www.thearmchaircritic.org Open in urlscan Pro
2400:cb00:2048:1::681b:9c32 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://www.thearmchaircritic.org/morret/attiinnddeexx.php
Submission: On August 11 via automatic, source openphish (August 11th 2017, 2:35:05 pm UTC)

Summary HTTP 20 Redirects Links 14 Behaviour Indicators

Summary

This website contacted 5 IPs in 2 countries across 4 domains to perform 20 HTTP transactions. The main IP is 2400:cb00:2048:1::681b:9c32, located in United States and belongs to CLOUDFLARENET - CloudFlare, Inc., US. The main domain is www.thearmchaircritic.org.

This is the only time www.thearmchaircritic.org was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: AT&T (Telecommunication)

Domain & IP information

	IP Address	AS Autonomous System
1	2400:cb00:204... 2400:cb00:2048:1::681b:9c32	13335 (CLOUDFLAR...) (CLOUDFLARENET - CloudFlare)
14	2001:1890:1c0... 2001:1890:1c01:2::42	7018 (ATT-INTER...) (ATT-INTERNET4 - AT&T Services)
2	2a00:1288:80:... 2a00:1288:80:800::7000	203220 (YAHOO-DEB) (YAHOO-DEB)
2	2406:da00:ff0... 2406:da00:ff00::1715:2b5a	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
1	2406:da00:ff0... 2406:da00:ff00::b849:99ef	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
20	5

1 2400:cb00:2048:1::681b:9c32 (United States)

ASN13335 (CLOUDFLARENET - CloudFlare, Inc., US)

www.thearmchaircritic.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2001:1890:1c01:2::42 (United States)

ASN7018 (ATT-INTERNET4 - AT&T Services, Inc., US)

home.secureapp.att.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1288:80:800::7000 (United Kingdom)

ASN203220 (YAHOO-DEB, DE)

s.yimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2406:da00:ff00::1715:2b5a (United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)

analytics.sitewit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2406:da00:ff00::b849:99ef (United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)

connect.sitewit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
14	att.net home.secureapp.att.net	195 KB
3	sitewit.com analytics.sitewit.com connect.sitewit.com	15 KB
2	yimg.com s.yimg.com
1	thearmchaircritic.org www.thearmchaircritic.org	1 KB
20	4

	Domain	Requested by
14	home.secureapp.att.net	www.thearmchaircritic.org home.secureapp.att.net
2	analytics.sitewit.com	www.thearmchaircritic.org
2	s.yimg.com	www.thearmchaircritic.org
1	connect.sitewit.com	analytics.sitewit.com
1	www.thearmchaircritic.org
20	5

This site contains links to these domains. Also see Links.

Domain
www.att.net
www.att.com
uverseonline.att.net
elportal.att.net
home.secureapp.att.net

Subject Issuer	Validity	Valid
home.secureapp.att.net Symantec Class 3 Secure Server CA - G4	`2016-09-07` - `2017-10-15`	a year	crt.sh
*.yahoo.com DigiCert SHA2 High Assurance Server CA	`2017-07-31` - `2017-09-14`	a month	crt.sh

This page contains 1 frames:

Primary Page: http://www.thearmchaircritic.org/morret/attiinnddeexx.php
Frame ID: 27066.1
Requests: 20 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Statistics

20
Requests

80 %
HTTPS

100 %
IPv6

4
Domains

5
Subdomains

5
IPs

2
Countries

211 kB
Transfer

213 kB
Size

3
Cookies

14 Outgoing links

These are links going to different origins than the main page.

URL: http://www.att.net/
Title: att.net

Search URL Search Domain Scan URL

URL: http://www.att.com/
Title: att.com

Search URL Search Domain Scan URL

URL: http://uverseonline.att.net/
Title: uverse.com

Search URL Search Domain Scan URL

URL: http://elportal.att.net/
Title: En Español

Search URL Search Domain Scan URL

URL: https://www.att.com/esupport/index.jsp?App_ID=PBY
Title: AT&T Support

Search URL Search Domain Scan URL

URL: https://home.secureapp.att.net/attportal/s/context.dll?id=9002001&type=clickthru&name=cgate.Register.Pageviews.www-att-net&redirecturl=https://attreg.att.net/PortalRegWeb/PortalRegController?callingAppId=OP&returnUrl=

Search URL Search Domain Scan URL

URL: http://www.att.net/s/context.dll?id=1400&type=clickthru&name=global.footer.att.support&redirecturl=https://www.att.com/esupport/index.jsp?App_ID=PBY
Title: AT&T Support

Search URL Search Domain Scan URL

URL: http://www.att.net/s/context.dll?id=1400&type=clickthru&name=global.footer.att.adinfo&redirecturl=http://www.att.net/legal/advertising
Title: Advertise with Us

Search URL Search Domain Scan URL

URL: http://www.att.net/s/context.dll?id=1400&type=clickthru&name=global.footer.att.TOS&redirecturl=http://www.att.com/shop/internet/att-internet-terms-of-service.jsp
Title: Terms of Service

Search URL Search Domain Scan URL

URL: http://www.att.net/s/context.dll?id=1400&type=clickthru&name=global.footer.att.copyright&redirecturl=http://info.yahoo.com/copyright/details.html
Title: Copyright

Search URL Search Domain Scan URL

URL: http://www.att.net/s/context.dll?id=1400&type=clickthru&name=global.footer.att.privacy&redirecturl=http://att.yahoo.com/privacy
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: http://www.att.net/s/context.dll?id=1400&type=clickthru&name=global.footer.att.aboutourads&redirecturl=http://info.yahoo.com/privacy/us/yahoo/attandyahoo/adchoices.html
Title: About Our Ads

Search URL Search Domain Scan URL

URL: http://www.att.net/s/context.dll?id=1400&type=clickthru&name=global.footer.att.AUP&redirecturl=http://www.corp.att.com/aup/
Title: Acceptable Use Policy

Search URL Search Domain Scan URL

URL: http://www.att.net/s/context.dll?id=1400&type=clickthru&name=global.footer.att.IP&redirecturl=http://www.att.com/gen/privacy-policy?pid=2587
Title: Copyright © 2015 AT&T Intellectual Property

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request 18

https://home.secureapp.att.net/attportal/s/context.dll?id=9002001&type=clickthru&name=cgate.signIn.Pageviews.www-att-net&redirecturl=/i/s.gif?nocache=8240
https://home.secureapp.att.net/i/s.gif?nocache=8240

20 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request attiinnddeexx.php Show response www.thearmchaircritic.org/morret/	3 KB 1 KB	853ms 710ms	Document text/html	2400:cb00:2048:1::681b:9c32 CloudFlare
General Check archive.org Show headers Download Go to Full URL http://www.thearmchaircritic.org/morret/attiinnddeexx.php Protocol HTTP/1.1 Server 2400:cb00:2048:1::681b:9c32 , United States, ASN13335 (CLOUDFLARENET - CloudFlare, Inc., US), Reverse DNS Software cloudflare-nginx / Resource Hash `ea306d92cd0297b55dd3a5d595a336cd022c8451d0738d6c3463d963251234f3` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36 Response headers CF-RAY 38cbeb0580a42318-FRA Date Fri, 11 Aug 2017 14:34:51 GMT ngpass_ngall 1 Server cloudflare-nginx Vary Accept-Encoding,User-Agent Content-Type text/html; charset=UTF-8 Cache-Control max-age=2592000 Transfer-Encoding chunked Connection keep-alive Content-Encoding gzip Expires Sun, 10 Sep 2017 14:34:51 GMT
GET H/1.0	200 OK	main.css home.secureapp.att.net/css/sso/slid/1201/	28 KB 28 KB	695ms 221ms	Stylesheet text/css	2001:1890:1c01:2::42 AT&T Services
General Check archive.org Show headers Download Go to Full URL https://home.secureapp.att.net/css/sso/slid/1201/main.css Requested by Host: www.thearmchaircritic.org URL: http://www.thearmchaircritic.org/morret/attiinnddeexx.php Protocol HTTP/1.0 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2001:1890:1c01:2::42 , United States, ASN7018 (ATT-INTERNET4 - AT&T Services, Inc., US), Reverse DNS Software "" / Resource Hash `b7cdeca2ae90f7272849353b0f8ddf33cc8a650362dd3a88690ecda5ad8082ab` Request headers Referer http://www.thearmchaircritic.org/morret/attiinnddeexx.php User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36 Response headers Date Fri, 11 Aug 2017 14:32:43 GMT Last-modified Fri, 16 Jun 2017 03:47:07 GMT Server "" Etag "6fb7-594354bb" Content-type text/css Connection keep-alive Accept-ranges bytes Content-length 28599
GET H/1.0	200 OK	jquery-1.5.1.min.js Show response home.secureapp.att.net/js/jquery/	83 KB 83 KB	724ms 226ms	Script application/x-javascript	2001:1890:1c01:2::42 AT&T Services
General Check archive.org Show headers Download Go to Full URL https://home.secureapp.att.net/js/jquery/jquery-1.5.1.min.js Requested by Host: www.thearmchaircritic.org URL: http://www.thearmchaircritic.org/morret/attiinnddeexx.php Protocol HTTP/1.0 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2001:1890:1c01:2::42 , United States, ASN7018 (ATT-INTERNET4 - AT&T Services, Inc., US), Reverse DNS Software "" / Resource Hash `764b9e9f3ad386aaa5cdeae9368353994de61c0bede087c8f7e3579cb443de3b` Request headers Referer http://www.thearmchaircritic.org/morret/attiinnddeexx.php User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36 Response headers Date Fri, 11 Aug 2017 14:32:43 GMT Last-modified Fri, 11 Mar 2011 22:40:27 GMT Server "" Etag "14d0c-4d7aa4db" Content-type application/x-javascript Connection keep-alive Accept-ranges bytes Content-length 85260
GET H/1.0	200 OK	jquery.simplemodal.js Show response home.secureapp.att.net/js/jquery/simplemodal/	9 KB 9 KB	730ms 228ms	Script application/x-javascript	2001:1890:1c01:2::42 AT&T Services
General Check archive.org Show headers Download Go to Full URL https://home.secureapp.att.net/js/jquery/simplemodal/jquery.simplemodal.js Requested by Host: www.thearmchaircritic.org URL: http://www.thearmchaircritic.org/morret/attiinnddeexx.php Protocol HTTP/1.0 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2001:1890:1c01:2::42 , United States, ASN7018 (ATT-INTERNET4 - AT&T Services, Inc., US), Reverse DNS Software "" / Resource Hash `70b5a6613f03d3c015d826185e39839e6dbc2d03871f151bafbed5cc58503f69` Request headers Referer http://www.thearmchaircritic.org/morret/attiinnddeexx.php User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36 Response headers Date Fri, 11 Aug 2017 14:32:43 GMT Last-modified Fri, 05 Nov 2010 18:18:06 GMT Server "" Etag "24fd-4cd44a5e" Content-type application/x-javascript Connection keep-alive Accept-ranges bytes Content-length 9469
GET H/1.0	200 OK	script.js Show response home.secureapp.att.net/js/sso/slid/1201/	47 KB 47 KB	751ms 231ms	Script application/x-javascript	2001:1890:1c01:2::42 AT&T Services
General Check archive.org Show headers Download Go to Full URL https://home.secureapp.att.net/js/sso/slid/1201/script.js Requested by Host: www.thearmchaircritic.org URL: http://www.thearmchaircritic.org/morret/attiinnddeexx.php Protocol HTTP/1.0 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2001:1890:1c01:2::42 , United States, ASN7018 (ATT-INTERNET4 - AT&T Services, Inc., US), Reverse DNS Software "" / Resource Hash `ad90d48b081527b48eb64b14094b178fe1ef78c1179473901e17897424d66a4d` Request headers Referer http://www.thearmchaircritic.org/morret/attiinnddeexx.php User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36 Response headers Date Fri, 11 Aug 2017 14:32:43 GMT Last-modified Mon, 31 Jul 2017 04:54:37 GMT Server "" Etag "bb1f-597eb80d" Content-type application/x-javascript Connection keep-alive Accept-ranges bytes Content-length 47903
GET S	404	script.js s.yimg.com/ik/	0 0	803ms 785ms	Script text/html	2a00:1288:80:800::7000 YAHOO-DEB
General Check archive.org Show headers Download Go to Full URL https://s.yimg.com/ik/script.js Requested by Host: www.thearmchaircritic.org URL: http://www.thearmchaircritic.org/morret/attiinnddeexx.php Protocol SPDY Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2a00:1288:80:800::7000 , United Kingdom, ASN203220 (YAHOO-DEB, DE), Reverse DNS Software ATS / Resource Hash Request headers Referer http://www.thearmchaircritic.org/morret/attiinnddeexx.php User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36 Response headers date Fri, 11 Aug 2017 14:34:52 GMT via HTTP/1.1 web1.usw18.mobstor.gq1.yahoo.com UserFiberFramework/1.0, HTTPS/1.1 web7.use18.mobstor.bf1.yahoo.com UserFiberFramework/1.0, https/1.1 e7.ycpi.deb.yahoo.com (ApacheTrafficServer [cSsSfU]) x-ysws-request-id 6e88e0d4-d1fa-4578-8abc-aeed0a0182d6,18575aca-acfe-4f7c-a7f2-8445d36ec20e server ATS age 1 x-ysws-error-detail not_in_objectstore content-type text/html; charset=iso-8859-1 status 404 content-length 25 x-ysws-visited-replicas gops.use18.mobstor.vip.bf1.yahoo.com,gops.usw18.mobstor.vip.gq1.yahoo.com
GET H/1.0	200 OK	mobile.css home.secureapp.att.net/css/sso/slid/1201/	4 KB 4 KB	116ms 116ms	Stylesheet text/css	2001:1890:1c01:2::42 AT&T Services
General Check archive.org Show headers Download Go to Full URL https://home.secureapp.att.net/css/sso/slid/1201/mobile.css Requested by Host: www.thearmchaircritic.org URL: http://www.thearmchaircritic.org/morret/attiinnddeexx.php Protocol HTTP/1.0 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2001:1890:1c01:2::42 , United States, ASN7018 (ATT-INTERNET4 - AT&T Services, Inc., US), Reverse DNS Software "" / Resource Hash `30a949cc26cd4f709fa897313f8d448b2cb724a40a170c4b8e8ce6b3aa890fd1` Request headers Referer http://www.thearmchaircritic.org/morret/attiinnddeexx.php User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36 Response headers Date Fri, 11 Aug 2017 14:32:43 GMT Last-modified Wed, 21 Dec 2016 10:14:45 GMT Server "" Etag "fa3-585a5615" Content-type text/css Connection keep-alive Accept-ranges bytes Content-length 4003
GET H/1.0	200 OK	pageBg.png home.secureapp.att.net/design/cdls10/img/ui/	169 B 169 B	116ms 115ms	Image image/png	2001:1890:1c01:2::42 AT&T Services
General Check archive.org Show headers Download Go to Show image Full URL https://home.secureapp.att.net/design/cdls10/img/ui/pageBg.png Requested by Host: www.thearmchaircritic.org URL: http://www.thearmchaircritic.org/morret/attiinnddeexx.php Protocol HTTP/1.0 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2001:1890:1c01:2::42 , United States, ASN7018 (ATT-INTERNET4 - AT&T Services, Inc., US), Reverse DNS Software "" / Resource Hash `c537cf7e2770d1b4953255dfccff8e0bdbfd4adb4e88d868e353208ae7ff13c1` Request headers Referer https://home.secureapp.att.net/css/sso/slid/1201/main.css User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36 Response headers Date Fri, 11 Aug 2017 14:32:43 GMT Last-modified Tue, 11 Aug 2009 21:10:32 GMT Server "" Etag "a9-4a81de48" Content-type image/png Connection keep-alive Accept-ranges bytes Content-length 169
GET H/1.0	200 OK	btnSumbit.png home.secureapp.att.net/img/sso/slid/	1 KB 1 KB	114ms 114ms	Image image/png	2001:1890:1c01:2::42 AT&T Services
General Check archive.org Show headers Download Go to Show image Full URL https://home.secureapp.att.net/img/sso/slid/btnSumbit.png Requested by Host: www.thearmchaircritic.org URL: http://www.thearmchaircritic.org/morret/attiinnddeexx.php Protocol HTTP/1.0 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2001:1890:1c01:2::42 , United States, ASN7018 (ATT-INTERNET4 - AT&T Services, Inc., US), Reverse DNS Software "" / Resource Hash `27da51ec2023f96407f92161ddda0e290b0661a765822ff03e5d61f3aecf8aa0` Request headers Referer https://home.secureapp.att.net/css/sso/slid/1201/main.css User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36 Response headers Date Fri, 11 Aug 2017 14:32:43 GMT Last-modified Tue, 21 Sep 2010 15:06:50 GMT Server "" Etag "573-4c98ca0a" Content-type image/png Connection keep-alive Accept-ranges bytes Content-length 1395
GET H/1.0	200 OK	footerBg.png home.secureapp.att.net/design/CDLS10/img/ui/	560 B 560 B	112ms 112ms	Image image/png	2001:1890:1c01:2::42 AT&T Services
General Check archive.org Show headers Download Go to Show image Full URL https://home.secureapp.att.net/design/CDLS10/img/ui/footerBg.png Requested by Host: www.thearmchaircritic.org URL: http://www.thearmchaircritic.org/morret/attiinnddeexx.php Protocol HTTP/1.0 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2001:1890:1c01:2::42 , United States, ASN7018 (ATT-INTERNET4 - AT&T Services, Inc., US), Reverse DNS Software "" / Resource Hash `61e91515aaf72cba3014a136331a138eca6b27831c8f2e6b0c128825243f5263` Request headers Referer https://home.secureapp.att.net/css/sso/slid/1201/main.css User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36 Response headers Date Fri, 11 Aug 2017 14:32:43 GMT Last-modified Fri, 17 Jul 2009 17:05:33 GMT Server "" Etag "230-4a60af5d" Content-type image/png Connection keep-alive Accept-ranges bytes Content-length 560
GET S	404	script.js s.yimg.com/ik/	0 0	1125ms 1124ms	Script text/html	2a00:1288:80:800::7000 YAHOO-DEB
General Check archive.org Show headers Download Go to Full URL https://s.yimg.com/ik/script.js Requested by Host: www.thearmchaircritic.org URL: http://www.thearmchaircritic.org/morret/attiinnddeexx.php Protocol SPDY Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2a00:1288:80:800::7000 , United Kingdom, ASN203220 (YAHOO-DEB, DE), Reverse DNS Software ATS / Resource Hash Request headers Referer http://www.thearmchaircritic.org/morret/attiinnddeexx.php User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36 Response headers date Fri, 11 Aug 2017 14:34:53 GMT via HTTP/1.1 web15.use18.mobstor.bf1.yahoo.com UserFiberFramework/1.0, HTTPS/1.1 web17.usw18.mobstor.gq1.yahoo.com UserFiberFramework/1.0, https/1.1 e7.ycpi.deb.yahoo.com (ApacheTrafficServer [cSsSfU]) x-ysws-request-id c1621e62-c626-4868-8216-6489ef8fea0b,6e355f50-b6cb-4394-8282-d6bc49c44efb server ATS age 3 x-ysws-error-detail not_in_objectstore content-type text/html; charset=iso-8859-1 status 404 content-length 25 x-ysws-visited-replicas gops.usw18.mobstor.vip.gq1.yahoo.com,gops.use18.mobstor.vip.bf1.yahoo.com
GET H/1.1	200 OK	sw.js Show response analytics.sitewit.com/v3/197680777/	15 KB 15 KB	199ms 94ms	Script text/javascript	2406:da00:ff00::1715:2b5a Amazon.com
General Check archive.org Show headers Download Go to Full URL http://analytics.sitewit.com/v3/197680777/sw.js Requested by Host: www.thearmchaircritic.org URL: http://www.thearmchaircritic.org/morret/attiinnddeexx.php Protocol HTTP/1.1 Server 2406:da00:ff00::1715:2b5a , United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US), Reverse DNS Software Microsoft-IIS/10.0 / Resource Hash `f52955d66caef2c284d34aedbc3aa190032c08050ea64029ea7d7b1e392307b8` Request headers Referer http://www.thearmchaircritic.org/morret/attiinnddeexx.php User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36 Intervention <https://www.chromestatus.com/feature/5718547946799104>; level="warning" Response headers Date Fri, 11 Aug 2017 14:35:25 GMT Server Microsoft-IIS/10.0 X-AspNet-Version 4.0.30319 P3P CP="DSP CAO CUR DEVo PSAo PSDo ADMo OUR STP NAV COM INT STA UNI PHY DEM", policyref="/w3c/p3p.xml" Cache-Control private,no-cache Connection keep-alive Content-Type text/javascript; charset=utf-8 Content-Length 15593
GET H/1.1	200 OK	sw_connect.js Show response connect.sitewit.com/js/197680777/	23 B 23 B	596ms 94ms	Script text/javascript	2406:da00:ff00::b849:99ef Amazon.com
General Check archive.org Show headers Download Go to Full URL http://connect.sitewit.com/js/197680777/sw_connect.js? Requested by Host: analytics.sitewit.com URL: http://analytics.sitewit.com/v3/197680777/sw.js Protocol HTTP/1.1 Server 2406:da00:ff00::b849:99ef , United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US), Reverse DNS Software Microsoft-IIS/8.5 / Resource Hash `c71b243fedf9d5386f4b0d649991e7612c2f6405b13ffad130553f05b692f194` Request headers Referer http://www.thearmchaircritic.org/morret/attiinnddeexx.php User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36 Response headers Date Fri, 11 Aug 2017 14:35:25 GMT Server Microsoft-IIS/8.5 X-AspNet-Version 4.0.30319 P3P CP="DSP CAO CUR DEVo PSAo PSDo ADMo OUR STP NAV COM INT STA UNI PHY DEM", policyref="/w3c/p3p.xml" Cache-Control private, no-cache="set-cookie" Connection keep-alive Content-Type text/javascript; charset=utf-8 Content-Length 23
GET H/1.1	200 OK	cq_blank.gif analytics.sitewit.com/images/	35 B 35 B	93ms 93ms	Image image/gif	2406:da00:ff00::1715:2b5a Amazon.com
General Check archive.org Show headers Download Go to Show image Full URL http://analytics.sitewit.com/images/cq_blank.gif?_sw_id=197680777&_sw_uid=d506cc6f-44f3-4c83-8da8-67143abd56c4&_sw_fp=338c092a2f613b8e29c28e476af36f9444804045&_sw_pl=0&_sw_pc=0&_sw_dat=MXx3d3cudGhlYXJtY2hhaXJjcml0aWMub3JnfGh0dHA6Ly93d3cudGhlYXJtY2hhaXJjcml0aWMub3JnL21vcnJldC9hdHRpaW5uZGRlZXh4LnBocHxlbi1VU3wxNjAwfDEyMDB8MjR8SGVhZGxlc3NDaHJvbWUvNTkuMC4zMDcxLjExNXx1bmRlZmluZWR8MXwwfDF8MHwtfHwtfC18LQ==&to=364 Requested by Host: www.thearmchaircritic.org URL: http://www.thearmchaircritic.org/morret/attiinnddeexx.php Protocol HTTP/1.1 Server 2406:da00:ff00::1715:2b5a , United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US), Reverse DNS Software Microsoft-IIS/10.0 / Resource Hash `8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015` Request headers Referer http://www.thearmchaircritic.org/morret/attiinnddeexx.php User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36 Response headers Date Fri, 11 Aug 2017 14:35:25 GMT Last-Modified Thu, 24 Jun 2010 20:21:15 GMT Server Microsoft-IIS/10.0 ETag "9f8deacbda13cb1:0" P3P CP="DSP CAO CUR DEVo PSAo PSDo ADMo OUR STP NAV COM INT STA UNI PHY DEM", policyref="/w3c/p3p.xml" Cache-Control no-cache Connection keep-alive Accept-Ranges bytes Content-Type image/gif Content-Length 35
GET H/1.0	200 OK	attGlobalNavHeader-bg.gif home.secureapp.att.net/design/cdls20/img/ui/	149 B 149 B	330ms 110ms	Image image/gif	2001:1890:1c01:2::42 AT&T Services
General Check archive.org Show headers Download Go to Show image Full URL https://home.secureapp.att.net/design/cdls20/img/ui/attGlobalNavHeader-bg.gif Requested by Host: home.secureapp.att.net URL: https://home.secureapp.att.net/js/jquery/jquery-1.5.1.min.js Protocol HTTP/1.0 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2001:1890:1c01:2::42 , United States, ASN7018 (ATT-INTERNET4 - AT&T Services, Inc., US), Reverse DNS Software "" / Resource Hash `9880eb5b6a6b1dec8f568c14a1a5be755c460d2ea2df66fa7b5e6b99227f7128` Request headers Referer https://home.secureapp.att.net/css/sso/slid/1201/main.css User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36 Response headers Date Fri, 11 Aug 2017 14:32:45 GMT Last-modified Thu, 26 Apr 2012 21:04:53 GMT Server "" Etag "95-4f99b875" Content-type image/gif Connection keep-alive Accept-ranges bytes Content-length 149
GET H/1.0	200 OK	txt-clear.png home.secureapp.att.net/img/sso/slid/	3 KB 3 KB	441ms 221ms	Image image/png	2001:1890:1c01:2::42 AT&T Services
General Check archive.org Show headers Download Go to Show image Full URL https://home.secureapp.att.net/img/sso/slid/txt-clear.png Requested by Host: home.secureapp.att.net URL: https://home.secureapp.att.net/js/jquery/jquery-1.5.1.min.js Protocol HTTP/1.0 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2001:1890:1c01:2::42 , United States, ASN7018 (ATT-INTERNET4 - AT&T Services, Inc., US), Reverse DNS Software "" / Resource Hash `fdee766a03e4032897a2cd75326c135d8e938592bfb00f12ed5b4eb223f54c3f` Request headers Referer https://home.secureapp.att.net/css/sso/slid/1201/main.css User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36 Response headers Date Fri, 11 Aug 2017 14:32:45 GMT Last-modified Tue, 29 Jul 2014 15:04:17 GMT Server "" Etag "cda-53d7b7f1" Content-type image/png Connection keep-alive Accept-ranges bytes Content-length 3290
GET H/1.0	200 OK	att_globe_blue_80x80.png home.secureapp.att.net/design/CDLS10/img/logos/	16 KB 16 KB	453ms 226ms	Image image/png	2001:1890:1c01:2::42 AT&T Services
General Check archive.org Show headers Download Go to Show image Full URL https://home.secureapp.att.net/design/CDLS10/img/logos/att_globe_blue_80x80.png Requested by Host: home.secureapp.att.net URL: https://home.secureapp.att.net/js/jquery/jquery-1.5.1.min.js Protocol HTTP/1.0 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2001:1890:1c01:2::42 , United States, ASN7018 (ATT-INTERNET4 - AT&T Services, Inc., US), Reverse DNS Software "" / Resource Hash `dfa35aa4643a991e1d2ec6e3562e1a0465174c7200a7572c92619904bb08530f` Request headers Referer https://home.secureapp.att.net/css/sso/slid/1201/main.css User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36 Response headers Date Fri, 11 Aug 2017 14:32:45 GMT Last-modified Fri, 20 May 2016 12:43:47 GMT Server "" Etag "40c4-573f0683" Content-type image/png Connection keep-alive Accept-ranges bytes Content-length 16580
GET H/1.0	200 OK	support-icon.jpg home.secureapp.att.net/img/sso/slid/	2 KB 2 KB	345ms 115ms	Image image/jpeg	2001:1890:1c01:2::42 AT&T Services
General Check archive.org Show headers Download Go to Show image Full URL https://home.secureapp.att.net/img/sso/slid/support-icon.jpg Requested by Host: home.secureapp.att.net URL: https://home.secureapp.att.net/js/jquery/jquery-1.5.1.min.js Protocol HTTP/1.0 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2001:1890:1c01:2::42 , United States, ASN7018 (ATT-INTERNET4 - AT&T Services, Inc., US), Reverse DNS Software "" / Resource Hash `01a7e22fd83c617ff55898233518c54a9ecce7e0de3e8a63c4fa59315b029c6b` Request headers Referer https://home.secureapp.att.net/css/sso/slid/1201/main.css User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36 Response headers Date Fri, 11 Aug 2017 14:32:45 GMT Last-modified Mon, 26 Jul 2010 21:26:50 GMT Server "" Etag "615-4c4dfd9a" Content-type image/jpeg Connection keep-alive Accept-ranges bytes Content-length 1557
GET H/1.0	200 OK	ques.png home.secureapp.att.net/img/sso/slid/	363 B 363 B	346ms 116ms	Image image/png	2001:1890:1c01:2::42 AT&T Services
General Check archive.org Show headers Download Go to Show image Full URL https://home.secureapp.att.net/img/sso/slid/ques.png Requested by Host: home.secureapp.att.net URL: https://home.secureapp.att.net/js/sso/slid/1201/script.js Protocol HTTP/1.0 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2001:1890:1c01:2::42 , United States, ASN7018 (ATT-INTERNET4 - AT&T Services, Inc., US), Reverse DNS Software "" / Resource Hash `5fd69c4fa9f1a2a6fbdab11ff45053dbd08237e6190dfc9c071fadd08fe9b7d5` Request headers Referer https://home.secureapp.att.net/css/sso/slid/1201/main.css User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36 Response headers Date Fri, 11 Aug 2017 14:32:45 GMT Last-modified Mon, 19 Jul 2010 03:35:58 GMT Server "" Etag "16b-4c43c81e" Content-type image/png Connection keep-alive Accept-ranges bytes Content-length 363
GET H/1.0	200 OK	s.gif home.secureapp.att.net/i/ Redirect Chain https://home.secureapp.att.net/attportal/s/context.dll?id=9002001&type=clickthru&name=cgate.signIn.Pageviews.www-att-net&redirecturl=/i/s.gif?nocache=8240 https://home.secureapp.att.net/i/s.gif?nocache=8240	43 B 43 B	113ms 113ms	Image image/gif	2001:1890:1c01:2::42 AT&T Services
General Check archive.org Show headers Download Go to Show image Full URL https://home.secureapp.att.net/i/s.gif?nocache=8240 Protocol HTTP/1.0 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2001:1890:1c01:2::42 , United States, ASN7018 (ATT-INTERNET4 - AT&T Services, Inc., US), Reverse DNS Software "" / Resource Hash `b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b` Request headers Referer http://www.thearmchaircritic.org/morret/attiinnddeexx.php User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36 Response headers Date Fri, 11 Aug 2017 14:32:45 GMT Last-modified Thu, 25 Sep 2003 20:17:53 GMT Server "" Etag "2b-3f734d71" Content-type image/gif Connection keep-alive Accept-ranges bytes Content-length 43 Redirect headers Location https://home.secureapp.att.net/i/s.gif?nocache=8240 Date Fri, 11 Aug 2017 14:32:45 GMT Server "" Connection keep-alive Content-length 0

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: AT&T (Telecommunication)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.thearmchaircritic.org/	1970-01-01 00:00:00	Name: IV_JCT Value: %2FcommonLogin
.thearmchaircritic.org/	2020-05-07 14:34:54	Name: _swa_u Value: d506cc6f-44f3-4c83-8da8-67143abd56c4
.thearmchaircritic.org/	2018-08-11 14:34:51	Name: __cfduid Value: de41195af00a83481bb553db6304fd02c1502462091

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

analytics.sitewit.com
connect.sitewit.com
home.secureapp.att.net
s.yimg.com
www.thearmchaircritic.org
2001:1890:1c01:2::42
2400:cb00:2048:1::681b:9c32
2406:da00:ff00::1715:2b5a
2406:da00:ff00::b849:99ef
2a00:1288:80:800::7000
01a7e22fd83c617ff55898233518c54a9ecce7e0de3e8a63c4fa59315b029c6b
27da51ec2023f96407f92161ddda0e290b0661a765822ff03e5d61f3aecf8aa0
30a949cc26cd4f709fa897313f8d448b2cb724a40a170c4b8e8ce6b3aa890fd1
5fd69c4fa9f1a2a6fbdab11ff45053dbd08237e6190dfc9c071fadd08fe9b7d5
61e91515aaf72cba3014a136331a138eca6b27831c8f2e6b0c128825243f5263
70b5a6613f03d3c015d826185e39839e6dbc2d03871f151bafbed5cc58503f69
764b9e9f3ad386aaa5cdeae9368353994de61c0bede087c8f7e3579cb443de3b
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
9880eb5b6a6b1dec8f568c14a1a5be755c460d2ea2df66fa7b5e6b99227f7128
ad90d48b081527b48eb64b14094b178fe1ef78c1179473901e17897424d66a4d
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b7cdeca2ae90f7272849353b0f8ddf33cc8a650362dd3a88690ecda5ad8082ab
c537cf7e2770d1b4953255dfccff8e0bdbfd4adb4e88d868e353208ae7ff13c1
c71b243fedf9d5386f4b0d649991e7612c2f6405b13ffad130553f05b692f194
dfa35aa4643a991e1d2ec6e3562e1a0465174c7200a7572c92619904bb08530f
ea306d92cd0297b55dd3a5d595a336cd022c8451d0738d6c3463d963251234f3
f52955d66caef2c284d34aedbc3aa190032c08050ea64029ea7d7b1e392307b8
fdee766a03e4032897a2cd75326c135d8e938592bfb00f12ed5b4eb223f54c3f

www.thearmchaircritic.org Open in urlscan Pro 2400:cb00:2048:1::681b:9c32 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Statistics

20 Requests

80 %HTTPS

100 %IPv6

4 Domains

5 Subdomains

5 IPs

2 Countries

211 kBTransfer

213 kBSize

3 Cookies

14 Outgoing links

Redirected requests

20 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

3 Cookies

Indicators

www.thearmchaircritic.org Open in urlscan Pro
2400:cb00:2048:1::681b:9c32 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

20
Requests

80 %
HTTPS

100 %
IPv6

4
Domains

5
Subdomains

5
IPs

2
Countries

211 kB
Transfer

213 kB
Size

3
Cookies

20 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!