cybersecurity.att.com Open in urlscan Pro
2a02:26f0:3100:793::2db1 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://cybersecurity.att.com/blogs/labs-research/asyncrat-loader-obfuscation-dgas-decoys-and-govno
Submission: On January 08 via api (January 8th 2024, 5:51:55 pm UTC) from US — Scanned from DE

Summary HTTP 122 Redirects Links 18 Behaviour Indicators

Summary

This website contacted 37 IPs in 3 countries across 23 domains to perform 122 HTTP transactions. The main IP is 2a02:26f0:3100:793::2db1, located in Frankfurt am Main, Germany and belongs to AKAMAI-ASN1, NL. The main domain is cybersecurity.att.com. The Cisco Umbrella rank of the primary domain is 623065.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on November 9th 2023. Valid for: a year.

This is the only time cybersecurity.att.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
6	2a02:26f0:310... 2a02:26f0:3100:793::2db1	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	99.84.88.44 99.84.88.44	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:811::200e	15169 (GOOGLE) (GOOGLE)
38	2600:9000:206... 2600:9000:206f:5600:17:67d0:6300:93a1	16509 (AMAZON-02) (AMAZON-02)
6 29	151.101.193.181 151.101.193.181	54113 (FASTLY) (FASTLY)
6	18.173.154.122 18.173.154.122	16509 (AMAZON-02) (AMAZON-02)
4	2a02:26f0:480... 2a02:26f0:480:d::210:f160	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2600:9000:25e... 2600:9000:25e8:b200:c:abe:f440:93a1	16509 (AMAZON-02) (AMAZON-02)
1	3.121.117.111 3.121.117.111	16509 (AMAZON-02) (AMAZON-02)
3	2a00:1450:400... 2a00:1450:4001:80b::2008	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82a::200e	15169 (GOOGLE) (GOOGLE)
3	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	18.66.192.39 18.66.192.39	16509 (AMAZON-02) (AMAZON-02)
1	146.75.116.157 146.75.116.157	54113 (FASTLY) (FASTLY)
1	2606:4700:440... 2606:4700:4400::ac40:90e1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a02:26f0:350... 2a02:26f0:3500:16::215:148d	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2606:4700:440... 2606:4700:4400::6812:24c4	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a03:2880:f08... 2a03:2880:f083:100:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2	23.57.20.29 23.57.20.29	16625 (AKAMAI-AS) (AKAMAI-AS)
4	2600:9000:215... 2600:9000:2156:b200:1d:85c3:6640:93a1	16509 (AMAZON-02) (AMAZON-02)
1 2	142.250.186.134 142.250.186.134	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:400c:c0a::9d	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:827::2003	15169 (GOOGLE) (GOOGLE)
1	104.244.42.133 104.244.42.133	13414 (TWITTER) (TWITTER)
1	104.244.42.3 104.244.42.3	13414 (TWITTER) (TWITTER)
1	18.66.2.12 18.66.2.12	16509 (AMAZON-02) (AMAZON-02)
4 5	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	34.111.208.231 34.111.208.231	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	2a00:1450:400... 2a00:1450:4001:813::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
1	23.201.242.231 23.201.242.231	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2a00:1450:400... 2a00:1450:4001:800::2002	15169 (GOOGLE) (GOOGLE)
1	2a03:2880:f17... 2a03:2880:f176:181:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1 2	130.35.203.128 130.35.203.128	31898 (ORACLE-BM...) (ORACLE-BMC-31898)
122	37

6 2a02:26f0:3100:793::2db1 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

cybersecurity.att.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.84.88.44 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-84-88-44.muc50.r.cloudfront.net

platform-api.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googleoptimize.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

38 2600:9000:206f:5600:17:67d0:6300:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn-cybersecurity.att.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

29 151.101.193.181 (United States) 6 redirects

ASN54113 (FASTLY, US)

play.vidyard.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 18.173.154.122 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-173-154-122.muc50.r.cloudfront.net

cdn.vidyard.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a02:26f0:480:d::210:f160 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

p11.techlab-cdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:25e8:b200:c:abe:f440:93a1 (United States)

ASN16509 (AMAZON-02, US)

buttons-config.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.121.117.111 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-121-117-111.eu-central-1.compute.amazonaws.com

l.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:80b::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82a::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.192.39 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-192-39.muc50.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 146.75.116.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::ac40:90e1 (United States)

ASN13335 (CLOUDFLARENET, US)

tracking.g2crowd.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3500:16::215:148d (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::6812:24c4 (United States)

ASN13335 (CLOUDFLARENET, US)

trk.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f083:100:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.57.20.29 (Düsseldorf, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-57-20-29.deploy.static.akamaitechnologies.com

servedby.flashtalking.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:9000:2156:b200:1d:85c3:6640:93a1 (United States)

ASN16509 (AMAZON-02, US)

platform-cdn.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.134 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f6.1e100.net

6143919.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c0a::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.133 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.3 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.2.12 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-2-12.txl50.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2620:1ec:21::14 (United States) 4 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.111.208.231 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 231.208.111.34.bc.googleusercontent.com

ibc-flow.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.201.242.231 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-201-242-231.deploy.static.akamaitechnologies.com

img03.en25.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:800::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f176:181:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 130.35.203.128 (Ashburn, United States) 1 redirects

ASN31898 (ORACLE-BMC-31898, US)

cyber-tracking.att.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
46	att.com 1 redirects cybersecurity.att.com — Cisco Umbrella Rank: 623065 cdn-cybersecurity.att.com cyber-tracking.att.com	1 MB
35	vidyard.com 6 redirects play.vidyard.com — Cisco Umbrella Rank: 34010 cdn.vidyard.com — Cisco Umbrella Rank: 54991	439 KB
7	sharethis.com platform-api.sharethis.com — Cisco Umbrella Rank: 5889 buttons-config.sharethis.com — Cisco Umbrella Rank: 6580 l.sharethis.com — Cisco Umbrella Rank: 6152 platform-cdn.sharethis.com — Cisco Umbrella Rank: 12065	50 KB
6	linkedin.com 4 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 778 www.linkedin.com — Cisco Umbrella Rank: 944 px4.ads.linkedin.com — Cisco Umbrella Rank: 7294	5 KB
4	doubleclick.net 1 redirects 6143919.fls.doubleclick.net — Cisco Umbrella Rank: 466664 stats.g.doubleclick.net — Cisco Umbrella Rank: 184	2 KB
4	techlab-cdn.com p11.techlab-cdn.com — Cisco Umbrella Rank: 4735	59 KB
3	google.de www.google.de — Cisco Umbrella Rank: 4002 adservice.google.de — Cisco Umbrella Rank: 9341	1 KB
3	google.com region1.analytics.google.com — Cisco Umbrella Rank: 2014 www.google.com — Cisco Umbrella Rank: 6 adservice.google.com — Cisco Umbrella Rank: 189	1 KB
3	techtarget.com trk.techtarget.com — Cisco Umbrella Rank: 77129 ibc-flow.techtarget.com — Cisco Umbrella Rank: 70327	2 KB
3	bing.com bat.bing.com — Cisco Umbrella Rank: 692	14 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 114	257 KB
2	flashtalking.com servedby.flashtalking.com — Cisco Umbrella Rank: 1579	2 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 240	89 KB
2	hotjar.com static.hotjar.com — Cisco Umbrella Rank: 1202 script.hotjar.com — Cisco Umbrella Rank: 1735	59 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 101	21 KB
1	facebook.com www.facebook.com — Cisco Umbrella Rank: 98	185 B
1	en25.com img03.en25.com — Cisco Umbrella Rank: 54587	3 KB
1	twitter.com analytics.twitter.com — Cisco Umbrella Rank: 1200	397 B
1	t.co t.co — Cisco Umbrella Rank: 751	377 B
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 1877	15 KB
1	g2crowd.com tracking.g2crowd.com — Cisco Umbrella Rank: 26675	1 KB
1	ads-twitter.com static.ads-twitter.com — Cisco Umbrella Rank: 1184	15 KB
1	googleoptimize.com www.googleoptimize.com — Cisco Umbrella Rank: 3722	52 KB
122	23

	Domain	Requested by
38	cdn-cybersecurity.att.com	cybersecurity.att.com cdn-cybersecurity.att.com
29	play.vidyard.com	6 redirects cybersecurity.att.com
6	cdn.vidyard.com	cybersecurity.att.com
6	cybersecurity.att.com	cybersecurity.att.com
4	px.ads.linkedin.com	3 redirects cybersecurity.att.com
4	platform-cdn.sharethis.com	cybersecurity.att.com
4	p11.techlab-cdn.com	cybersecurity.att.com
3	bat.bing.com	cybersecurity.att.com
3	www.googletagmanager.com	cybersecurity.att.com
2	cyber-tracking.att.com	1 redirects cybersecurity.att.com
2	ibc-flow.techtarget.com	cybersecurity.att.com
2	www.google.de	cybersecurity.att.com
2	stats.g.doubleclick.net	cybersecurity.att.com
2	6143919.fls.doubleclick.net	1 redirects cybersecurity.att.com
2	servedby.flashtalking.com	cybersecurity.att.com servedby.flashtalking.com
2	connect.facebook.net	cybersecurity.att.com
2	www.google-analytics.com	cybersecurity.att.com
1	www.facebook.com	cybersecurity.att.com
1	adservice.google.de	adservice.google.com
1	img03.en25.com	cybersecurity.att.com
1	adservice.google.com	6143919.fls.doubleclick.net
1	www.google.com	cybersecurity.att.com
1	px4.ads.linkedin.com	cybersecurity.att.com
1	www.linkedin.com	1 redirects
1	script.hotjar.com	cybersecurity.att.com
1	analytics.twitter.com	cybersecurity.att.com
1	t.co	cybersecurity.att.com
1	region1.analytics.google.com	cybersecurity.att.com
1	trk.techtarget.com	cybersecurity.att.com
1	snap.licdn.com	cybersecurity.att.com
1	tracking.g2crowd.com	cybersecurity.att.com
1	static.ads-twitter.com	cybersecurity.att.com
1	static.hotjar.com	cybersecurity.att.com
1	l.sharethis.com	cybersecurity.att.com
1	buttons-config.sharethis.com	cybersecurity.att.com
1	www.googleoptimize.com	cybersecurity.att.com
1	platform-api.sharethis.com	cybersecurity.att.com
122	37

This site contains links to these domains. Also see Links.

Domain
business.att.com
success.alienvault.com
en.wikipedia.org
otx.alienvault.com
github.com
www.trendmicro.com
twitter.com
attack.mitre.org
www.twitter.com
www.linkedin.com
www.youtube.com
www.business.att.com
about.att.com
www.att.com

Subject Issuer	Validity	Valid
*.att.com DigiCert TLS RSA SHA256 2020 CA1	`2023-11-09` - `2024-11-09`	a year	crt.sh
sharethis.com Amazon RSA 2048 M02	`2023-05-20` - `2024-06-17`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
cdn-cybersecurity.att.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-01-18` - `2024-01-30`	a year	crt.sh
*.vidyard.com GlobalSign Atlas R3 DV TLS CA 2023 Q2	`2023-07-01` - `2024-08-01`	a year	crt.sh
p11.techlab-cdn.com R3	`2023-11-09` - `2024-02-07`	3 months	crt.sh
www.bing.com Microsoft Azure TLS Issuing CA 01	`2023-10-24` - `2024-04-21`	6 months	crt.sh
*.hotjar.com Amazon ECDSA 256 M01	`2023-03-09` - `2024-04-06`	a year	crt.sh
ads-twitter.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-07-21` - `2024-07-19`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-07-24` - `2024-07-23`	a year	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-12-13` - `2024-12-12`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-10-18` - `2024-01-16`	3 months	crt.sh
servedby.flashtalking.com DigiCert TLS RSA SHA256 2020 CA1	`2023-09-14` - `2024-09-14`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
www.google.de GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
t.co DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-01-07` - `2025-01-06`	a year	crt.sh
*.twitter.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-10-31` - `2024-10-29`	a year	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2023-11-03` - `2024-05-03`	6 months	crt.sh
ibc-flow.techtarget.com GTS CA 1D4	`2023-11-17` - `2024-02-15`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.en25.com DigiCert TLS RSA SHA256 2020 CA1	`2023-05-21` - `2024-05-20`	a year	crt.sh
*.google.de GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh

This page contains 5 frames:

Primary Page: https://cybersecurity.att.com/blogs/labs-research/asyncrat-loader-obfuscation-dgas-decoys-and-govno
Frame ID: 065F063667DB72C6A3AF3055126351D7
Requests: 119 HTTP requests in this frame

Frame: https://servedby.flashtalking.com/container/1122;112310;11677;iframe/?ft_referrer=https%3A%2F%2Fcybersecurity.att.com%2Fblogs%2Flabs-research%2Fasyncrat-loader-obfuscation-dgas-decoys-and-govno&cb=0.06590873608287873
Frame ID: B90E88EE5A9F9EA3F89B9523E77DEBE7
Requests: 2 HTTP requests in this frame

Frame: https://6143919.fls.doubleclick.net/activityi;dc_pre=CMLnz9GtzoMDFZrIOwIdErQCNQ;src=6143919;type=abssb0;cat=abs_b003;ord=1;num=6031904385974;auiddc=144212742.1704736310;u1=https%3A%2F%2Fcybersecurity.att.com%2Fblogs%2Flabs-research%2Fasyncrat-loader-obfuscation-dgas-decoys-and-govno;u20=undefined;u30=undefined;gtm=45fe4130;gcd=11l1l1l1l1;dma_cps=sypham;dma=1;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fcybersecurity.att.com%2Fblogs%2Flabs-research%2Fasyncrat-loader-obfuscation-dgas-decoys-and-govno
Frame ID: E6F190C779B56367528654A0483FA91F
Requests: 1 HTTP requests in this frame

Frame: https://adservice.google.com/ddm/fls/i/dc_pre=CMLnz9GtzoMDFZrIOwIdErQCNQ;src=6143919;type=abssb0;cat=abs_b003;ord=1;num=6031904385974;auiddc=144212742.1704736310;u1=https%3A%2F%2Fcybersecurity.att.com%2Fblogs%2Flabs-research%2Fasyncrat-loader-obfuscation-dgas-decoys-and-govno;u20=undefined;u30=undefined;gtm=45fe4130;gcd=11l1l1l1l1;dma_cps=sypham;dma=1;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fcybersecurity.att.com%2Fblogs%2Flabs-research%2Fasyncrat-loader-obfuscation-dgas-decoys-and-govno
Frame ID: 5B55AE5119AE080659687991456271C2
Requests: 1 HTTP requests in this frame

Frame: https://adservice.google.de/ddm/fls/i/dc_pre=CMLnz9GtzoMDFZrIOwIdErQCNQ;src=6143919;type=abssb0;cat=abs_b003;ord=1;num=6031904385974;auiddc=144212742.1704736310;u1=https%3A%2F%2Fcybersecurity.att.com%2Fblogs%2Flabs-research%2Fasyncrat-loader-obfuscation-dgas-decoys-and-govno;u20=undefined;u30=undefined;gtm=45fe4130;gcd=11l1l1l1l1;dma_cps=sypham;dma=1;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fcybersecurity.att.com%2Fblogs%2Flabs-research%2Fasyncrat-loader-obfuscation-dgas-decoys-and-govno
Frame ID: 5B9EA540727D3EC4A65320DA9BF909E2
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

AsyncRAT loader: Obfuscation, DGAs, decoys and Govno

Detected technologies

Ruby on Rails (Web Frameworks) Expand

Overall confidence: 75%
Detected patterns

Akamai Bot Manager (Security) Expand

Overall confidence: 100%
Detected patterns

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Optimize (A/B Testing) Expand

Overall confidence: 100%
Detected patterns

googleoptimize\.com/optimize\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Hotjar (Analytics) Expand

Overall confidence: 100%
Detected patterns

//static\.hotjar\.com/

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Page Statistics

122
Requests

93 %
HTTPS

58 %
IPv6

23
Domains

37
Subdomains

37
IPs

3
Countries

2379 kB
Transfer

5069 kB
Size

55
Cookies

18 Outgoing links

These are links going to different origins than the main page.

URL: http://business.att.com/
Title: View all AT&T Business Products ⟶

Search URL Search Domain Scan URL

URL: https://business.att.com/

Search URL Search Domain Scan URL

URL: https://success.alienvault.com/
Title: Success Center Find answers to USM questions

Search URL Search Domain Scan URL

URL: https://en.wikipedia.org/wiki/Domain_generation_algorithm
Title: DGA domains

Search URL Search Domain Scan URL

URL: https://otx.alienvault.com/pulse/65816ab93cbf54b394cee64c
Title: OTX pulse

Search URL Search Domain Scan URL

URL: https://github.com/NYAN-x-CAT/AsyncRAT-C-Sharp
Title: Github

Search URL Search Domain Scan URL

URL: https://www.trendmicro.com/it_it/research/22/d/new-apt-group-earth-berberoka-targets-gambling-websites-with-old.html
Title: TrendMicro

Search URL Search Domain Scan URL

URL: https://twitter.com/reecdeep/status/1715053326859895210
Title: reecDeep

Search URL Search Domain Scan URL

URL: https://twitter.com/0xToxin/status/1697254384932184572
Title: Igal Lytzki

Search URL Search Domain Scan URL

URL: https://twitter.com/ankit_anubhav/status/1636714527218880515
Title: https://twitter.com/ankit_anubhav/status/1636714527218880515

Search URL Search Domain Scan URL

URL: https://otx.alienvault.com/indicator/domain/sduyvzep.top
Title: OTX

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/
Title: MITRE ATT&CK Matrix

Search URL Search Domain Scan URL

URL: https://www.twitter.com/attcyber/
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/attcybersecurity/
Title: LinkedIn

Search URL Search Domain Scan URL

URL: https://www.youtube.com/c/attcybersecurity
Title: Youtube

Search URL Search Domain Scan URL

URL: https://www.business.att.com/content/dam/attbusiness/guides/att-information-and-network-security-customer-reference-guide.pdf
Title: Customer Reference Guide

Search URL Search Domain Scan URL

URL: https://about.att.com/csr/home/privacy/rights_choices.html
Title: Your Privacy Choices

Search URL Search Domain Scan URL

URL: https://www.att.com/privacy
Title: Privacy Policy

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 29

https://play.vidyard.com/X9kFNr531rsCWxZpcaEDus.jpg HTTP 302
https://cdn.vidyard.com/thumbnails/uwgbSASDRvNjM84PXr3LPw/4d268a6989beac32dd7f0e.jpg

Request Chain 32

https://play.vidyard.com/FAb6t5S7EsApqqx2ZyMXe9.jpg HTTP 302
https://cdn.vidyard.com/thumbnails/1331553/nN5laXYAh6ch8qpf7LIXtxNk_mduSTTA.jpg

Request Chain 33

https://play.vidyard.com/XwZyCKfKXbLhhBtQqFGT1L.jpg HTTP 302
https://cdn.vidyard.com/thumbnails/y0wRK2jnQ23lIwnnFWRnTg/d07d1814f8eec1270689cd.jpg

Request Chain 79

https://6143919.fls.doubleclick.net/activityi;src=6143919;type=abssb0;cat=abs_b003;ord=1;num=6031904385974;auiddc=144212742.1704736310;u1=https%3A%2F%2Fcybersecurity.att.com%2Fblogs%2Flabs-research%2Fasyncrat-loader-obfuscation-dgas-decoys-and-govno;u20=undefined;u30=undefined;gtm=45fe4130;gcd=11l1l1l1l1;dma_cps=sypham;dma=1;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fcybersecurity.att.com%2Fblogs%2Flabs-research%2Fasyncrat-loader-obfuscation-dgas-decoys-and-govno HTTP 302
https://6143919.fls.doubleclick.net/activityi;dc_pre=CMLnz9GtzoMDFZrIOwIdErQCNQ;src=6143919;type=abssb0;cat=abs_b003;ord=1;num=6031904385974;auiddc=144212742.1704736310;u1=https%3A%2F%2Fcybersecurity.att.com%2Fblogs%2Flabs-research%2Fasyncrat-loader-obfuscation-dgas-decoys-and-govno;u20=undefined;u30=undefined;gtm=45fe4130;gcd=11l1l1l1l1;dma_cps=sypham;dma=1;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fcybersecurity.att.com%2Fblogs%2Flabs-research%2Fasyncrat-loader-obfuscation-dgas-decoys-and-govno

Request Chain 91

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=32249%2C68341&time=1704736310125&url=https%3A%2F%2Fcybersecurity.att.com%2Fblogs%2Flabs-research%2Fasyncrat-loader-obfuscation-dgas-decoys-and-govno HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=32249%2C68341&time=1704736310125&url=https%3A%2F%2Fcybersecurity.att.com%2Fblogs%2Flabs-research%2Fasyncrat-loader-obfuscation-dgas-decoys-and-govno&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D32249%252C68341%26time%3D1704736310125%26url%3Dhttps%253A%252F%252Fcybersecurity.att.com%252Fblogs%252Flabs-research%252Fasyncrat-loader-obfuscation-dgas-decoys-and-govno%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=32249%2C68341&time=1704736310125&url=https%3A%2F%2Fcybersecurity.att.com%2Fblogs%2Flabs-research%2Fasyncrat-loader-obfuscation-dgas-decoys-and-govno&cookiesTest=true&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=32249%2C68341&time=1704736310125&url=https%3A%2F%2Fcybersecurity.att.com%2Fblogs%2Flabs-research%2Fasyncrat-loader-obfuscation-dgas-decoys-and-govno&cookiesTest=true&liSync=true&e_ipv6=AQLL341On7WMpgAAAYzqM8YJxDHBaQlznS7ENzn0F4ZctDN-Id-fhLivgMqd7ZnCptdOvlYT9Uy0tGb6A6KRciuxeHJ7xA

Request Chain 102

https://cyber-tracking.att.com/visitor/v200/svrGP?pps=3&siteid=1086385399&ref=https%3A%2F%2Fcybersecurity.att.com%2Fblogs%2Flabs-research%2Fasyncrat-loader-obfuscation-dgas-decoys-and-govno&ref2=elqNone&tzo=-60&ms=403&optin=disabled&firstPartyCookieDomain=cyber-tracking.att.com HTTP 302
https://cyber-tracking.att.com/visitor/v200/svrGP?pps=3&siteid=1086385399&ref=https%3A%2F%2Fcybersecurity.att.com%2Fblogs%2Flabs-research%2Fasyncrat-loader-obfuscation-dgas-decoys-and-govno&ref2=elqNone&tzo=-60&ms=403&optin=disabled&elq1pcGUID=C90843B178F34FF69E3D7C7C572F7D1D

Request Chain 118

https://play.vidyard.com/X9kFNr531rsCWxZpcaEDus.jpg HTTP 302
https://cdn.vidyard.com/thumbnails/uwgbSASDRvNjM84PXr3LPw/4d268a6989beac32dd7f0e.jpg

Request Chain 119

https://play.vidyard.com/FAb6t5S7EsApqqx2ZyMXe9.jpg HTTP 302
https://cdn.vidyard.com/thumbnails/1331553/nN5laXYAh6ch8qpf7LIXtxNk_mduSTTA.jpg

Request Chain 120

https://play.vidyard.com/XwZyCKfKXbLhhBtQqFGT1L.jpg HTTP 302
https://cdn.vidyard.com/thumbnails/y0wRK2jnQ23lIwnnFWRnTg/d07d1814f8eec1270689cd.jpg

122 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request asyncrat-loader-obfuscation-dgas-decoys-and-govno Show response
cybersecurity.att.com/blogs/labs-research/ 155 KB
32 KB 386ms
279ms Document
text/html 2a02:26f0:3100:793::2db1
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://cybersecurity.att.com/blogs/labs-research/asyncrat-loader-obfuscation-dgas-decoys-and-govno

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3100:793::2db1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

nginx/1.19.10 /

Resource Hash

2cab7569cbb96f9e4993dc236265cd41e31428d86cfe3c5b5b8fd6537ae289c7

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' http://alienvault.lookbookhq.com/ https://alienvault.lookbookhq.com/ http://learn-cybersecurity.att.com https://learn-cybersecurity.att.com http://walkme.com https://walkme.com http://www.alienvault-demo-usm-anywhere.com https://www.alienvault-demo-usm-anywhere.com always;
Strict-Transport-Security	max-age=86400
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-encoding: gzip
content-length: 29893
content-security-policy: frame-ancestors 'self' http://alienvault.lookbookhq.com/ https://alienvault.lookbookhq.com/ http://learn-cybersecurity.att.com https://learn-cybersecurity.att.com http://walkme.com https://walkme.com http://www.alienvault-demo-usm-anywhere.com https://www.alienvault-demo-usm-anywhere.com always;
content-type: text/html; charset=UTF-8
date: Mon, 08 Jan 2024 17:51:49 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
last-modified: Mon, 08 Jan 2024 17:51:47 GMT
pragma: no-cache
server: nginx/1.19.10
strict-transport-security: max-age=86400
vary: Accept-Encoding
x-akamai-transformed: 9l 29644 0 pmb=mTOE,2
x-frame-options: SAMEORIGIN

GET
H2 200 146029e03b00cc2f496a6233c9dc954522001624dcc5 Show response
cybersecurity.att.com/public/ 146 KB
52 KB 49ms
47ms Script
application/javascript 2a02:26f0:3100:793::2db1
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://cybersecurity.att.com/public/146029e03b00cc2f496a6233c9dc954522001624dcc5

Requested by

Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/blogs/labs-research/asyncrat-loader-obfuscation-dgas-decoys-and-govno

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3100:793::2db1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

3b013e9e79a6c8b40cb0b6260ee69f6ec531ca25286b7e5842124524730370d8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cybersecurity.att.com/blogs/labs-research/asyncrat-loader-obfuscation-dgas-decoys-and-govno
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 17:51:49 GMT
content-encoding: gzip
strict-transport-security: max-age=86400
last-modified: Wed, 20 Sep 2023 20:49:08 GMT
content-md5: odco0DlT6Idk2lenVyLKCQ==
etag: 0x8DBBA1B09523C17
vary: Accept-Encoding
access-control-allow-methods: GET, POST, HEAD
content-type: application/javascript
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=600
timing-allow-origin: *
content-length: 52460
expires: Mon, 08 Jan 2024 18:01:49 GMT

GET
H2 200 sharethis.js Show response
platform-api.sharethis.com/js/ 205 KB
46 KB 89ms
29ms Script
text/javascript 99.84.88.44
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://platform-api.sharethis.com/js/sharethis.js

Requested by

Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/blogs/labs-research/asyncrat-loader-obfuscation-dgas-decoys-and-govno

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.84.88.44 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-84-88-44.muc50.r.cloudfront.net

Software

Resource Hash

e1e04b876d769e39d9b54e88e20e60a1258ec858473a8f216c76ce19daba9ebc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cybersecurity.att.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 17:50:13 GMT
content-encoding: gzip
via: 1.1 4699c08b44211e17f977ca0133ec5e8e.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: MUC50-C1
age: 97
etag: W/"332a8-To97sGKRp5b4v/9hI/vRCFXWuNg"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
edge-control: cache-maxage=60m,downstream-ttl=60m
cache-control: max-age=600, public
x-cache: Hit from cloudfront
x-amz-cf-id: BMWHgsiBWl0po6_yuhCT_tHO9sqxkRbc0ghcMn1g1HXcmbKZEpW66Q==

GET
H2 200 optimize.js Show response
www.googleoptimize.com/ 137 KB
52 KB 81ms
28ms Script
application/javascript 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleoptimize.com/optimize.js?id=GTM-WGVFC3T

Requested by

Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/blogs/labs-research/asyncrat-loader-obfuscation-dgas-decoys-and-govno

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

a2a97557f0a48aab42b79c8973788d3aa369a8b9b7bac4952a37eee9007c4ff5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cybersecurity.att.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 17:51:49 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 52519
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 08 Jan 2024 17:51:49 GMT

GET
H2 200 top-bundle.min.js Show response
cdn-cybersecurity.att.com/js/v2/imports/ 95 KB
33 KB 125ms
26ms Script
application/javascript 2600:9000:206f:5600:17:67d0:6300:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-cybersecurity.att.com/js/v2/imports/top-bundle.min.js?v=20240104094196
Requested by: Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/blogs/labs-research/asyncrat-loader-obfuscation-dgas-decoys-and-govno
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:5600:17:67d0:6300:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 2b0018d9f5ee88a09cd42d952ec199bf37ebe95be38737b0d3d8a170058b8805

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cybersecurity.att.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-amz-version-id: gzUeh7Btg4YE0elJN7A_pQKM_IW3ELWj
content-encoding: gzip
via: 1.1 98997c223299d9efd138e7fb9a08a072.cloudfront.net (CloudFront)
date: Mon, 08 Jan 2024 00:19:58 GMT
last-modified: Thu, 04 Jan 2024 23:50:40 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 63111
x-amz-server-side-encryption: AES256
etag: W/"c587b6305a1832d3c22a0ec227888b28"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-replication-status: COMPLETED
x-amz-cf-id: -xCGkCKvr6yluxjDsrqG8j6-iX2QDhtY14KTJ8427Khq_u7ajS4ZCg==

GET
H2 200 zero-width.ttf
cdn-cybersecurity.att.com/fonts/ 2 KB
2 KB 170ms
71ms Font
font/ttf 2600:9000:206f:5600:17:67d0:6300:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-cybersecurity.att.com/fonts/zero-width.ttf
Requested by: Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/blogs/labs-research/asyncrat-loader-obfuscation-dgas-decoys-and-govno
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:5600:17:67d0:6300:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 66a27267f5e8eabb3e72ce75c419be5f1617620b955a0d6ddff505df44fee8c1

Request headers

Referer: https://cybersecurity.att.com/
Origin: https://cybersecurity.att.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-amz-version-id: VAq45dt6AdM1OPtpHyJT3XhFERDVkw7T
content-encoding: gzip
via: 1.1 5ab5e654a3dc7079aad7ac64ec697d82.cloudfront.net (CloudFront)
date: Mon, 01 Jan 2024 01:56:37 GMT
x-amz-cf-pop: FRA56-C1
age: 662113
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Wed, 29 Apr 2020 03:33:09 GMT
server: AmazonS3
etag: W/"5a98a2c306ce406325dbe881b8a49777"
access-control-max-age: 3000
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD
content-type: font/ttf
access-control-allow-origin: https://cybersecurity.att.com
cache-control: max-age=2592000,s-maxage=2592000
access-control-allow-credentials: true
vary: Accept-Encoding,Origin,Access-Control-Request-Headers
x-amz-cf-id: UcyvFr5yuB7AiVL0y8K4TlbaRPI_Dso4xPXj4RP4jTlZ-33uJ3V1KA==

GET
H2 200 ATTAleckSans-Bold.woff2
cdn-cybersecurity.att.com/fonts/aleck/ 20 KB
20 KB 147ms
48ms Font
font/woff2 2600:9000:206f:5600:17:67d0:6300:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-cybersecurity.att.com/fonts/aleck/ATTAleckSans-Bold.woff2
Requested by: Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/blogs/labs-research/asyncrat-loader-obfuscation-dgas-decoys-and-govno
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:5600:17:67d0:6300:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 5a38c3193702914f3203282b38e88bbedd02b05124f6db3ae51d8c595a72c127

Request headers

Referer: https://cybersecurity.att.com/
Origin: https://cybersecurity.att.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-amz-version-id: Y8cKzaI4NARJ7mJbJe22NSCY_67DF3OV
date: Thu, 04 Jan 2024 02:44:20 GMT
via: 1.1 5ab5e654a3dc7079aad7ac64ec697d82.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 400050
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 20008
last-modified: Wed, 29 Apr 2020 03:33:16 GMT
server: AmazonS3
etag: "cf27f132ea402dc43949433e344bc4bc"
access-control-max-age: 3000
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD
content-type: font/woff2
access-control-allow-origin: https://cybersecurity.att.com
cache-control: max-age=2592000,s-maxage=2592000
access-control-allow-credentials: true
vary: Accept-Encoding,Origin,Access-Control-Request-Headers
accept-ranges: bytes
x-amz-cf-id: SjcAB9nxUca7R_uGbJDT3uj-RZrGTUK5qt2DntTFyJu4SeA3FTffWA==

GET
H2 200 ATTAleckSans-Regular.woff2
cdn-cybersecurity.att.com/fonts/aleck/ 20 KB
20 KB 154ms
55ms Font
font/woff2 2600:9000:206f:5600:17:67d0:6300:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-cybersecurity.att.com/fonts/aleck/ATTAleckSans-Regular.woff2
Requested by: Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/blogs/labs-research/asyncrat-loader-obfuscation-dgas-decoys-and-govno
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:5600:17:67d0:6300:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c40b1adaf0e98d3edc88d471547989847a2c08dd636d62ad5112ac745529ef05

Request headers

Referer: https://cybersecurity.att.com/
Origin: https://cybersecurity.att.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 19 Dec 2023 04:44:59 GMT
x-amz-version-id: 9oCoZAz7OyBdhoiJXjfCKaRoVAWxy.R1
via: 1.1 5ab5e654a3dc7079aad7ac64ec697d82.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 1775211
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 20012
last-modified: Wed, 29 Apr 2020 03:33:16 GMT
server: AmazonS3
etag: "05bdbf2e2b2f059dd336a9f91205bac6"
access-control-max-age: 3000
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD
content-type: font/woff2
access-control-allow-origin: https://cybersecurity.att.com
cache-control: max-age=2592000,s-maxage=2592000
access-control-allow-credentials: true
vary: Origin,Access-Control-Request-Headers
accept-ranges: bytes
x-amz-cf-id: O2hYc8w-qTBZ4K4ckQXVajUUPlD52st4ssWZjFlzq4K945A4YGrnYw==

GET
H2 200 ATTAleckSans-Light.woff2
cdn-cybersecurity.att.com/fonts/aleck/ 19 KB
20 KB 139ms
40ms Font
font/woff2 2600:9000:206f:5600:17:67d0:6300:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-cybersecurity.att.com/fonts/aleck/ATTAleckSans-Light.woff2
Requested by: Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/blogs/labs-research/asyncrat-loader-obfuscation-dgas-decoys-and-govno
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:5600:17:67d0:6300:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ecd6b7d346d65f406827abe0c78e3eebfda94358a0e73d06a3404c3a7972d5ae

Request headers

Referer: https://cybersecurity.att.com/
Origin: https://cybersecurity.att.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-amz-version-id: D_Oamexop.4ZOPlnCkgqmBkaEqIHfrx2
date: Tue, 26 Dec 2023 12:42:41 GMT
via: 1.1 5ab5e654a3dc7079aad7ac64ec697d82.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 1141749
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 19676
last-modified: Wed, 29 Apr 2020 03:33:16 GMT
server: AmazonS3
etag: "f45402a3ea6ff341ebd0c3a7758c6042"
access-control-max-age: 3000
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD
content-type: font/woff2
access-control-allow-origin: https://cybersecurity.att.com
cache-control: max-age=2592000,s-maxage=2592000
access-control-allow-credentials: true
vary: Accept-Encoding,Origin,Access-Control-Request-Headers
accept-ranges: bytes
x-amz-cf-id: l04iFhsaAzisFtkUyPkc46YmvY2nkKQSg-sZpvVK7Uxi3aP7v_mVQg==

GET
H2 200 ATTAleckSans-Medium.woff2
cdn-cybersecurity.att.com/fonts/aleck/ 20 KB
21 KB 160ms
61ms Font
font/woff2 2600:9000:206f:5600:17:67d0:6300:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-cybersecurity.att.com/fonts/aleck/ATTAleckSans-Medium.woff2
Requested by: Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/blogs/labs-research/asyncrat-loader-obfuscation-dgas-decoys-and-govno
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:5600:17:67d0:6300:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 0be705567c10ee6ef133a4b257c012fe0e40f9405698037dffbce34b073c713d

Request headers

Referer: https://cybersecurity.att.com/
Origin: https://cybersecurity.att.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-amz-version-id: mb.ZbGAwxm5_N4ou9Rt0aXxkWm4qup1C
date: Tue, 26 Dec 2023 12:42:53 GMT
via: 1.1 5ab5e654a3dc7079aad7ac64ec697d82.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 1141737
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 20960
last-modified: Wed, 29 Apr 2020 03:33:16 GMT
server: AmazonS3
etag: "d316dfdd3429f9a648328891ed742abd"
access-control-max-age: 3000
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD
content-type: font/woff2
access-control-allow-origin: https://cybersecurity.att.com
cache-control: max-age=2592000,s-maxage=2592000
access-control-allow-credentials: true
vary: Accept-Encoding,Origin,Access-Control-Request-Headers
accept-ranges: bytes
x-amz-cf-id: SDzL84URZOssxMEiRcjnCKJV9y9LqkeHsGUDRKLKd0e-cnu9ePYloA==

GET
H2 200 ATTAleckSans-LightItalic.woff2
cdn-cybersecurity.att.com/fonts/aleck/ 20 KB
20 KB 169ms
71ms Font
font/woff2 2600:9000:206f:5600:17:67d0:6300:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-cybersecurity.att.com/fonts/aleck/ATTAleckSans-LightItalic.woff2
Requested by: Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/blogs/labs-research/asyncrat-loader-obfuscation-dgas-decoys-and-govno
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:5600:17:67d0:6300:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 72b76d7931546a9acebdb324b94bf549068d78e072702ace09a7d07b3559d495

Request headers

Referer: https://cybersecurity.att.com/
Origin: https://cybersecurity.att.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-amz-version-id: ay9kYXZqymOJyn6rjE8Syf1jjkQk8FZ6
date: Mon, 18 Dec 2023 06:24:29 GMT
via: 1.1 5ab5e654a3dc7079aad7ac64ec697d82.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 1855641
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 20052
last-modified: Wed, 29 Apr 2020 03:33:16 GMT
server: AmazonS3
etag: "5ff357541b82aa5b0f5b6f143fa3452f"
access-control-max-age: 3000
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD
content-type: font/woff2
access-control-allow-origin: https://cybersecurity.att.com
cache-control: max-age=2592000,s-maxage=2592000
access-control-allow-credentials: true
vary: Accept-Encoding,Origin,Access-Control-Request-Headers
accept-ranges: bytes
x-amz-cf-id: 3mEAw2fmkUL9tUThQ_gCOzBrooKM_ZZ2-Wmsi1oBMhanvVK3QezoEA==

GET
H2 200 ATTAleckSans-BoldItalic.woff2
cdn-cybersecurity.att.com/fonts/aleck/ 20 KB
21 KB 167ms
68ms Font
font/woff2 2600:9000:206f:5600:17:67d0:6300:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-cybersecurity.att.com/fonts/aleck/ATTAleckSans-BoldItalic.woff2
Requested by: Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/blogs/labs-research/asyncrat-loader-obfuscation-dgas-decoys-and-govno
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:5600:17:67d0:6300:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e77976087881338e26b6195bb140165697d46052b1b9e6fb6c1c99663d8636ad

Request headers

Referer: https://cybersecurity.att.com/
Origin: https://cybersecurity.att.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-amz-version-id: .0vd9xYyDo1nrR4h5xhC.6viA41A_LxW
date: Mon, 11 Dec 2023 11:47:57 GMT
via: 1.1 5ab5e654a3dc7079aad7ac64ec697d82.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 2441033
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 20560
last-modified: Wed, 29 Apr 2020 03:33:16 GMT
server: AmazonS3
etag: "5c4b85d87606f493a9d3950b51a387de"
access-control-max-age: 3000
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD
content-type: font/woff2
access-control-allow-origin: https://cybersecurity.att.com
cache-control: max-age=2592000,s-maxage=2592000
access-control-allow-credentials: true
vary: Accept-Encoding,Origin,Access-Control-Request-Headers
accept-ranges: bytes
x-amz-cf-id: _GtmYeY1Mql_4uok7xD92kRFNdO5Br4qJI862YXM-oMnvlU3dxB25A==

GET
H2 200 ATTAleckSans-MediumItalic.woff2
cdn-cybersecurity.att.com/fonts/aleck/ 21 KB
22 KB 169ms
71ms Font
font/woff2 2600:9000:206f:5600:17:67d0:6300:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-cybersecurity.att.com/fonts/aleck/ATTAleckSans-MediumItalic.woff2
Requested by: Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/blogs/labs-research/asyncrat-loader-obfuscation-dgas-decoys-and-govno
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:5600:17:67d0:6300:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 70a43a939e271669a2f2961c232e33439f8a7d1e6d2fee9cacccce40cc112a3e

Request headers

Referer: https://cybersecurity.att.com/
Origin: https://cybersecurity.att.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 27 Dec 2023 03:08:19 GMT
x-amz-version-id: 5DHVb7fxSysSOJep052aFNCc9M_YfNnD
via: 1.1 5ab5e654a3dc7079aad7ac64ec697d82.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 1089811
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 21656
last-modified: Wed, 29 Apr 2020 03:33:16 GMT
server: AmazonS3
etag: "e6ddd68fef0ea2119cb29247aa6ace27"
access-control-max-age: 3000
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD
content-type: font/woff2
access-control-allow-origin: https://cybersecurity.att.com
cache-control: max-age=2592000,s-maxage=2592000
access-control-allow-credentials: true
vary: Origin,Access-Control-Request-Headers
accept-ranges: bytes
x-amz-cf-id: fTc12icdV7y-nwb7ZVlzTacUvPfSvOOsNy8dnZ2M_1fzuJTXv_5lNg==

GET
H2 200 ATTAleckSans-Italic.woff2
cdn-cybersecurity.att.com/fonts/aleck/ 20 KB
20 KB 122ms
24ms Font
font/woff2 2600:9000:206f:5600:17:67d0:6300:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-cybersecurity.att.com/fonts/aleck/ATTAleckSans-Italic.woff2
Requested by: Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/blogs/labs-research/asyncrat-loader-obfuscation-dgas-decoys-and-govno
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:5600:17:67d0:6300:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f5b715ab62ef96955be0c41f46dfc8bca5cb193fb78553367cedd217218662d3

Request headers

Referer: https://cybersecurity.att.com/
Origin: https://cybersecurity.att.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-amz-version-id: 2ac5POqp0JygU1NXa51YcNLsgdh2Gaa5
date: Thu, 28 Dec 2023 19:49:34 GMT
via: 1.1 5ab5e654a3dc7079aad7ac64ec697d82.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 943336
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 20284
last-modified: Wed, 29 Apr 2020 03:33:16 GMT
server: AmazonS3
etag: "184e89d486686331406e98a2b51d7e39"
access-control-max-age: 3000
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD
content-type: font/woff2
access-control-allow-origin: https://cybersecurity.att.com
cache-control: max-age=2592000,s-maxage=2592000
access-control-allow-credentials: true
vary: Accept-Encoding,Origin,Access-Control-Request-Headers
accept-ranges: bytes
x-amz-cf-id: oOfVzq0qYZd7nLorHZBR6ns74X6TvUmk85sF4CNSKZavDq53hNREhA==

GET
H2 200 ATTAleckSans-Black.woff2
cdn-cybersecurity.att.com/fonts/aleck/ 20 KB
20 KB 163ms
65ms Font
font/woff2 2600:9000:206f:5600:17:67d0:6300:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-cybersecurity.att.com/fonts/aleck/ATTAleckSans-Black.woff2
Requested by: Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/blogs/labs-research/asyncrat-loader-obfuscation-dgas-decoys-and-govno
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:5600:17:67d0:6300:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d0c319f2dea5d6dfdfcf78956859fc5c436fa28c0e24d37038233a2b33155e56

Request headers

Referer: https://cybersecurity.att.com/
Origin: https://cybersecurity.att.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 01:03:42 GMT
x-amz-version-id: 0vA0eW6Cq0_ovsZlerC0QDEf9czc.o0j
via: 1.1 5ab5e654a3dc7079aad7ac64ec697d82.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 2306888
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 20188
last-modified: Wed, 29 Apr 2020 03:33:16 GMT
server: AmazonS3
etag: "410529e0ab6e196796f083cd77be39a5"
access-control-max-age: 3000
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD
content-type: font/woff2
access-control-allow-origin: https://cybersecurity.att.com
cache-control: max-age=2592000,s-maxage=2592000
access-control-allow-credentials: true
vary: Origin,Access-Control-Request-Headers
accept-ranges: bytes
x-amz-cf-id: rjGnxCrRHymz2Zow2gk6XALK2SpSwA-4s45AZnBBSnqi-L5aFMqCOA==

GET
H2 200 glyphicons-halflings-regular.woff2
cdn-cybersecurity.att.com/css/fonts/ 18 KB
18 KB 142ms
44ms Font
binary/octet-stream 2600:9000:206f:5600:17:67d0:6300:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-cybersecurity.att.com/css/fonts/glyphicons-halflings-regular.woff2
Requested by: Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/blogs/labs-research/asyncrat-loader-obfuscation-dgas-decoys-and-govno
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:5600:17:67d0:6300:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: fe185d11a49676890d47bb783312a0cda5a44c4039214094e7957b4c040ef11c

Request headers

Referer: https://cybersecurity.att.com/
Origin: https://cybersecurity.att.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 23:55:25 GMT
x-amz-version-id: Mqp3nf.C7JdikBK7P2Z9e_ZHX2K0y7DC
via: 1.1 5ab5e654a3dc7079aad7ac64ec697d82.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 323785
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 18028
last-modified: Tue, 20 Aug 2019 17:38:18 GMT
server: AmazonS3
etag: "448c34a56d699c29117adc64c43affeb"
access-control-max-age: 3000
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD
content-type: binary/octet-stream
access-control-allow-origin: https://cybersecurity.att.com
cache-control: max-age=31557600
access-control-allow-credentials: true
vary: Origin,Access-Control-Request-Headers
accept-ranges: bytes
x-amz-cf-id: Vlgc-scUYQTAjXnlEbod329JNq2bRFaTzWty8UmvwGWzNa-qJsTf1g==

GET
H2 200 av-icons.ttf
cdn-cybersecurity.att.com/fonts/ 6 KB
5 KB 171ms
72ms Font
font/ttf 2600:9000:206f:5600:17:67d0:6300:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-cybersecurity.att.com/fonts/av-icons.ttf?e81fxl
Requested by: Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/blogs/labs-research/asyncrat-loader-obfuscation-dgas-decoys-and-govno
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:5600:17:67d0:6300:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 59522c72387f0c3e0497a46fad1257b87b3ed587a4547e0537684f98dd1265e8

Request headers

Referer: https://cybersecurity.att.com/
Origin: https://cybersecurity.att.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-amz-version-id: v.sFGrcikDnxxtU5P19rGWIgZIlIF9Um
content-encoding: gzip
via: 1.1 5ab5e654a3dc7079aad7ac64ec697d82.cloudfront.net (CloudFront)
date: Mon, 01 Jan 2024 01:56:37 GMT
x-amz-cf-pop: FRA56-C1
age: 662113
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Wed, 29 Apr 2020 03:33:07 GMT
server: AmazonS3
etag: W/"8276846b1049ace209b695fbde52c8c6"
access-control-max-age: 3000
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD
content-type: font/ttf
access-control-allow-origin: https://cybersecurity.att.com
cache-control: max-age=2592000,s-maxage=2592000
access-control-allow-credentials: true
vary: Accept-Encoding,Origin,Access-Control-Request-Headers
x-amz-cf-id: G68NMfE1ED3U40TcLlfNPG-t9vO3_hLXCZf56ujOM3CHH_U1k2LGYw==

GET
H2 200 main.min.css
cdn-cybersecurity.att.com/css/sass/ 530 KB
86 KB 124ms
26ms Stylesheet
text/css 2600:9000:206f:5600:17:67d0:6300:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-cybersecurity.att.com/css/sass/main.min.css?v=20240104094196
Requested by: Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/blogs/labs-research/asyncrat-loader-obfuscation-dgas-decoys-and-govno
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:5600:17:67d0:6300:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: cb5dbc8151f66902b97b1b8e07137b6b643459dc8a8cf3941ceb22f1394624e7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cybersecurity.att.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 23:55:25 GMT
x-amz-version-id: KgBb0fOLKcp7FLZuuLJHPeff8EhSNL16
content-encoding: gzip
via: 1.1 98997c223299d9efd138e7fb9a08a072.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 323785
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Thu, 04 Jan 2024 23:50:42 GMT
server: AmazonS3
etag: W/"3f6a5305ec67f3078f25bf09b4bcb32d"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=2592000,s-maxage=2592000
x-amz-cf-id: ccpUVGtgtq-E9WvgJYUAen8M1Qe0dBpTbWnIdHS60eqIOCVZVZhKzA==

GET
H2 200 att-globe.svg
cdn-cybersecurity.att.com/images/uploads/logos/ 17 KB
4 KB 58ms
58ms Image
image/svg+xml 2600:9000:206f:5600:17:67d0:6300:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-cybersecurity.att.com/images/uploads/logos/att-globe.svg
Requested by: Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/blogs/labs-research/asyncrat-loader-obfuscation-dgas-decoys-and-govno
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:5600:17:67d0:6300:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 163a1c55969a13479e94c0270dc68d415df607eecb5ee2cc00e4076146d8cd9b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cybersecurity.att.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 03:38:05 GMT
x-amz-version-id: yCbi.gI1RYhUg.V0U7heLh6xsVdBiicf
content-encoding: gzip
last-modified: Fri, 14 Aug 2020 22:02:16 GMT
server: AmazonS3
via: 1.1 98997c223299d9efd138e7fb9a08a072.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
etag: W/"8416147f10bcd2cefeb8cf8a419b3e70"
age: 310425
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
cache-control: max-age=604800,s-maxage=604800
x-amz-replication-status: COMPLETED
x-amz-cf-id: 8gLmk-bUWPT2epQDNh4cRqmgO-F6QMFsp7LszhQ0-kKCe_w42k0aTA==

GET
H2 200 att-business-web.svg
cdn-cybersecurity.att.com/images/uploads/logos/ 12 KB
4 KB 58ms
58ms Image
image/svg+xml 2600:9000:206f:5600:17:67d0:6300:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-cybersecurity.att.com/images/uploads/logos/att-business-web.svg
Requested by: Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/blogs/labs-research/asyncrat-loader-obfuscation-dgas-decoys-and-govno
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:5600:17:67d0:6300:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1cfa420da8e531c104e4dbf3b249891f3ca7d707dc5b7d1a6e7ed4f92dd7f1d9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cybersecurity.att.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-amz-version-id: X4BhPHDoCYfEGw0bJdoC4ZINXfRmkjYL
content-encoding: gzip
via: 1.1 98997c223299d9efd138e7fb9a08a072.cloudfront.net (CloudFront)
date: Wed, 03 Jan 2024 07:22:36 GMT
last-modified: Fri, 14 Aug 2020 22:02:16 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 469754
etag: W/"93e7247751e1d3a7cee310d313c0fe40"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
cache-control: max-age=604800,s-maxage=604800
x-amz-replication-status: COMPLETED
x-amz-cf-id: OdQhwVGOlsSi06mToJnjqqrki_ExfvVOsiqYsXwfdUEA9gTR7SXP2Q==

GET
H2 200 att-cybersecurity-web.svg
cdn-cybersecurity.att.com/images/uploads/logos/ 13 KB
5 KB 23ms
22ms Image
image/svg+xml 2600:9000:206f:5600:17:67d0:6300:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-cybersecurity.att.com/images/uploads/logos/att-cybersecurity-web.svg
Requested by: Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/blogs/labs-research/asyncrat-loader-obfuscation-dgas-decoys-and-govno
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:5600:17:67d0:6300:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c271d1c9e320ea7201d99d6f18fe1cc0b149ba415e75e7ece7c7c9e7606c2410

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cybersecurity.att.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Tue, 02 Jan 2024 23:57:39 GMT
x-amz-version-id: 1ys0cdAsw37y9vL8yY3ejGxSUqHuR2Y4
content-encoding: gzip
last-modified: Fri, 14 Aug 2020 22:02:16 GMT
server: AmazonS3
via: 1.1 98997c223299d9efd138e7fb9a08a072.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
etag: W/"f11813bb3b91a2b10f9042e4f30dfb35"
age: 496451
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
cache-control: max-age=604800,s-maxage=604800
x-amz-replication-status: COMPLETED
x-amz-cf-id: EX2AvXRnJIqvEBJLzYPwVDa759nbiRBZ77-d0nAX1lodkk9IYJk2FQ==

GET
H2 200 certifications-index-finger-open-graph-768x427.jpg
cdn-cybersecurity.att.com/blog-content/Blog-Images/tile/ 72 KB
72 KB 23ms
23ms Image
image/jpeg 2600:9000:206f:5600:17:67d0:6300:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-cybersecurity.att.com/blog-content/Blog-Images/tile/certifications-index-finger-open-graph-768x427.jpg
Requested by: Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/blogs/labs-research/asyncrat-loader-obfuscation-dgas-decoys-and-govno
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:5600:17:67d0:6300:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ebcf777c9143c169bd81d5ad17f393183ae74c3fca22f3bf556534277d1edc70

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cybersecurity.att.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-amz-version-id: eM1dLY4JaNwSZ.ib5GZZxPsTwfIMbJZp
date: Mon, 08 Jan 2024 02:08:57 GMT
via: 1.1 98997c223299d9efd138e7fb9a08a072.cloudfront.net (CloudFront)
last-modified: Tue, 29 Jun 2021 13:40:17 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 56573
etag: "a744b4ab04de7e92f5b882100455a65e"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/jpeg
x-amz-replication-status: COMPLETED
accept-ranges: bytes
content-length: 73297
x-amz-cf-id: yjyA-u9eK134ASFfpAWIGkX8m3QGw9aXEOk_mcvzLaMmw0-9VoTGOA==

GET
H2 200 cloud-chart.svg
cdn-cybersecurity.att.com/images/uploads/diagrams/ 91 KB
20 KB 30ms
25ms Image
image/svg+xml 2600:9000:206f:5600:17:67d0:6300:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-cybersecurity.att.com/images/uploads/diagrams/cloud-chart.svg
Requested by: Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/blogs/labs-research/asyncrat-loader-obfuscation-dgas-decoys-and-govno
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:5600:17:67d0:6300:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 70fa7a9decfb16b900a02dac8449314f2cbe3020dc3705339190f400d34018f5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cybersecurity.att.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 04:14:44 GMT
x-amz-version-id: WPj4Y20hl526m_NpDduuMzcjvVxALOH.
content-encoding: gzip
last-modified: Fri, 14 Aug 2020 22:01:33 GMT
server: AmazonS3
via: 1.1 98997c223299d9efd138e7fb9a08a072.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
etag: W/"051b13cc469ad3cf2a99f073dd7dc124"
age: 394626
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
cache-control: max-age=604800,s-maxage=604800
x-amz-replication-status: COMPLETED
x-amz-cf-id: fxgewNAyVZomN-8NEX1bcqrhfx4wczYyK2jEMkDxQLWCwGzZuArphQ==

GET
H2 200 TI_tile.jpg
cdn-cybersecurity.att.com/blog-content/Blog-Images/tile/ 51 KB
51 KB 32ms
28ms Image
image/jpeg 2600:9000:206f:5600:17:67d0:6300:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-cybersecurity.att.com/blog-content/Blog-Images/tile/TI_tile.jpg
Requested by: Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/blogs/labs-research/asyncrat-loader-obfuscation-dgas-decoys-and-govno
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:5600:17:67d0:6300:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c554f43913b6f74ca33c115672fbff0477c8c2e1aba3aef839a1ed91bfad1d3b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cybersecurity.att.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 27 Dec 2023 05:09:14 GMT
x-amz-version-id: RR0Fg6x3XRnVjUwarWtXigMgBGQz3ExY
via: 1.1 98997c223299d9efd138e7fb9a08a072.cloudfront.net (CloudFront)
last-modified: Wed, 29 Apr 2020 03:27:44 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 1082556
etag: "2483878a8f851e75daddc65b12fe476c"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=2592000,s-maxage=2592000
x-amz-replication-status: COMPLETED
accept-ranges: bytes
content-length: 51866
x-amz-cf-id: w11DelIunoteZeHL2pIayCGI2iapj1XdH6RqnXK4cXWJjNYyZwHD_w==

GET
H2 200 blog-tile-esignature-2017.jpg
cdn-cybersecurity.att.com/blog-content/Blog-Images/tile/ 63 KB
63 KB 41ms
37ms Image
image/jpeg 2600:9000:206f:5600:17:67d0:6300:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-cybersecurity.att.com/blog-content/Blog-Images/tile/blog-tile-esignature-2017.jpg
Requested by: Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/blogs/labs-research/asyncrat-loader-obfuscation-dgas-decoys-and-govno
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:5600:17:67d0:6300:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 412c62a6ccaef8c885dd404a1dd5f5910771fcd7e6197205274fb1958702b974

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cybersecurity.att.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 27 Dec 2023 05:09:14 GMT
x-amz-version-id: gipbjqNE40BdEUhV7WLiNIROEW58L_C7
via: 1.1 98997c223299d9efd138e7fb9a08a072.cloudfront.net (CloudFront)
last-modified: Wed, 29 Apr 2020 03:27:47 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 1082556
etag: "f51d1e8f45e98c3803c8b1083b6635ba"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=2592000,s-maxage=2592000
x-amz-replication-status: COMPLETED
accept-ranges: bytes
content-length: 64266
x-amz-cf-id: eY5PFRRcM8rFDgni5QtK-sqnGAuNMA5btwN3D32P1rSbVSmyToMxdw==

GET
H2 200 enable-and-protect-your-remote-workforce-550x220.jpg
cdn-cybersecurity.att.com/images/uploads/doc-thumbs/ 68 KB
69 KB 48ms
44ms Image
image/jpeg 2600:9000:206f:5600:17:67d0:6300:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-cybersecurity.att.com/images/uploads/doc-thumbs/enable-and-protect-your-remote-workforce-550x220.jpg
Requested by: Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/blogs/labs-research/asyncrat-loader-obfuscation-dgas-decoys-and-govno
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:5600:17:67d0:6300:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 3ede7180156b8e9880f2e6f3eb0743eab20a9f4e433a65736f5c67d217d2a9a1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cybersecurity.att.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-amz-version-id: rgzRd9bNa7vOmnJJ94GO41luaDbmmI4w
date: Wed, 03 Jan 2024 05:19:24 GMT
via: 1.1 98997c223299d9efd138e7fb9a08a072.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 477146
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 69644
last-modified: Fri, 14 Aug 2020 22:01:38 GMT
server: AmazonS3
etag: "e29a0d35a83b3cb056961df5df351644"
vary: Accept-Encoding
content-type: image/jpeg
cache-control: max-age=604800,s-maxage=604800
accept-ranges: bytes
x-amz-cf-id: 5etl-tRhp8XYndY-_zFeTYKSCM7QkqwJ2EtuDGYrY0YKDE25SRhmrg==

GET
H2 200 case_studies_tile.jpg
cdn-cybersecurity.att.com/blog-content/Blog-Images/tile/ 24 KB
25 KB 54ms
51ms Image
image/jpeg 2600:9000:206f:5600:17:67d0:6300:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-cybersecurity.att.com/blog-content/Blog-Images/tile/case_studies_tile.jpg
Requested by: Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/blogs/labs-research/asyncrat-loader-obfuscation-dgas-decoys-and-govno
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:5600:17:67d0:6300:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8b4a84640022801cba17183356797e81478d46dcd680032183120c04b4dfd19e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cybersecurity.att.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 27 Dec 2023 05:09:14 GMT
x-amz-version-id: MMHgD_pj_Kv8Lqod6QMYYu.l98WTjzq8
via: 1.1 98997c223299d9efd138e7fb9a08a072.cloudfront.net (CloudFront)
last-modified: Wed, 29 Apr 2020 03:27:47 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 1082556
etag: "679c9aee58afced0c1f1a8f07b1694bc"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=2592000,s-maxage=2592000
x-amz-replication-status: COMPLETED
accept-ranges: bytes
content-length: 24821
x-amz-cf-id: oiN1MKZtoh4wSoha6dlOKf0eOFv1C3eZphiLHaEMMPgOtNdtyENRWA==

GET
H2 200 healthcare-edge-ecosystem.jpg
cdn-cybersecurity.att.com/images/uploads/backgrounds/ 43 KB
44 KB 57ms
53ms Image
image/jpeg 2600:9000:206f:5600:17:67d0:6300:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-cybersecurity.att.com/images/uploads/backgrounds/healthcare-edge-ecosystem.jpg
Requested by: Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/blogs/labs-research/asyncrat-loader-obfuscation-dgas-decoys-and-govno
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:5600:17:67d0:6300:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 0635f78aa913e6fc422e7dfe06f706002920b83f989bc29318e1190fcaf06aa2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cybersecurity.att.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-amz-version-id: bp3H8V4xFDTte5apEuPnRYLJgkfjC1K5
date: Mon, 08 Jan 2024 04:19:53 GMT
via: 1.1 98997c223299d9efd138e7fb9a08a072.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 49769
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 44136
last-modified: Wed, 08 Feb 2023 20:51:03 GMT
server: AmazonS3
etag: "f9ba3a67d81c6cc717fa37d11baae543"
vary: Accept-Encoding
content-type: image/jpeg
accept-ranges: bytes
x-amz-cf-id: 8uO7rQKt1yNRWRvnAow8IbRhSL6SVdIRYsVEmHsYwpqxYf_WxDz1jA==

GET
H2 200 manufacturing-edge-ecosystem.jpg
cdn-cybersecurity.att.com/images/uploads/backgrounds/ 26 KB
26 KB 59ms
56ms Image
image/jpeg 2600:9000:206f:5600:17:67d0:6300:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-cybersecurity.att.com/images/uploads/backgrounds/manufacturing-edge-ecosystem.jpg
Requested by: Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/blogs/labs-research/asyncrat-loader-obfuscation-dgas-decoys-and-govno
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:5600:17:67d0:6300:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 490f9378577571c67f21920289a1ee69388e69aa4476c17fa6a569bd1f5d145f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cybersecurity.att.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-amz-version-id: JgoNPxI8ttaNLh6VVhSaa9cUpPhgNyQL
date: Mon, 08 Jan 2024 05:05:09 GMT
via: 1.1 98997c223299d9efd138e7fb9a08a072.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 47212
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 26181
last-modified: Wed, 08 Feb 2023 20:51:03 GMT
server: AmazonS3
etag: "c502a0a6b8800973ad1fc65aa2244d8e"
vary: Accept-Encoding
content-type: image/jpeg
accept-ranges: bytes
x-amz-cf-id: QrQ1wfq-YUvih_SclK_YoHvE1UCGxOUxP1odeJC_ua9o8jIsVUlcVw==

GET
H2 200 retail-ecosystem.jpg
cdn-cybersecurity.att.com/images/uploads/backgrounds/ 43 KB
44 KB 63ms
60ms Image
image/jpeg 2600:9000:206f:5600:17:67d0:6300:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-cybersecurity.att.com/images/uploads/backgrounds/retail-ecosystem.jpg
Requested by: Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/blogs/labs-research/asyncrat-loader-obfuscation-dgas-decoys-and-govno
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:5600:17:67d0:6300:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 78ec9aa8a56b2e7d9a877d738b948f5258e5b7988d5f2d6b81450d5106d5e096

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cybersecurity.att.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-amz-version-id: 6maqOlXXpqnlLN.1G.7a_YIumbgl64mD
date: Mon, 08 Jan 2024 02:55:53 GMT
via: 1.1 98997c223299d9efd138e7fb9a08a072.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 54226
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 44239
last-modified: Wed, 08 Feb 2023 20:51:03 GMT
server: AmazonS3
etag: "41b05ee6984ffadddd1b41f3ef576a1a"
vary: Accept-Encoding
content-type: image/jpeg
accept-ranges: bytes
x-amz-cf-id: 4GYuGbgbGV82gim-0qs5MmPeBo2_kBHRDzf-N-dfc_938D0471yo_A==

GET
H2

200

4d268a6989beac32dd7f0e.jpg
cdn.vidyard.com/thumbnails/uwgbSASDRvNjM84PXr3LPw/
Redirect Chain

https://play.vidyard.com/X9kFNr531rsCWxZpcaEDus.jpg
https://cdn.vidyard.com/thumbnails/uwgbSASDRvNjM84PXr3LPw/4d268a6989beac32dd7f0e.jpg

68 KB
68 KB

189ms
95ms

Image
image/jpeg

18.173.154.122
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.vidyard.com/thumbnails/uwgbSASDRvNjM84PXr3LPw/4d268a6989beac32dd7f0e.jpg
Requested by: Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/blogs/labs-research/asyncrat-loader-obfuscation-dgas-decoys-and-govno
Protocol: H2
Server: 18.173.154.122 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-173-154-122.muc50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: b4d17558f9e11c74234110154d2e549b75dfcaddfb7dd2d34cfaeaaba4c3f8cb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cybersecurity.att.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 11:01:01 GMT
x-amz-version-id: null
via: 1.1 918459d66ab0cca4258acacb6d3f6edc.cloudfront.net (CloudFront)
x-cdn: cloudfront
x-amz-cf-pop: MUC50-P3
age: 283850
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 69136
last-modified: Wed, 08 Nov 2017 17:52:22 GMT
server: AmazonS3
etag: "c185a15f9c2fc9a9705ed4b8585fd4d3"
vary: Origin
content-type: image/jpeg
accept-ranges: bytes
x-amz-cf-id: ZwxdQV9RastjBqBbXq3RQfhxZGWeq_-osPEHHNHACuvbixPVtM2PxA==

Redirect headers

date: Mon, 08 Jan 2024 17:51:49 GMT
via: 1.1 varnish
strict-transport-security: max-age=31557600
age: 438713
x-cache: HIT
content-length: 106
x-served-by: cache-fra-eddf8230126-FRA
x-china: 0
referrer-policy: no-referrer-when-downgrade
x-timer: S1704736310.888031,VS0,VE1
vary: Accept, X-China, accept-language
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
location: https://cdn.vidyard.com/thumbnails/uwgbSASDRvNjM84PXr3LPw/4d268a6989beac32dd7f0e.jpg
cache-control: no-store, no-cache, must-revalidate
accept-ranges: bytes
x-cache-hits: 1

GET
H2 200 blog-tile-thisweek-july212017.jpg
cdn-cybersecurity.att.com/blog-content/Blog-Images/tile/ 67 KB
67 KB 64ms
61ms Image
image/jpeg 2600:9000:206f:5600:17:67d0:6300:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-cybersecurity.att.com/blog-content/Blog-Images/tile/blog-tile-thisweek-july212017.jpg
Requested by: Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/blogs/labs-research/asyncrat-loader-obfuscation-dgas-decoys-and-govno
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:5600:17:67d0:6300:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1fb6df526a3a5eedfa36e659df4ee50342082e6405398ac984f1678013bf45fc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cybersecurity.att.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 27 Dec 2023 05:09:14 GMT
x-amz-version-id: alCg.2stazGLTpH5o9BSCauoVowIZ1a.
via: 1.1 98997c223299d9efd138e7fb9a08a072.cloudfront.net (CloudFront)
last-modified: Wed, 29 Apr 2020 03:27:47 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 1082556
etag: "0a686cc44eee1ca1857d0afc407b55f2"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=2592000,s-maxage=2592000
x-amz-replication-status: COMPLETED
accept-ranges: bytes
content-length: 68576
x-amz-cf-id: bXRWT97Turf5UT3B4JlpVLfVm5bMW9sYhhhOlBbq8N_ivaMd6TFlXA==

GET
H2 200 leadership_tile.jpg
cdn-cybersecurity.att.com/blog-content/Blog-Images/tile/ 57 KB
58 KB 66ms
63ms Image
image/jpeg 2600:9000:206f:5600:17:67d0:6300:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-cybersecurity.att.com/blog-content/Blog-Images/tile/leadership_tile.jpg
Requested by: Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/blogs/labs-research/asyncrat-loader-obfuscation-dgas-decoys-and-govno
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:5600:17:67d0:6300:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: b86e15f179ddbf3b98f456ee4b993831ccb2c760243d406cd5bb4fd915d70298

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cybersecurity.att.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Wed, 27 Dec 2023 05:09:14 GMT
x-amz-version-id: 1ikFD3lDwHgtRJ._d5bwIwbe444OXFjn
via: 1.1 98997c223299d9efd138e7fb9a08a072.cloudfront.net (CloudFront)
last-modified: Wed, 29 Apr 2020 03:27:47 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 1082556
etag: "31ac7ed9ea31f1993a95b8617b5c5a25"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=2592000,s-maxage=2592000
x-amz-replication-status: COMPLETED
accept-ranges: bytes
content-length: 58791
x-amz-cf-id: e-rGBqrU1IElgdJYM4VrlYTk8w7uJEX75f6QXlI0R63daiTY3zRl7w==

GET
H2

200

nN5laXYAh6ch8qpf7LIXtxNk_mduSTTA.jpg
cdn.vidyard.com/thumbnails/1331553/
Redirect Chain

https://play.vidyard.com/FAb6t5S7EsApqqx2ZyMXe9.jpg
https://cdn.vidyard.com/thumbnails/1331553/nN5laXYAh6ch8qpf7LIXtxNk_mduSTTA.jpg

45 KB
46 KB

158ms
64ms

Image
image/jpeg

18.173.154.122
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.vidyard.com/thumbnails/1331553/nN5laXYAh6ch8qpf7LIXtxNk_mduSTTA.jpg
Requested by: Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/blogs/labs-research/asyncrat-loader-obfuscation-dgas-decoys-and-govno
Protocol: H2
Server: 18.173.154.122 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-173-154-122.muc50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 28bc1d87ef42dd726292dc6d88cdd5c4b2d06c40ecd932e6e1e0de670f2cb348

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cybersecurity.att.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 10:00:39 GMT
x-amz-version-id: null
via: 1.1 918459d66ab0cca4258acacb6d3f6edc.cloudfront.net (CloudFront)
x-cdn: cloudfront
x-amz-cf-pop: MUC50-P3
age: 287471
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 46235
last-modified: Tue, 19 Sep 2017 23:39:46 GMT
server: AmazonS3
etag: "a91c9f2512e7c642c68d9ef10daa494b"
vary: Origin
content-type: image/jpeg
accept-ranges: bytes
x-amz-cf-id: FT891Tzk_9GKy4ivD9pLZO3STnBMaCiAbqTT3d4mqAPPPtyyxWtztg==

Redirect headers

date: Mon, 08 Jan 2024 17:51:49 GMT
via: 1.1 varnish
strict-transport-security: max-age=31557600
age: 402773
x-cache: HIT
content-length: 101
x-served-by: cache-fra-eddf8230126-FRA
x-china: 0
referrer-policy: no-referrer-when-downgrade
x-timer: S1704736310.888056,VS0,VE1
vary: Accept, X-China, accept-language
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
location: https://cdn.vidyard.com/thumbnails/1331553/nN5laXYAh6ch8qpf7LIXtxNk_mduSTTA.jpg
cache-control: no-store, no-cache, must-revalidate
accept-ranges: bytes
x-cache-hits: 1

GET
H2

200

d07d1814f8eec1270689cd.jpg
cdn.vidyard.com/thumbnails/y0wRK2jnQ23lIwnnFWRnTg/
Redirect Chain

https://play.vidyard.com/XwZyCKfKXbLhhBtQqFGT1L.jpg
https://cdn.vidyard.com/thumbnails/y0wRK2jnQ23lIwnnFWRnTg/d07d1814f8eec1270689cd.jpg

59 KB
60 KB

158ms
65ms

Image
image/jpeg

18.173.154.122
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.vidyard.com/thumbnails/y0wRK2jnQ23lIwnnFWRnTg/d07d1814f8eec1270689cd.jpg
Requested by: Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/blogs/labs-research/asyncrat-loader-obfuscation-dgas-decoys-and-govno
Protocol: H2
Server: 18.173.154.122 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-173-154-122.muc50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d83bd57a9e4f4db44ff5451dc17c60a8c00935a52eb8e85dd807aab83d0d8313

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cybersecurity.att.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 11:15:08 GMT
x-amz-version-id: null
via: 1.1 918459d66ab0cca4258acacb6d3f6edc.cloudfront.net (CloudFront)
x-cdn: cloudfront
x-amz-cf-pop: MUC50-P3
age: 283003
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 60723
last-modified: Wed, 08 Nov 2017 17:28:03 GMT
server: AmazonS3
etag: "e014e5690d6dc1ed2e25155b0eaabca1"
vary: Origin
content-type: image/jpeg
accept-ranges: bytes
x-amz-cf-id: 6T2zKMU3rrEbb--K7P7qUBrnkaVmtc85kM7uQ-ahstkd45ypm9WADg==

Redirect headers

date: Mon, 08 Jan 2024 17:51:49 GMT
via: 1.1 varnish
strict-transport-security: max-age=31557600
age: 932828
x-cache: HIT
content-length: 106
x-served-by: cache-fra-eddf8230126-FRA
x-china: 0
referrer-policy: no-referrer-when-downgrade
x-timer: S1704736310.888042,VS0,VE1
vary: Accept, X-China, accept-language
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
location: https://cdn.vidyard.com/thumbnails/y0wRK2jnQ23lIwnnFWRnTg/d07d1814f8eec1270689cd.jpg
cache-control: no-store, no-cache, must-revalidate
accept-ranges: bytes
x-cache-hits: 1

GET
H2 200 privacyoptions.svg
cdn-cybersecurity.att.com/images/uploads/icons/ 2 KB
1 KB 68ms
65ms Image
image/svg+xml 2600:9000:206f:5600:17:67d0:6300:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-cybersecurity.att.com/images/uploads/icons/privacyoptions.svg
Requested by: Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/blogs/labs-research/asyncrat-loader-obfuscation-dgas-decoys-and-govno
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:5600:17:67d0:6300:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 86f2eb97cc1f3909c12e4512de9e267215d94ac5aaee9393d0f007f18c34e8ba

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cybersecurity.att.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-amz-version-id: 2htIYio4KBhCZAsGBlIZ8A3bGzDsNPd6
content-encoding: gzip
via: 1.1 98997c223299d9efd138e7fb9a08a072.cloudfront.net (CloudFront)
date: Mon, 08 Jan 2024 04:19:59 GMT
last-modified: Tue, 21 Mar 2023 04:51:07 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 49769
x-amz-server-side-encryption: AES256
etag: W/"8051dee1dd72e78a9528a16c062cff66"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
x-amz-replication-status: COMPLETED
x-amz-cf-id: 8Brranvw4bqrL8zUskEyJI9MJTzYoHcP1SH1D0b3Y_bsTvu7MMjG3A==

GET
H2 200 blog-bundle.min.js Show response
cdn-cybersecurity.att.com/js/v2/imports/ 292 KB
87 KB 69ms
66ms Script
application/javascript 2600:9000:206f:5600:17:67d0:6300:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-cybersecurity.att.com/js/v2/imports/blog-bundle.min.js?v=20240104094196
Requested by: Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/blogs/labs-research/asyncrat-loader-obfuscation-dgas-decoys-and-govno
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:5600:17:67d0:6300:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e93bcd6a42464e45912c4df2b24267d514611746972c36df79799713e67aaf3d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cybersecurity.att.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-amz-version-id: 2A4JNFxASXWPVsBFw23uE6.7qEvccxVC
content-encoding: gzip
via: 1.1 98997c223299d9efd138e7fb9a08a072.cloudfront.net (CloudFront)
date: Mon, 08 Jan 2024 00:31:40 GMT
last-modified: Thu, 04 Jan 2024 23:50:40 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 62410
x-amz-server-side-encryption: AES256
etag: W/"bdf12224fa5bca4a54ef723a0fb780de"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-replication-status: COMPLETED
x-amz-cf-id: hTtsODz0NE2BZJ_q7ZnFUqxn20sZczB_KdNIQsc20wIozlFwqAdtOg==

GET
H2 200 vidyard-av.js Show response
cdn-cybersecurity.att.com/js/v2/imports/ 3 KB
1 KB 72ms
70ms Script
application/javascript 2600:9000:206f:5600:17:67d0:6300:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-cybersecurity.att.com/js/v2/imports/vidyard-av.js
Requested by: Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/blogs/labs-research/asyncrat-loader-obfuscation-dgas-decoys-and-govno
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:5600:17:67d0:6300:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 54e34a3f18937be2dc8829b0f54148b9a4dda72c15ceecbc0b044827c8a42cbb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cybersecurity.att.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-amz-version-id: cGnvfvgusjd0nCbx3WSCxBkbg76fIBJG
content-encoding: gzip
via: 1.1 98997c223299d9efd138e7fb9a08a072.cloudfront.net (CloudFront)
date: Mon, 08 Jan 2024 00:19:59 GMT
last-modified: Thu, 04 Jan 2024 23:50:41 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 63111
x-amz-server-side-encryption: AES256
etag: W/"e40c36c7fd316faf4ca342e6e4ca868c"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-replication-status: COMPLETED
x-amz-cf-id: A1382xYpm2hlws4HW6LrZE_d52LJXy_KoK7usBmVZm6UkdKy-HcVhg==

GET
H2 200 v4.js Show response
play.vidyard.com/embed/ 70 KB
23 KB 100ms
18ms Script
application/javascript 151.101.193.181
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://play.vidyard.com/embed/v4.js

Requested by

Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/blogs/labs-research/asyncrat-loader-obfuscation-dgas-decoys-and-govno

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.193.181 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

e492e5bd630a86a679a9ead911fc5e1e155d75098344c375131c40470e97396d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cybersecurity.att.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-cache-hits: 67
date: Mon, 08 Jan 2024 17:51:49 GMT
content-encoding: gzip
via: 1.1 varnish
strict-transport-security: max-age=31557600
age: 30454
x-amz-server-side-encryption: AES256
x-cache: HIT
content-length: 23031
x-served-by: cache-fra-eddf8230126-FRA
x-china: 0
last-modified: Mon, 28 Aug 2023 17:07:01 GMT
etag: "d22850d6ed493dad3ff1a51479d730cc"
vary: X-China, accept-language, Accept-Encoding
content-type: application/javascript
cache-control: no-cache, no-store, must-revalidate
accept-ranges: bytes
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 progress-events.js Show response
play.vidyard.com/v1/ 14 KB
5 KB 505ms
423ms Script
application/javascript 151.101.193.181
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://play.vidyard.com/v1/progress-events.js

Requested by

Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/blogs/labs-research/asyncrat-loader-obfuscation-dgas-decoys-and-govno

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.193.181 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

6d41161f7d77d059a8d35b55c36d765021a1300521eeffd57097df8df3322a90

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cybersecurity.att.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 17:51:50 GMT
content-encoding: gzip
via: 1.1 varnish
strict-transport-security: max-age=31557600
age: 0
x-cache: HIT
content-length: 5481
x-served-by: cache-fra-eddf8230126-FRA
x-china: 0
last-modified: Tue, 13 Sep 2022 19:42:22 GMT
x-timer: S1704736310.888112,VS0,VE406
etag: "5823d0929a8e2e520236508c08ba757c"
vary: X-China, accept-language, Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
x-cache-hits: 1

GET
H2 200 kEDD5hISc Show response
cybersecurity.att.com/udxCX7vVERBTOEOkXakT/wi5impY37VYV/fA4ZTQ50AwI/IV/ 206 KB
76 KB 50ms
46ms Script
application/javascript 2a02:26f0:3100:793::2db1
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://cybersecurity.att.com/udxCX7vVERBTOEOkXakT/wi5impY37VYV/fA4ZTQ50AwI/IV/kEDD5hISc

Requested by

Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/blogs/labs-research/asyncrat-loader-obfuscation-dgas-decoys-and-govno

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3100:793::2db1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

4b7d148e301e69bcf6a11e9b573ca6efa4cfb3a609d7c01d2cdbbf8bc616e7a8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cybersecurity.att.com/blogs/labs-research/asyncrat-loader-obfuscation-dgas-decoys-and-govno
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 17:51:49 GMT
content-encoding: br
strict-transport-security: max-age=86400
last-modified: Wed, 02 Aug 2023 16:13:18 GMT
mpulse_cdn_cache: HIT
etag: "8f94427029993d99ca1b3e432f1fb80a7a61436a0a4fb35b805c8a12b819e835"
stored-attribute-sha-checksum: 4b7d148e301e69bcf6a11e9b573ca6efa4cfb3a609d7c01d2cdbbf8bc616e7a8
content-type: application/javascript
cache-control: max-age=21600
mpulse_origin_time: 0
content-length: 77293
expires: Wed, 31 Jan 2024 10:13:29 GMT

GET
H2 200 sec-4-1.css
cybersecurity.att.com/_sec/cp_challenge/ 2 KB
974 B 78ms
73ms Stylesheet
text/css 2a02:26f0:3100:793::2db1
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://cybersecurity.att.com/_sec/cp_challenge/sec-4-1.css

Requested by

Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/blogs/labs-research/asyncrat-loader-obfuscation-dgas-decoys-and-govno

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3100:793::2db1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

b3f0a51197e77b186f31de4b16a5281246cc58f540f510b3329bc236508a531e

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cybersecurity.att.com/blogs/labs-research/asyncrat-loader-obfuscation-dgas-decoys-and-govno
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 17:51:49 GMT
content-encoding: gzip
strict-transport-security: max-age=86400
last-modified: Tue, 07 Nov 2023 18:44:30 GMT
etag: "64a540fad9e49b9b82a09d3caf22aa61d45451408a5c94e3ed3cb1f970226a43"
stored-attribute-sha-checksum: b3f0a51197e77b186f31de4b16a5281246cc58f540f510b3329bc236508a531e
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=86400
content-length: 697
expires: Mon, 08 Jan 2024 23:50:10 GMT

GET
H2 200 sec-cpt-4-1.js Show response
cybersecurity.att.com/_sec/cp_challenge/ 51 KB
21 KB 41ms
39ms Script
application/javascript 2a02:26f0:3100:793::2db1
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://cybersecurity.att.com/_sec/cp_challenge/sec-cpt-4-1.js

Requested by

Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/blogs/labs-research/asyncrat-loader-obfuscation-dgas-decoys-and-govno

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3100:793::2db1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

d96aa78f2d55331a8b70741c7230d2c2fd54310736a8454d53ac391cea813755

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cybersecurity.att.com/blogs/labs-research/asyncrat-loader-obfuscation-dgas-decoys-and-govno
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 17:51:49 GMT
content-encoding: gzip
strict-transport-security: max-age=86400
last-modified: Tue, 07 Nov 2023 18:44:09 GMT
etag: "00cb6040d049d396de005ea66dd3916043ea887156b97f740a5256a2daeaf1dd"
stored-attribute-sha-checksum: d96aa78f2d55331a8b70741c7230d2c2fd54310736a8454d53ac391cea813755
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=86400
content-length: 20807
expires: Mon, 08 Jan 2024 22:24:15 GMT

GET
H2 200 65319_1825202461.js Show response
p11.techlab-cdn.com/e/ 54 KB
18 KB 140ms
50ms Fetch
application/javascript 2a02:26f0:480:d::210:f160
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://p11.techlab-cdn.com/e/65319_1825202461.js
Requested by: Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/public/146029e03b00cc2f496a6233c9dc954522001624dcc5
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:d::210:f160 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: ad80a3f6b1b1b869088b872381b3179a21dccc4e465ec0a00c92824f6462c258

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cybersecurity.att.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 17:51:49 GMT
content-encoding: gzip
last-modified: Fri, 12 Aug 2022 14:24:26 GMT
content-md5: TBz6CQ/Qf16sF8+q5U3Ixg==
etag: "0x8DA7C6E5C88AF92"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, HEAD
content-type: application/javascript
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-lease-state,x-ms-blob-type,Accept-Ranges,Content-Length,Date,Transfer-Encoding
cache-control: max-age=600
accept-ranges: bytes
timing-allow-origin: *
content-length: 18223
expires: Mon, 08 Jan 2024 18:01:49 GMT

GET
H2 200 65257_1825232097.js Show response
p11.techlab-cdn.com/e/ 14 KB
6 KB 114ms
25ms Fetch
application/javascript 2a02:26f0:480:d::210:f160
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://p11.techlab-cdn.com/e/65257_1825232097.js
Requested by: Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/public/146029e03b00cc2f496a6233c9dc954522001624dcc5
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:d::210:f160 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 74a7a53097f5335e794968f4f7c27d089701fd635c8698c5f5fda7f30356cacb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cybersecurity.att.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 17:51:49 GMT
content-encoding: gzip
last-modified: Thu, 01 Dec 2022 12:38:55 GMT
content-md5: 7rdGFe+/Y2zHt4sXxqkzxw==
etag: 0x8DAD39902829531
vary: Accept-Encoding
access-control-allow-methods: GET, POST, HEAD
content-type: application/javascript
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=600
timing-allow-origin: *
content-length: 6061
expires: Mon, 08 Jan 2024 18:01:49 GMT

GET
H2 200 64885_1825202523.js Show response
p11.techlab-cdn.com/e/ 3 KB
2 KB 147ms
58ms Fetch
application/javascript 2a02:26f0:480:d::210:f160
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://p11.techlab-cdn.com/e/64885_1825202523.js
Requested by: Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/public/146029e03b00cc2f496a6233c9dc954522001624dcc5
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:d::210:f160 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 422aa4e7ba5ff626a830dbbee358cb5055122a03b5c36b5f7608e1b34999e529

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cybersecurity.att.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 17:51:49 GMT
content-encoding: gzip
last-modified: Sun, 24 Apr 2022 12:00:07 GMT
content-md5: DnvBZTKTbXGPNtxH2P6zMg==
etag: "0x8DA25E9F9A41165"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, HEAD
content-type: application/javascript
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-lease-state,x-ms-blob-type,Accept-Ranges,Content-Length,Date,Transfer-Encoding
cache-control: max-age=600
accept-ranges: bytes
timing-allow-origin: *
content-length: 1470
expires: Mon, 08 Jan 2024 18:01:49 GMT

GET
H2 200 65226_1825232128.js Show response
p11.techlab-cdn.com/e/ 70 KB
33 KB 115ms
26ms Fetch
application/javascript 2a02:26f0:480:d::210:f160
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://p11.techlab-cdn.com/e/65226_1825232128.js
Requested by: Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/public/146029e03b00cc2f496a6233c9dc954522001624dcc5
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:d::210:f160 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 02433a62f3bc96003e78509ec45872fe3330c330204fa77415039f40a043224b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cybersecurity.att.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 17:51:49 GMT
content-encoding: gzip
last-modified: Thu, 06 Jul 2023 07:07:50 GMT
content-md5: sYBscgCVtSaJQGvZdsVDxw==
etag: 0x8DB7DEFB5BB50C7
vary: Accept-Encoding
access-control-allow-methods: GET, POST, HEAD
content-type: application/javascript
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=600
timing-allow-origin: *
content-length: 32997
expires: Mon, 08 Jan 2024 18:01:49 GMT

GET
H2 200 619c04ec1bd25500123c9511.js Show response
buttons-config.sharethis.com/js/ 399 B
846 B 120ms
34ms Script
text/javascript 2600:9000:25e8:b200:c:abe:f440:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://buttons-config.sharethis.com/js/619c04ec1bd25500123c9511.js

Requested by

Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/public/146029e03b00cc2f496a6233c9dc954522001624dcc5

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:25e8:b200:c:abe:f440:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

7f864f908080f8ccd6b7af266b1d05938e5a72da55f196d4b1c4275656be1276

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cybersecurity.att.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 17:51:49 GMT
via: 1.1 47168233f5be3757636a095d7386d7d8.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: AMS1-P3
age: 35
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 399
last-modified: Mon, 22 Nov 2021 21:00:31 GMT
server: AmazonS3
etag: "34733bd2d48ba37b0b9a42090059adea"
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=60
accept-ranges: bytes
x-amz-cf-id: Q3a6vz8Qy33NnTkIGtN6HR4oDWC1fwFkQ7WgerE6FOU6KH3ylh2Qwg==

GET
H/1.1 204
No Content pview Show response
l.sharethis.com/ 0
408 B 121ms
41ms XHR
text/plain 3.121.117.111
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://l.sharethis.com/pview?event=pview&hostname=cybersecurity.att.com&location=%2Fblogs%2Flabs-research%2Fasyncrat-loader-obfuscation-dgas-decoys-and-govno&product=inline-share-buttons&url=https%3A%2F%2Fcybersecurity.att.com%2Fblogs%2Flabs-research%2Fasyncrat-loader-obfuscation-dgas-decoys-and-govno&source=sharethis.js&fcmp=false&fcmpv2=false&has_segmentio=false&title=AsyncRAT%20loader%3A%20Obfuscation%2C%20DGAs%2C%20decoys%20and%20Govno&cms=unknown&publisher=619c04ec1bd25500123c9511&sop=true&version=st_sop.js&lang=en&description=Executive%20summary%0A%0AAT%26T%20Alien%20Labs%20has%20identified%20a%20campaign%20to%20deliver%20AsyncRAT%20onto%20unsuspecting%20victim%20systems.%20During%20at%20least%2011%20months%2C%20this%20threat%20actor%20has%20been%20working%20on%20delivering%20the%20RAT%20through%20an%20initial%20JavaScript%20file%2C%20embedded%20in%20a%20phishing%20page.%20After%20more%20than%20300%20samples%20and%20over%20100%20domains%20later%2C%20the%20threat%20actor%20is%20persistent%20in%20their%20intentions.%0A%0AKey%20takeaways%3A%0A%0A%0A%09The%20victims%20and%20their%20companies%20are%20carefully%20selected%20to%20broaden%20the%20impact%20of%20the%20campaign.%20Some%20of%20the&ua=&ua_mobile=false&ua_full_version_list=&uuid=e88d1cc7-cb1a-4cd5-8162-ab27f02d5500

Requested by

Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/public/146029e03b00cc2f496a6233c9dc954522001624dcc5

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.121.117.111 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-121-117-111.eu-central-1.compute.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cybersecurity.att.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Date: Mon, 08 Jan 2024 17:51:49 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains;
Access-Control-Max-Age: 1728000
Access-Control-Allow-Origin: https://cybersecurity.att.com
Access-Control-Expose-Headers: stid
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: *

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 288 KB
98 KB 102ms
53ms Script
application/javascript 2a00:1450:4001:80b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-KLJDXJN

Requested by

Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/public/146029e03b00cc2f496a6233c9dc954522001624dcc5

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

be83f2c5de1d7e1d7c4c82adb0f9d154aa821dfb7cfb8d33eb5fd1acefa87559

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cybersecurity.att.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 17:51:49 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100249
x-xss-protection: 0
last-modified: Mon, 08 Jan 2024 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 08 Jan 2024 17:51:49 GMT

GET
DATA 200
OK truncated
/ 117 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9db2761653fdbd71fba80327e4b6ce808254c5b30bb9dc0733e19aa1cf3facf1

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 119 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f83769904a52c638fb41b9fd2b1a26b5b592c30c6c8740908bf4ce0741440d40

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 231 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1c61b8eb2405fc40049752b190cf9c6c0d508737329dfcaf00cb16c2fac82263

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 icn-sidebar-search.png
cdn-cybersecurity.att.com/images/ 301 B
752 B 63ms
62ms Image
image/png 2600:9000:206f:5600:17:67d0:6300:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-cybersecurity.att.com/images/icn-sidebar-search.png
Requested by: Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/blogs/labs-research/asyncrat-loader-obfuscation-dgas-decoys-and-govno
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:5600:17:67d0:6300:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 78dc84320b1b810c4d46f2ff9d9060fa5e7287e05e66c777cd7aa36591c831cc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cybersecurity.att.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-amz-version-id: pOXMNU_tGWNjw6RT2UpRVpM_qN6DchB.
date: Sun, 17 Dec 2023 08:23:31 GMT
via: 1.1 98997c223299d9efd138e7fb9a08a072.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 1934899
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 301
last-modified: Wed, 29 Apr 2020 03:17:41 GMT
server: AmazonS3
etag: "7e348812a5bf28a418d17e5aaf3540aa"
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=2592000,s-maxage=2592000
accept-ranges: bytes
x-amz-cf-id: jWp8Rzxq0tpmJCPdBpmgnIi8E4Z1WEyyUPITHVWKS12U95dxlTEhtQ==

GET
H2 200 2023_insights_report_logos.png
cdn-cybersecurity.att.com/images/uploads/ 82 KB
82 KB 64ms
63ms Image
image/png 2600:9000:206f:5600:17:67d0:6300:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-cybersecurity.att.com/images/uploads/2023_insights_report_logos.png
Requested by: Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/blogs/labs-research/asyncrat-loader-obfuscation-dgas-decoys-and-govno
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:5600:17:67d0:6300:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c20efc1937932a89fa90a427127afd7623704f89556b9bae1a9494d162b100d4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cybersecurity.att.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-amz-version-id: p1yXO_U7b7YDksDtXhlIEugtDIZsPpsI
date: Mon, 08 Jan 2024 07:41:54 GMT
via: 1.1 98997c223299d9efd138e7fb9a08a072.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 39016
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 83901
last-modified: Mon, 24 Apr 2023 16:20:56 GMT
server: AmazonS3
etag: "dba1b7960dbfe0d0ed572f7916f31825"
vary: Accept-Encoding
content-type: image/png
accept-ranges: bytes
x-amz-cf-id: 3oECsc8_jmqNC2TVGorCwq3MifQD_vCtMtCpVHvqde5Q9eugi2eheA==

GET
H2 200 5g-and-the-journey.jpg
cdn-cybersecurity.att.com/images/uploads/resource-images/ 58 KB
59 KB 70ms
69ms Image
image/jpeg 2600:9000:206f:5600:17:67d0:6300:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-cybersecurity.att.com/images/uploads/resource-images/5g-and-the-journey.jpg
Requested by: Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/blogs/labs-research/asyncrat-loader-obfuscation-dgas-decoys-and-govno
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:5600:17:67d0:6300:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e153b0c82ab112dd43f371069690a22d823f045ea9fe9a9d7b92dc3b655c98bf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cybersecurity.att.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-amz-version-id: t1XcVJFsJ4vqVHLxsf1Cyd7YVnvGCCVV
date: Mon, 08 Jan 2024 04:19:58 GMT
via: 1.1 98997c223299d9efd138e7fb9a08a072.cloudfront.net (CloudFront)
last-modified: Wed, 16 Dec 2020 19:41:13 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 49768
etag: "c1c8b15f20b869c5bf930981b21ef5a4"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/jpeg
x-amz-replication-status: COMPLETED
accept-ranges: bytes
content-length: 59599
x-amz-cf-id: z1ethA9CTjCkUqhZsJ7Q0xk8Iuj7NGmfMFJzCkPUz0dXy6tFMV50jQ==

GET
H2 200 x-logo.svg
cdn-cybersecurity.att.com/images/uploads/icons/ 469 B
912 B 72ms
71ms Image
image/svg+xml 2600:9000:206f:5600:17:67d0:6300:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-cybersecurity.att.com/images/uploads/icons/x-logo.svg
Requested by: Host: cdn-cybersecurity.att.com
URL: https://cdn-cybersecurity.att.com/css/sass/main.min.css?v=20240104094196
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:5600:17:67d0:6300:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 791396d0b526b8a29026d81d9d0fb134e9f0cc61ca982ca4f9239e9a6ca13252

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn-cybersecurity.att.com/css/sass/main.min.css?v=20240104094196
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-amz-version-id: wtpoRet8UJ3N28L20rrpKi8Cbkk49ShJ
date: Mon, 08 Jan 2024 07:39:55 GMT
via: 1.1 98997c223299d9efd138e7fb9a08a072.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 36972
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 469
last-modified: Thu, 28 Dec 2023 03:55:08 GMT
server: AmazonS3
etag: "b9a8d8578daa6bf19de2bbf560606f2f"
vary: Accept-Encoding
content-type: image/svg+xml
accept-ranges: bytes
x-amz-cf-id: i_OmcydNQ_z95NhKCE1EuCOo2VI9os5sPoBrUbESNU2p66smXXjbGA==

GET
H2 200 LI@1x.png
cdn-cybersecurity.att.com/images/uploads/icons/ 444 B
892 B 73ms
72ms Image
image/png 2600:9000:206f:5600:17:67d0:6300:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-cybersecurity.att.com/images/uploads/icons/LI@1x.png
Requested by: Host: cdn-cybersecurity.att.com
URL: https://cdn-cybersecurity.att.com/css/sass/main.min.css?v=20240104094196
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:5600:17:67d0:6300:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 3c7d5c25883b061f5fc5607432a3a2e9e493fee500cbb897861219b72e0f131b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn-cybersecurity.att.com/css/sass/main.min.css?v=20240104094196
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-amz-version-id: 6iSaPbKUf4OLYYEq6PcDmTb3zfP7Nsi5
date: Wed, 03 Jan 2024 07:50:40 GMT
via: 1.1 98997c223299d9efd138e7fb9a08a072.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 468070
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 444
last-modified: Fri, 14 Aug 2020 22:01:57 GMT
server: AmazonS3
etag: "ae41b978f7bc8e45bed2ca021fbfb16a"
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=604800,s-maxage=604800
accept-ranges: bytes
x-amz-cf-id: gWQUwTmnLZW0oJMTFfd48PXAsuHzuknZ73Py0WacfqrCQ5qRj46ZIg==

GET
H2 200 YouTube@1x.png
cdn-cybersecurity.att.com/images/uploads/icons/ 723 B
1 KB 74ms
73ms Image
image/png 2600:9000:206f:5600:17:67d0:6300:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn-cybersecurity.att.com/images/uploads/icons/YouTube@1x.png
Requested by: Host: cdn-cybersecurity.att.com
URL: https://cdn-cybersecurity.att.com/css/sass/main.min.css?v=20240104094196
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:5600:17:67d0:6300:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 810c17718a6e1ad5995d3a2c25a17f5e9cab953ec7f370c1ee3e9374c6f9451d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn-cybersecurity.att.com/css/sass/main.min.css?v=20240104094196
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-amz-version-id: _N0S5Jwh5KlvPsmgxPzUIDOieogGbimc
date: Wed, 03 Jan 2024 20:37:55 GMT
via: 1.1 98997c223299d9efd138e7fb9a08a072.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 422035
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 723
last-modified: Fri, 14 Aug 2020 22:01:57 GMT
server: AmazonS3
etag: "6a253c7c3d6329a5f8d2310c8ad22240"
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=604800,s-maxage=604800
accept-ranges: bytes
x-amz-cf-id: L-FNNyHhSd6rTFoWJiC5Y4ITdbP_HWyEJTNday-D6CiYwWsw3yz1tw==

POST
H2 201 kEDD5hISc Show response
cybersecurity.att.com/udxCX7vVERBTOEOkXakT/wi5impY37VYV/fA4ZTQ50AwI/IV/ 18 B
672 B 229ms
228ms XHR
application/json 2a02:26f0:3100:793::2db1
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://cybersecurity.att.com/udxCX7vVERBTOEOkXakT/wi5impY37VYV/fA4ZTQ50AwI/IV/kEDD5hISc

Requested by

Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/public/146029e03b00cc2f496a6233c9dc954522001624dcc5

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3100:793::2db1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

bef9393fcdfc7a7299c058ba2a69253c32e0964dd3e97834e17a8cdb5dce7cf6

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://cybersecurity.att.com/blogs/labs-research/asyncrat-loader-obfuscation-dgas-decoys-and-govno
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Mon, 08 Jan 2024 17:51:50 GMT
strict-transport-security: max-age=86400
vary: Origin
content-type: application/json
access-control-allow-origin: https://cybersecurity.att.com
access-control-allow-credentials: true
x_req_id: 10bb0773-49ee-401a-877f-2396a47509ad
access-control-allow-headers: Content-Type
content-length: 18

GET
H2 200 X9kFNr531rsCWxZpcaEDus
play.vidyard.com/ 0
2 KB 78ms
22ms Other
text/html 151.101.193.181
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://play.vidyard.com/X9kFNr531rsCWxZpcaEDus?disable_popouts=1&type=lightbox&v=4.3.14

Requested by

Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/public/146029e03b00cc2f496a6233c9dc954522001624dcc5

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.193.181 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600

Request headers

Referer: https://cybersecurity.att.com/
Origin: https://cybersecurity.att.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 17:51:50 GMT
content-encoding: gzip
via: 1.1 varnish
strict-transport-security: max-age=31557600
age: 1082289
x-cache: HIT
content-length: 1481
x-served-by: cache-fra-eddf8230081-FRA
x-china: 0
referrer-policy: no-referrer-when-downgrade
x-timer: S1704736310.019110,VS0,VE1
etag: W/"df1-5t+YXpAFoRlHr0Nfz+ShvqQGRpg"
vary: X-China, accept-language, Accept-Encoding
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate
accept-ranges: bytes
x-cache-hits: 1

GET
H2 200 FAb6t5S7EsApqqx2ZyMXe9
play.vidyard.com/ 0
2 KB 77ms
22ms Other
text/html 151.101.193.181
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://play.vidyard.com/FAb6t5S7EsApqqx2ZyMXe9?disable_popouts=1&type=lightbox&v=4.3.14

Requested by

Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/public/146029e03b00cc2f496a6233c9dc954522001624dcc5

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.193.181 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600

Request headers

Referer: https://cybersecurity.att.com/
Origin: https://cybersecurity.att.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 17:51:50 GMT
content-encoding: gzip
via: 1.1 varnish
strict-transport-security: max-age=31557600
age: 404204
x-cache: HIT
content-length: 1481
x-served-by: cache-fra-eddf8230081-FRA
x-china: 0
referrer-policy: no-referrer-when-downgrade
x-timer: S1704736310.019200,VS0,VE1
etag: W/"df1-5t+YXpAFoRlHr0Nfz+ShvqQGRpg"
vary: X-China, accept-language, Accept-Encoding
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate
accept-ranges: bytes
x-cache-hits: 1

GET
H2 200 XwZyCKfKXbLhhBtQqFGT1L
play.vidyard.com/ 0
2 KB 79ms
24ms Other
text/html 151.101.193.181
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://play.vidyard.com/XwZyCKfKXbLhhBtQqFGT1L?disable_popouts=1&type=lightbox&v=4.3.14

Requested by

Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/public/146029e03b00cc2f496a6233c9dc954522001624dcc5

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.193.181 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600

Request headers

Referer: https://cybersecurity.att.com/
Origin: https://cybersecurity.att.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 17:51:50 GMT
content-encoding: gzip
via: 1.1 varnish
strict-transport-security: max-age=31557600
age: 323180
x-cache: HIT
content-length: 1481
x-served-by: cache-fra-eddf8230081-FRA
x-china: 0
referrer-policy: no-referrer-when-downgrade
x-timer: S1704736310.019095,VS0,VE3
etag: W/"df1-5t+YXpAFoRlHr0Nfz+ShvqQGRpg"
vary: X-China, accept-language, Accept-Encoding
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate
accept-ranges: bytes
x-cache-hits: 1

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 278 KB
92 KB 49ms
48ms Script
application/javascript 2a00:1450:4001:80b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-6VCF4BGSH2&l=dataLayer&cx=c

Requested by

Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/public/146029e03b00cc2f496a6233c9dc954522001624dcc5

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

dd8e50d554420109c5f803e0f39997eb476aade2b8023d77f54681c909165f31

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cybersecurity.att.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 17:51:50 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 93995
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 08 Jan 2024 17:51:50 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 67ms
20ms Script
text/javascript 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/public/146029e03b00cc2f496a6233c9dc954522001624dcc5

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cybersecurity.att.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 08 Jan 2024 17:48:17 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
server: Golfe2
age: 213
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Mon, 08 Jan 2024 19:48:17 GMT

GET
H2 200 bat.js Show response
bat.bing.com/ 45 KB
13 KB 118ms
47ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/public/146029e03b00cc2f496a6233c9dc954522001624dcc5

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

5e319852607809336b2534ffeb96f6933f26994dd040f535302c84f59cc0a214

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cybersecurity.att.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Mon, 08 Jan 2024 17:51:49 GMT
last-modified: Fri, 10 Nov 2023 20:09:55 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 6AD90D467C5740EA9A1C3DF25D100C48 Ref B: FRAEDGE1820 Ref C: 2024-01-08T17:51:50Z
etag: "80abcdf1114da1:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 13187

GET
H2 200 hotjar-1427386.js Show response
static.hotjar.com/c/ 9 KB
4 KB 98ms
36ms Script
application/javascript 18.66.192.39
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-1427386.js?sv=7

Requested by

Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/public/146029e03b00cc2f496a6233c9dc954522001624dcc5

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.192.39 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-192-39.muc50.r.cloudfront.net

Software

Resource Hash

03adcda6006819f6e8df8ae90580d4e30db2c237b08d487dcbe1ee31565f8ad7

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cybersecurity.att.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

strict-transport-security: max-age=2592000; includeSubDomains
content-encoding: br
x-content-type-options: nosniff
date: Mon, 08 Jan 2024 17:51:15 GMT
via: 1.1 8ebebe66cc8de626ee8e15b2ee72d826.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-P1
age: 35
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
etag: W/a777bf6647878dde52035128b4f85640
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
cache-control: max-age=60
x-amz-cf-id: BKX3oTDgohuvgA28odXa5UqjLovk7ZIWvXDhtKgWNpg3F_WHoAOBRA==

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 56 KB
15 KB 79ms
19ms Script
application/javascript 146.75.116.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/public/146029e03b00cc2f496a6233c9dc954522001624dcc5
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.75.116.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cybersecurity.att.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 17:51:50 GMT
content-encoding: gzip
last-modified: Thu, 27 Oct 2022 16:56:53 GMT
etag: "32ad004436155ec972bc50e6238b5b67+gzip+gzip"
vary: Accept-Encoding,Host
x-cache: HIT, HIT
content-type: application/javascript; charset=utf-8
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-tw-cdn: FT
cache-control: no-cache
accept-ranges: bytes
content-length: 15375
x-served-by: cache-iad-kjyo7100081-IAD, cache-fra-eddf8230098-FRA

GET
H2 200 664.js Show response
tracking.g2crowd.com/attribution_tracking/conversions/ 16 B
1 KB 191ms
141ms Script
text/javascript 2606:4700:4400::ac40:90e1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tracking.g2crowd.com/attribution_tracking/conversions/664.js?p=https://cybersecurity.att.com/blogs/labs-research/asyncrat-loader-obfuscation-dgas-decoys-and-govno&e=205267d5-77bd-437c-addd-9295e541d759

Requested by

Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/public/146029e03b00cc2f496a6233c9dc954522001624dcc5

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:90e1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3dae93a05edd9dcfc1864b87178a31e0bfa93e1a9b1c486c6e9cbf73cae87862

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .g2crowd.com .g2.com; connect-src 'self' .g2crowd.com .g2.com; font-src 'self' .g2crowd.com .g2.com; form-action 'self' .g2crowd.com .g2.com; frame-src 'self' .g2crowd.com .g2.com; img-src 'self' .g2crowd.com .g2.com; manifest-src 'self' .g2crowd.com .g2.com; media-src 'self' .g2crowd.com .g2.com; object-src 'self' .g2crowd.com .g2.com; script-src 'self' .g2crowd.com .g2.com; style-src 'self' .g2crowd.com .g2.com; worker-src 'self' .g2crowd.com .g2.com
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cybersecurity.att.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 17:51:50 GMT
strict-transport-security: max-age=604800
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
x-permitted-cross-domain-policies: none
content-security-policy: default-src 'self' *.g2crowd.com *.g2.com; connect-src 'self' *.g2crowd.com *.g2.com; font-src 'self' *.g2crowd.com *.g2.com; form-action 'self' *.g2crowd.com *.g2.com; frame-src 'self' *.g2crowd.com *.g2.com; img-src 'self' *.g2crowd.com *.g2.com; manifest-src 'self' *.g2crowd.com *.g2.com; media-src 'self' *.g2crowd.com *.g2.com; object-src 'self' *.g2crowd.com *.g2.com; script-src 'self' *.g2crowd.com *.g2.com; style-src 'self' *.g2crowd.com *.g2.com; worker-src 'self' *.g2crowd.com *.g2.com
x-xss-protection: 1; mode=block
x-request-id: 60993a60-893f-4418-a003-e83300cbcd1e
x-runtime: 0.005063
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"3dae93a05edd9dcfc1864b87178a31e0"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Origin
content-type: text/javascript; charset=utf-8
cache-control: max-age=600, public
cf-ray: 84264a71bc409a09-FRA

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 42 KB
15 KB 139ms
53ms Script
application/javascript 2a02:26f0:3500:16::215:148d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/public/146029e03b00cc2f496a6233c9dc954522001624dcc5

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:16::215:148d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

f0822081c33dc4a9cabd9255d574f89280925c4e1f833eefb49a966243014572

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cybersecurity.att.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 17:51:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Sun, 07 Jan 2024 16:03:13 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: max-age=71335
accept-ranges: bytes
content-length: 15605

GET
H2 200 vidyard-av.js Show response
cdn-cybersecurity.att.com/js/js/ 3 KB
1 KB 25ms
24ms Script
text/javascript 2600:9000:206f:5600:17:67d0:6300:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-cybersecurity.att.com/js/js/vidyard-av.js
Requested by: Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/public/146029e03b00cc2f496a6233c9dc954522001624dcc5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:5600:17:67d0:6300:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: dd83460970e90755ed9063639568642549102b1225a5934aa2d2066310d6a410

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cybersecurity.att.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Thu, 04 Jan 2024 23:57:46 GMT
x-amz-version-id: R02rYFSqp6zu61YLdqHoy2HrzaBQoVpz
content-encoding: gzip
via: 1.1 98997c223299d9efd138e7fb9a08a072.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 323644
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Thu, 04 Jan 2024 23:50:39 GMT
server: AmazonS3
etag: W/"5e559dde0e7210e4463c2d5359cd353a"
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=2592000,s-maxage=2592000
x-amz-cf-id: qkLIu57hMB911m7gg67MR1DznNJ-ESq-NhDb_3YROafcqV5XbdlfpQ==

GET
H2 200 tracking.js Show response
trk.techtarget.com/ 3 KB
2 KB 102ms
58ms Script
text/javascript 2606:4700:4400::6812:24c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://trk.techtarget.com/tracking.js
Requested by: Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/public/146029e03b00cc2f496a6233c9dc954522001624dcc5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:24c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0c07b854855b0e2bd7839c3659defa45307e96e281b3c00571d09f213eb6a76e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cybersecurity.att.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 17:51:50 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Tue, 13 Dec 2022 15:01:39 GMT
server: cloudflare
age: 56426
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=1200
cf-ray: 84264a723b39bbd1-FRA
expires: Mon, 08 Jan 2024 18:11:50 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 202 KB
54 KB 65ms
22ms Script
application/x-javascript 2a03:2880:f083:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/public/146029e03b00cc2f496a6233c9dc954522001624dcc5

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

2aa7779577c8f4ff268d5bbd5b13b7d577930c1824b43b4b5442d4c92a695154

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cybersecurity.att.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(), keyboard-map=(), picture-in-picture=(), xr-spatial-tracking=()
content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Mon, 08 Jan 2024 17:51:50 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 54372
x-xss-protection: 0
reporting-endpoints
pragma: public
x-fb-debug: jKqmTmIem2z+dnwsoAXVqao4KxcxyQ83cq/kvzyic1dRfge0RhvaoKNp/EeeNci8nGIu/GjKk91ZDqlZn/Yosw==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 183 KB
67 KB 35ms
35ms Script
application/javascript 2a00:1450:4001:80b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-6143919

Requested by

Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/public/146029e03b00cc2f496a6233c9dc954522001624dcc5

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

aec6a44d9d29b49215dec79272c1d39d6e261c467aa038a3e764ea05949d85c3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cybersecurity.att.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 17:51:50 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 68154
x-xss-protection: 0
last-modified: Mon, 08 Jan 2024 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 08 Jan 2024 17:51:50 GMT

GET
H/1.1 200
OK / Show response
servedby.flashtalking.com/container/1122;112310;11677;iframe/ Frame B90E 2 KB
1 KB 134ms
51ms Document
text/html 23.57.20.29
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://servedby.flashtalking.com/container/1122;112310;11677;iframe/?ft_referrer=https%3A%2F%2Fcybersecurity.att.com%2Fblogs%2Flabs-research%2Fasyncrat-loader-obfuscation-dgas-decoys-and-govno&cb=0.06590873608287873

Requested by

Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/public/146029e03b00cc2f496a6233c9dc954522001624dcc5

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.57.20.29 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-57-20-29.deploy.static.akamaitechnologies.com

Software

prod-xre-app3.frk11 /

Resource Hash

9cc10e008d890e09119df99be135351ade9f6574a80f47c9b834e886e5c165c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://cybersecurity.att.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 957
Content-Type: text/html
Date: Mon, 08 Jan 2024 17:51:50 GMT
Expires: Mon, 08 Jan 2024 17:51:50 GMT
Pragma: no-cache
Server: prod-xre-app3.frk11
Strict-Transport-Security: max-age=86400
Vary: Accept-Encoding

GET
H2 200 twitter.svg
platform-cdn.sharethis.com/img/ 368 B
779 B 84ms
21ms Image
image/svg+xml 2600:9000:2156:b200:1d:85c3:6640:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://platform-cdn.sharethis.com/img/twitter.svg

Requested by

Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/blogs/labs-research/asyncrat-loader-obfuscation-dgas-decoys-and-govno

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2156:b200:1d:85c3:6640:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

76ffdc5337cd5a509f15d70767b85a793aead82975d0d86912e1607e963c9aed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cybersecurity.att.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 17:51:33 GMT
via: 1.1 6ea9fcffa719a56ee2be748a73d37974.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Fri, 15 Sep 2023 16:58:49 GMT
server: AmazonS3
x-amz-cf-pop: FRA50-C1
age: 18
x-amz-server-side-encryption: AES256
etag: "2deb3d5121d475d195577a70b0a91a0c"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
accept-ranges: bytes
content-length: 368
x-amz-cf-id: 4D_VTxNJ7Sbv2D8R2smMrPmvsiXvpP6aYLS8Sv7ge6MXGfgZMIgLHg==

GET
H2 200 linkedin.svg
platform-cdn.sharethis.com/img/ 456 B
901 B 63ms
20ms Image
image/svg+xml 2600:9000:2156:b200:1d:85c3:6640:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://platform-cdn.sharethis.com/img/linkedin.svg

Requested by

Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/blogs/labs-research/asyncrat-loader-obfuscation-dgas-decoys-and-govno

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2156:b200:1d:85c3:6640:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

cb8c2b19fd9b56c41db14bd71b5c0616c1ba4e99b08c8e75084cf695f74b7120

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cybersecurity.att.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sun, 17 Dec 2023 10:33:05 GMT
via: 1.1 6ea9fcffa719a56ee2be748a73d37974.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: FRA50-C1
age: 1927125
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 456
last-modified: Thu, 10 Oct 2019 01:20:12 GMT
server: AmazonS3
etag: "fa43b4ede18498b114fc7185993f6da7"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=2592000
accept-ranges: bytes
x-amz-cf-id: KTQqYqerDdc_rcFo5VSlXjrszHTYDLqzwjc8YmfEMJ6TZo0gnWJlQw==

GET
H2 200 facebook.svg
platform-cdn.sharethis.com/img/ 301 B
743 B 63ms
21ms Image
image/svg+xml 2600:9000:2156:b200:1d:85c3:6640:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://platform-cdn.sharethis.com/img/facebook.svg

Requested by

Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/blogs/labs-research/asyncrat-loader-obfuscation-dgas-decoys-and-govno

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2156:b200:1d:85c3:6640:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

768d97ec0916217ae82c70aeda3a61b9b0dab344edc4a3240a4f7cd94af00307

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cybersecurity.att.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 09:00:30 GMT
via: 1.1 6ea9fcffa719a56ee2be748a73d37974.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: FRA50-C1
age: 1846281
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 301
last-modified: Thu, 10 Oct 2019 01:20:12 GMT
server: AmazonS3
etag: "c6e9be45643e197ce1db1d7e24a99adc"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=2592000
accept-ranges: bytes
x-amz-cf-id: PkuW_CVdHgUvIAb5igjetEjmqYU2UjZ7WtbhfxKqbOuevWJ-NsxFoA==

GET
H2 200 email.svg
platform-cdn.sharethis.com/img/ 343 B
785 B 40ms
22ms Image
image/svg+xml 2600:9000:2156:b200:1d:85c3:6640:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://platform-cdn.sharethis.com/img/email.svg

Requested by

Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/blogs/labs-research/asyncrat-loader-obfuscation-dgas-decoys-and-govno

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2156:b200:1d:85c3:6640:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

5f5012132c752db2433e17712d91ef8689f1bc95167b2720e23224c2ae62e009

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cybersecurity.att.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Sun, 17 Dec 2023 07:27:11 GMT
via: 1.1 6ea9fcffa719a56ee2be748a73d37974.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-cf-pop: FRA50-C1
age: 1938280
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 343
last-modified: Thu, 10 Oct 2019 01:20:12 GMT
server: AmazonS3
etag: "5977437466e857c7ddcadda6f6d88c2a"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=2592000
accept-ranges: bytes
x-amz-cf-id: u2jbWO1fFtK4TPjM28GH-B0pOvhxRQn0uAw1w1t_yoWYOmRUhrfQaQ==

GET
H2 200 v4.js Show response
play.vidyard.com/embed/ 70 KB
23 KB 44ms
44ms Script
application/javascript 151.101.193.181
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://play.vidyard.com/embed/v4.js

Requested by

Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/public/146029e03b00cc2f496a6233c9dc954522001624dcc5

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.193.181 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

e492e5bd630a86a679a9ead911fc5e1e155d75098344c375131c40470e97396d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cybersecurity.att.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-cache-hits: 68
date: Mon, 08 Jan 2024 17:51:50 GMT
content-encoding: gzip
via: 1.1 varnish
strict-transport-security: max-age=31557600
age: 30454
x-amz-server-side-encryption: AES256
x-cache: HIT
content-length: 23031
x-served-by: cache-fra-eddf8230126-FRA
x-china: 0
last-modified: Mon, 28 Aug 2023 17:07:01 GMT
etag: "d22850d6ed493dad3ff1a51479d730cc"
vary: X-China, accept-language, Accept-Encoding
content-type: application/javascript
cache-control: no-cache, no-store, must-revalidate
accept-ranges: bytes
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2

200

activityi;dc_pre=CMLnz9GtzoMDFZrIOwIdErQCNQ;src=6143919;type=abssb0;cat=abs_b003;ord=1;num=6031904385974;auiddc=144212742.1704736310;u1=https%3A%2F%2Fcybersecurity.att.com%2Fblogs%2Flabs-research%2... Show response
6143919.fls.doubleclick.net/ Frame E6F1
Redirect Chain

https://6143919.fls.doubleclick.net/activityi;src=6143919;type=abssb0;cat=abs_b003;ord=1;num=6031904385974;auiddc=144212742.1704736310;u1=https%3A%2F%2Fcybersecurity.att.com%2Fblogs%2Flabs-research...
https://6143919.fls.doubleclick.net/activityi;dc_pre=CMLnz9GtzoMDFZrIOwIdErQCNQ;src=6143919;type=abssb0;cat=abs_b003;ord=1;num=6031904385974;auiddc=144212742.1704736310;u1=https%3A%2F%2Fcybersecuri...

801 B
572 B

62ms
61ms

Document
text/html

142.250.186.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://6143919.fls.doubleclick.net/activityi;dc_pre=CMLnz9GtzoMDFZrIOwIdErQCNQ;src=6143919;type=abssb0;cat=abs_b003;ord=1;num=6031904385974;auiddc=144212742.1704736310;u1=https%3A%2F%2Fcybersecurity.att.com%2Fblogs%2Flabs-research%2Fasyncrat-loader-obfuscation-dgas-decoys-and-govno;u20=undefined;u30=undefined;gtm=45fe4130;gcd=11l1l1l1l1;dma_cps=sypham;dma=1;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fcybersecurity.att.com%2Fblogs%2Flabs-research%2Fasyncrat-loader-obfuscation-dgas-decoys-and-govno?

Requested by

Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/public/146029e03b00cc2f496a6233c9dc954522001624dcc5

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f6.1e100.net

Software

cafe /

Resource Hash

505b4584b163ebe24599f1d941134a434756232074a695cd4082353dd51b940c

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cybersecurity.att.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 396
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 08 Jan 2024 17:51:50 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 08 Jan 2024 17:51:50 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://6143919.fls.doubleclick.net/activityi;dc_pre=CMLnz9GtzoMDFZrIOwIdErQCNQ;src=6143919;type=abssb0;cat=abs_b003;ord=1;num=6031904385974;auiddc=144212742.1704736310;u1=https%3A%2F%2Fcybersecurity.att.com%2Fblogs%2Flabs-research%2Fasyncrat-loader-obfuscation-dgas-decoys-and-govno;u20=undefined;u30=undefined;gtm=45fe4130;gcd=11l1l1l1l1;dma_cps=sypham;dma=1;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fcybersecurity.att.com%2Fblogs%2Flabs-research%2Fasyncrat-loader-obfuscation-dgas-decoys-and-govno?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 204 collect
region1.analytics.google.com/g/ 0
249 B 74ms
27ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-6VCF4BGSH2&gtm=45je4130v897232629z8830085307&_gaz=1&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=1380548524.1704736310&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1704736310&sct=1&seg=0&dl=https%3A%2F%2Fcybersecurity.att.com%2Fblogs%2Flabs-research%2Fasyncrat-loader-obfuscation-dgas-decoys-and-govno&dt=AsyncRAT%20loader%3A%20Obfuscation%2C%20DGAs%2C%20decoys%20and%20Govno&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=884
Requested by: Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/public/146029e03b00cc2f496a6233c9dc954522001624dcc5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cybersecurity.att.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 17:51:50 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://cybersecurity.att.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
47 B 29ms
28ms Ping
text/plain 2a00:1450:400c:c0a::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-6VCF4BGSH2&cid=1380548524.1704736310&gtm=45je4130v897232629z8830085307&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1
Requested by: Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/public/146029e03b00cc2f496a6233c9dc954522001624dcc5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c0a::9d Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cybersecurity.att.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 17:51:50 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://cybersecurity.att.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
408 B 93ms
45ms Image
image/gif 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-6VCF4BGSH2&cid=1380548524.1704736310&gtm=45je4130v897232629z8830085307&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1&z=1173078510

Requested by

Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/blogs/labs-research/asyncrat-loader-obfuscation-dgas-decoys-and-govno

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cybersecurity.att.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 17:51:50 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 4 B
213 B 27ms
26ms XHR
text/plain 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=944740993&t=pageview&_s=1&dl=https%3A%2F%2Fcybersecurity.att.com%2Fblogs%2Flabs-research%2Fasyncrat-loader-obfuscation-dgas-decoys-and-govno&ul=en-us&de=UTF-8&dt=AsyncRAT%20loader%3A%20Obfuscation%2C%20DGAs%2C%20decoys%20and%20Govno&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAEABAAAAACAAI~&jid=1347340970&gjid=1809581831&cid=1380548524.1704736310&tid=UA-30202444-1&_gid=1040129244.1704736310&_r=1&_slc=1&gtm=45He4130n81KLJDXJNv830085307&cd10=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F120.0.6099.129%20Safari%2F537.36&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&z=789915553

Requested by

Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/public/146029e03b00cc2f496a6233c9dc954522001624dcc5

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://cybersecurity.att.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 17:51:50 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://cybersecurity.att.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 adsct
t.co/i/ 43 B
377 B 176ms
129ms Image
image/gif 104.244.42.133
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?bci=3&eci=2&event_id=7a0c8a75-7090-4bba-b28d-3d162e95421b&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=79559c63-0dea-4795-9a0b-0705bfa16fc8&tw_document_href=https%3A%2F%2Fcybersecurity.att.com%2Fblogs%2Flabs-research%2Fasyncrat-loader-obfuscation-dgas-decoys-and-govno&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nuzbm&type=javascript&version=2.3.29

Requested by

Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/blogs/labs-research/asyncrat-loader-obfuscation-dgas-decoys-and-govno

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.133 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cybersecurity.att.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-response-time: 110
date: Mon, 08 Jan 2024 17:51:49 GMT
strict-transport-security: max-age=0
server: tsa_o
content-type: image/gif;charset=utf-8
x-transaction-id: 93a39f420be9e9f9
cache-control: no-cache, no-store, max-age=0
perf: 7469935968
x-connection-hash: bacea3b884041cc6a79cff99aa78b775aa860db534b1f873f92df690b02a4d2c
content-length: 43

GET
H2 200 adsct
analytics.twitter.com/i/ 43 B
397 B 257ms
209ms Image
image/gif 104.244.42.3
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=7a0c8a75-7090-4bba-b28d-3d162e95421b&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=79559c63-0dea-4795-9a0b-0705bfa16fc8&tw_document_href=https%3A%2F%2Fcybersecurity.att.com%2Fblogs%2Flabs-research%2Fasyncrat-loader-obfuscation-dgas-decoys-and-govno&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nuzbm&type=javascript&version=2.3.29

Requested by

Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/blogs/labs-research/asyncrat-loader-obfuscation-dgas-decoys-and-govno

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.3 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cybersecurity.att.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-response-time: 188
date: Mon, 08 Jan 2024 17:51:49 GMT
strict-transport-security: max-age=631138519
server: tsa_o
content-type: image/gif;charset=utf-8
x-transaction-id: 74dd80f744cb099e
cache-control: no-cache, no-store, max-age=0
perf: 7469935968
x-connection-hash: 06b8d745e4c915417e7f318597303a4fd9d0a070fbef6e8fbd02441301e4630a
content-length: 43

GET
H2 200 modules.abdef350bc65bc59cb61.js Show response
script.hotjar.com/ 220 KB
55 KB 83ms
28ms Script
application/javascript 18.66.2.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.abdef350bc65bc59cb61.js

Requested by

Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/public/146029e03b00cc2f496a6233c9dc954522001624dcc5

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.2.12 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-2-12.txl50.r.cloudfront.net

Software

Resource Hash

5fc7c56821ed5ac0a40aecde186c558d6b846831cbd483f434ed862fd1b955c7

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cybersecurity.att.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 10:38:06 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=2592000; includeSubDomains
via: 1.1 88c4efc7a0d40cb6034579fa005452bc.cloudfront.net (CloudFront)
x-amz-cf-pop: TXL50-P1
age: 26024
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 55659
last-modified: Mon, 08 Jan 2024 10:37:27 GMT
etag: "80c44d9c04a527e3fdaa01818eb305c1"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: 0YdQRs1Jq0-yKBztIGc6iKjfMIAn13iA1XpaqfPzCrGQhXYNPQj6oA==

GET
H2 204 5036374.js Show response
bat.bing.com/p/action/ 0
117 B 43ms
43ms Script
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/5036374.js

Requested by

Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/public/146029e03b00cc2f496a6233c9dc954522001624dcc5

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cybersecurity.att.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
date: Mon, 08 Jan 2024 17:51:49 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: CDE4A3AFE2494A4EB5B537B6E9B63471 Ref B: FRAEDGE1820 Ref C: 2024-01-08T17:51:50Z
x-cache: CONFIG_NOCACHE

GET
H2 204 0
bat.bing.com/action/ 0
286 B 105ms
105ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=5036374&Ver=2&mid=76fd39d3-b098-47ea-8b85-b0eca7258fe8&sid=997f4590ae4e11eeb949a10a3814e993&vid=997f6960ae4e11ee9ee8fd158e8d4617&vids=1&msclkid=N&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=AsyncRAT%20loader%3A%20Obfuscation,%20DGAs,%20decoys%20and%20Govno&p=https%3A%2F%2Fcybersecurity.att.com%2Fblogs%2Flabs-research%2Fasyncrat-loader-obfuscation-dgas-decoys-and-govno&r=&evt=pageLoad&sv=1&rn=121729

Requested by

Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/blogs/labs-research/asyncrat-loader-obfuscation-dgas-decoys-and-govno

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cybersecurity.att.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 08 Jan 2024 17:51:49 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 14E4DD33B30745EAB7E7AAE6C1A6E2C6 Ref B: FRAEDGE1820 Ref C: 2024-01-08T17:51:50Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
353 B 82ms
27ms XHR
text/plain 2a00:1450:400c:c0a::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-30202444-1&cid=1380548524.1704736310&jid=1347340970&gjid=1809581831&_gid=1040129244.1704736310&_u=YADAAEAAAAAAACAAI~&z=1204920312

Requested by

Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/public/146029e03b00cc2f496a6233c9dc954522001624dcc5

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0a::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://cybersecurity.att.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Mon, 08 Jan 2024 17:51:50 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://cybersecurity.att.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK /
servedby.flashtalking.com/segment/2/read/a;;pixel/ Frame B90E 42 B
515 B 52ms
52ms Image
image/gif 23.57.20.29
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://servedby.flashtalking.com/segment/2/read/a;;pixel/?s=11677&d=cybersecurity.att.com&r=blogs/labs-research/asyncrat-loader-obfuscation-dgas-decoys-and-govno&cb=0.06590873608287873

Requested by

Host: servedby.flashtalking.com
URL: https://servedby.flashtalking.com/container/1122;112310;11677;iframe/?ft_referrer=https%3A%2F%2Fcybersecurity.att.com%2Fblogs%2Flabs-research%2Fasyncrat-loader-obfuscation-dgas-decoys-and-govno&cb=0.06590873608287873

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.57.20.29 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-57-20-29.deploy.static.akamaitechnologies.com

Software

prod-xre-app20.frk11 /

Resource Hash

47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://servedby.flashtalking.com/container/1122;112310;11677;iframe/?ft_referrer=https%3A%2F%2Fcybersecurity.att.com%2Fblogs%2Flabs-research%2Fasyncrat-loader-obfuscation-dgas-decoys-and-govno&cb=0.06590873608287873
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 08 Jan 2024 17:51:50 GMT
Strict-Transport-Security: max-age=86400
Server: prod-xre-app20.frk11
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 42
Expires: Mon, 08 Jan 2024 17:51:50 GMT

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=32249%2C68341&time=1704736310125&url=https%3A%2F%2Fcybersecurity.att.com%2Fblogs%2Flabs-research%2Fasyncrat-loader-obfuscation-dgas-decoys-and-govno
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=32249%2C68341&time=1704736310125&url=https%3A%2F%2Fcybersecurity.att.com%2Fblogs%2Flabs-research%2Fasyncrat-loader-obfuscation-dgas-decoys-and-gov...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D32249%252C68341%26time%3D1704736310125%26url%3Dhttps%253A%252F%252Fcybersecurity....
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=32249%2C68341&time=1704736310125&url=https%3A%2F%2Fcybersecurity.att.com%2Fblogs%2Flabs-research%2Fasyncrat-loader-obfuscation-dgas-decoys-and-gov...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=32249%2C68341&time=1704736310125&url=https%3A%2F%2Fcybersecurity.att.com%2Fblogs%2Flabs-research%2Fasyncrat-loader-obfuscation-dgas-decoys-and-go...

0
264 B

263ms
179ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=32249%2C68341&time=1704736310125&url=https%3A%2F%2Fcybersecurity.att.com%2Fblogs%2Flabs-research%2Fasyncrat-loader-obfuscation-dgas-decoys-and-govno&cookiesTest=true&liSync=true&e_ipv6=AQLL341On7WMpgAAAYzqM8YJxDHBaQlznS7ENzn0F4ZctDN-Id-fhLivgMqd7ZnCptdOvlYT9Uy0tGb6A6KRciuxeHJ7xA
Requested by: Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/blogs/labs-research/asyncrat-loader-obfuscation-dgas-decoys-and-govno
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cybersecurity.att.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 17:51:50 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: 7598A61DEE2E4958AB44111300F1E6FE Ref B: FRAEDGE1512 Ref C: 2024-01-08T17:51:50Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-ltx1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYOctpBfPN2eBlEHxK0FQ==

Redirect headers

date: Mon, 08 Jan 2024 17:51:50 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: 2EFE4EEC145746A68741E7AD254B407F Ref B: FRAEDGE1311 Ref C: 2024-01-08T17:51:50Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-ltx1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=32249%2C68341&time=1704736310125&url=https%3A%2F%2Fcybersecurity.att.com%2Fblogs%2Flabs-research%2Fasyncrat-loader-obfuscation-dgas-decoys-and-govno&cookiesTest=true&liSync=true&e_ipv6=AQLL341On7WMpgAAAYzqM8YJxDHBaQlznS7ENzn0F4ZctDN-Id-fhLivgMqd7ZnCptdOvlYT9Uy0tGb6A6KRciuxeHJ7xA
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYOcto9T6QPhJFAl7AXEQ==

POST
H2 204 / Show response
px.ads.linkedin.com/wa/ 0
643 B 333ms
272ms XHR
text/plain 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/wa/
Requested by: Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/public/146029e03b00cc2f496a6233c9dc954522001624dcc5
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: *
Referer: https://cybersecurity.att.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Mon, 08 Jan 2024 17:51:49 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: B50A453872914118BDF27145985A3F73 Ref B: FRAEDGE1311 Ref C: 2024-01-08T17:51:50Z
linkedin-action: 1
vary: Origin
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-ltx1
access-control-allow-origin: https://cybersecurity.att.com
x-li-source-fabric: prod-lor1
x-li-proto: http/2
access-control-allow-credentials: true
x-li-uuid: AAYOcto1yHb+1i8S4hdEeA==

GET
H2 200 gif.gif Show response
ibc-flow.techtarget.com/a/ 43 B
441 B 132ms
131ms XHR
image/gif 34.111.208.231
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=1232149&r=1704736310166&ref=https%3A%2F%2Fcybersecurity.att.com%2Fblogs%2Flabs-research%2Fasyncrat-loader-obfuscation-dgas-decoys-and-govno&version=2.4
Requested by: Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/public/146029e03b00cc2f496a6233c9dc954522001624dcc5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.208.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 231.208.111.34.bc.googleusercontent.com
Software: nginx/1.20.2 /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

ibc_rate_tier: 1232149
Referer: https://cybersecurity.att.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 17:51:50 GMT
via: 1.1 google
x-guploader-uploadid: ABPtcPpAILhVveRF1uHr92uYK8KMbzYsjWjYWrUi6G31Igl6K_0NdGAEDmom_71LBJdr0PPgaCw
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
last-modified: Thu, 08 Dec 2022 21:19:29 GMT
server: nginx/1.20.2
etag: "fc94fb0c3ed8a8f909dbc7630a0987ff"
vary: Origin
x-goog-generation: 1670534369365034
content-type: image/gif
access-control-allow-origin: *
x-goog-hash: crc32c=7uenZA==, md5=/JT7DD7YqPkJ28djCgmH/w==
cache-control: public, max-age=3600
access-control-allow-methods: GET, POST, OPTIONS
x-goog-stored-content-length: 43
accept-ranges: bytes
access-control-allow-headers: ibc_header,ibc_rate_tier,User-Agent,X-Requested-With,Cache-Control,Content-Type,Range
expires: Mon, 08 Jan 2024 18:51:50 GMT

OPTIONS
H2 200 gif.gif
ibc-flow.techtarget.com/a/ Frame 0
0 174ms
120ms Preflight
text/html 34.111.208.231
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=1232149&r=1704736310166&ref=https%3A%2F%2Fcybersecurity.att.com%2Fblogs%2Flabs-research%2Fasyncrat-loader-obfuscation-dgas-decoys-and-govno&version=2.4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.208.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 231.208.111.34.bc.googleusercontent.com
Software: nginx/1.20.2 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: ibc_rate_tier
Access-Control-Request-Method: GET
Origin: https://cybersecurity.att.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

access-control-allow-headers: ibc_header,ibc_rate_tier,User-Agent,X-Requested-With,Cache-Control,Content-Type,Range
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-length: 0
content-type: text/html; charset=UTF-8
date: Mon, 08 Jan 2024 17:51:50 GMT
expires: Mon, 08 Jan 2024 17:51:50 GMT
server: nginx/1.20.2
vary: Origin
via: 1.1 google
x-guploader-uploadid: ABPtcPr76QZo5WDAsNoEf5sZ2y872hjPLxcWntRRf5l8FP_ftBgSJRrbqBN65OG6W00SyFhpkok

GET
H2 200 561815144351253 Show response
connect.facebook.net/signals/config/ 133 KB
35 KB 180ms
180ms Script
application/x-javascript 2a03:2880:f083:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/561815144351253?v=2.9.139&r=stable&domain=cybersecurity.att.com

Requested by

Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/public/146029e03b00cc2f496a6233c9dc954522001624dcc5

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5bf0768758d0e3f602c1d01f8700eb0b764017276eb446fcdddd109da3334d1d

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cybersecurity.att.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(), keyboard-map=(), picture-in-picture=(), xr-spatial-tracking=()
content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Mon, 08 Jan 2024 17:51:50 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints
pragma: public
x-fb-debug: k9IRJYuoqqpvvf8PPxFGPEQ4AEsURuPaZ/XUluVNZqd2OOTbpxCFIsI1ZnWqYCpfnMSYM+eDi/x5TlUb5mf09Q==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
408 B 99ms
50ms Image
image/gif 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-30202444-1&cid=1380548524.1704736310&jid=1347340970&_u=YADAAEAAAAAAACAAI~&z=2037926826

Requested by

Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/blogs/labs-research/asyncrat-loader-obfuscation-dgas-decoys-and-govno

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cybersecurity.att.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 17:51:50 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 45ms
45ms Image
image/gif 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-30202444-1&cid=1380548524.1704736310&jid=1347340970&_u=YADAAEAAAAAAACAAI~&z=2037926826

Requested by

Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/blogs/labs-research/asyncrat-loader-obfuscation-dgas-decoys-and-govno

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cybersecurity.att.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 08 Jan 2024 17:51:50 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dc_pre=CMLnz9GtzoMDFZrIOwIdErQCNQ;src=6143919;type=abssb0;cat=abs_b003;ord=1;num=6031904385974;auiddc=144212742.1704736310;u1=https%3A%2F%2Fcybersecurity.att.com%2Fblogs%2Flabs-research%2Fasyncrat-... Show response
adservice.google.com/ddm/fls/i/ Frame 5B55 800 B
773 B 106ms
59ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/ddm/fls/i/dc_pre=CMLnz9GtzoMDFZrIOwIdErQCNQ;src=6143919;type=abssb0;cat=abs_b003;ord=1;num=6031904385974;auiddc=144212742.1704736310;u1=https%3A%2F%2Fcybersecurity.att.com%2Fblogs%2Flabs-research%2Fasyncrat-loader-obfuscation-dgas-decoys-and-govno;u20=undefined;u30=undefined;gtm=45fe4130;gcd=11l1l1l1l1;dma_cps=sypham;dma=1;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fcybersecurity.att.com%2Fblogs%2Flabs-research%2Fasyncrat-loader-obfuscation-dgas-decoys-and-govno

Requested by

Host: 6143919.fls.doubleclick.net
URL: https://6143919.fls.doubleclick.net/activityi;dc_pre=CMLnz9GtzoMDFZrIOwIdErQCNQ;src=6143919;type=abssb0;cat=abs_b003;ord=1;num=6031904385974;auiddc=144212742.1704736310;u1=https%3A%2F%2Fcybersecurity.att.com%2Fblogs%2Flabs-research%2Fasyncrat-loader-obfuscation-dgas-decoys-and-govno;u20=undefined;u30=undefined;gtm=45fe4130;gcd=11l1l1l1l1;dma_cps=sypham;dma=1;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fcybersecurity.att.com%2Fblogs%2Flabs-research%2Fasyncrat-loader-obfuscation-dgas-decoys-and-govno?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1c6b4352494618d9965191d4d579798d82e7785a9645cbe3ee6f0ae17451b9af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://6143919.fls.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 398
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 08 Jan 2024 17:51:50 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK elqCfg.min.js Show response
img03.en25.com/i/ 6 KB
3 KB 77ms
26ms Script
application/x-javascript 23.201.242.231
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://img03.en25.com/i/elqCfg.min.js

Requested by

Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/public/146029e03b00cc2f496a6233c9dc954522001624dcc5

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.201.242.231 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-201-242-231.deploy.static.akamaitechnologies.com

Software

Resource Hash

3346de8e2ae1bfde250c7ac5c06f79a0a60c7faef8e5e08a2c9e8fbf5ec2c9e8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cybersecurity.att.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Date: Mon, 08 Jan 2024 17:51:50 GMT
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
Connection: keep-alive
Content-Length: 2183
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Last-Modified: Wed, 04 Oct 2023 18:38:07 GMT
ETag: "b8e913ebf1f6d91:0"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: no-store
Accept-Ranges: bytes
X-Robots-Tag: noindex, nofollow
Expires: Mon, 08 Jan 2024 17:51:50 GMT

GET
H2 200 dc_pre=CMLnz9GtzoMDFZrIOwIdErQCNQ;src=6143919;type=abssb0;cat=abs_b003;ord=1;num=6031904385974;auiddc=144212742.1704736310;u1=https%3A%2F%2Fcybersecurity.att.com%2Fblogs%2Flabs-research%2Fasyncrat-... Show response
adservice.google.de/ddm/fls/i/ Frame 5B9E 194 B
515 B 110ms
58ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/ddm/fls/i/dc_pre=CMLnz9GtzoMDFZrIOwIdErQCNQ;src=6143919;type=abssb0;cat=abs_b003;ord=1;num=6031904385974;auiddc=144212742.1704736310;u1=https%3A%2F%2Fcybersecurity.att.com%2Fblogs%2Flabs-research%2Fasyncrat-loader-obfuscation-dgas-decoys-and-govno;u20=undefined;u30=undefined;gtm=45fe4130;gcd=11l1l1l1l1;dma_cps=sypham;dma=1;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fcybersecurity.att.com%2Fblogs%2Flabs-research%2Fasyncrat-loader-obfuscation-dgas-decoys-and-govno

Requested by

Host: adservice.google.com
URL: https://adservice.google.com/ddm/fls/i/dc_pre=CMLnz9GtzoMDFZrIOwIdErQCNQ;src=6143919;type=abssb0;cat=abs_b003;ord=1;num=6031904385974;auiddc=144212742.1704736310;u1=https%3A%2F%2Fcybersecurity.att.com%2Fblogs%2Flabs-research%2Fasyncrat-loader-obfuscation-dgas-decoys-and-govno;u20=undefined;u30=undefined;gtm=45fe4130;gcd=11l1l1l1l1;dma_cps=sypham;dma=1;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fcybersecurity.att.com%2Fblogs%2Flabs-research%2Fasyncrat-loader-obfuscation-dgas-decoys-and-govno

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

05978957c6c8b028f2785dc77271c286bfac76e30b7bcd7e835c2927fbe897cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://adservice.google.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 85
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 08 Jan 2024 17:51:50 GMT
expires: Mon, 08 Jan 2024 17:51:50 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 /
www.facebook.com/tr/ 0
185 B 70ms
22ms Image
text/plain 2a03:2880:f176:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=561815144351253&ev=PageView&dl=https%3A%2F%2Fcybersecurity.att.com%2Fblogs%2Flabs-research%2Fasyncrat-loader-obfuscation-dgas-decoys-and-govno&rl=&if=false&ts=1704736310386&sw=1600&sh=1200&v=2.9.139&r=stable&ec=0&o=4126&fbp=fb.1.1704736310385.1858038541&ler=empty&it=1704736310188&coo=false&rqm=GET

Requested by

Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/blogs/labs-research/asyncrat-loader-obfuscation-dgas-decoys-and-govno

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cybersecurity.att.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Mon, 08 Jan 2024 17:51:50 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H/1.1

200
OK

svrGP
cyber-tracking.att.com/visitor/v200/
Redirect Chain

https://cyber-tracking.att.com/visitor/v200/svrGP?pps=3&siteid=1086385399&ref=https%3A%2F%2Fcybersecurity.att.com%2Fblogs%2Flabs-research%2Fasyncrat-loader-obfuscation-dgas-decoys-and-govno&ref2=el...
https://cyber-tracking.att.com/visitor/v200/svrGP?pps=3&siteid=1086385399&ref=https%3A%2F%2Fcybersecurity.att.com%2Fblogs%2Flabs-research%2Fasyncrat-loader-obfuscation-dgas-decoys-and-govno&ref2=el...

49 B
496 B

199ms
198ms

Image
image/gif

130.35.203.128
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cyber-tracking.att.com/visitor/v200/svrGP?pps=3&siteid=1086385399&ref=https%3A%2F%2Fcybersecurity.att.com%2Fblogs%2Flabs-research%2Fasyncrat-loader-obfuscation-dgas-decoys-and-govno&ref2=elqNone&tzo=-60&ms=403&optin=disabled&elq1pcGUID=C90843B178F34FF69E3D7C7C572F7D1D

Requested by

Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/blogs/labs-research/asyncrat-loader-obfuscation-dgas-decoys-and-govno

Protocol

HTTP/1.1

Server

130.35.203.128 Ashburn, United States, ASN31898 (ORACLE-BMC-31898, US),

Reverse DNS

Software

Resource Hash

f1ccea6b7204d9f7913ab45e1afa51d79f83bd4f0319de937b0132e6e02b1aab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cybersecurity.att.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 08 Jan 2024 17:51:50 GMT
X-Content-Type-Options: nosniff
Content-Type: image/gif
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
Cache-Control: no-store
X-Robots-Tag: noindex, nofollow
Content-Length: 49
X-Xss-Protection: 1; mode=block
Expires: -1

Redirect headers

Pragma: no-cache
Date: Mon, 08 Jan 2024 17:51:50 GMT
X-Content-Type-Options: nosniff
Content-Type: text/html; charset=utf-8
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
Location: https://cyber-tracking.att.com/visitor/v200/svrGP?pps=3&siteid=1086385399&ref=https%3A%2F%2Fcybersecurity.att.com%2Fblogs%2Flabs-research%2Fasyncrat-loader-obfuscation-dgas-decoys-and-govno&ref2=elqNone&tzo=-60&ms=403&optin=disabled&elq1pcGUID=C90843B178F34FF69E3D7C7C572F7D1D
Cache-Control: no-store
X-Robots-Tag: noindex, nofollow
Content-Length: 421
X-Xss-Protection: 1; mode=block
Expires: -1

GET
BLOB 200
OK 1cfa14e0-bef7-447e-b3bc-9dcc91f5be90
https://cybersecurity.att.com/ 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: blob:https://cybersecurity.att.com/1cfa14e0-bef7-447e-b3bc-9dcc91f5be90
Requested by: Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/blogs/labs-research/asyncrat-loader-obfuscation-dgas-decoys-and-govno
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Length: 43
Content-Type: image/gif

GET
H2 200 X9kFNr531rsCWxZpcaEDus.json Show response
play.vidyard.com/player/ 17 KB
6 KB 43ms
43ms XHR
application/json 151.101.193.181
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://play.vidyard.com/player/X9kFNr531rsCWxZpcaEDus.json?pomo=0&pomo_reason=fetchMetaData

Requested by

Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/public/146029e03b00cc2f496a6233c9dc954522001624dcc5

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.193.181 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

8fe7d918125bd5fb17a999b3262b2520314bf39378c292787187325505d30da0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600

Request headers

Referer: https://cybersecurity.att.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 08 Jan 2024 17:51:51 GMT
content-encoding: gzip
via: 1.1 varnish
strict-transport-security: max-age=31557600
age: 1370071
x-cache: HIT
content-length: 5684
x-served-by: cache-fra-eddf8230081-FRA
x-china: 0
referrer-policy: no-referrer-when-downgrade
x-timer: S1704736311.456685,VS0,VE2
etag: W/"445a-29Ej+DsHZHfO+kFOjegc6AFL7OY"
vary: X-China, accept-language, Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate
accept-ranges: bytes
x-cache-hits: 1

GET
H2 200 style.js Show response
play.vidyard.com/v4/X9kFNr531rsCWxZpcaEDus/ 176 B
297 B 23ms
22ms Script
text/javascript 151.101.193.181
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://play.vidyard.com/v4/X9kFNr531rsCWxZpcaEDus/style.js?callback=window.VidyardV4.jsonp.style_X9kFNr531rsCWxZpcaEDus.done

Requested by

Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/public/146029e03b00cc2f496a6233c9dc954522001624dcc5

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.193.181 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

67eef39f32ed18bab031783ef73a7f670a3f2d24a6d55f401202d3773466dfa8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cybersecurity.att.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 17:51:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31557600
via: 1.1 varnish
age: 1370071
x-cache: HIT
content-length: 139
x-served-by: cache-fra-eddf8230126-FRA
x-china: 0
referrer-policy: no-referrer-when-downgrade
x-timer: S1704736311.437336,VS0,VE2
etag: W/"b0-/bZFMJRb9JFT1TgxwpvJZ9MSa68"
vary: X-China, accept-language, Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate
accept-ranges: bytes
x-cache-hits: 1

GET
H2 200 integrations.js Show response
play.vidyard.com/v4/X9kFNr531rsCWxZpcaEDus/ 195 B
428 B 22ms
22ms Script
text/javascript 151.101.193.181
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://play.vidyard.com/v4/X9kFNr531rsCWxZpcaEDus/integrations.js?callback=window.VidyardV4.jsonp.integrations_X9kFNr531rsCWxZpcaEDus.done

Requested by

Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/public/146029e03b00cc2f496a6233c9dc954522001624dcc5

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.193.181 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

0ddc32c321bd6cb568436aeb3d797a5a3dfe3d921e596db194d86e0e97eba896

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cybersecurity.att.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 17:51:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31557600
via: 1.1 varnish
age: 1370071
x-cache: HIT
content-length: 150
x-served-by: cache-fra-eddf8230126-FRA
x-china: 0
referrer-policy: no-referrer-when-downgrade
x-timer: S1704736311.437896,VS0,VE1
etag: W/"c3-CP1kg3psvRny6pFT7i07yUWdK3w"
vary: X-China, accept-language, Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate
accept-ranges: bytes
x-cache-hits: 1

GET
H2 200 details.js Show response
play.vidyard.com/v4/X9kFNr531rsCWxZpcaEDus/ 152 B
209 B 23ms
23ms Script
text/javascript 151.101.193.181
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://play.vidyard.com/v4/X9kFNr531rsCWxZpcaEDus/details.js?callback=window.VidyardV4.jsonp.details_X9kFNr531rsCWxZpcaEDus.done

Requested by

Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/public/146029e03b00cc2f496a6233c9dc954522001624dcc5

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.193.181 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

88f6807e63a6225876e6ba564c87b570e8a8a280b98c453c58a6dedb90c0e7ab

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cybersecurity.att.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 17:51:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31557600
via: 1.1 varnish
age: 1370071
x-cache: HIT
content-length: 115
x-served-by: cache-fra-eddf8230126-FRA
x-china: 0
referrer-policy: no-referrer-when-downgrade
x-timer: S1704736311.438629,VS0,VE2
etag: W/"98-ZWDR17mypvWrTshdKpIL4l8cr5M"
vary: X-China, accept-language, Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate
accept-ranges: bytes
x-cache-hits: 1

GET
H2 200 FAb6t5S7EsApqqx2ZyMXe9.json Show response
play.vidyard.com/player/ 17 KB
6 KB 41ms
41ms XHR
application/json 151.101.193.181
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://play.vidyard.com/player/FAb6t5S7EsApqqx2ZyMXe9.json?pomo=0&pomo_reason=fetchMetaData

Requested by

Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/public/146029e03b00cc2f496a6233c9dc954522001624dcc5

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.193.181 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

aacb8e193251400b5172e58566164f9117aa68428ecb58b0b56bc03facb6b4f3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600

Request headers

Referer: https://cybersecurity.att.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 08 Jan 2024 17:51:51 GMT
content-encoding: gzip
via: 1.1 varnish
strict-transport-security: max-age=31557600
age: 413264
x-cache: HIT
content-length: 5685
x-served-by: cache-fra-eddf8230081-FRA
x-china: 0
referrer-policy: no-referrer-when-downgrade
x-timer: S1704736311.456588,VS0,VE1
etag: W/"43f8-g/ENBrqa2JIG8iL905WR68Sygp0"
vary: X-China, accept-language, Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate
accept-ranges: bytes
x-cache-hits: 3

GET
H2 200 style.js Show response
play.vidyard.com/v4/FAb6t5S7EsApqqx2ZyMXe9/ 176 B
239 B 23ms
22ms Script
text/javascript 151.101.193.181
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://play.vidyard.com/v4/FAb6t5S7EsApqqx2ZyMXe9/style.js?callback=window.VidyardV4.jsonp.style_FAb6t5S7EsApqqx2ZyMXe9.done

Requested by

Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/public/146029e03b00cc2f496a6233c9dc954522001624dcc5

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.193.181 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

3dce6a2fc2b22cb9772db45565372ba208ce31c42c25766646e1e0cc3328f0e4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cybersecurity.att.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 17:51:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31557600
via: 1.1 varnish
age: 1201823
x-cache: HIT
content-length: 139
x-served-by: cache-fra-eddf8230126-FRA
x-china: 0
referrer-policy: no-referrer-when-downgrade
x-timer: S1704736311.440022,VS0,VE1
etag: W/"b0-t0ELrGtDhcywSkAnRhVSbLPaVd8"
vary: X-China, accept-language, Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate
accept-ranges: bytes
x-cache-hits: 1

GET
H2 200 integrations.js Show response
play.vidyard.com/v4/FAb6t5S7EsApqqx2ZyMXe9/ 195 B
250 B 23ms
23ms Script
text/javascript 151.101.193.181
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://play.vidyard.com/v4/FAb6t5S7EsApqqx2ZyMXe9/integrations.js?callback=window.VidyardV4.jsonp.integrations_FAb6t5S7EsApqqx2ZyMXe9.done

Requested by

Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/public/146029e03b00cc2f496a6233c9dc954522001624dcc5

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.193.181 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

9a243d3dbdad166e5f9abd48775aeceb98892133311f52a6a34b1b5c1d5e37ec

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cybersecurity.att.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 17:51:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31557600
via: 1.1 varnish
age: 487154
x-cache: HIT
content-length: 150
x-served-by: cache-fra-eddf8230126-FRA
x-china: 0
referrer-policy: no-referrer-when-downgrade
x-timer: S1704736311.440515,VS0,VE2
etag: W/"c3-pX8UoEKWA84Rgy8WPBIuecyCnC8"
vary: X-China, accept-language, Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate
accept-ranges: bytes
x-cache-hits: 1

GET
H2 200 details.js Show response
play.vidyard.com/v4/FAb6t5S7EsApqqx2ZyMXe9/ 152 B
211 B 24ms
24ms Script
text/javascript 151.101.193.181
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://play.vidyard.com/v4/FAb6t5S7EsApqqx2ZyMXe9/details.js?callback=window.VidyardV4.jsonp.details_FAb6t5S7EsApqqx2ZyMXe9.done

Requested by

Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/public/146029e03b00cc2f496a6233c9dc954522001624dcc5

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.193.181 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

c61fd9836449f1d0984ba4b59dfefb94d5464ef0ddfb443a02d5103d03e0c56b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cybersecurity.att.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 17:51:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31557600
via: 1.1 varnish
age: 1201823
x-cache: HIT
content-length: 115
x-served-by: cache-fra-eddf8230126-FRA
x-china: 0
referrer-policy: no-referrer-when-downgrade
x-timer: S1704736311.440984,VS0,VE3
etag: W/"98-jZFvTyDKpbXIBpwtSyPEvyURFVk"
vary: X-China, accept-language, Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate
accept-ranges: bytes
x-cache-hits: 1

GET
H2 200 XwZyCKfKXbLhhBtQqFGT1L.json Show response
play.vidyard.com/player/ 17 KB
6 KB 45ms
45ms XHR
application/json 151.101.193.181
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://play.vidyard.com/player/XwZyCKfKXbLhhBtQqFGT1L.json?pomo=0&pomo_reason=fetchMetaData

Requested by

Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/public/146029e03b00cc2f496a6233c9dc954522001624dcc5

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.193.181 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

b1943f77bf0047dbf9cd1ccaa7c98807cfe2baef3045e110cd809be3a1f350df

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600

Request headers

Referer: https://cybersecurity.att.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 08 Jan 2024 17:51:51 GMT
content-encoding: gzip
via: 1.1 varnish
strict-transport-security: max-age=31557600
age: 302211
x-cache: HIT
content-length: 5745
x-served-by: cache-fra-eddf8230081-FRA
x-china: 0
referrer-policy: no-referrer-when-downgrade
x-timer: S1704736311.456561,VS0,VE5
etag: W/"4560-inbPLaDQ2uoQFdk19GRCij1ROAE"
vary: X-China, accept-language, Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate
accept-ranges: bytes
x-cache-hits: 1

GET
H2 200 style.js Show response
play.vidyard.com/v4/XwZyCKfKXbLhhBtQqFGT1L/ 176 B
241 B 22ms
22ms Script
text/javascript 151.101.193.181
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://play.vidyard.com/v4/XwZyCKfKXbLhhBtQqFGT1L/style.js?callback=window.VidyardV4.jsonp.style_XwZyCKfKXbLhhBtQqFGT1L.done

Requested by

Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/public/146029e03b00cc2f496a6233c9dc954522001624dcc5

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.193.181 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

9a1b631bfd32d91c583a32c8d89b90580faff44e9921ff51b2e80a8439008d79

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cybersecurity.att.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 17:51:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31557600
via: 1.1 varnish
age: 385227
x-cache: HIT
content-length: 139
x-served-by: cache-fra-eddf8230126-FRA
x-china: 0
referrer-policy: no-referrer-when-downgrade
x-timer: S1704736311.441887,VS0,VE1
etag: W/"b0-6dFP6zM/GOPFwYXMpqwuEFJvP5Q"
vary: X-China, accept-language, Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate
accept-ranges: bytes
x-cache-hits: 1

GET
H2 200 integrations.js Show response
play.vidyard.com/v4/XwZyCKfKXbLhhBtQqFGT1L/ 195 B
315 B 24ms
24ms Script
text/javascript 151.101.193.181
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://play.vidyard.com/v4/XwZyCKfKXbLhhBtQqFGT1L/integrations.js?callback=window.VidyardV4.jsonp.integrations_XwZyCKfKXbLhhBtQqFGT1L.done

Requested by

Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/public/146029e03b00cc2f496a6233c9dc954522001624dcc5

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.193.181 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

c7c8c05e280ecbc92fa1b448c7d6d9730672499632539b986b985eea09ecc6fb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cybersecurity.att.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 17:51:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31557600
via: 1.1 varnish
age: 1384904
x-cache: HIT
content-length: 150
x-served-by: cache-fra-eddf8230126-FRA
x-china: 0
referrer-policy: no-referrer-when-downgrade
x-timer: S1704736311.442428,VS0,VE2
etag: W/"c3-Ht2Uix5PGrzu2SnqnCK26WiD1mc"
vary: X-China, accept-language, Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate
accept-ranges: bytes
x-cache-hits: 1

GET
H2 200 details.js Show response
play.vidyard.com/v4/XwZyCKfKXbLhhBtQqFGT1L/ 152 B
395 B 23ms
23ms Script
text/javascript 151.101.193.181
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://play.vidyard.com/v4/XwZyCKfKXbLhhBtQqFGT1L/details.js?callback=window.VidyardV4.jsonp.details_XwZyCKfKXbLhhBtQqFGT1L.done

Requested by

Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/public/146029e03b00cc2f496a6233c9dc954522001624dcc5

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.193.181 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

1583da16beb8562346d9d0352267b8b3497732451111fcc8ae063359c66a9002

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cybersecurity.att.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 17:51:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31557600
via: 1.1 varnish
age: 1384904
x-cache: HIT
content-length: 115
x-served-by: cache-fra-eddf8230126-FRA
x-china: 0
referrer-policy: no-referrer-when-downgrade
x-timer: S1704736311.442895,VS0,VE1
etag: W/"98-3DvJxYRk+h6Eyv3p7onvKjMGrzw"
vary: X-China, accept-language, Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate
accept-ranges: bytes
x-cache-hits: 1

GET
H2 200 FAb6t5S7EsApqqx2ZyMXe9.json Show response
play.vidyard.com/player/ 17 KB
6 KB 37ms
36ms XHR
application/json 151.101.193.181
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://play.vidyard.com/player/FAb6t5S7EsApqqx2ZyMXe9.json?pomo=0&pomo_reason=fetchMetaData

Requested by

Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/public/146029e03b00cc2f496a6233c9dc954522001624dcc5

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.193.181 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

aacb8e193251400b5172e58566164f9117aa68428ecb58b0b56bc03facb6b4f3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600

Request headers

Referer: https://cybersecurity.att.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 08 Jan 2024 17:51:51 GMT
content-encoding: gzip
via: 1.1 varnish
strict-transport-security: max-age=31557600
age: 413264
x-cache: HIT
content-length: 5685
x-served-by: cache-fra-eddf8230081-FRA
x-china: 0
referrer-policy: no-referrer-when-downgrade
x-timer: S1704736311.456133,VS0,VE1
etag: W/"43f8-g/ENBrqa2JIG8iL905WR68Sygp0"
vary: X-China, accept-language, Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate
accept-ranges: bytes
x-cache-hits: 1

GET
H2 200 FAb6t5S7EsApqqx2ZyMXe9.json Show response
play.vidyard.com/player/ 17 KB
6 KB 35ms
34ms XHR
application/json 151.101.193.181
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://play.vidyard.com/player/FAb6t5S7EsApqqx2ZyMXe9.json?pomo=0&pomo_reason=fetchMetaData

Requested by

Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/public/146029e03b00cc2f496a6233c9dc954522001624dcc5

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.193.181 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

aacb8e193251400b5172e58566164f9117aa68428ecb58b0b56bc03facb6b4f3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600

Request headers

Referer: https://cybersecurity.att.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 08 Jan 2024 17:51:51 GMT
content-encoding: gzip
via: 1.1 varnish
strict-transport-security: max-age=31557600
age: 413264
x-cache: HIT
content-length: 5685
x-served-by: cache-fra-eddf8230081-FRA
x-china: 0
referrer-policy: no-referrer-when-downgrade
x-timer: S1704736311.456282,VS0,VE1
etag: W/"43f8-g/ENBrqa2JIG8iL905WR68Sygp0"
vary: X-China, accept-language, Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate
accept-ranges: bytes
x-cache-hits: 2

GET
H2

200

4d268a6989beac32dd7f0e.jpg
cdn.vidyard.com/thumbnails/uwgbSASDRvNjM84PXr3LPw/
Redirect Chain

https://play.vidyard.com/X9kFNr531rsCWxZpcaEDus.jpg
https://cdn.vidyard.com/thumbnails/uwgbSASDRvNjM84PXr3LPw/4d268a6989beac32dd7f0e.jpg

68 KB
68 KB

28ms
28ms

Image
image/jpeg

18.173.154.122
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.vidyard.com/thumbnails/uwgbSASDRvNjM84PXr3LPw/4d268a6989beac32dd7f0e.jpg
Protocol: H2
Server: 18.173.154.122 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-173-154-122.muc50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: b4d17558f9e11c74234110154d2e549b75dfcaddfb7dd2d34cfaeaaba4c3f8cb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cybersecurity.att.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 11:01:01 GMT
x-amz-version-id: null
via: 1.1 918459d66ab0cca4258acacb6d3f6edc.cloudfront.net (CloudFront)
x-cdn: cloudfront
x-amz-cf-pop: MUC50-P3
age: 283851
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 69136
last-modified: Wed, 08 Nov 2017 17:52:22 GMT
server: AmazonS3
etag: "c185a15f9c2fc9a9705ed4b8585fd4d3"
vary: Origin
content-type: image/jpeg
accept-ranges: bytes
x-amz-cf-id: XCtmd1KPKP2W5sGV_crV9Nm5GqYlTzPsSCywsC9sO_JZWXWfrE_r_Q==

Redirect headers

date: Mon, 08 Jan 2024 17:51:51 GMT
via: 1.1 varnish
strict-transport-security: max-age=31557600
age: 438715
x-cache: HIT
content-length: 106
x-served-by: cache-fra-eddf8230126-FRA
x-china: 0
referrer-policy: no-referrer-when-downgrade
x-timer: S1704736311.447781,VS0,VE0
vary: Accept, X-China, accept-language
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
location: https://cdn.vidyard.com/thumbnails/uwgbSASDRvNjM84PXr3LPw/4d268a6989beac32dd7f0e.jpg
cache-control: no-store, no-cache, must-revalidate
accept-ranges: bytes
x-cache-hits: 2

GET
H2

200

nN5laXYAh6ch8qpf7LIXtxNk_mduSTTA.jpg
cdn.vidyard.com/thumbnails/1331553/
Redirect Chain

https://play.vidyard.com/FAb6t5S7EsApqqx2ZyMXe9.jpg
https://cdn.vidyard.com/thumbnails/1331553/nN5laXYAh6ch8qpf7LIXtxNk_mduSTTA.jpg

45 KB
46 KB

28ms
28ms

Image
image/jpeg

18.173.154.122
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.vidyard.com/thumbnails/1331553/nN5laXYAh6ch8qpf7LIXtxNk_mduSTTA.jpg
Protocol: H2
Server: 18.173.154.122 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-173-154-122.muc50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 28bc1d87ef42dd726292dc6d88cdd5c4b2d06c40ecd932e6e1e0de670f2cb348

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cybersecurity.att.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 10:00:39 GMT
x-amz-version-id: null
via: 1.1 918459d66ab0cca4258acacb6d3f6edc.cloudfront.net (CloudFront)
x-cdn: cloudfront
x-amz-cf-pop: MUC50-P3
age: 287472
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 46235
last-modified: Tue, 19 Sep 2017 23:39:46 GMT
server: AmazonS3
etag: "a91c9f2512e7c642c68d9ef10daa494b"
vary: Origin
content-type: image/jpeg
accept-ranges: bytes
x-amz-cf-id: e9maAtMclOxpJ6PZOzcLudajMPGvc5TOmaeOjX2qoQFkyIO0QSrv7Q==

Redirect headers

date: Mon, 08 Jan 2024 17:51:51 GMT
via: 1.1 varnish
strict-transport-security: max-age=31557600
age: 402775
x-cache: HIT
content-length: 101
x-served-by: cache-fra-eddf8230126-FRA
x-china: 0
referrer-policy: no-referrer-when-downgrade
x-timer: S1704736311.456147,VS0,VE0
vary: Accept, X-China, accept-language
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
location: https://cdn.vidyard.com/thumbnails/1331553/nN5laXYAh6ch8qpf7LIXtxNk_mduSTTA.jpg
cache-control: no-store, no-cache, must-revalidate
accept-ranges: bytes
x-cache-hits: 2

GET
H2

200

d07d1814f8eec1270689cd.jpg
cdn.vidyard.com/thumbnails/y0wRK2jnQ23lIwnnFWRnTg/
Redirect Chain

https://play.vidyard.com/XwZyCKfKXbLhhBtQqFGT1L.jpg
https://cdn.vidyard.com/thumbnails/y0wRK2jnQ23lIwnnFWRnTg/d07d1814f8eec1270689cd.jpg

59 KB
60 KB

28ms
28ms

Image
image/jpeg

18.173.154.122
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.vidyard.com/thumbnails/y0wRK2jnQ23lIwnnFWRnTg/d07d1814f8eec1270689cd.jpg
Protocol: H2
Server: 18.173.154.122 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-173-154-122.muc50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d83bd57a9e4f4db44ff5451dc17c60a8c00935a52eb8e85dd807aab83d0d8313

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cybersecurity.att.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Fri, 05 Jan 2024 11:15:08 GMT
x-amz-version-id: null
via: 1.1 918459d66ab0cca4258acacb6d3f6edc.cloudfront.net (CloudFront)
x-cdn: cloudfront
x-amz-cf-pop: MUC50-P3
age: 283004
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 60723
last-modified: Wed, 08 Nov 2017 17:28:03 GMT
server: AmazonS3
etag: "e014e5690d6dc1ed2e25155b0eaabca1"
vary: Origin
content-type: image/jpeg
accept-ranges: bytes
x-amz-cf-id: jT5XqrdlBkfdKmijQqLTJxl_MW49bKM0nFh0xHuDwVHdFADEtV6gnw==

Redirect headers

date: Mon, 08 Jan 2024 17:51:51 GMT
via: 1.1 varnish
strict-transport-security: max-age=31557600
age: 932830
x-cache: HIT
content-length: 106
x-served-by: cache-fra-eddf8230126-FRA
x-china: 0
referrer-policy: no-referrer-when-downgrade
x-timer: S1704736311.456053,VS0,VE0
vary: Accept, X-China, accept-language
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
location: https://cdn.vidyard.com/thumbnails/y0wRK2jnQ23lIwnnFWRnTg/d07d1814f8eec1270689cd.jpg
cache-control: no-store, no-cache, must-revalidate
accept-ranges: bytes
x-cache-hits: 2

GET
H2 200 X9kFNr531rsCWxZpcaEDus
play.vidyard.com/ 0
2 KB 29ms
29ms Other
text/html 151.101.193.181
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://play.vidyard.com/X9kFNr531rsCWxZpcaEDus?disable_popouts=1&type=lightbox&v=4.3.14&rendered=true

Requested by

Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/public/146029e03b00cc2f496a6233c9dc954522001624dcc5

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.193.181 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600

Request headers

Referer: https://cybersecurity.att.com/
Origin: https://cybersecurity.att.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 17:51:51 GMT
content-encoding: gzip
via: 1.1 varnish
strict-transport-security: max-age=31557600
age: 1082290
x-cache: HIT
content-length: 1481
x-served-by: cache-fra-eddf8230081-FRA
x-china: 0
referrer-policy: no-referrer-when-downgrade
x-timer: S1704736311.456112,VS0,VE0
etag: W/"df1-5t+YXpAFoRlHr0Nfz+ShvqQGRpg"
vary: X-China, accept-language, Accept-Encoding
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate
accept-ranges: bytes
x-cache-hits: 2

GET
H2 200 FAb6t5S7EsApqqx2ZyMXe9
play.vidyard.com/ 0
2 KB 29ms
29ms Other
text/html 151.101.193.181
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://play.vidyard.com/FAb6t5S7EsApqqx2ZyMXe9?disable_popouts=1&type=lightbox&v=4.3.14&rendered=true

Requested by

Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/public/146029e03b00cc2f496a6233c9dc954522001624dcc5

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.193.181 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600

Request headers

Referer: https://cybersecurity.att.com/
Origin: https://cybersecurity.att.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 17:51:51 GMT
content-encoding: gzip
via: 1.1 varnish
strict-transport-security: max-age=31557600
age: 404205
x-cache: HIT
content-length: 1481
x-served-by: cache-fra-eddf8230081-FRA
x-china: 0
referrer-policy: no-referrer-when-downgrade
x-timer: S1704736311.456078,VS0,VE0
etag: W/"df1-5t+YXpAFoRlHr0Nfz+ShvqQGRpg"
vary: X-China, accept-language, Accept-Encoding
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate
accept-ranges: bytes
x-cache-hits: 2

GET
H2 200 XwZyCKfKXbLhhBtQqFGT1L
play.vidyard.com/ 0
2 KB 31ms
31ms Other
text/html 151.101.193.181
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://play.vidyard.com/XwZyCKfKXbLhhBtQqFGT1L?disable_popouts=1&type=lightbox&v=4.3.14&rendered=true

Requested by

Host: cybersecurity.att.com
URL: https://cybersecurity.att.com/public/146029e03b00cc2f496a6233c9dc954522001624dcc5

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.193.181 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600

Request headers

Referer: https://cybersecurity.att.com/
Origin: https://cybersecurity.att.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date: Mon, 08 Jan 2024 17:51:51 GMT
content-encoding: gzip
via: 1.1 varnish
strict-transport-security: max-age=31557600
age: 323181
x-cache: HIT
content-length: 1481
x-served-by: cache-fra-eddf8230081-FRA
x-china: 0
referrer-policy: no-referrer-when-downgrade
x-timer: S1704736311.456210,VS0,VE1
etag: W/"df1-5t+YXpAFoRlHr0Nfz+ShvqQGRpg"
vary: X-China, accept-language, Accept-Encoding
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate
accept-ranges: bytes
x-cache-hits: 2

Verdicts & Comments Add Verdict or Comment

133 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

55 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
cybersecurity.att.com/	1970-01-20 17:42:21	Name: AWSALBTG Value: ebmjt7XPfS9XzFjgYDX9iS1ShbNeb8bB97/kDCfKuTDDgMVrGMlgiOHMIYujsnhR1xR9b1pT5w+rWCix3wbgY0vLXHRqIaG+6YW/QudBjcLHXumQwlrCvm554B6rw6MjYMqbZCXovrFb88tJN0BAnY0dZZz3DnBaVhd1UPUA21ff
cybersecurity.att.com/	1970-01-20 17:42:21	Name: AWSALB Value: qY2MLNnYWfsmD0nrkw24VAR7go5aOOYPLUNdtCT3jmH3qLvx2ra2/PzwjPsRvFCI6VIfeoH6Hw8qO+PqnZoCc1e6pqHZR682EmChm6TxolEgrtTKz2zqiHFpBSWZ
.att.com/	1970-01-20 17:32:23	Name: ak_bmsc Value: A47A52D753A89D27853754159181AC28~000000000000000000000000000000~YAAQFwcXAvqmW1aMAQAALcEz6hacmrlWQGCfmLFiHexxbHxBREo/sOxZ2pUIb5XhaV8BYryepSqo8+YugaRLlW4lwfd9nxq09kOC/cbN1DwiaptI42Jo3JXLdvAeqPA1OvyeNukdOF7WOOnhaWshplZrQ3TS+5oNlCT4sR8xIgs8n6BRrrrsL4gVNIhvxC5DP4mCIa1wREtSgRVQrrlAEWApro5JH0syNGSA7RY/z3xotTCXQ0wlstfRsDOFdUDBePZ1lI7SEt6qBVCG2iaTI5FaG4ZH5HdMbdqNLwIIjsKSVNsnRhIAnPmjwAmt3C5veqqgtCt5fjPNQKJrC4XlbLNMibbWNYaalCYdlOIJJoaFoxpTW63VDbDjZNJkCVjCq6aTgZB4J0MUj6yGDOPoSX2Z4q+WN0rU/4EuH0Ph
.att.com/	1970-01-20 17:32:30	Name: bm_sz Value: 41D71E865967A73EBF3E964666C8BDC1~YAAQFwcXAvumW1aMAQAALcEz6ham49ta0ZY0OhnrbPLW7PbN57IOFwU1Uo4uUD+/pMUQdiltUMlwm6ln0fFAE524nATJwkF4Rylpg8r5ub4FhFIyNwODKGZCmuyua3DMnVWWbyRYuOzUNxfSJfkap8Eq20GR1fTAm6rG+z/MQB3byCtT+DbK0UQu9i1tcqJOnutCUbowuAjYEJcUrC0kz/H1ynGpjRyND1SJFeIpMVT9Z0QN3QwfiUr+5XnKaciodbQlSXf9f0gc0RQ4rwKrrH4MNL+S8IIysCwwld2gXNM=~4536129~3618114
.att.com/	1969-12-31 23:59:59	Name: PIM-SESSION-ID Value: TNi5jFDczJQc5h34
.att.com/	1970-01-21 03:08:16	Name: AVID Value: 205267d5-77bd-437c-addd-9295e541d759
.att.com/	1970-01-20 17:32:18	Name: utm_session_expiration Value: active
.att.com/	1969-12-31 23:59:59	Name: utm_content Value: not_provided
.att.com/	1969-12-31 23:59:59	Name: utm_campaign Value: not_provided
.att.com/	1969-12-31 23:59:59	Name: utm_term Value: keyword_not_provided
.att.com/	1969-12-31 23:59:59	Name: utm_landing Value: /blogs/labs-research/asyncrat-loader-obfuscation-dgas-decoys-and-govno
.att.com/	1969-12-31 23:59:59	Name: utm_internal Value: not_provided
.att.com/	1969-12-31 23:59:59	Name: utm_external Value: not_provided
.att.com/	1969-12-31 23:59:59	Name: gclid Value:
.att.com/	1969-12-31 23:59:59	Name: utm_medium Value: Direct
.att.com/	1969-12-31 23:59:59	Name: utm_source Value: Direct
.att.com/	1969-12-31 23:59:59	Name: utm_referer Value:
.att.com/	1970-01-21 03:08:16	Name: utm_medium_first_visit Value: Direct
.att.com/	1970-01-21 03:08:16	Name: utm_source_first_visit Value: Direct
.att.com/	1970-01-21 03:08:16	Name: utm_internal_first_visit Value: not_provided
.att.com/	1970-01-21 03:08:16	Name: utm_external_first_visit Value: not_provided
.att.com/	1970-01-21 03:08:16	Name: utm_content_first_visit Value: not_provided
.att.com/	1970-01-21 03:08:16	Name: utm_campaign_first_visit Value: not_provided
.att.com/	1970-01-21 03:08:16	Name: utm_term_first_visit Value: keyword_not_provided
.att.com/	1970-01-21 03:08:16	Name: utm_landing_first_visit Value: /blogs/labs-research/asyncrat-loader-obfuscation-dgas-decoys-and-govno
.att.com/	1970-01-20 19:41:52	Name: _gcl_au Value: 1.1.144212742.1704736310
.att.com/	1970-01-21 03:08:16	Name: _ga_6VCF4BGSH2 Value: GS1.1.1704736310.1.0.1704736310.60.0.0
.att.com/	1970-01-21 03:08:16	Name: _ga Value: GA1.2.1380548524.1704736310
.att.com/	1970-01-20 17:33:42	Name: _gid Value: GA1.2.1040129244.1704736310
.att.com/	1970-01-20 17:32:16	Name: _gat_UA-30202444-1 Value: 1
.att.com/	1970-01-20 17:33:42	Name: _uetsid Value: 997f4590ae4e11eeb949a10a3814e993
.att.com/	1970-01-21 02:53:52	Name: _uetvid Value: 997f6960ae4e11ee9ee8fd158e8d4617
.att.com/	1970-01-21 02:17:52	Name: _abck Value: 522F44BF6F10C7BC1990229369DDDD0A~0~YAAQFwcXAiSnW1aMAQAAY8Mz6gsUfjarKP8KY8v5GZNpNkunmPw4rTF/ki4kgsNtAuxVhsWOTcyNUs/4fW6SPtGllCYhUROH5URkc6bVzTMLqejU0FrG/q+XEAtwajWT8DBHNX7FJk/r+SdCQD9nlS4xOtO2rRtr9d6hRmVX9EOtYg9iR78j0sfptaAuAIwVbImhoak7CYngynP1ZiEcT3bjDopjU3yqAh6ao1xx180vl3fFd3EnIpvLfEE/ePWoiaLn3dVtrAGVsRatqs0vXLdQygffim6aPYRLv9ebpapmhkX0j9V3FP3dG83ZVKJdWoYzngyMw3zUrv4GWytAYkAbcx2F9DguKXW/4PLw11dH1uALkmX8Syp7DaPKFmHKoNmNl6Wvr8UawynfT5OOl4BzllqB~-1~-1~1704739866
.techtarget.com/	1970-01-20 17:32:18	Name: __cf_bm Value: 0avvSQMrpXC7zAOl3VjFK9Akd6z26iwCdI_cnXQ63Sg-1704736310-1-AayUl9XS+l0g49nfIRKklqGv3JwFBCNypzF30vFASd104KhBe3afDZQN5M7U4eLZY0j/MDmxzvTS95KS32Kcmqo=
tracking.g2crowd.com/	1970-01-20 17:52:25	Name: _session_id Value: 4ea0b7357501a31b6a5d3be71301a7cd
.g2crowd.com/	1970-01-20 17:32:18	Name: __cf_bm Value: vy2.JykhycXAaS1LGkRChhtSPCQhyJP4hg2afI.2OOU-1704736310-1-ATNj8qixb+S+43xzRKAZ8VvD6WrgapYAnCWAxL4/xR2wf/nCVbf+EGu6R+MFyRCj05z62aQIRvQFQ8Udb2+NU/o=
.flashtalking.com/	1970-01-21 03:01:40	Name: flashtalkingad1 Value: "GUID=5851B24CEC1D6C"
.bing.com/	1970-01-21 02:53:52	Name: MUID Value: 331C9DD3A2EC6D7728FA89D3A3EC6C3F
.doubleclick.net/	1970-01-20 17:32:17	Name: test_cookie Value: CheckForPermission
.att.com/	1970-01-21 02:17:52	Name: _hjSessionUser_1427386 Value: eyJpZCI6IjE2NzlmNzk5LTljOTgtNWEzMC1hNjE4LTJlYmY0M2NiOTk2MCIsImNyZWF0ZWQiOjE3MDQ3MzYzMTAyOTQsImV4aXN0aW5nIjpmYWxzZX0=
.att.com/	1970-01-20 17:32:18	Name: _hjFirstSeen Value: 1
.att.com/	1970-01-20 17:32:18	Name: _hjIncludedInSessionSample_1427386 Value: 0
.att.com/	1970-01-20 17:32:18	Name: _hjSession_1427386 Value: eyJpZCI6IjM1ZTc4NzRiLWNmOTEtNDhlNS05OGRlLWNhZTU3ODU0NWQ4NSIsImMiOjE3MDQ3MzYzMTAyOTUsInMiOjAsInIiOjAsInNiIjoxfQ==
.att.com/	1970-01-20 17:32:18	Name: _hjAbsoluteSessionInProgress Value: 0
.t.co/	1970-01-21 03:08:16	Name: muc_ads Value: b2edcf82-4d5e-4ab0-8298-ec8a7b2eff05
.linkedin.com/	1970-01-20 19:41:52	Name: li_sugr Value: 5a5e3e29-e59e-464e-8e72-083a98cafe1b
.att.com/	1970-01-20 19:41:52	Name: _fbp Value: fb.1.1704736310385.1858038541
.twitter.com/	1970-01-21 03:08:16	Name: personalization_id Value: "v1_RTLvVIJG0XWO7kDRHefS0w=="
.linkedin.com/	1970-01-20 18:15:28	Name: UserMatchHistory Value: AQIIhlzmvJ98LAAAAYzqM8RvFZckJmimzSBG-Wpv_52RmczxLsrUzcKICx-Ui8coiNVr5pARhUSa9w
.linkedin.com/	1970-01-20 18:15:28	Name: AnalyticsSyncHistory Value: AQJfsAQlYyoCOwAAAYzqM8RvZ05B965mW25mIUX_oDJn4hWWaeIQsx-bFwiwMI1REXsdk-T_rZHZ9G_oMDVbew
.linkedin.com/	1970-01-21 02:17:52	Name: bcookie Value: "v=2&8874b373-06b7-4dc1-8a06-f8250c7e1a5c"
.linkedin.com/	1970-01-20 21:51:28	Name: li_gc Value: MTswOzE3MDQ3MzYzMTA7MjswMjEMfNDpquF4h9Dpj8o8fvyX62idbPj855kUNLk4E/Xe0Q==
.linkedin.com/	1970-01-20 17:33:42	Name: lidc Value: "b=TGST01:s=T:r=T:a=T:p=T:g=3217:u=1:x=1:i=1704736310:t=1704822710:v=2:sig=AQEhezeHJ2LGVau6t0RWxy9oxZaoiBQ9"
.www.linkedin.com/	1970-01-21 02:17:52	Name: bscookie Value: "v=1&20240108175150d71f796d-cb16-4e73-8f67-dd1f68e21724AQFNgZE1jLUhPAXuTHGqXG7prpgT-9QE"
.att.com/	1970-01-21 03:03:57	Name: ELOQUA Value: GUID=C90843B178F34FF69E3D7C7C572F7D1D

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://connect.facebook.net/signals/config/561815144351253?v=2.9.139&r=stable&domain=cybersecurity.att.com(Line 127) Message: Unrecognized feature: 'attribution-reporting'.
javascript	warning	URL: https://cybersecurity.att.com/blogs/labs-research/asyncrat-loader-obfuscation-dgas-decoys-and-govno Message: The resource https://cdn-cybersecurity.att.com/css/fonts/glyphicons-halflings-regular.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors 'self' http://alienvault.lookbookhq.com/ https://alienvault.lookbookhq.com/ http://learn-cybersecurity.att.com https://learn-cybersecurity.att.com http://walkme.com https://walkme.com http://www.alienvault-demo-usm-anywhere.com https://www.alienvault-demo-usm-anywhere.com always;
Strict-Transport-Security	max-age=86400
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

6143919.fls.doubleclick.net
adservice.google.com
adservice.google.de
analytics.twitter.com
bat.bing.com
buttons-config.sharethis.com
cdn-cybersecurity.att.com
cdn.vidyard.com
connect.facebook.net
cyber-tracking.att.com
cybersecurity.att.com
ibc-flow.techtarget.com
img03.en25.com
l.sharethis.com
p11.techlab-cdn.com
platform-api.sharethis.com
platform-cdn.sharethis.com
play.vidyard.com
px.ads.linkedin.com
px4.ads.linkedin.com
region1.analytics.google.com
script.hotjar.com
servedby.flashtalking.com
snap.licdn.com
static.ads-twitter.com
static.hotjar.com
stats.g.doubleclick.net
t.co
tracking.g2crowd.com
trk.techtarget.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleoptimize.com
www.googletagmanager.com
www.linkedin.com
104.244.42.133
104.244.42.3
13.107.42.14
130.35.203.128
142.250.186.134
146.75.116.157
151.101.193.181
18.173.154.122
18.66.192.39
18.66.2.12
2001:4860:4802:34::36
23.201.242.231
23.57.20.29
2600:9000:206f:5600:17:67d0:6300:93a1
2600:9000:2156:b200:1d:85c3:6640:93a1
2600:9000:25e8:b200:c:abe:f440:93a1
2606:4700:4400::6812:24c4
2606:4700:4400::ac40:90e1
2620:1ec:21::14
2620:1ec:c11::200
2a00:1450:4001:800::2002
2a00:1450:4001:80b::2008
2a00:1450:4001:811::200e
2a00:1450:4001:813::2004
2a00:1450:4001:827::2002
2a00:1450:4001:827::2003
2a00:1450:4001:82a::200e
2a00:1450:400c:c0a::9d
2a02:26f0:3100:793::2db1
2a02:26f0:3500:16::215:148d
2a02:26f0:480:d::210:f160
2a03:2880:f083:100:face:b00c:0:3
2a03:2880:f176:181:face:b00c:0:25de
3.121.117.111
34.111.208.231
99.84.88.44
02433a62f3bc96003e78509ec45872fe3330c330204fa77415039f40a043224b
03adcda6006819f6e8df8ae90580d4e30db2c237b08d487dcbe1ee31565f8ad7
05978957c6c8b028f2785dc77271c286bfac76e30b7bcd7e835c2927fbe897cf
0635f78aa913e6fc422e7dfe06f706002920b83f989bc29318e1190fcaf06aa2
0be705567c10ee6ef133a4b257c012fe0e40f9405698037dffbce34b073c713d
0c07b854855b0e2bd7839c3659defa45307e96e281b3c00571d09f213eb6a76e
0ddc32c321bd6cb568436aeb3d797a5a3dfe3d921e596db194d86e0e97eba896
1583da16beb8562346d9d0352267b8b3497732451111fcc8ae063359c66a9002
163a1c55969a13479e94c0270dc68d415df607eecb5ee2cc00e4076146d8cd9b
1c61b8eb2405fc40049752b190cf9c6c0d508737329dfcaf00cb16c2fac82263
1c6b4352494618d9965191d4d579798d82e7785a9645cbe3ee6f0ae17451b9af
1cfa420da8e531c104e4dbf3b249891f3ca7d707dc5b7d1a6e7ed4f92dd7f1d9
1fb6df526a3a5eedfa36e659df4ee50342082e6405398ac984f1678013bf45fc
28bc1d87ef42dd726292dc6d88cdd5c4b2d06c40ecd932e6e1e0de670f2cb348
2aa7779577c8f4ff268d5bbd5b13b7d577930c1824b43b4b5442d4c92a695154
2b0018d9f5ee88a09cd42d952ec199bf37ebe95be38737b0d3d8a170058b8805
2cab7569cbb96f9e4993dc236265cd41e31428d86cfe3c5b5b8fd6537ae289c7
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
3346de8e2ae1bfde250c7ac5c06f79a0a60c7faef8e5e08a2c9e8fbf5ec2c9e8
3b013e9e79a6c8b40cb0b6260ee69f6ec531ca25286b7e5842124524730370d8
3c7d5c25883b061f5fc5607432a3a2e9e493fee500cbb897861219b72e0f131b
3dae93a05edd9dcfc1864b87178a31e0bfa93e1a9b1c486c6e9cbf73cae87862
3dce6a2fc2b22cb9772db45565372ba208ce31c42c25766646e1e0cc3328f0e4
3ede7180156b8e9880f2e6f3eb0743eab20a9f4e433a65736f5c67d217d2a9a1
412c62a6ccaef8c885dd404a1dd5f5910771fcd7e6197205274fb1958702b974
422aa4e7ba5ff626a830dbbee358cb5055122a03b5c36b5f7608e1b34999e529
47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292
490f9378577571c67f21920289a1ee69388e69aa4476c17fa6a569bd1f5d145f
4b7d148e301e69bcf6a11e9b573ca6efa4cfb3a609d7c01d2cdbbf8bc616e7a8
505b4584b163ebe24599f1d941134a434756232074a695cd4082353dd51b940c
54e34a3f18937be2dc8829b0f54148b9a4dda72c15ceecbc0b044827c8a42cbb
59522c72387f0c3e0497a46fad1257b87b3ed587a4547e0537684f98dd1265e8
5a38c3193702914f3203282b38e88bbedd02b05124f6db3ae51d8c595a72c127
5bf0768758d0e3f602c1d01f8700eb0b764017276eb446fcdddd109da3334d1d
5e319852607809336b2534ffeb96f6933f26994dd040f535302c84f59cc0a214
5f5012132c752db2433e17712d91ef8689f1bc95167b2720e23224c2ae62e009
5fc7c56821ed5ac0a40aecde186c558d6b846831cbd483f434ed862fd1b955c7
66a27267f5e8eabb3e72ce75c419be5f1617620b955a0d6ddff505df44fee8c1
67eef39f32ed18bab031783ef73a7f670a3f2d24a6d55f401202d3773466dfa8
6d41161f7d77d059a8d35b55c36d765021a1300521eeffd57097df8df3322a90
70a43a939e271669a2f2961c232e33439f8a7d1e6d2fee9cacccce40cc112a3e
70fa7a9decfb16b900a02dac8449314f2cbe3020dc3705339190f400d34018f5
72b76d7931546a9acebdb324b94bf549068d78e072702ace09a7d07b3559d495
74a7a53097f5335e794968f4f7c27d089701fd635c8698c5f5fda7f30356cacb
768d97ec0916217ae82c70aeda3a61b9b0dab344edc4a3240a4f7cd94af00307
76ffdc5337cd5a509f15d70767b85a793aead82975d0d86912e1607e963c9aed
78dc84320b1b810c4d46f2ff9d9060fa5e7287e05e66c777cd7aa36591c831cc
78ec9aa8a56b2e7d9a877d738b948f5258e5b7988d5f2d6b81450d5106d5e096
791396d0b526b8a29026d81d9d0fb134e9f0cc61ca982ca4f9239e9a6ca13252
7f864f908080f8ccd6b7af266b1d05938e5a72da55f196d4b1c4275656be1276
810c17718a6e1ad5995d3a2c25a17f5e9cab953ec7f370c1ee3e9374c6f9451d
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
86f2eb97cc1f3909c12e4512de9e267215d94ac5aaee9393d0f007f18c34e8ba
88f6807e63a6225876e6ba564c87b570e8a8a280b98c453c58a6dedb90c0e7ab
8b4a84640022801cba17183356797e81478d46dcd680032183120c04b4dfd19e
8fe7d918125bd5fb17a999b3262b2520314bf39378c292787187325505d30da0
9a1b631bfd32d91c583a32c8d89b90580faff44e9921ff51b2e80a8439008d79
9a243d3dbdad166e5f9abd48775aeceb98892133311f52a6a34b1b5c1d5e37ec
9cc10e008d890e09119df99be135351ade9f6574a80f47c9b834e886e5c165c0
9db2761653fdbd71fba80327e4b6ce808254c5b30bb9dc0733e19aa1cf3facf1
a2a97557f0a48aab42b79c8973788d3aa369a8b9b7bac4952a37eee9007c4ff5
aacb8e193251400b5172e58566164f9117aa68428ecb58b0b56bc03facb6b4f3
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
ad80a3f6b1b1b869088b872381b3179a21dccc4e465ec0a00c92824f6462c258
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
aec6a44d9d29b49215dec79272c1d39d6e261c467aa038a3e764ea05949d85c3
b1943f77bf0047dbf9cd1ccaa7c98807cfe2baef3045e110cd809be3a1f350df
b3f0a51197e77b186f31de4b16a5281246cc58f540f510b3329bc236508a531e
b4d17558f9e11c74234110154d2e549b75dfcaddfb7dd2d34cfaeaaba4c3f8cb
b86e15f179ddbf3b98f456ee4b993831ccb2c760243d406cd5bb4fd915d70298
be83f2c5de1d7e1d7c4c82adb0f9d154aa821dfb7cfb8d33eb5fd1acefa87559
bef9393fcdfc7a7299c058ba2a69253c32e0964dd3e97834e17a8cdb5dce7cf6
c20efc1937932a89fa90a427127afd7623704f89556b9bae1a9494d162b100d4
c271d1c9e320ea7201d99d6f18fe1cc0b149ba415e75e7ece7c7c9e7606c2410
c40b1adaf0e98d3edc88d471547989847a2c08dd636d62ad5112ac745529ef05
c554f43913b6f74ca33c115672fbff0477c8c2e1aba3aef839a1ed91bfad1d3b
c61fd9836449f1d0984ba4b59dfefb94d5464ef0ddfb443a02d5103d03e0c56b
c7c8c05e280ecbc92fa1b448c7d6d9730672499632539b986b985eea09ecc6fb
cb5dbc8151f66902b97b1b8e07137b6b643459dc8a8cf3941ceb22f1394624e7
cb8c2b19fd9b56c41db14bd71b5c0616c1ba4e99b08c8e75084cf695f74b7120
cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee
d0c319f2dea5d6dfdfcf78956859fc5c436fa28c0e24d37038233a2b33155e56
d83bd57a9e4f4db44ff5451dc17c60a8c00935a52eb8e85dd807aab83d0d8313
d96aa78f2d55331a8b70741c7230d2c2fd54310736a8454d53ac391cea813755
dd83460970e90755ed9063639568642549102b1225a5934aa2d2066310d6a410
dd8e50d554420109c5f803e0f39997eb476aade2b8023d77f54681c909165f31
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e153b0c82ab112dd43f371069690a22d823f045ea9fe9a9d7b92dc3b655c98bf
e1e04b876d769e39d9b54e88e20e60a1258ec858473a8f216c76ce19daba9ebc
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e492e5bd630a86a679a9ead911fc5e1e155d75098344c375131c40470e97396d
e77976087881338e26b6195bb140165697d46052b1b9e6fb6c1c99663d8636ad
e93bcd6a42464e45912c4df2b24267d514611746972c36df79799713e67aaf3d
ebcf777c9143c169bd81d5ad17f393183ae74c3fca22f3bf556534277d1edc70
ecd6b7d346d65f406827abe0c78e3eebfda94358a0e73d06a3404c3a7972d5ae
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0822081c33dc4a9cabd9255d574f89280925c4e1f833eefb49a966243014572
f1ccea6b7204d9f7913ab45e1afa51d79f83bd4f0319de937b0132e6e02b1aab
f5b715ab62ef96955be0c41f46dfc8bca5cb193fb78553367cedd217218662d3
f83769904a52c638fb41b9fd2b1a26b5b592c30c6c8740908bf4ce0741440d40
fe185d11a49676890d47bb783312a0cda5a44c4039214094e7957b4c040ef11c

cybersecurity.att.com Open in urlscan Pro 2a02:26f0:3100:793::2db1 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

122 Requests

93 %HTTPS

58 %IPv6

23 Domains

37 Subdomains

37 IPs

3 Countries

2379 kBTransfer

5069 kBSize

55 Cookies

18 Outgoing links

Redirected requests

122 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

cybersecurity.att.com Open in urlscan Pro
2a02:26f0:3100:793::2db1 Public Scan

Screenshot
Live screenshot

Full Image

122
Requests

93 %
HTTPS

58 %
IPv6

23
Domains

37
Subdomains

37
IPs

3
Countries

2379 kB
Transfer

5069 kB
Size

55
Cookies

122 HTTP transactions
3 data transactions