urlscan.io logo urlscan.io
SecurityTrails logo

travelbaliyes.com Open in urlscan Pro
103.28.14.42  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: http://travelbaliyes.com/scsc/attlogin.htm
Submission: On January 28 via automatic, source openphish
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 15 IPs in 4 countries across 10 domains to perform 34 HTTP transactions. The main IP is 103.28.14.42, located in Jakarta, Indonesia and belongs to QWORDS-AS-ID PT Qwords Company International, ID. The main domain is travelbaliyes.com.
This is the only time travelbaliyes.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: AT&T (Telecommunication)

Domain & IP information

IP Address AS Autonomous System
2 103.28.14.42 58404 (QWORDS-AS...)
1 2 2a02:26f0:eb:... 20940 (AKAMAI-ASN1)
2 2a02:26f0:eb:... 20940 (AKAMAI-ASN1)
11 144.160.149.126 797 (AMERITECH-AS)
1 69.168.106.86 36271 (SYNACOR-C...)
1 54.194.25.183 16509 (AMAZON-02)
2 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
4 216.58.205.226 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
4 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
34 15
2    103.28.14.42 (Jakarta, Indonesia)

ASN58404 (QWORDS-AS-ID PT Qwords Company International, ID)
PTR: esxi2.excellent.co.id
travelbaliyes.com
2    2a02:26f0:eb:187::2db1 (European Union)

ASN20940 (AKAMAI-ASN1, US)
www.att.com
metrics.att.com
2    2a02:26f0:eb:195::2db1 (European Union)

ASN20940 (AKAMAI-ASN1, US)
www.att.com
11    144.160.149.126 (United States)

ASN797 (AMERITECH-AS - AT&T Services, Inc., US)
home.secureapp.att.net
1    69.168.106.86 (Buffalo, United States)

ASN36271 (SYNACOR-CLUSTER - Synacor, Inc., US)
sadlib.static-app.synacor.com
1    54.194.25.183 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-54-194-25-183.eu-west-1.compute.amazonaws.com
dpm.demdex.net
2    2a00:1450:4001:81c::2002 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)
www.googletagservices.com
1    2a00:1450:4001:819::2002 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)
adservice.google.de
1    2a00:1450:4001:820::2002 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)
adservice.google.com
4    216.58.205.226 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra15s24-in-f2.1e100.net
securepubads.g.doubleclick.net
1    2a00:1450:4001:821::2002 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)
pagead2.googlesyndication.com
4    2a00:1450:4001:815::2001 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)
tpc.googlesyndication.com
1    2a00:1450:4001:825::2002 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)
www.googletagservices.com
1    2a00:1450:4001:81b::2002 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)
pagead2.googlesyndication.com
Domain Requested by
11 home.secureapp.att.net travelbaliyes.com
home.secureapp.att.net
4 tpc.googlesyndication.com securepubads.g.doubleclick.net
4 securepubads.g.doubleclick.net www.googletagservices.com
securepubads.g.doubleclick.net
travelbaliyes.com
3 www.googletagservices.com sadlib.static-app.synacor.com
securepubads.g.doubleclick.net
3 www.att.com 1 redirects travelbaliyes.com
2 pagead2.googlesyndication.com securepubads.g.doubleclick.net
2 travelbaliyes.com travelbaliyes.com
1 adservice.google.com www.googletagservices.com
1 adservice.google.de www.googletagservices.com
1 metrics.att.com www.att.com
1 dpm.demdex.net www.att.com
1 sadlib.static-app.synacor.com travelbaliyes.com
34 12

This site contains links to these domains. Also see Links.

Domain
home.secureapp.att.net
login.yahoo.com
Subject Issuer Validity Valid
*.att.com
DigiCert SHA2 Secure Server CA		 2019-01-09 -
2020-02-05		 a year crt.sh
home.secureapp.att.net
DigiCert SHA2 Secure Server CA		 2018-03-08 -
2019-03-08		 a year crt.sh
*.google.com
Google Internet Authority G3		 2018-12-19 -
2019-03-13		 3 months crt.sh
*.g.doubleclick.net
Google Internet Authority G3		 2018-12-19 -
2019-03-13		 3 months crt.sh
tpc.googlesyndication.com
Google Internet Authority G3		 2018-12-19 -
2019-03-13		 3 months crt.sh

This page contains 2 frames:

Primary Page: http://travelbaliyes.com/scsc/attlogin.htm
Frame ID: 38C46F3C2F305191D73D2470071FF0AE
Requests: 28 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/pagead/js/r20190122/r20110914/abg_lite.js
Frame ID: 99248211118C1E3FCA2ADF7FADEE0920
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
Overall confidence: 100%
Detected patterns
  • script /googletagservices\.com\/tag\/js\/gpt(?:_mobile)?\.js/i
Overall confidence: 100%
Detected patterns
  • script /googlesyndication\.com\//i
  • env /^google_ad_/i
  • env /^__google_ad_/i
  • env /^Goog_AdSense_/i
Overall confidence: 100%
Detected patterns
  • env /^gaGlobal$/i
Overall confidence: 100%
Detected patterns
  • env /^googletag$/i
Overall confidence: 100%
Detected patterns
  • html /<img[^>]+id="DCSIMG"[^>]+webtrends/i
  • env /^(?:WTOptimize|WebTrends)/i
Overall confidence: 100%
Detected patterns
  • script /jquery(?:\-|\.)([\d.]*\d)[^\/]*\.js/i
  • script /jquery.*\.js/i
  • env /^jQuery$/i

Page Statistics

34
Requests

71 %
HTTPS

64 %
IPv6

10
Domains

12
Subdomains

15
IPs

4
Countries

658 kB
Transfer

1164 kB
Size

4
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://www.att.com/scripts/adobe/prod/detm-container-hdr.js HTTP 301
  • https://www.att.com/scripts/adobe/prod/detm-container-hdr.js
Request Chain 9
  • http://www.att.com/scripts/adobe/prod/detm-container-ftr.js HTTP 307
  • https://www.att.com/scripts/adobe/prod/detm-container-ftr.js
Request Chain 21
  • https://home.secureapp.att.net/attportal/s/context.dll?id=9002001&type=clickthru&name=cgate.signIn.Pageviews.www-att-net&redirecturl=/i/s.gif?nocache=9182 HTTP 302
  • http://home.secureapp.att.net/i/s.gif?nocache=9182

34 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request attlogin.htm
travelbaliyes.com/scsc/ 		8 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://travelbaliyes.com/scsc/attlogin.htm
Protocol
HTTP/1.1
Server
103.28.14.42 Jakarta, Indonesia, ASN58404 (QWORDS-AS-ID PT Qwords Company International, ID),
Reverse DNS
esxi2.excellent.co.id
Software
Apache /
Resource Hash
b5016432d46b6b11e1c947d37135b280326a8774805051cf85e31c2008e72ce0

Request headers

Host
travelbaliyes.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 28 Jan 2019 14:14:48 GMT
Server
Apache
Last-Modified
Sat, 26 Jan 2019 16:17:23 GMT
Accept-Ranges
bytes
Content-Length
8349
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Content-Type
text/html
detm-container-hdr.js
www.att.com/scripts/adobe/prod/
Redirect Chain
  • http://www.att.com/scripts/adobe/prod/detm-container-hdr.js
  • https://www.att.com/scripts/adobe/prod/detm-container-hdr.js
72 KB
22 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.att.com/scripts/adobe/prod/detm-container-hdr.js
Requested by
Host: travelbaliyes.com
URL: http://travelbaliyes.com/scsc/attlogin.htm
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:eb:195::2db1 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
Apache /
Resource Hash
487b38bdff1549543e90f9ab1542d72f6af5572ec78468ded3b6bc14df8ed17a
Security Headers
Name Value
Strict-Transport-Security max-age=15768000 ; preload

Request headers

Referer
http://travelbaliyes.com/scsc/attlogin.htm
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 28 Jan 2019 14:14:48 GMT
content-encoding
gzip
last-modified
Wed, 31 Oct 2018 18:26:07 GMT
server
Apache
access-control-allow-origin
etag
"1208b-5798a6f852dc0-gzip"
vary
Accept-Encoding
content-type
application/javascript
status
200
uxtime
XE0QfqeSJ8Niu6mWCmYV6wAAAAk D=6468
cache-control
max-age=900
strict-transport-security
max-age=15768000 ; preload
accept-ranges
bytes
content-length
22084

Redirect headers

Location
https://www.att.com/scripts/adobe/prod/detm-container-hdr.js
Date
Mon, 28 Jan 2019 14:14:48 GMT
Cache-Control
max-age=900
Server
AkamaiGHost
Connection
keep-alive
Access-Control-Allow-Origin
Content-Length
0
_fontface.css
home.secureapp.att.net/css/sso/slid/1201/ 		0
223 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://home.secureapp.att.net/css/sso/slid/1201/_fontface.css
Requested by
Host: travelbaliyes.com
URL: http://travelbaliyes.com/scsc/attlogin.htm
Protocol
HTTP/1.0
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
144.160.149.126 , United States, ASN797 (AMERITECH-AS - AT&T Services, Inc., US),
Reverse DNS
Software
"" /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
http://travelbaliyes.com/scsc/attlogin.htm
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 28 Jan 2019 14:14:51 GMT
Last-modified
Thu, 02 Nov 2017 04:21:10 GMT
Server
""
Etag
"0-59fa9d36"
Content-type
text/css
Connection
keep-alive
Accept-ranges
bytes
Content-length
0
main.css
home.secureapp.att.net/css/sso/slid/1201/ 		28 KB
28 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://home.secureapp.att.net/css/sso/slid/1201/main.css
Requested by
Host: travelbaliyes.com
URL: http://travelbaliyes.com/scsc/attlogin.htm
Protocol
HTTP/1.0
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
144.160.149.126 , United States, ASN797 (AMERITECH-AS - AT&T Services, Inc., US),
Reverse DNS
Software
"" /
Resource Hash
dfa2be020e3374a4b1c871c88ada990120fb198d4e8ff685ad35cfae88ad3466

Request headers

Referer
http://travelbaliyes.com/scsc/attlogin.htm
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 28 Jan 2019 14:14:51 GMT
Last-modified
Tue, 24 Oct 2017 04:39:16 GMT
Server
""
Etag
"6fd5-59eec3f4"
Content-type
text/css
Connection
keep-alive
Accept-ranges
bytes
Content-length
28629
jquery-1.5.1.min.js
home.secureapp.att.net/js/jquery/ 		83 KB
84 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://home.secureapp.att.net/js/jquery/jquery-1.5.1.min.js
Requested by
Host: travelbaliyes.com
URL: http://travelbaliyes.com/scsc/attlogin.htm
Protocol
HTTP/1.0
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
144.160.149.126 , United States, ASN797 (AMERITECH-AS - AT&T Services, Inc., US),
Reverse DNS
Software
"" /
Resource Hash
764b9e9f3ad386aaa5cdeae9368353994de61c0bede087c8f7e3579cb443de3b

Request headers

Referer
http://travelbaliyes.com/scsc/attlogin.htm
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 28 Jan 2019 14:14:51 GMT
Last-modified
Fri, 11 Mar 2011 22:40:27 GMT
Server
""
Etag
"14d0c-4d7aa4db"
Content-type
application/x-javascript
Connection
keep-alive
Accept-ranges
bytes
Content-length
85260
jquery.simplemodal.js
home.secureapp.att.net/js/jquery/simplemodal/ 		9 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://home.secureapp.att.net/js/jquery/simplemodal/jquery.simplemodal.js
Requested by
Host: travelbaliyes.com
URL: http://travelbaliyes.com/scsc/attlogin.htm
Protocol
HTTP/1.0
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
144.160.149.126 , United States, ASN797 (AMERITECH-AS - AT&T Services, Inc., US),
Reverse DNS
Software
"" /
Resource Hash
da0f28b0d18d448b29cb3ee6e742952e7247c627d3800d045ba1573ca1fc07f4

Request headers

Referer
http://travelbaliyes.com/scsc/attlogin.htm
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 28 Jan 2019 14:14:51 GMT
Last-modified
Tue, 27 Mar 2018 20:03:41 GMT
Server
""
Etag
"255a-5abaa39d"
Content-type
application/x-javascript
Connection
keep-alive
Accept-ranges
bytes
Content-length
9562
script.js
home.secureapp.att.net/js/sso/slid/1201/ 		47 KB
48 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://home.secureapp.att.net/js/sso/slid/1201/script.js
Requested by
Host: travelbaliyes.com
URL: http://travelbaliyes.com/scsc/attlogin.htm
Protocol
HTTP/1.0
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
144.160.149.126 , United States, ASN797 (AMERITECH-AS - AT&T Services, Inc., US),
Reverse DNS
Software
"" /
Resource Hash
db2a3260d580716fb8dae973b1b994f799f545d520b7a1636d473ecbdbdd2223

Request headers

Referer
http://travelbaliyes.com/scsc/attlogin.htm
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 28 Jan 2019 14:14:51 GMT
Last-modified
Fri, 29 Dec 2017 04:07:49 GMT
Server
""
Etag
"bdff-5a45bf95"
Content-type
application/x-javascript
Connection
keep-alive
Accept-ranges
bytes
Content-length
48639
att.js
sadlib.static-app.synacor.com/client/att/ 		69 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://sadlib.static-app.synacor.com/client/att/att.js
Requested by
Host: travelbaliyes.com
URL: http://travelbaliyes.com/scsc/attlogin.htm
Protocol
HTTP/1.1
Server
69.168.106.86 Buffalo, United States, ASN36271 (SYNACOR-CLUSTER - Synacor, Inc., US),
Reverse DNS
Software
nginx /
Resource Hash
5d5d27c8bcd7e354c7ac360c6b292efd73b5d83fe5fce3b7f6eb19afe248265f

Request headers

Referer
http://travelbaliyes.com/scsc/attlogin.htm
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 28 Jan 2019 14:14:48 GMT
Content-Encoding
gzip
Age
37
P3P
CP="ALL DSP COR TAIa PSAa PSDa IVAa IVDa CONi OUR IND UNI"
Connection
keep-alive
Content-Length
18823
Via
1.1 varnish
Last-Modified
Mon, 21 Jan 2019 18:44:36 GMT
Server
nginx
ETag
"1124e-57ffc409bed00"
Vary
Accept-Encoding
X-Varnish
403379735 342147839
Access-Control-Allow-Origin
*
Cache-Control
max-age=300
Accept-Ranges
bytes
Content-Type
text/javascript
Expires
Mon, 28 Jan 2019 14:19:10 GMT
Button.png
home.secureapp.att.net/design/CDLS10/img/logos/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://home.secureapp.att.net/design/CDLS10/img/logos/Button.png
Requested by
Host: travelbaliyes.com
URL: http://travelbaliyes.com/scsc/attlogin.htm
Protocol
HTTP/1.0
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
144.160.149.126 , United States, ASN797 (AMERITECH-AS - AT&T Services, Inc., US),
Reverse DNS
Software
"" /
Resource Hash
8e6ec1efd720fba57823309829b05bb57ebb5716c813c88b3c88cf36ab9aa5e9

Request headers

Referer
http://travelbaliyes.com/scsc/attlogin.htm
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 28 Jan 2019 14:14:51 GMT
Last-modified
Tue, 16 Aug 2016 22:02:34 GMT
Server
""
Etag
"9a2-57b38d7a"
Content-type
image/png
Connection
keep-alive
Accept-ranges
bytes
Content-length
2466
AT&T_logo.png
home.secureapp.att.net/design/CDLS10/img/logos/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://home.secureapp.att.net/design/CDLS10/img/logos/AT&T_logo.png
Requested by
Host: travelbaliyes.com
URL: http://travelbaliyes.com/scsc/attlogin.htm
Protocol
HTTP/1.0
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
144.160.149.126 , United States, ASN797 (AMERITECH-AS - AT&T Services, Inc., US),
Reverse DNS
Software
"" /
Resource Hash
a8c89bb3937cdc4a70b3568eae5a390d918433be78f89deba07846932ae7c695

Request headers

Referer
http://travelbaliyes.com/scsc/attlogin.htm
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 28 Jan 2019 14:14:52 GMT
Last-modified
Tue, 16 Aug 2016 22:02:34 GMT
Server
""
Etag
"d37-57b38d7a"
Content-type
image/png
Connection
keep-alive
Accept-ranges
bytes
Content-length
3383
detm-container-ftr.js
www.att.com/scripts/adobe/prod/
Redirect Chain
  • http://www.att.com/scripts/adobe/prod/detm-container-ftr.js
  • https://www.att.com/scripts/adobe/prod/detm-container-ftr.js
540 B
553 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.att.com/scripts/adobe/prod/detm-container-ftr.js
Requested by
Host: travelbaliyes.com
URL: http://travelbaliyes.com/scsc/attlogin.htm
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:eb:195::2db1 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
Apache /
Resource Hash
9e0db7af94ee7bd2d325475edb564226b87d4a0c528f4b69a112f8769ed52ab0
Security Headers
Name Value
Strict-Transport-Security max-age=15768000 ; preload

Request headers

Referer
http://travelbaliyes.com/scsc/attlogin.htm
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 28 Jan 2019 14:14:48 GMT
content-encoding
gzip
last-modified
Thu, 03 May 2018 16:18:06 GMT
server
Apache
access-control-allow-origin
etag
"21c-56b4f8c6b8b80-gzip"
vary
Accept-Encoding
content-type
application/javascript
status
200
uxtime
XE0Qfo3lsg9HSdT@wsnb1AAAANg D=617
cache-control
max-age=900
strict-transport-security
max-age=15768000 ; preload
accept-ranges
bytes
content-length
320

Redirect headers

Location
https://www.att.com/scripts/adobe/prod/detm-container-ftr.js
Non-Authoritative-Reason
HSTS
id
dpm.demdex.net/ 		212 B
964 B 		XHR
General
Check archive.org
Download Go to
Full URL
http://dpm.demdex.net/id?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=55633F7A534535110A490D44%40AdobeOrg&d_nsid=0&ts=1548684888313
Requested by
Host: www.att.com
URL: https://www.att.com/scripts/adobe/prod/detm-container-hdr.js
Protocol
HTTP/1.1
Server
54.194.25.183 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-54-194-25-183.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
b6b2eb0a3fa36c198258be57acde34c6f5d1297a8069b5293a287b23332a400e

Request headers

Referer
http://travelbaliyes.com/scsc/attlogin.htm
Origin
http://travelbaliyes.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

DCS
dcs-prod-irl1-v016-0ff1e5a3d.edge-irl1.demdex.com 5.47.1.20190128090420 4ms
Pragma
no-cache
X-TID
L6yrSN1iTao=
Vary
Origin, Accept-Encoding, User-Agent
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin
http://travelbaliyes.com
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json;charset=utf-8
Content-Length
212
Expires
Thu, 01 Jan 1970 00:00:00 GMT
mobile.css
home.secureapp.att.net/css/sso/slid/1201/ 		4 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://home.secureapp.att.net/css/sso/slid/1201/mobile.css
Requested by
Host: travelbaliyes.com
URL: http://travelbaliyes.com/scsc/attlogin.htm
Protocol
HTTP/1.0
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
144.160.149.126 , United States, ASN797 (AMERITECH-AS - AT&T Services, Inc., US),
Reverse DNS
Software
"" /
Resource Hash
30a949cc26cd4f709fa897313f8d448b2cb724a40a170c4b8e8ce6b3aa890fd1

Request headers

Referer
http://travelbaliyes.com/scsc/attlogin.htm
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 28 Jan 2019 14:14:52 GMT
Last-modified
Wed, 21 Dec 2016 10:14:45 GMT
Server
""
Etag
"fa3-585a5615"
Content-type
text/css
Connection
keep-alive
Accept-ranges
bytes
Content-length
4003
id
metrics.att.com/ 		49 B
513 B 		XHR
General
Check archive.org
Download Go to
Full URL
http://metrics.att.com/id?d_visid_ver=3.1.2&d_fieldgroup=A&mcorgid=55633F7A534535110A490D44%40AdobeOrg&mid=53891109956237602150501980875746019006&ts=1548684888387
Requested by
Host: www.att.com
URL: https://www.att.com/scripts/adobe/prod/detm-container-hdr.js
Protocol
HTTP/1.1
Server
2a02:26f0:eb:187::2db1 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
Omniture DC/2.0.0 /
Resource Hash
ccd94beaf41f80fab69cabbcb2085871a4c77374bebe9a09c3746b1688e04439
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://travelbaliyes.com/scsc/attlogin.htm
Origin
http://travelbaliyes.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

Date
Mon, 28 Jan 2019 14:14:48 GMT
X-Content-Type-Options
nosniff
Server
Omniture DC/2.0.0
xserver
www14
X-C
ms-6.6.0
P3P
CP="This is not a P3P policy"
Access-Control-Allow-Origin
http://travelbaliyes.com
Cache-Control
no-cache, no-store, max-age=0, no-transform, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/x-javascript
Content-Length
49
X-XSS-Protection
1; mode=block
Cookie set webtrends.min.js
travelbaliyes.com/commonLogin/igate_edam/staticContent/images/SLID/js/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
http://travelbaliyes.com/commonLogin/igate_edam/staticContent/images/SLID/js/webtrends.min.js
Requested by
Host: travelbaliyes.com
URL: http://travelbaliyes.com/scsc/attlogin.htm
Protocol
HTTP/1.1
Server
103.28.14.42 Jakarta, Indonesia, ASN58404 (QWORDS-AS-ID PT Qwords Company International, ID),
Reverse DNS
esxi2.excellent.co.id
Software
Apache /
Resource Hash

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
travelbaliyes.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
*/*
Referer
http://travelbaliyes.com/scsc/attlogin.htm
Connection
keep-alive
Cache-Control
no-cache
Referer
http://travelbaliyes.com/scsc/attlogin.htm
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 28 Jan 2019 14:14:50 GMT
Content-Encoding
gzip
Server
Apache
Vary
Accept-Encoding
Content-Type
text/html; charset=utf-8
Set-Cookie
PHPSESSID=3bjr1endjluorh43e8op1giua6; path=/; HttpOnly language=en; expires=Wed, 27-Feb-2019 14:14:50 GMT; Max-Age=2592000; path=/; domain=travelbaliyes.com currency=EUR; expires=Wed, 27-Feb-2019 14:14:50 GMT; Max-Age=2592000; path=/; domain=travelbaliyes.com
Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Transfer-Encoding
chunked
Connection
Keep-Alive
Keep-Alive
timeout=5, max=99
Expires
Thu, 19 Nov 1981 08:52:00 GMT
gpt.js
www.googletagservices.com/tag/js/ 		30 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://www.googletagservices.com/tag/js/gpt.js
Requested by
Host: sadlib.static-app.synacor.com
URL: http://sadlib.static-app.synacor.com/client/att/att.js
Protocol
HTTP/1.1
Server
2a00:1450:4001:81c::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
f09d560ddd19c437d8001660575fa51d5c7126776f0357b4b5b86295c65e39ae
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://travelbaliyes.com/scsc/attlogin.htm
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 28 Jan 2019 14:14:50 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Server
sffe
ETag
"65 / 779 of 1000 / last-modified: 1548453484"
Vary
Accept-Encoding
Content-Type
text/javascript
Cache-Control
private, max-age=900, stale-while-revalidate=3600
Timing-Allow-Origin
*
Content-Length
10083
X-XSS-Protection
1; mode=block
Expires
Mon, 28 Jan 2019 14:14:50 GMT
pageBg.png
home.secureapp.att.net/design/cdls10/img/ui/ 		169 B
396 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://home.secureapp.att.net/design/cdls10/img/ui/pageBg.png
Requested by
Host: home.secureapp.att.net
URL: https://home.secureapp.att.net/js/jquery/jquery-1.5.1.min.js
Protocol
HTTP/1.0
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
144.160.149.126 , United States, ASN797 (AMERITECH-AS - AT&T Services, Inc., US),
Reverse DNS
Software
"" /
Resource Hash
c537cf7e2770d1b4953255dfccff8e0bdbfd4adb4e88d868e353208ae7ff13c1

Request headers

Referer
https://home.secureapp.att.net/css/sso/slid/1201/main.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 28 Jan 2019 14:14:52 GMT
Last-modified
Tue, 11 Aug 2009 21:10:32 GMT
Server
""
Etag
"a9-4a81de48"
Content-type
image/png
Connection
keep-alive
Accept-ranges
bytes
Content-length
169
btnSumbit.png
home.secureapp.att.net/img/sso/slid/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://home.secureapp.att.net/img/sso/slid/btnSumbit.png
Requested by
Host: home.secureapp.att.net
URL: https://home.secureapp.att.net/js/jquery/jquery-1.5.1.min.js
Protocol
HTTP/1.0
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
144.160.149.126 , United States, ASN797 (AMERITECH-AS - AT&T Services, Inc., US),
Reverse DNS
Software
"" /
Resource Hash
27da51ec2023f96407f92161ddda0e290b0661a765822ff03e5d61f3aecf8aa0

Request headers

Referer
https://home.secureapp.att.net/css/sso/slid/1201/main.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 28 Jan 2019 14:14:52 GMT
Last-modified
Tue, 21 Sep 2010 15:06:50 GMT
Server
""
Etag
"573-4c98ca0a"
Content-type
image/png
Connection
keep-alive
Accept-ranges
bytes
Content-length
1395
footerBg.png
home.secureapp.att.net/design/CDLS10/img/ui/ 		560 B
788 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://home.secureapp.att.net/design/CDLS10/img/ui/footerBg.png
Requested by
Host: home.secureapp.att.net
URL: https://home.secureapp.att.net/js/jquery/jquery-1.5.1.min.js
Protocol
HTTP/1.0
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
144.160.149.126 , United States, ASN797 (AMERITECH-AS - AT&T Services, Inc., US),
Reverse DNS
Software
"" /
Resource Hash
61e91515aaf72cba3014a136331a138eca6b27831c8f2e6b0c128825243f5263

Request headers

Referer
https://home.secureapp.att.net/css/sso/slid/1201/main.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 28 Jan 2019 14:14:52 GMT
Last-modified
Fri, 17 Jul 2009 17:05:33 GMT
Server
""
Etag
"230-4a60af5d"
Content-type
image/png
Connection
keep-alive
Accept-ranges
bytes
Content-length
560
integrator.js
adservice.google.de/adsid/ 		109 B
171 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=travelbaliyes.com
Requested by
Host: www.googletagservices.com
URL: http://www.googletagservices.com/tag/js/gpt.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:819::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://travelbaliyes.com/scsc/attlogin.htm
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 28 Jan 2019 14:14:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-type
application/javascript; charset=UTF-8
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39",quic=":443"; ma=2592000; v="44,43,39"
content-length
104
x-xss-protection
1; mode=block
integrator.js
adservice.google.com/adsid/ 		109 B
171 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=travelbaliyes.com
Requested by
Host: www.googletagservices.com
URL: http://www.googletagservices.com/tag/js/gpt.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:820::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://travelbaliyes.com/scsc/attlogin.htm
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 28 Jan 2019 14:14:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-type
application/javascript; charset=UTF-8
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39",quic=":443"; ma=2592000; v="44,43,39"
content-length
104
x-xss-protection
1; mode=block
pubads_impl_295.js
securepubads.g.doubleclick.net/gpt/ 		182 KB
62 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_295.js
Requested by
Host: www.googletagservices.com
URL: http://www.googletagservices.com/tag/js/gpt.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
216.58.205.226 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra15s24-in-f2.1e100.net
Software
sffe /
Resource Hash
f14ef16b60389ca877bdf962c084ec1dc9d7162e25e77665437784e1885d4127
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://travelbaliyes.com/scsc/attlogin.htm
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 28 Jan 2019 14:14:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 22 Jan 2019 18:39:34 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="44,43,39"
content-length
63462
x-xss-protection
1; mode=block
expires
Mon, 28 Jan 2019 14:14:50 GMT
s.gif
home.secureapp.att.net/i/
Redirect Chain
  • https://home.secureapp.att.net/attportal/s/context.dll?id=9002001&type=clickthru&name=cgate.signIn.Pageviews.www-att-net&redirecturl=/i/s.gif?nocache=9182
  • http://home.secureapp.att.net/i/s.gif?nocache=9182
0
0
show_companion_ad.js
pagead2.googlesyndication.com/pagead/ 		160 KB
60 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://pagead2.googlesyndication.com/pagead/show_companion_ad.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_295.js
Protocol
HTTP/1.1
Server
2a00:1450:4001:821::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
e9e1d9ba22f5b449beba17fb26ffb864b68c611674b718786152afa0b4425a53
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://travelbaliyes.com/scsc/attlogin.htm
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 28 Jan 2019 13:51:36 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Type
text/javascript; charset=UTF-8
Server
cafe
Age
1395
ETag
17716897198230454617
Vary
Accept-Encoding
P3P
policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Cache-Control
public, max-age=3600
Content-Disposition
attachment; filename="f.txt"
Timing-Allow-Origin
*
Content-Length
60986
X-XSS-Protection
1; mode=block
Expires
Mon, 28 Jan 2019 14:51:36 GMT
ads
securepubads.g.doubleclick.net/gampad/ 		26 KB
9 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=805942887056659&correlator=453743314811341&output=json_html&callback=googletag.impl.pubads.callbackProxy1&impl=fifs&adsid=NT&json_a=1&eid=21062577%2C21062818&vrg=295&guci=1.2.0.0.2.2.0.0&plat=1%3A32776%2C2%3A32776&sc=0&sfv=1-0-31&iu_parts=5284%2Csyn.att%2Clogin&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=1440x1024%7C1440x800%7C300x250%7C300x600%7C640x450&eri=4&cookie_enabled=1&bc=7&lmt=1548519443&dt=1548684891534&dlt=1548684888172&idt=2287&frm=20&biw=1600&bih=1200&oid=3&adxs=80&adys=112&adks=2565056540&ucis=1&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&loc=http%3A%2F%2Ftravelbaliyes.com%2Fscsc%2Fattlogin.htm&dssz=16&icsg=10682536&std=0&vis=1&scr_x=0&scr_y=0&psz=1440x-1&msz=1440x-1&blev=1&bisch=1&ga_vid=1557308068.1548684892&ga_sid=1548684892&ga_hid=808190553&fws=4
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_295.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
216.58.205.226 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra15s24-in-f2.1e100.net
Software
cafe /
Resource Hash
5759da4219228ce1f92cca409b7ac6dd426fa49e189c970d01ecabb1f989d4e6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
http://travelbaliyes.com/scsc/attlogin.htm
Origin
http://travelbaliyes.com

Response headers

date
Mon, 28 Jan 2019 14:14:51 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
quic=":443"; ma=2592000; v="44,43,39"
content-length
9091
x-xss-protection
1; mode=block
google-lineitem-id
4933553028
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
138258038382
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
http://travelbaliyes.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
pubads_impl_rendering_295.js
securepubads.g.doubleclick.net/gpt/ 		61 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_295.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_295.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
216.58.205.226 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra15s24-in-f2.1e100.net
Software
sffe /
Resource Hash
8b3d8030a866ee16010b791d19cd984db3eb2dc747740d01e46ede6ff8bb1c18
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://travelbaliyes.com/scsc/attlogin.htm
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 28 Jan 2019 14:14:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 22 Jan 2019 18:39:34 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="44,43,39"
content-length
23119
x-xss-protection
1; mode=block
expires
Mon, 28 Jan 2019 14:14:51 GMT
container.html
tpc.googlesyndication.com/safeframe/1-0-31/html/ 		0
0 		Other
General
Check archive.org
Download Go to
Full URL
http://tpc.googlesyndication.com/safeframe/1-0-31/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_295.js
Protocol
HTTP/1.1
Server
2a00:1450:4001:815::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Purpose
prefetch
Referer
http://travelbaliyes.com/scsc/attlogin.htm
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers
abg_lite.js
tpc.googlesyndication.com/pagead/js/r20190122/r20110914/ Frame 9924 		32 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20190122/r20110914/abg_lite.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_295.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:815::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
37f94e55401f3507982b95b35887afadf0c0e289219edb3cf118e41cf3a91c41
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://travelbaliyes.com/scsc/attlogin.htm
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Tue, 22 Jan 2019 22:30:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
488662
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
quic=":443"; ma=2592000; v="44,43,39"
content-length
12165
x-xss-protection
1; mode=block
server
cafe
etag
4489550950150719390
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 05 Feb 2019 22:30:29 GMT
m_window_focus_non_hydra.js
tpc.googlesyndication.com/pagead/js/r20190122/r20110914/client/ext/ Frame 9924 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20190122/r20110914/client/ext/m_window_focus_non_hydra.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_295.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:815::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
4dd51e6b250e15946ca0af835e0511093c82c5678115aac3055645d889a1681a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://travelbaliyes.com/scsc/attlogin.htm
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Tue, 22 Jan 2019 22:30:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
488662
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
quic=":443"; ma=2592000; v="44,43,39"
content-length
1049
x-xss-protection
1; mode=block
server
cafe
etag
9573447915536422037
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 05 Feb 2019 22:30:29 GMT
osd_listener.js
www.googletagservices.com/activeview/js/current/ Frame 9924 		76 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/osd_listener.js?cache=r20110914
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_295.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:825::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
b6ceb8e75bc1599c2480b14011337aadd5a19161be86e20a48c1181ff9b59035
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://travelbaliyes.com/scsc/attlogin.htm
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 28 Jan 2019 14:14:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 23 Jan 2019 12:18:26 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
private, max-age=3000
accept-ranges
bytes
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39",quic=":443"; ma=2592000; v="44,43,39"
content-length
28585
x-xss-protection
1; mode=block
expires
Mon, 28 Jan 2019 14:14:51 GMT
13229860764101051268
tpc.googlesyndication.com/simgad/ Frame 9924 		190 KB
190 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/13229860764101051268
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_295.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:815::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
3c8e05393a13e35cc44fa807446698953fdd5e6d2e104e98ba957529eee0a4b6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://travelbaliyes.com/scsc/attlogin.htm
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Fri, 25 Jan 2019 15:08:48 GMT
x-content-type-options
nosniff
age
255963
x-dns-prefetch-control
off
status
200
alt-svc
quic=":443"; ma=2592000; v="44,43,39"
content-length
194123
x-xss-protection
1; mode=block
last-modified
Thu, 24 Jan 2019 22:53:51 GMT
server
sffe
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 25 Jan 2020 15:08:48 GMT
osd.js
www.googletagservices.com/activeview/js/current/ 		75 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_295.js
Protocol
HTTP/1.1
Server
2a00:1450:4001:81c::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
984a88847ddf3e7f71d95a6a1eda6ceab590880cc4e8e2255444af02493ee533
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://travelbaliyes.com/scsc/attlogin.htm
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 28 Jan 2019 14:14:51 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Wed, 23 Jan 2019 12:18:26 GMT
Server
sffe
Vary
Accept-Encoding
Content-Type
text/javascript
Cache-Control
private, max-age=3000
Accept-Ranges
bytes
Content-Length
28064
X-XSS-Protection
1; mode=block
Expires
Mon, 28 Jan 2019 14:14:51 GMT
view
securepubads.g.doubleclick.net/pcs/ Frame 9924 		0
269 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstwsQOt-bkXo5f55DRzmfp_7f-Xwm-DDWBAkP_d5YzvsGidrdHcbrNWBvjOtb1IplodIoZ90dqoFRoZoIwoZKYSA_NQjqXFrFawlLlEGUJoTCXaSEzTPk-KLrX41_KdTqQHerdz8arKYTF4EMDsM1ijFzENpH6MAmwTu6EikdQ3Um3TGKSEewKafh5P2F0wPXpDzfc34pl5a-SZYI-cN4I4oCwYQnv9V1-EdCxUEJZkxQ1FHseQGRC0OX-HMMU&sai=AMfl-YSgTq8XPqAqArRMLvDMRh4knixexZLcr6tuDbx7uEnKQ0XNPEG-3zFm44U4N080dZMF-zOFyHLnPuhp7e5fhvPhlqnnEmDgKfgUJeSeMA&sig=Cg0ArKJSzCuND-6-BrJ8EAE&adurl=
Requested by
Host: travelbaliyes.com
URL: http://travelbaliyes.com/scsc/attlogin.htm
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
216.58.205.226 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra15s24-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://travelbaliyes.com/scsc/attlogin.htm
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 28 Jan 2019 14:14:51 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
cache-control
private
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="44,43,39"
content-length
0
x-xss-protection
1; mode=block
expires
Mon, 28 Jan 2019 14:14:51 GMT
truncated
/ Frame 9924 		213 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
4b8dd46b048b118e7d0e9e492eeeba9ba8c720468a1f6d84bdc03fa8af962f56

Request headers

Response headers

Content-Type
image/png
activeview
pagead2.googlesyndication.com/pcs/ Frame 9924 		42 B
291 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstktQumYdXPlSX5joGQn2RBqj99bzxdxYoP_vogXKkE5ZNDDzPDzRlH3xhfarcWDd1BHZM1eUK4agqZDdAafXrHMoWv0MADWJvkj7I&sig=Cg0ArKJSzLgHUxGe20fIEAE&adk=2565056540&tt=1115&bs=1600%2C1200&mtos=1010,1010,1010,1010,1010&tos=1010,0,0,0,0&p=112,80,1136,1520&mcvt=1010&rs=3&ht=0&tfs=120&tls=1130&mc=1&lte=1&bas=0&bac=0&la=1&avms=geo&rst=1548684891655&rpt=83&isd=0&msd=0&lm=2&oseid=3&ps=1600%2C1136&ss=1600%2C1200&pt=16&deb=1-1-1-6-12-16-13-11&tvt=1118&r=v&id=osdim&uc=12&upc=1&tgt=DIV&cl=1&cec=5&clc=1&cac=0&cd=1440x1024&v=20190123
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:81b::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://travelbaliyes.com/scsc/attlogin.htm
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 28 Jan 2019 14:14:52 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, must-revalidate
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="44,43,39",quic=":443"; ma=2592000; v="44,43,39"
content-length
42
x-xss-protection
1; mode=block
expires
Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
home.secureapp.att.net
URL
http://home.secureapp.att.net/i/s.gif?nocache=9182

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: AT&T (Telecommunication)

102 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask string| mid string| adobe_mc string| href undefined| analytics_app_visitor_id undefined| ts undefined| newurl object| visitor function| isIE object| DataMappingInterface string| detm_tag_notification_key object| scripts object| script string| src function| satelliteDetector function| scriptExecutor undefined| detmScriptLoaderConfig function| detmScriptLoader undefined| detmLoader undefined| AllowDelayedLoad function| Visitor object| s_c_il number| s_c_in object| detmScriptExecutor function| detmDomainMapper object| detmTagControls object| antiClickjack undefined| noFrameBusting function| $ function| jQuery string| agent undefined| ORIGINATION_POINT_URL undefined| RETURN_URL undefined| CANCEL_URL function| getWindowWidth function| getWindowHeight function| setRegURL function| logPgvw function| refer function| submitForm function| trimAll function| chkTick function| unchkTick function| getElementsByClassName function| btnChange function| acctSelBtnEnable function| ie6Img function| getYadContents function| init undefined| countdownElement function| overlay function| cancelLoad function| Redirecturl string| focusableElementsString function| trapTabKey function| supportRedirect function| webtrendsAsyncInit object| Sadlib_Config object| TN8 object| SW_Config object| rubicontag object| googletag object| sadlib function| detmExecuteFooter object| closure_memoize_cache_ object| googleToken object| googleIMState object| google_js_reporting_queue function| processGoogleToken object| GPT_jstiming undefined| google_measure_js_timing object| google_reactive_ads_global_state boolean| google_noFetch boolean| google_DisableInitialLoad number| __google_ad_urls_id function| Goog_AdSense_getAdAdapterInstance function| Goog_AdSense_OsdAdapter function| googleCompanionsServicePresent function| googleGetCompanionAdSlots function| googleSetCompanionAdContents function| google_show_companion_ad function| google_show_companion_ad_in_slot function| google_get_companion_slot_params function| google_companion_error function| google_companion_loaded function| google_increment_num_ad_mouseovers string| google_ad_output string| google_ad_client string| google_flash_version boolean| google_webgl_support string| google_ad_section string| google_country number| google_unique_id object| gaGlobal object| __google_ad_urls boolean| google_osd_loaded boolean| google_onload_fired function| Goog_Osd_UnloadAdBlock function| Goog_Osd_UpdateElementToMeasure function| google_osd_amcb

4 Cookies

Domain/Path Name / Value
.travelbaliyes.com/ Name: currency
Value: EUR
.travelbaliyes.com/ Name: language
Value: en
travelbaliyes.com/ Name: PHPSESSID
Value: 3bjr1endjluorh43e8op1giua6
travelbaliyes.com/ Name: IV_JCT
Value: %2FcommonLogin

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adservice.google.com
adservice.google.de
dpm.demdex.net
home.secureapp.att.net
metrics.att.com
pagead2.googlesyndication.com
sadlib.static-app.synacor.com
securepubads.g.doubleclick.net
tpc.googlesyndication.com
travelbaliyes.com
www.att.com
www.googletagservices.com
home.secureapp.att.net
103.28.14.42
144.160.149.126
216.58.205.226
2a00:1450:4001:815::2001
2a00:1450:4001:819::2002
2a00:1450:4001:81b::2002
2a00:1450:4001:81c::2002
2a00:1450:4001:820::2002
2a00:1450:4001:821::2002
2a00:1450:4001:825::2002
2a02:26f0:eb:187::2db1
2a02:26f0:eb:195::2db1
54.194.25.183
69.168.106.86
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
27da51ec2023f96407f92161ddda0e290b0661a765822ff03e5d61f3aecf8aa0
30a949cc26cd4f709fa897313f8d448b2cb724a40a170c4b8e8ce6b3aa890fd1
37f94e55401f3507982b95b35887afadf0c0e289219edb3cf118e41cf3a91c41
3c8e05393a13e35cc44fa807446698953fdd5e6d2e104e98ba957529eee0a4b6
487b38bdff1549543e90f9ab1542d72f6af5572ec78468ded3b6bc14df8ed17a
4b8dd46b048b118e7d0e9e492eeeba9ba8c720468a1f6d84bdc03fa8af962f56
4dd51e6b250e15946ca0af835e0511093c82c5678115aac3055645d889a1681a
5759da4219228ce1f92cca409b7ac6dd426fa49e189c970d01ecabb1f989d4e6
5d5d27c8bcd7e354c7ac360c6b292efd73b5d83fe5fce3b7f6eb19afe248265f
61e91515aaf72cba3014a136331a138eca6b27831c8f2e6b0c128825243f5263
764b9e9f3ad386aaa5cdeae9368353994de61c0bede087c8f7e3579cb443de3b
8b3d8030a866ee16010b791d19cd984db3eb2dc747740d01e46ede6ff8bb1c18
8e6ec1efd720fba57823309829b05bb57ebb5716c813c88b3c88cf36ab9aa5e9
984a88847ddf3e7f71d95a6a1eda6ceab590880cc4e8e2255444af02493ee533
9e0db7af94ee7bd2d325475edb564226b87d4a0c528f4b69a112f8769ed52ab0
a8c89bb3937cdc4a70b3568eae5a390d918433be78f89deba07846932ae7c695
b5016432d46b6b11e1c947d37135b280326a8774805051cf85e31c2008e72ce0
b6b2eb0a3fa36c198258be57acde34c6f5d1297a8069b5293a287b23332a400e
b6ceb8e75bc1599c2480b14011337aadd5a19161be86e20a48c1181ff9b59035
c537cf7e2770d1b4953255dfccff8e0bdbfd4adb4e88d868e353208ae7ff13c1
ccd94beaf41f80fab69cabbcb2085871a4c77374bebe9a09c3746b1688e04439
da0f28b0d18d448b29cb3ee6e742952e7247c627d3800d045ba1573ca1fc07f4
db2a3260d580716fb8dae973b1b994f799f545d520b7a1636d473ecbdbdd2223
dfa2be020e3374a4b1c871c88ada990120fb198d4e8ff685ad35cfae88ad3466
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e9e1d9ba22f5b449beba17fb26ffb864b68c611674b718786152afa0b4425a53
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f09d560ddd19c437d8001660575fa51d5c7126776f0357b4b5b86295c65e39ae
f14ef16b60389ca877bdf962c084ec1dc9d7162e25e77665437784e1885d4127