame-options SAMEORIGIN
GET H2	200	mbox-contents.js Show response www.att.com/scripts/adobe/prod/	159 KB 50 KB	98ms 97ms	Script application/x-javascript	2a02:26f0:3100:793::2db1 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://www.att.com/scripts/adobe/prod/mbox-contents.js Requested by Host: www.att.com URL: https://www.att.com/scripts/adobe/prod/detm-container-hdr.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:3100:793::2db1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software AkamaiNetStorage / Resource Hash a20c2f5a3ca7136dedcd14df368c615eddd7d442895675a5203a3dd243f07d49 Security Headers Name Value Strict-Transport-Security max-age=15768000 ; preload Request headers User-Agent ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com) Intervention <https://www.chromestatus.com/feature/5718547946799104>; level="warning" Referer https://pub-493ed05ca0194ff0a7dc9f81dfddba1c.r2.dev/ Response headers strict-transport-security max-age=15768000 ; preload aka-global-request-id-uxtime 0.853a2f17.1727979547.4a72b485, 0.17071702.1728231323.28474faf cache-control no-cache, private, max-age=7776000 content-encoding gzip etag "84390b98628116b1515de5df87c99e16:1723508457.176731" expires Tue, 05 Nov 2024 16:15:23 GMT accept-ranges bytes server-timing cdn-cache; desc=HIT, edge; dur=35, origin; dur=0, ak_p; desc="1728231323820_35063575_675762095_3499_24827_28_0_219";dur=1 content-length 50328 date Sun, 06 Oct 2024 16:15:23 GMT content-type application/x-javascript last-modified Tue, 13 Aug 2024 00:20:57 GMT server AkamaiNetStorage vary Accept-Encoding
GET H2	200	json Show response fls.doubleclick.net/	40 B 630 B	80ms 28ms	Script text/javascript	216.58.212.134 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fls.doubleclick.net/json?spot=6100125&src=&var=s_3_Integrate_DFA_get_0&host=integrate.112.2o7.net%2Fdfa_echo%3Fvar%3Ds_3_Integrate_DFA_get_0%26AQE%3D1%26A2S%3D1&ord=1728231325042 Requested by Host: www.att.com URL: https://www.att.com/scripts/ssaf_universal_client/prod/ssaf-uc.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 216.58.212.134 , United States, ASN15169 (GOOGLE, US), Reverse DNS ams15s21-in-f134.1e100.net Software cafe / Resource Hash e32a6ae5e43f7f652674e0f03dc23f86839f839b29ee4e63c01c93da180bb0d0 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers User-Agent ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com) Referer https://pub-493ed05ca0194ff0a7dc9f81dfddba1c.r2.dev/ Response headers content-encoding gzip x-content-type-options nosniff expires Fri, 01 Jan 1990 00:00:00 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" date Sun, 06 Oct 2024 16:15:25 GMT content-type text/javascript; charset=ISO-8859-1 content-disposition attachment; filename="f.txt" x-frame-options SAMEORIGIN cache-control no-cache, must-revalidate timing-allow-origin * pragma no-cache cross-origin-resource-policy cross-origin content-length 60 x-xss-protection 0 server cafe
GET H2	200	ATTAleckSans_W_Rg.woff2 signin.att.com/static/siam/en/halo_c/halo-c-login/assets/fonts/att/ATTAleckSans/woff2/	18 KB 18 KB	427ms 130ms	Font application/octet-stream	144.160.19.173 AMERITECH-AS
General Check archive.org Show headers Download Go to Full URL https://signin.att.com/static/siam/en/halo_c/halo-c-login/assets/fonts/att/ATTAleckSans/woff2/ATTAleckSans_W_Rg.woff2 Requested by Host: signin.att.com URL: https://signin.att.com/static/siam/en/halo_c/halo-c-login/styles.css?v=16.4.3 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 144.160.19.173 Dunellen, United States, ASN797 (AMERITECH-AS, US), Reverse DNS clcontent-sf.att.com Software / Resource Hash e2740c7b209e33aca7176250d80f94b4924e5e5d18076ee3b95f32a0e20d1f58 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Frame-Options SAMEORIGIN Request headers User-Agent ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com) Origin https://pub-493ed05ca0194ff0a7dc9f81dfddba1c.r2.dev Referer https://signin.att.com/static/siam/en/halo_c/halo-c-login/styles.css?v=16.4.3 Response headers strict-transport-security max-age=31536000; includeSubDomains; preload iam_on 97 etag "4830-61f2d4f8e9e40" accept-ranges bytes access-control-allow-origin * content-length 18480 p3p CP="NON CUR OTPi OUR NOR UNI" date Sun, 06 Oct 2024 16:15:25 GMT apser p771 last-modified Thu, 08 Aug 2024 15:02:09 GMT x-frame-options SAMEORIGIN
GET H2	200	ATTAleckSans_W_Bd.woff2 signin.att.com/static/siam/en/halo_c/halo-c-login/assets/fonts/att/ATTAleckSans/woff2/	18 KB 18 KB	428ms 130ms	Font application/octet-stream	144.160.19.173 AMERITECH-AS
General Check archive.org Show headers Download Go to Full URL https://signin.att.com/static/siam/en/halo_c/halo-c-login/assets/fonts/att/ATTAleckSans/woff2/ATTAleckSans_W_Bd.woff2 Requested by Host: signin.att.com URL: https://signin.att.com/static/siam/en/halo_c/halo-c-login/styles.css?v=16.4.3 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 144.160.19.173 Dunellen, United States, ASN797 (AMERITECH-AS, US), Reverse DNS clcontent-sf.att.com Software / Resource Hash 37a1212cc1ab5c935d9a3fee05c98c940eaa895a23510e5f83d550dfbb0d763f Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Frame-Options SAMEORIGIN Request headers User-Agent ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com) Origin https://pub-493ed05ca0194ff0a7dc9f81dfddba1c.r2.dev Referer https://signin.att.com/static/siam/en/halo_c/halo-c-login/styles.css?v=16.4.3 Response headers strict-transport-security max-age=31536000; includeSubDomains; preload iam_on 97 etag "48d8-61f2d4f8e9e40" accept-ranges bytes access-control-allow-origin * content-length 18648 p3p CP="NON CUR OTPi OUR NOR UNI" date Sun, 06 Oct 2024 16:15:25 GMT apser p775 last-modified Thu, 08 Aug 2024 15:02:09 GMT x-frame-options SAMEORIGIN
GET H2	200	en.json Show response signin.att.com/static/siam/en/halo_c/cms/login/default/i18n/	14 KB 14 KB	301ms 252ms	XHR application/json	144.160.19.173 AMERITECH-AS
General Check archive.org Show headers Download Go to Full URL https://signin.att.com/static/siam/en/halo_c/cms/login/default/i18n/en.json Requested by Host: signin-static-js.att.com URL: https://signin-static-js.att.com/scripts/att_common.js?apg Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 144.160.19.173 Dunellen, United States, ASN797 (AMERITECH-AS, US), Reverse DNS clcontent-sf.att.com Software / Resource Hash 1aa5af21f967d4390f8473eeaa87654726ec48f77d9d610271ee3e7a74d035c6 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Frame-Options SAMEORIGIN Request headers User-Agent ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com) Accept application/json, text/plain, */* Referer https://pub-493ed05ca0194ff0a7dc9f81dfddba1c.r2.dev/ Response headers strict-transport-security max-age=31536000; includeSubDomains; preload iam_on 97 etag "365b-61f2d4f8e9e40" accept-ranges bytes access-control-allow-origin * content-length 13915 p3p CP="NON CUR OTPi OUR NOR UNI" date Sun, 06 Oct 2024 16:15:25 GMT apser p770 content-type application/json last-modified Thu, 08 Aug 2024 15:02:09 GMT x-frame-options SAMEORIGIN
GET		6b417d65-bdc3-4f54-80fe-bfebf02e3bc4 https://pub-493ed05ca0194ff0a7dc9f81dfddba1c.r2.dev/	0 0
GET DATA	200 OK	truncated /	89 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 50e6072d26098d48004a30addeecabd5b22b91e5ccdf9dd86f96459783e3ac23 Request headers User-Agent ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com) Referer Response headers Content-Type image/png
GET H2	200	favicon.ico www.att.com/acctmgmt/	1 KB 1 KB	199ms 198ms	Other image/x-icon	2a02:26f0:3100:793::2db1 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://www.att.com/acctmgmt/favicon.ico Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:3100:793::2db1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash 42938b72e2ec54515eb9c49145f42b8728cfc0b70170f80aef58ce93032b1c1d Security Headers Name Value Strict-Transport-Security max-age=15768000 ; preload X-Frame-Options https://*.att.com/, http://*.att.com/ Request headers User-Agent ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com) Referer https://pub-493ed05ca0194ff0a7dc9f81dfddba1c.r2.dev/ Response headers aka-global-request-id-uxtime 0.17071702.1728231325.28476e03 content-encoding gzip etag "66fbce8c-47e" traceresponse 00-bd9b6e6721494bf272d4e269fa327f9f-510a0d865f6478e9-01 expires Tue, 05 Nov 2024 16:15:25 GMT server-timing cdn-cache; desc=HIT, edge; dur=37, origin; dur=0, dtSInfo;desc="0", dtRpid;desc="415256117", ak_p; desc="1728231325746_35063575_675769859_4052_115336_33_0_219";dur=1 date Sun, 06 Oct 2024 16:15:25 GMT content-type image/x-icon last-modified Tue, 01 Oct 2024 10:27:24 GMT vary Accept-Encoding x-frame-options https://*.att.com/, http://*.att.com/ strict-transport-security max-age=15768000 ; preload x-dt-tracestate e8f76564-56b164c6@dt cache-control public, max-age=2592000, s-maxage=900 accept-ranges bytes content-length 659

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

pub-493ed05ca0194ff0a7dc9f81dfddba1c.r2.dev

URL

blob:https://pub-493ed05ca0194ff0a7dc9f81dfddba1c.r2.dev/6b417d65-bdc3-4f54-80fe-bfebf02e3bc4

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: AT&T (Telecommunication)

222 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 string| dataParameter function| _0x319076 string| result function| _0x3d25 function| _0x3fb7 string| detmScriptLoadType number| ts string| href object| detm_last_link_info function| isIE function| _pageLoadDetector function| _earlyAnalytics function| e object| visitor function| loadScriptSync object| DataMappingInterface string| detm_tag_notification_key string| legacyModeKey string| retireDLKey object| scripts object| script string| src function| satelliteDetector function| scriptExecutor function| loadAdsFile function| executeMonetizationTagInjection function| injectMonetization function| iterateANConfigObj function| findAccurateConfig object| detmScriptLoaderConfig object| detmLoader boolean| AllowDelayedLoad function| enableGPI function| detmScriptLoader function| dunBradstreet object| earlyAnalytics object| chatAnalytics function| Visitor object| s_c_il number| s_c_in object| detmScriptExecutor object| QMATT function| detmDomainMapper object| detmTagControls string| path object| _satellite object| head_ab function| targetView function| listAbVariants function| targetPageParams object| targetGlobalSettings function| ab$ function| ABJSFrameworkLibrary object| adobe function| mboxCreate function| mboxDefine function| mboxUpdate string| AB_LOCATION_CHANGE string| sdidUrl function| docReady object| ddo object| ssaf function| AnalyticsNotificationFramework object| loginJspEnvVars string| loginLanguage object| timeoutJspVars object| s_3_Integrate_DFA_get_0 object| uc_dfa_val number| dfaSuccess object| webpackJsonp function| Zone function| __zone_symbol__Promise function| __zone_symbol__fetch function| __zone_symbol__legacyPatch function| __zone_symbol__queueMicrotask function| __zone_symbol__setTimeout function| __zone_symbol__clearTimeout function| __zone_symbol__setInterval function| __zone_symbol__clearInterval function| __zone_symbol__requestAnimationFrame function| __zone_symbol__cancelAnimationFrame function| __zone_symbol__webkitRequestAnimationFrame function| __zone_symbol__webkitCancelAnimationFrame function| __zone_symbol__alert function| __zone_symbol__prompt function| __zone_symbol__confirm function| __zone_symbol__MutationObserver function| __zone_symbol__WebKitMutationObserver function| __zone_symbol__IntersectionObserver function| __zone_symbol__FileReader boolean| __zone_symbol__ononsearchpatched boolean| __zone_symbol__ononappinstalledpatched boolean| __zone_symbol__ononbeforeinstallpromptpatched boolean| __zone_symbol__ononbeforexrselectpatched boolean| __zone_symbol__ononabortpatched boolean| __zone_symbol__ononbeforeinputpatched boolean| __zone_symbol__ononbeforematchpatched boolean| __zone_symbol__ononbeforetogglepatched boolean| __zone_symbol__ononblurpatched boolean| __zone_symbol__ononcancelpatched boolean| __zone_symbol__ononcanplaypatched boolean| __zone_symbol__ononcanplaythroughpatched boolean| __zone_symbol__ononchangepatched boolean| __zone_symbol__ononclickpatched boolean| __zone_symbol__ononclosepatched boolean| __zone_symbol__ononcontentvisibilityautostatechangepatched boolean| __zone_symbol__ononcontextlostpatched boolean| __zone_symbol__ononcontextmenupatched boolean| __zone_symbol__ononcontextrestoredpatched boolean| __zone_symbol__ononcuechangepatched boolean| __zone_symbol__onondblclickpatched boolean| __zone_symbol__onondragpatched boolean| __zone_symbol__onondragendpatched boolean| __zone_symbol__onondragenterpatched boolean| __zone_symbol__onondragleavepatched boolean| __zone_symbol__onondragoverpatched boolean| __zone_symbol__onondragstartpatched boolean| __zone_symbol__onondroppatched boolean| __zone_symbol__onondurationchangepatched boolean| __zone_symbol__ononemptiedpatched boolean| __zone_symbol__ononendedpatched boolean| __zone_symbol__ononerrorpatched boolean| __zone_symbol__ononfocuspatched boolean| __zone_symbol__ononformdatapatched boolean| __zone_symbol__ononinputpatched boolean| __zone_symbol__ononinvalidpatched boolean| __zone_symbol__ononkeydownpatched boolean| __zone_symbol__ononkeypresspatched boolean| __zone_symbol__ononkeyuppatched boolean| __zone_symbol__ononloadpatched boolean| __zone_symbol__ononloadeddatapatched boolean| __zone_symbol__ononloadedmetadatapatched boolean| __zone_symbol__ononloadstartpatched boolean| __zone_symbol__ononmousedownpatched boolean| __zone_symbol__ononmouseenterpatched boolean| __zone_symbol__ononmouseleavepatched boolean| __zone_symbol__ononmousemovepatched boolean| __zone_symbol__ononmouseoutpatched boolean| __zone_symbol__ononmouseoverpatched boolean| __zone_symbol__ononmouseuppatched boolean| __zone_symbol__ononmousewheelpatched boolean| __zone_symbol__ononpausepatched boolean| __zone_symbol__ononplaypatched boolean| __zone_symbol__ononplayingpatched boolean| __zone_symbol__ononprogresspatched boolean| __zone_symbol__ononratechangepatched boolean| __zone_symbol__ononresetpatched boolean| __zone_symbol__ononresizepatched boolean| __zone_symbol__ononscrollpatched boolean| __zone_symbol__ononsecuritypolicyviolationpatched boolean| __zone_symbol__ononseekedpatched boolean| __zone_symbol__ononseekingpatched boolean| __zone_symbol__ononselectpatched boolean| __zone_symbol__ononslotchangepatched boolean| __zone_symbol__ononstalledpatched boolean| __zone_symbol__ononsubmitpatched boolean| __zone_symbol__ononsuspendpatched boolean| __zone_symbol__onontimeupdatepatched boolean| __zone_symbol__onontogglepatched boolean| __zone_symbol__ononvolumechangepatched boolean| __zone_symbol__ononwaitingpatched boolean| __zone_symbol__ononwebkitanimationendpatched boolean| __zone_symbol__ononwebkitanimationiterationpatched boolean| __zone_symbol__ononwebkitanimationstartpatched boolean| __zone_symbol__ononwebkittransitionendpatched boolean| __zone_symbol__ononwheelpatched boolean| __zone_symbol__ononauxclickpatched boolean| __zone_symbol__onongotpointercapturepatched boolean| __zone_symbol__ononlostpointercapturepatched boolean| __zone_symbol__ononpointerdownpatched boolean| __zone_symbol__ononpointermovepatched boolean| __zone_symbol__ononpointerrawupdatepatched boolean| __zone_symbol__ononpointeruppatched boolean| __zone_symbol__ononpointercancelpatched boolean| __zone_symbol__ononpointeroverpatched boolean| __zone_symbol__ononpointeroutpatched boolean| __zone_symbol__ononpointerenterpatched boolean| __zone_symbol__ononpointerleavepatched boolean| __zone_symbol__ononselectstartpatched boolean| __zone_symbol__ononselectionchangepatched boolean| __zone_symbol__ononanimationendpatched boolean| __zone_symbol__ononanimationiterationpatched boolean| __zone_symbol__ononanimationstartpatched boolean| __zone_symbol__onontransitionrunpatched boolean| __zone_symbol__onontransitionstartpatched boolean| __zone_symbol__onontransitionendpatched boolean| __zone_symbol__onontransitioncancelpatched boolean| __zone_symbol__ononafterprintpatched boolean| __zone_symbol__ononbeforeprintpatched boolean| __zone_symbol__ononbeforeunloadpatched boolean| __zone_symbol__ononhashchangepatched boolean| __zone_symbol__ononlanguagechangepatched boolean| __zone_symbol__ononmessagepatched boolean| __zone_symbol__ononmessageerrorpatched boolean| __zone_symbol__ononofflinepatched boolean| __zone_symbol__onononlinepatched boolean| __zone_symbol__ononpagehidepatched boolean| __zone_symbol__ononpageshowpatched boolean| __zone_symbol__ononpopstatepatched boolean| __zone_symbol__ononrejectionhandledpatched boolean| __zone_symbol__ononstoragepatched boolean| __zone_symbol__ononunhandledrejectionpatched boolean| __zone_symbol__ononunloadpatched boolean| __zone_symbol__onondevicemotionpatched boolean| __zone_symbol__onondeviceorientationpatched boolean| __zone_symbol__onondeviceorientationabsolutepatched boolean| __zone_symbol__ononpageswappatched boolean| __zone_symbol__ononpagerevealpatched boolean| __zone_symbol__ononscrollendpatched boolean| __zone_symbol__ononscrollsnapchangepatched boolean| __zone_symbol__ononscrollsnapchangingpatched object| __zone_symbol__DM_DOC_READYfalse object| __zone_symbol__popstatefalse function| getAngularTestability function| getAllAngularTestabilities function| getAllAngularRootElements object| frameworkStabilizers function| __zone_symbol__addEventListener function| __zone_symbol__removeEventListener function| eventListeners function| removeAllListeners

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.doubleclick.net/	1970-01-21 00:03:52	Name: test_cookie Value: CheckForPermission
			www.att.com/	1969-12-31 23:59:59	Name: akaalb_prod_onprem Value: ~op=prod_onprem_alb:prod-idp-aldc2|~rv=10~m=prod-idp-aldc2:0|~os=c2e53dcabb81922a188c759e7de57e2b~id=7498e600a91c67844f271e23e6ddba18

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	(Line 2) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://www.att.com/scripts/adobe/prod/detm-container-hdr.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	(Line 2) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://www.att.com/scripts/adobe/prod/detm-container-hdr.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	(Line 2) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://signin-static-js.att.com/scripts/att_common.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://www.att.com/scripts/adobe/prod/detm-container-hdr.js(Line 7) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://www.att.com/scripts/adobe/prod/mbox-contents.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://www.att.com/scripts/adobe/prod/detm-container-hdr.js(Line 7) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://www.att.com/scripts/adobe/prod/mbox-contents.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fls.doubleclick.net
pub-493ed05ca0194ff0a7dc9f81dfddba1c.r2.dev
signin-static-js.att.com
signin.att.com
www.att.com
pub-493ed05ca0194ff0a7dc9f81dfddba1c.r2.dev
144.160.19.173
216.58.212.134
2606:4700:7::eb
2a02:26f0:3100:793::2db1
1aa5af21f967d4390f8473eeaa87654726ec48f77d9d610271ee3e7a74d035c6
289dd5bba9703f56037aeac3b2cebe359b20ba7b14a57c229b724f4be8ffb80b
2d508afadc988ec21541854a08e3e7580ed6d8208af7da2a83611d0b6be4958b
37a1212cc1ab5c935d9a3fee05c98c940eaa895a23510e5f83d550dfbb0d763f
42938b72e2ec54515eb9c49145f42b8728cfc0b70170f80aef58ce93032b1c1d
50e6072d26098d48004a30addeecabd5b22b91e5ccdf9dd86f96459783e3ac23
6982fbe858e30068de9301b49438c83838bc7beb058146703b22b701e6709c7e
6c5acbb82a46a4971660f65131241dffcc28828f4dbd76b8ec7bab0b468250f8
75b7616d50c847fac6e11abba6019552b41dbc44c289ecbbeaab14df513e6285
7edc87464e3806857a05ea621ad81cecfc6ba7e51a347493ead3f8235e537d0c
945dd621b1e7863febf5b4d865a0eee356df8d0fe9a8241ce97a5d10f746e872
a20c2f5a3ca7136dedcd14df368c615eddd7d442895675a5203a3dd243f07d49
a886cc3be70243d7b9e40f7fcdbadf4eaa4481c1bd73bd962da15ee450b78366
b589ac98cac6d578082d9d2e8bb354abcab6f41f25a081a613227a37def44c9a
caa22a11a7d51983bd572bcf5c6ac58daeb82e5cd5ac15191870f18ee3d9546d
dd9d21e8fa9b6aebf8174a7fcf93f11415058cb5a192bf1cc3fd5aafc629d6cd
e2740c7b209e33aca7176250d80f94b4924e5e5d18076ee3b95f32a0e20d1f58
e32a6ae5e43f7f652674e0f03dc23f86839f839b29ee4e63c01c93da180bb0d0
e9d64ddc98959fb478cc1e10b665c237608386ce7820cbfa5b4c502567642d22