urlscan.io logo urlscan.io
SecurityTrails logo

gpert.s3.us-east-2.amazonaws.com Open in urlscan Pro
52.219.228.114  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://gpert.s3.us-east-2.amazonaws.com/ghos.html
Submission: On May 23 via api from US — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 1 countries across 4 domains to perform 18 HTTP transactions. The main IP is 52.219.228.114, located in Columbus, United States and belongs to AMAZON-02, US. The main domain is gpert.s3.us-east-2.amazonaws.com.
TLS certificate: Issued by Amazon RSA 2048 M01 on February 29th 2024. Valid for: a year.
This is the only time gpert.s3.us-east-2.amazonaws.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: AT&T (Telecommunication)

Domain & IP information

IP Address AS Autonomous System
1 52.219.228.114 16509 (AMAZON-02)
1 2606:4700::68... 13335 (CLOUDFLAR...)
3 144.160.19.173 797 (AMERITECH-AS)
9 198.187.31.254 22612 (NAMECHEAP...)
18 5
Apex Domain
Subdomains		 Transfer
9 gothicmagic.biz
gothicmagic.biz
112 KB
3 att.com
signin.att.com — Cisco Umbrella Rank: 22140
68 KB
1 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 237
20 KB
1 amazonaws.com
gpert.s3.us-east-2.amazonaws.com
17 KB
18 4
Domain Requested by
9 gothicmagic.biz gpert.s3.us-east-2.amazonaws.com
gothicmagic.biz
3 signin.att.com gpert.s3.us-east-2.amazonaws.com
signin.att.com
1 cdnjs.cloudflare.com gpert.s3.us-east-2.amazonaws.com
1 gpert.s3.us-east-2.amazonaws.com
18 4

This site contains links to these domains. Also see Links.

Domain
identity.att.com
www.att.com
about.att.com
Subject Issuer Validity Valid
*.s3.us-east-2.amazonaws.com
Amazon RSA 2048 M01		 2024-02-29 -
2025-02-12		 a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2023-07-03 -
2024-07-02		 a year crt.sh
*.att.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-03-06 -
2025-04-06		 a year crt.sh
gothicmagic.biz
R3		 2024-04-12 -
2024-07-11		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://gpert.s3.us-east-2.amazonaws.com/ghos.html
Frame ID: 14DD010C38830D3F5403C920DA4495B3
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Login Screen

Detected technologies

Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

18
Requests

78 %
HTTPS

25 %
IPv6

4
Domains

4
Subdomains

5
IPs

1
Countries

218 kB
Transfer

680 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

18 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request ghos.html
gpert.s3.us-east-2.amazonaws.com/ 		17 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://gpert.s3.us-east-2.amazonaws.com/ghos.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
52.219.228.114 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-r-w.us-east-2.amazonaws.com
Software
AmazonS3 /
Resource Hash
cf5b4498b2fa5d59d9c77013af5d2bcf199e8614cd4281f620ebf859e2c0858e

Request headers

Accept-Language
en-US,en;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

Accept-Ranges
bytes
Content-Length
17341
Content-Type
text/html
Date
Thu, 23 May 2024 13:17:47 GMT
ETag
"d501d68c45612ab9b51292a49a39b304"
Last-Modified
Fri, 17 May 2024 20:01:50 GMT
Server
AmazonS3
x-amz-id-2
FM9xLv//PetQDzAavZasij7FI8yYmNN+uHEGhaBYTm6qFSXikgwDuedgGVT0/V4ehfTNWHCcVBM=
x-amz-request-id
0HN74JSYCJE4CX5E
x-amz-server-side-encryption
AES256
x-amz-version-id
Y7tHFM3AK8pSuWeOa7WJ3K_s0xauEITd
crypto-js.min.js
cdnjs.cloudflare.com/ajax/libs/crypto-js/4.2.0/ 		59 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.2.0/crypto-js.min.js
Requested by
Host: gpert.s3.us-east-2.amazonaws.com
URL: https://gpert.s3.us-east-2.amazonaws.com/ghos.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
769a555de553babc35a3338f344dd7aa16260c93cea2c7db290707c90484e7cc
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Origin
https://gpert.s3.us-east-2.amazonaws.com
Accept-Language
en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 23 May 2024 13:17:46 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
64429
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
19621
last-modified
Tue, 24 Oct 2023 23:03:52 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"65384d58-4ca5"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=J%2FqqxizmlYbnXlkw%2BwKEbR5E10XSju%2BdacmXCzB00WLzFzm9U%2FzAPNidzvMzp%2FcxEUZ9JMXtGVrxoGotUJv8yeCUERiQs%2FydYnCQDBBw%2BBoemi3u1G8IMSpyO1iGUYk4K1Sso3NGsSnpvdTxfM3Fc6jF"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
888553fd299bdad1-MIA
expires
Tue, 13 May 2025 13:17:46 GMT
styles.css
signin.att.com/static/siam/en/halo_c/halo-c-login/ 		128 KB
32 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://signin.att.com/static/siam/en/halo_c/halo-c-login/styles.css?v=20.2.8
Requested by
Host: gpert.s3.us-east-2.amazonaws.com
URL: https://gpert.s3.us-east-2.amazonaws.com/ghos.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
144.160.19.173 Dunellen, United States, ASN797 (AMERITECH-AS, US),
Reverse DNS
clcontent-sf.att.com
Software
/
Resource Hash
e9d64ddc98959fb478cc1e10b665c237608386ce7820cbfa5b4c502567642d22
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://gpert.s3.us-east-2.amazonaws.com/
Accept-Language
en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 23 May 2024 13:17:46 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains; preload
last-modified
Wed, 03 Apr 2024 03:26:43 GMT
etag
"1fe79-61528caa5c2c0"
x-frame-options
SAMEORIGIN
iam_on
S222
p3p
CP="NON CUR OTPi OUR NOR UNI"
access-control-allow-origin
*
content-type
text/css
accept-ranges
bytes
apser
p770
styles.css
gothicmagic.biz//FSHDFYLGJJKLJj/attdon/css/ 		132 KB
23 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://gothicmagic.biz//FSHDFYLGJJKLJj/attdon/css/styles.css
Requested by
Host: gpert.s3.us-east-2.amazonaws.com
URL: https://gpert.s3.us-east-2.amazonaws.com/ghos.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
198.187.31.254 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
server47-2.web-hosting.com
Software
LiteSpeed /
Resource Hash
28762f644c587f98eaa04681d91c515c025893930353d32c2e5c5b5b36c012c7

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://gpert.s3.us-east-2.amazonaws.com/
Accept-Language
en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 23 May 2024 13:17:46 GMT
content-encoding
br
last-modified
Tue, 05 Dec 2023 11:13:12 GMT
server
LiteSpeed
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=604800
x-turbo-charged-by
LiteSpeed
accept-ranges
bytes
content-length
23196
expires
Thu, 30 May 2024 13:17:46 GMT
att_hz_lg_lkp_rgb_pos.svg
gothicmagic.biz//FSHDFYLGJJKLJj/attdon/img/ 		5 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gothicmagic.biz//FSHDFYLGJJKLJj/attdon/img/att_hz_lg_lkp_rgb_pos.svg
Requested by
Host: gpert.s3.us-east-2.amazonaws.com
URL: https://gpert.s3.us-east-2.amazonaws.com/ghos.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
198.187.31.254 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
server47-2.web-hosting.com
Software
LiteSpeed /
Resource Hash
ecc6e5c037a4e54c1ed4052c9880d55c27187bf709fb82fae2709c92d3a3a563

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://gpert.s3.us-east-2.amazonaws.com/
Accept-Language
en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 23 May 2024 13:17:46 GMT
content-encoding
br
last-modified
Tue, 05 Dec 2023 11:13:12 GMT
server
LiteSpeed
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
public, max-age=604800
x-turbo-charged-by
LiteSpeed
accept-ranges
bytes
content-length
1987
expires
Thu, 30 May 2024 13:17:46 GMT
arrow-left-circle_24.svg
gothicmagic.biz//FSHDFYLGJJKLJj/attdon/img/ 		744 B
573 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gothicmagic.biz//FSHDFYLGJJKLJj/attdon/img/arrow-left-circle_24.svg
Requested by
Host: gpert.s3.us-east-2.amazonaws.com
URL: https://gpert.s3.us-east-2.amazonaws.com/ghos.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
198.187.31.254 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
server47-2.web-hosting.com
Software
LiteSpeed /
Resource Hash
00660f62aa2d41eb36fa676ea93567fbd5e674d7e2a08d33a6400d116b692ae5

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://gpert.s3.us-east-2.amazonaws.com/
Accept-Language
en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 23 May 2024 13:17:46 GMT
content-encoding
br
last-modified
Tue, 05 Dec 2023 11:13:12 GMT
server
LiteSpeed
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
public, max-age=604800
x-turbo-charged-by
LiteSpeed
accept-ranges
bytes
content-length
348
expires
Thu, 30 May 2024 13:17:46 GMT
arrow-left-circle-filled_24.svg
gothicmagic.biz//FSHDFYLGJJKLJj/attdon/img/ 		516 B
493 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gothicmagic.biz//FSHDFYLGJJKLJj/attdon/img/arrow-left-circle-filled_24.svg
Requested by
Host: gpert.s3.us-east-2.amazonaws.com
URL: https://gpert.s3.us-east-2.amazonaws.com/ghos.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
198.187.31.254 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
server47-2.web-hosting.com
Software
LiteSpeed /
Resource Hash
967bd86ba1ee654aff93603b101206fd63580fe128285fe6d21839ce26cdef5c

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://gpert.s3.us-east-2.amazonaws.com/
Accept-Language
en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 23 May 2024 13:17:46 GMT
content-encoding
br
last-modified
Tue, 05 Dec 2023 11:13:12 GMT
server
LiteSpeed
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
public, max-age=604800
x-turbo-charged-by
LiteSpeed
accept-ranges
bytes
content-length
268
expires
Thu, 30 May 2024 13:17:46 GMT
success_page.js
gothicmagic.biz//FSHDFYLGJJKLJj/attdon/js/ 		7 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://gothicmagic.biz//FSHDFYLGJJKLJj/attdon/js/success_page.js
Requested by
Host: gpert.s3.us-east-2.amazonaws.com
URL: https://gpert.s3.us-east-2.amazonaws.com/ghos.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
198.187.31.254 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
server47-2.web-hosting.com
Software
LiteSpeed /
Resource Hash
0da1672d0b5bbcef5c3bb9b9ef4a43114c3b93aad12544698569062192813afe

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://gpert.s3.us-east-2.amazonaws.com/
Accept-Language
en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 23 May 2024 13:17:46 GMT
content-encoding
br
last-modified
Fri, 05 Apr 2024 18:36:51 GMT
server
LiteSpeed
vary
Accept-Encoding
content-type
text/javascript
x-turbo-charged-by
LiteSpeed
accept-ranges
bytes
content-length
2249
main.js
gothicmagic.biz//FSHDFYLGJJKLJj/attdon/js/ 		4 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://gothicmagic.biz//FSHDFYLGJJKLJj/attdon/js/main.js
Requested by
Host: gpert.s3.us-east-2.amazonaws.com
URL: https://gpert.s3.us-east-2.amazonaws.com/ghos.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
198.187.31.254 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
server47-2.web-hosting.com
Software
LiteSpeed /
Resource Hash
35a9004b53ba9faafd256ee0a00e082b28464fe393d42864f06f187fe5350843

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://gpert.s3.us-east-2.amazonaws.com/
Accept-Language
en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 23 May 2024 13:17:46 GMT
content-encoding
br
last-modified
Thu, 02 May 2024 18:03:54 GMT
server
LiteSpeed
vary
Accept-Encoding
content-type
text/javascript
x-turbo-charged-by
LiteSpeed
accept-ranges
bytes
content-length
1249
jquery.js
gothicmagic.biz//FSHDFYLGJJKLJj/attdon/js/ 		289 KB
80 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://gothicmagic.biz//FSHDFYLGJJKLJj/attdon/js/jquery.js
Requested by
Host: gpert.s3.us-east-2.amazonaws.com
URL: https://gpert.s3.us-east-2.amazonaws.com/ghos.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
198.187.31.254 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
server47-2.web-hosting.com
Software
LiteSpeed /
Resource Hash
85e41607f9cfef0bc1be01467a8a9dcd4d8fb40ebc3b42184644ef8939d5dd1e

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://gpert.s3.us-east-2.amazonaws.com/
Accept-Language
en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 23 May 2024 13:17:46 GMT
content-encoding
br
last-modified
Tue, 05 Dec 2023 11:13:12 GMT
server
LiteSpeed
vary
Accept-Encoding
content-type
text/javascript
x-turbo-charged-by
LiteSpeed
accept-ranges
bytes
content-length
82193
cookie.js
gothicmagic.biz//FSHDFYLGJJKLJj/attdon/js/ 		735 B
508 B 		Script
General
Check archive.org
Download Go to
Full URL
https://gothicmagic.biz//FSHDFYLGJJKLJj/attdon/js/cookie.js
Requested by
Host: gpert.s3.us-east-2.amazonaws.com
URL: https://gpert.s3.us-east-2.amazonaws.com/ghos.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
198.187.31.254 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
server47-2.web-hosting.com
Software
LiteSpeed /
Resource Hash
9e68a8a7f9e89e6f246e681adb392a3d41921a263f2a17ffff162d2606b05bf5

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://gpert.s3.us-east-2.amazonaws.com/
Accept-Language
en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 23 May 2024 13:17:46 GMT
content-encoding
br
last-modified
Tue, 05 Dec 2023 11:13:12 GMT
server
LiteSpeed
vary
Accept-Encoding
content-type
text/javascript
x-turbo-charged-by
LiteSpeed
accept-ranges
bytes
content-length
336
ATTAleckSans_W_Rg.woff2
gothicmagic.biz//FSHDFYLGJJKLJj/attdon/css/assets/fonts/att/ATTAleckSans/woff2/ 		0
0
ATTAleckSans_W_Bd.woff2
gothicmagic.biz//FSHDFYLGJJKLJj/attdon/css/assets/fonts/att/ATTAleckSans/woff2/ 		0
0
ATTAleckSans_W_Rg.woff
gothicmagic.biz//FSHDFYLGJJKLJj/attdon/css/assets/fonts/att/ATTAleckSans/woff/ 		0
0
ATTAleckSans_W_Bd.woff
gothicmagic.biz//FSHDFYLGJJKLJj/attdon/css/assets/fonts/att/ATTAleckSans/woff/ 		0
0
ATTAleckSans_W_Rg.woff2
signin.att.com/static/siam/en/halo_c/halo-c-login/assets/fonts/att/ATTAleckSans/woff2/ 		18 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://signin.att.com/static/siam/en/halo_c/halo-c-login/assets/fonts/att/ATTAleckSans/woff2/ATTAleckSans_W_Rg.woff2
Requested by
Host: signin.att.com
URL: https://signin.att.com/static/siam/en/halo_c/halo-c-login/styles.css?v=20.2.8
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
144.160.19.173 Dunellen, United States, ASN797 (AMERITECH-AS, US),
Reverse DNS
clcontent-sf.att.com
Software
/
Resource Hash
e2740c7b209e33aca7176250d80f94b4924e5e5d18076ee3b95f32a0e20d1f58
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://signin.att.com/static/siam/en/halo_c/halo-c-login/styles.css?v=20.2.8
Origin
https://gpert.s3.us-east-2.amazonaws.com
Accept-Language
en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 23 May 2024 13:17:47 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
last-modified
Wed, 03 Apr 2024 03:26:43 GMT
etag
"4830-61528caa5c2c0"
x-frame-options
SAMEORIGIN
iam_on
S222
p3p
CP="NON CUR OTPi OUR NOR UNI"
access-control-allow-origin
*
accept-ranges
bytes
apser
p775
content-length
18480
ATTAleckSans_W_Bd.woff2
signin.att.com/static/siam/en/halo_c/halo-c-login/assets/fonts/att/ATTAleckSans/woff2/ 		18 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://signin.att.com/static/siam/en/halo_c/halo-c-login/assets/fonts/att/ATTAleckSans/woff2/ATTAleckSans_W_Bd.woff2
Requested by
Host: signin.att.com
URL: https://signin.att.com/static/siam/en/halo_c/halo-c-login/styles.css?v=20.2.8
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
144.160.19.173 Dunellen, United States, ASN797 (AMERITECH-AS, US),
Reverse DNS
clcontent-sf.att.com
Software
/
Resource Hash
37a1212cc1ab5c935d9a3fee05c98c940eaa895a23510e5f83d550dfbb0d763f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://signin.att.com/static/siam/en/halo_c/halo-c-login/styles.css?v=20.2.8
Origin
https://gpert.s3.us-east-2.amazonaws.com
Accept-Language
en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 23 May 2024 13:17:47 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
last-modified
Wed, 03 Apr 2024 03:26:43 GMT
etag
"48d8-61528caa5c2c0"
x-frame-options
SAMEORIGIN
iam_on
S222
p3p
CP="NON CUR OTPi OUR NOR UNI"
access-control-allow-origin
*
accept-ranges
bytes
apser
p771
content-length
18648
favicon.ico
gothicmagic.biz//FSHDFYLGJJKLJj/attdon/img/ 		1 KB
1 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://gothicmagic.biz//FSHDFYLGJJKLJj/attdon/img/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
198.187.31.254 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
server47-2.web-hosting.com
Software
LiteSpeed /
Resource Hash
42938b72e2ec54515eb9c49145f42b8728cfc0b70170f80aef58ce93032b1c1d

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://gpert.s3.us-east-2.amazonaws.com/
Accept-Language
en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 23 May 2024 13:17:47 GMT
last-modified
Tue, 05 Dec 2023 11:13:12 GMT
server
LiteSpeed
content-type
image/x-icon
cache-control
public, max-age=604800
x-turbo-charged-by
LiteSpeed
accept-ranges
bytes
content-length
1150
expires
Thu, 30 May 2024 13:17:47 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
gothicmagic.biz
URL
https://gothicmagic.biz//FSHDFYLGJJKLJj/attdon/css/assets/fonts/att/ATTAleckSans/woff2/ATTAleckSans_W_Rg.woff2
Domain
gothicmagic.biz
URL
https://gothicmagic.biz//FSHDFYLGJJKLJj/attdon/css/assets/fonts/att/ATTAleckSans/woff2/ATTAleckSans_W_Bd.woff2
Domain
gothicmagic.biz
URL
https://gothicmagic.biz//FSHDFYLGJJKLJj/attdon/css/assets/fonts/att/ATTAleckSans/woff/ATTAleckSans_W_Rg.woff
Domain
gothicmagic.biz
URL
https://gothicmagic.biz//FSHDFYLGJJKLJj/attdon/css/assets/fonts/att/ATTAleckSans/woff/ATTAleckSans_W_Bd.woff

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: AT&T (Telecommunication)

15 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| CryptoJS string| Str function| GFG_Fun function| isEmail function| $ function| jQuery function| setCookie function| getCookie function| checkCookie object| error object| submit_btn object| userInputContainerDiv object| userBackButton number| count number| countt

0 Cookies

8 Console Messages

Source Level URL
Text
javascript error URL: https://gpert.s3.us-east-2.amazonaws.com/ghos.html
Message:
Access to font at 'https://gothicmagic.biz//FSHDFYLGJJKLJj/attdon/css/assets/fonts/att/ATTAleckSans/woff2/ATTAleckSans_W_Rg.woff2' from origin 'https://gpert.s3.us-east-2.amazonaws.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://gothicmagic.biz//FSHDFYLGJJKLJj/attdon/css/assets/fonts/att/ATTAleckSans/woff2/ATTAleckSans_W_Rg.woff2
Message:
Failed to load resource: net::ERR_FAILED
javascript error URL: https://gpert.s3.us-east-2.amazonaws.com/ghos.html
Message:
Access to font at 'https://gothicmagic.biz//FSHDFYLGJJKLJj/attdon/css/assets/fonts/att/ATTAleckSans/woff2/ATTAleckSans_W_Bd.woff2' from origin 'https://gpert.s3.us-east-2.amazonaws.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://gothicmagic.biz//FSHDFYLGJJKLJj/attdon/css/assets/fonts/att/ATTAleckSans/woff2/ATTAleckSans_W_Bd.woff2
Message:
Failed to load resource: net::ERR_FAILED
javascript error URL: https://gpert.s3.us-east-2.amazonaws.com/ghos.html
Message:
Access to font at 'https://gothicmagic.biz//FSHDFYLGJJKLJj/attdon/css/assets/fonts/att/ATTAleckSans/woff/ATTAleckSans_W_Rg.woff' from origin 'https://gpert.s3.us-east-2.amazonaws.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://gothicmagic.biz//FSHDFYLGJJKLJj/attdon/css/assets/fonts/att/ATTAleckSans/woff/ATTAleckSans_W_Rg.woff
Message:
Failed to load resource: net::ERR_FAILED
javascript error URL: https://gpert.s3.us-east-2.amazonaws.com/ghos.html
Message:
Access to font at 'https://gothicmagic.biz//FSHDFYLGJJKLJj/attdon/css/assets/fonts/att/ATTAleckSans/woff/ATTAleckSans_W_Bd.woff' from origin 'https://gpert.s3.us-east-2.amazonaws.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://gothicmagic.biz//FSHDFYLGJJKLJj/attdon/css/assets/fonts/att/ATTAleckSans/woff/ATTAleckSans_W_Bd.woff
Message:
Failed to load resource: net::ERR_FAILED