Submitted URL: http://144.161.204.26/
Effective URL: https://144.161.204.26/
Submission: On August 29 via manual from IQ — Scanned from DE

Summary

This website contacted 1 IPs in 1 countries across 0 domains to perform 3 HTTP transactions. The main IP is 144.161.204.26, located in United States and belongs to AMERITECH-AS, US. The main domain is 144.161.204.26.
TLS certificate: Issued by DigiCert Global G2 TLS RSA SHA256 202... on April 1st 2024. Valid for: a year.
This is the only time 144.161.204.26 was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: AT&T (Telecommunication)

Domain & IP information

IP Address AS Autonomous System
3 144.161.204.26 797 (AMERITECH-AS)
3 1
Apex Domain
Subdomains
Transfer
3 0
Domain Requested by
3 0

This site contains links to these domains. Also see Links.

Domain
www.att.com
Subject Issuer Validity Valid
*.stage.att.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2024-04-01 -
2025-05-02
a year crt.sh

This page contains 1 frames:

Primary Page: https://144.161.204.26/
Frame ID: 2F798E958DBD3EA286F0ABDE0A1749B1
Requests: 3 HTTP requests in this frame

Screenshot

Page Title

AT&T Global Logon

Page URL History Show full URLs

  1. http://144.161.204.26/ HTTP 307
    https://144.161.204.26/ Page URL

Page Statistics

3
Requests

0 %
HTTPS

0 %
IPv6

0
Domains

0
Subdomains

1
IPs

1
Countries

5 kB
Transfer

5 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://144.161.204.26/ HTTP 307
    https://144.161.204.26/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

3 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
144.161.204.26/
Redirect Chain
  • http://144.161.204.26/
  • https://144.161.204.26/
2 KB
2 KB
Document
General
Full URL
https://144.161.204.26/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
144.161.204.26 , United States, ASN797 (AMERITECH-AS, US),
Reverse DNS
Software
/
Resource Hash
a0d0fabd3b864e45c7b5a860d0333c84df120ae6f75b293f0a1728ff45117597
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-encoding
gzip
content-type
text/html
date
Thu, 29 Aug 2024 23:03:59 GMT
iam_on
ctxoaa51
last-modified
Wed, 28 Sep 2022 17:30:32 GMT
p3p
CP="NON CUR OTPi OUR NOR UNI"
strict-transport-security
max-age=31536000; includeSubDomains; preload
transfer-encoding
chunked
x-content-type-options
nosniff

Redirect headers

Location
https://144.161.204.26/
Non-Authoritative-Reason
HttpsUpgrades
attglobe.gif
144.161.204.26/images/
2 KB
2 KB
Image
General
Full URL
https://144.161.204.26/images/attglobe.gif
Requested by
Host: 144.161.204.26
URL: https://144.161.204.26/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
144.161.204.26 , United States, ASN797 (AMERITECH-AS, US),
Reverse DNS
Software
/
Resource Hash
c21719908f8225e63b6dfea82f136db996dbd9f68af33a6d1fb449db6de40407
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://144.161.204.26/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Thu, 29 Aug 2024 23:03:59 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Fri, 12 Mar 2021 02:24:10 GMT
iam_on
ctxoaa51
p3p
CP="NON CUR OTPi OUR NOR UNI"
content-type
image/gif
content-length
1565
favicon.ico
144.161.204.26/
1 KB
1 KB
Other
General
Full URL
https://144.161.204.26/favicon.ico
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
144.161.204.26 , United States, ASN797 (AMERITECH-AS, US),
Reverse DNS
Software
/
Resource Hash
42938b72e2ec54515eb9c49145f42b8728cfc0b70170f80aef58ce93032b1c1d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://144.161.204.26/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Thu, 29 Aug 2024 23:03:59 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Mon, 22 Feb 2021 23:44:01 GMT
iam_on
ctxoaa51
p3p
CP="NON CUR OTPi OUR NOR UNI"
content-type
image/x-icon
content-length
1150

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: AT&T (Telecommunication)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

144.161.204.26
42938b72e2ec54515eb9c49145f42b8728cfc0b70170f80aef58ce93032b1c1d
a0d0fabd3b864e45c7b5a860d0333c84df120ae6f75b293f0a1728ff45117597
c21719908f8225e63b6dfea82f136db996dbd9f68af33a6d1fb449db6de40407