urlscan.io logo urlscan.io
SecurityTrails logo

lax3tfc.org Open in urlscan Pro
173.201.180.187  Public Scan

Go To Rescan Add Verdict Report
URL: https://lax3tfc.org/ax3tvii/login.html
Submission Tags: phishing
Submission: On August 16 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 3 countries across 4 domains to perform 15 HTTP transactions. The main IP is 173.201.180.187, located in United States and belongs to GO-DADDY-COM-LLC, US. The main domain is lax3tfc.org.
TLS certificate: Issued by cPanel, Inc. Certification Authority on August 1st 2022. Valid for: 3 months.
This is the only time lax3tfc.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 173.201.180.187 398101 (GO-DADDY-...)
3 2a02:26f0:170... 20940 (AKAMAI-ASN1)
1 54.154.38.9 16509 (AMAZON-02)
1 54.74.157.109 16509 (AMAZON-02)
15 5
Apex Domain
Subdomains		 Transfer
3 att.com
www.att.com — Cisco Umbrella Rank: 11955
signin-static-js.att.com Failed
signin.att.com Failed
smetrics.att.com Failed
67 KB
1 omtrdc.net
attservicesinc.tt.omtrdc.net — Cisco Umbrella Rank: 26394
311 B
1 demdex.net
dpm.demdex.net — Cisco Umbrella Rank: 188
1 KB
1 lax3tfc.org
lax3tfc.org
2 KB
15 4
Domain Requested by
3 www.att.com lax3tfc.org
www.att.com
1 attservicesinc.tt.omtrdc.net www.att.com
1 dpm.demdex.net www.att.com
1 lax3tfc.org
0 smetrics.att.com Failed www.att.com
0 signin.att.com Failed lax3tfc.org
0 signin-static-js.att.com Failed lax3tfc.org
15 7

This site contains no links.

Subject Issuer Validity Valid
mail.lax3tfc.org
cPanel, Inc. Certification Authority		 2022-08-01 -
2022-10-30		 3 months crt.sh
*.att.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-01-03 -
2023-01-04		 a year crt.sh
*.demdex.net
DigiCert TLS RSA SHA256 2020 CA1		 2021-10-19 -
2022-11-19		 a year crt.sh
*.tt.omtrdc.net
DigiCert TLS RSA SHA256 2020 CA1		 2021-10-11 -
2022-10-12		 a year crt.sh

This page contains 1 frames:

Primary Page: https://lax3tfc.org/ax3tvii/login.html
Frame ID: CA30E13CDE01461C54556B71812CC975
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Statistics

15
Requests

40 %
HTTPS

25 %
IPv6

4
Domains

7
Subdomains

5
IPs

3
Countries

71 kB
Transfer

227 kB
Size

6
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request login.html
lax3tfc.org/ax3tvii/ 		8 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://lax3tfc.org/ax3tvii/login.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
173.201.180.187 , United States, ASN398101 (GO-DADDY-COM-LLC, US),
Reverse DNS
ip-173-201-180-187.ip.secureserver.net
Software
Apache /
Resource Hash
a63c42d1587e181a5392ee7c1eaef27d1d5abe6e613ef5b2d87317963637ea6a

Request headers

Upgrade-Insecure-Requests
1
User-Agent
ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com)
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
content-encoding
br
content-length
2291
content-type
text/html
date
Tue, 16 Aug 2022 14:50:26 GMT
etag
"1882f0e-1f63-5e5bbbf9fc051-br"
last-modified
Mon, 08 Aug 2022 14:37:00 GMT
server
Apache
vary
Accept-Encoding
detm-container-hdr.js
www.att.com/scripts/adobe/prod/ 		107 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.att.com/scripts/adobe/prod/detm-container-hdr.js
Requested by
Host: lax3tfc.org
URL: https://lax3tfc.org/ax3tvii/login.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:1700:393::2db1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
0ab9267388618132bd72791aec71981fb48e83ceb64326b6903ff404ddc4b773
Security Headers
Name Value
Strict-Transport-Security max-age=15768000 ; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://lax3tfc.org/
User-Agent
ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com)

Response headers

date
Tue, 16 Aug 2022 14:50:26 GMT
content-encoding
gzip
last-modified
Thu, 11 Aug 2022 00:01:07 GMT
server
AkamaiNetStorage
etag
"d2000df83044fcdd2dd6b35a390d0832:1660176067.394241"
vary
Accept-Encoding
strict-transport-security
max-age=15768000 ; preload
content-type
application/x-javascript
cache-control
no-cache, private, max-age=7776000
server-timing
cdn-cache; desc=HIT, edge; dur=1
aka-global-request-id-uxtime
0.166656b8.1660661426.98a9c34c
accept-ranges
bytes
content-length
30239
att_common.js
signin-static-js.att.com/scripts/ 		0
0
timeout.js
signin.att.com/static/siam/en/halo_c/timeout_redirect/ 		0
0
styles.css
signin.att.com/static/siam/en/halo_c/halo-c-login/ 		0
0
runtime.js
signin.att.com/static/siam/en/halo_c/halo-c-login/ 		0
0
polyfills.js
signin.att.com/static/siam/en/halo_c/halo-c-login/ 		0
0
vendor.js
signin.att.com/static/siam/en/halo_c/halo-c-login/ 		0
0
main.js
signin.att.com/static/siam/en/halo_c/halo-c-login/ 		0
0
detm-container-ftr.js
www.att.com/scripts/adobe/prod/ 		666 B
745 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.att.com/scripts/adobe/prod/detm-container-ftr.js
Requested by
Host: lax3tfc.org
URL: https://lax3tfc.org/ax3tvii/login.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:1700:393::2db1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
43f774da83292822f54305d69e01286ca018b6f3f0fe86250451ad93d9252f9c
Security Headers
Name Value
Strict-Transport-Security max-age=15768000 ; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://lax3tfc.org/
User-Agent
ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com)

Response headers

aka-global-request-id-uxtime
0.4633ca17.1660176179.1c730c67, 0.166656b8.1660661426.98a9c37d
date
Tue, 16 Aug 2022 14:50:26 GMT
content-encoding
gzip
last-modified
Fri, 30 Jul 2021 00:16:43 GMT
server
AkamaiNetStorage
etag
"d5c61c3be97b0718b3548d0ec26dc0ef:1627604203.48042"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
no-cache, private, max-age=7776000
server-timing
cdn-cache; desc=HIT, edge; dur=1
strict-transport-security
max-age=15768000 ; preload
accept-ranges
bytes
content-length
368
id
dpm.demdex.net/ 		1 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://dpm.demdex.net/id?d_visid_ver=3.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=55633F7A534535110A490D44%40AdobeOrg&d_nsid=0&ts=1660661426558
Requested by
Host: www.att.com
URL: https://www.att.com/scripts/adobe/prod/detm-container-hdr.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.154.38.9 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-154-38-9.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
513cd8b299fb0c24eb601cf01920db5d2357f31635a2d0c4be1c0128e27ee9a6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://lax3tfc.org/
accept-language
de-DE,de;q=0.9
User-Agent
ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com)
Content-Type
application/x-www-form-urlencoded

Response headers

DCS
dcs-prod-irl1-1-v038-0690fdf5f.edge-irl1.demdex.com 2 ms
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-TID
Tv7qX1hIT9U=
Vary
Origin
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin
https://lax3tfc.org
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json;charset=utf-8
Content-Length
696
Expires
Thu, 01 Jan 1970 00:00:00 UTC
mbox-contents.js
www.att.com/scripts/adobe/prod/ 		110 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.att.com/scripts/adobe/prod/mbox-contents.js
Requested by
Host: www.att.com
URL: https://www.att.com/scripts/adobe/prod/detm-container-hdr.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:1700:393::2db1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
15d70dd6d2024b7cc2925bcd47aad1a429b08042ebcc15364004c0c887f719d6
Security Headers
Name Value
Strict-Transport-Security max-age=15768000 ; preload

Request headers

Referer
https://lax3tfc.org/
accept-language
de-DE,de;q=0.9
User-Agent
ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com)
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

aka-global-request-id-uxtime
0.3533ca17.1660176179.128d25c9, 0.166656b8.1660661426.98a9c4d8
date
Tue, 16 Aug 2022 14:50:26 GMT
content-encoding
gzip
last-modified
Wed, 20 Jul 2022 23:59:28 GMT
server
AkamaiNetStorage
etag
"5d7d69dc820bd519c4643e02a89c66d9:1658361568.37808"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
no-cache, private, max-age=7776000
server-timing
cdn-cache; desc=HIT, edge; dur=1
strict-transport-security
max-age=15768000 ; preload
accept-ranges
bytes
content-length
36239
expires
Thu, 15 Sep 2022 14:50:26 GMT
ssaf-uc.js
www.att.com/scripts/ssaf_universal_client/prod/ 		0
0
id
smetrics.att.com/ 		0
0
delivery
attservicesinc.tt.omtrdc.net/rest/v1/ 		49 B
311 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://attservicesinc.tt.omtrdc.net/rest/v1/delivery?client=attservicesinc&sessionId=86c568b2160647b29f634c3a73addf05&version=2.4.0
Requested by
Host: www.att.com
URL: https://www.att.com/scripts/adobe/prod/mbox-contents.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.74.157.109 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-74-157-109.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
70ac34d176f59098e867cd1008c65de5e945ae2ee702444a4e6e9ee10ae314dd

Request headers

Referer
https://lax3tfc.org/
accept-language
de-DE,de;q=0.9
User-Agent
ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com)
Content-Type
text/plain

Response headers

access-control-allow-origin
https://lax3tfc.org
date
Tue, 16 Aug 2022 14:50:26 GMT
content-encoding
gzip
access-control-allow-credentials
true
vary
origin,access-control-request-method,access-control-request-headers,accept-encoding
content-type
application/json;charset=UTF-8

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
signin-static-js.att.com
URL
https://signin-static-js.att.com/scripts/att_common.js
Domain
signin.att.com
URL
https://signin.att.com/static/siam/en/halo_c/timeout_redirect/timeout.js?v=15.5.3
Domain
signin.att.com
URL
https://signin.att.com/static/siam/en/halo_c/halo-c-login/styles.css?v=15.5.3
Domain
signin.att.com
URL
https://signin.att.com/static/siam/en/halo_c/halo-c-login/runtime.js?v=15.5.3
Domain
signin.att.com
URL
https://signin.att.com/static/siam/en/halo_c/halo-c-login/polyfills.js?v=15.5.3
Domain
signin.att.com
URL
https://signin.att.com/static/siam/en/halo_c/halo-c-login/vendor.js?v=15.5.3
Domain
signin.att.com
URL
https://signin.att.com/static/siam/en/halo_c/halo-c-login/main.js?v=15.5.3
Domain
www.att.com
URL
https://www.att.com/scripts/ssaf_universal_client/prod/ssaf-uc.js
Domain
smetrics.att.com
URL
https://smetrics.att.com/id?d_visid_ver=3.4.0&d_fieldgroup=A&mcorgid=55633F7A534535110A490D44%40AdobeOrg&mid=16725850472549141110588447658811200413&ts=1660661426701

Verdicts & Comments Add Verdict or Comment

78 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation string| detmScriptLoadType string| hcc string| mid string| adobe_mc number| ts string| href object| hcc_check undefined| analytics_app_visitor_id undefined| newurl undefined| halo_app_visitor_id object| detm_last_link_info function| isIE function| _pageLoadDetector function| _earlyAnalytics function| e boolean| disableAudienceManager object| visitor object| DataMappingInterface string| detm_tag_notification_key string| legacyModeKey string| retireDLKey object| scripts object| script string| src function| satelliteDetector function| scriptExecutor string| filesadded boolean| monecontwatched function| loadAdsFile function| injectHtmlTag function| executeMonetizationTagInjection function| injectMonetization function| iterateANConfigObj function| findAccurateConfig object| detmScriptLoaderConfig function| detmScriptLoader object| detmLoader boolean| AllowDelayedLoad function| dunBradstreet undefined| dnbvid undefined| andiPresent undefined| scriptFiles undefined| vameg object| earlyAnalytics object| chatAnalytics function| Visitor object| s_c_il number| s_c_in boolean| detmDisabled object| detmScriptExecutor function| detmDomainMapper object| detmTagControls string| path object| _satellite object| head_ab boolean| pageLoadFired function| targetView function| listAbVariants function| targetPageParams object| targetGlobalSettings function| ab$ function| ABJSFrameworkLibrary object| adobe object| ___target_traces function| mboxCreate function| mboxDefine function| mboxUpdate string| AB_LOCATION_CHANGE string| sdidUrl string| _host

6 Cookies

Domain/Path Name / Value
.lax3tfc.org/ Name: at_check
Value: true
.lax3tfc.org/ Name: mbox
Value: session#86c568b2160647b29f634c3a73addf05#1660663287
.demdex.net/ Name: demdex
Value: 16809987656585876770596931745956955583
lax3tfc.org/ Name: AMCVS_55633F7A534535110A490D44%40AdobeOrg
Value: 1
.att.com/ Name: s_ecid
Value: MCMID%7C16725850472549141110588447658811200413
lax3tfc.org/ Name: AMCV_55633F7A534535110A490D44%40AdobeOrg
Value: 1994364360%7CMCIDTS%7C19221%7CMCMID%7C16725850472549141110588447658811200413%7CMCAAMLH-1661266226%7C6%7CMCAAMB-1661266226%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1660668626s%7CNONE%7CMCAID%7CNONE%7CvVersion%7C3.4.0

5 Console Messages

Source Level URL
Text
javascript warning URL: https://www.att.com/scripts/adobe/prod/detm-container-hdr.js(Line 7)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://www.att.com/scripts/adobe/prod/mbox-contents.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://www.att.com/scripts/adobe/prod/detm-container-hdr.js(Line 7)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://www.att.com/scripts/adobe/prod/mbox-contents.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript error URL: https://lax3tfc.org/ax3tvii/login.html
Message:
Access to XMLHttpRequest at 'https://smetrics.att.com/id?d_visid_ver=3.4.0&d_fieldgroup=A&mcorgid=55633F7A534535110A490D44%40AdobeOrg&mid=16725850472549141110588447658811200413&ts=1660661426701' from origin 'https://lax3tfc.org' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://smetrics.att.com/id?d_visid_ver=3.4.0&d_fieldgroup=A&mcorgid=55633F7A534535110A490D44%40AdobeOrg&mid=16725850472549141110588447658811200413&ts=1660661426701
Message:
Failed to load resource: net::ERR_FAILED
network error URL: https://attservicesinc.tt.omtrdc.net/rest/v1/delivery?client=attservicesinc&sessionId=86c568b2160647b29f634c3a73addf05&version=2.4.0
Message:
Failed to load resource: the server responded with a status of 403 ()