attfraud.custhelp.com Open in urlscan Pro
138.1.123.58 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://attfraud.custhelp.com/app/mobility_id_claim_upload
Submission: On January 30 via manual (January 30th 2023, 12:31:34 pm UTC) from SG — Scanned from DE

Summary HTTP 18 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 4 IPs in 3 countries across 3 domains to perform 18 HTTP transactions. The main IP is 138.1.123.58, located in Phoenix, United States and belongs to ORACLE-BMC-31898, US. The main domain is attfraud.custhelp.com.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on March 11th 2022. Valid for: a year.

This is the only time attfraud.custhelp.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
11	138.1.123.58 138.1.123.58	31898 (ORACLE-BM...) (ORACLE-BMC-31898)
1	2a00:1450:400... 2a00:1450:4001:810::200a	15169 (GOOGLE) (GOOGLE)
4	104.96.137.230 104.96.137.230	16625 (AKAMAI-AS) (AKAMAI-AS)
2	147.154.107.92 147.154.107.92	31898 (ORACLE-BM...) (ORACLE-BMC-31898)
18	4

11 138.1.123.58 (Phoenix, United States)

ASN31898 (ORACLE-BMC-31898, US)

attfraud.custhelp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.96.137.230 (Vienna, Austria)

ASN16625 (AKAMAI-AS, US)
PTR: a104-96-137-230.deploy.static.akamaitechnologies.com

www.rnengage.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 147.154.107.92 (Phoenix, United States)

ASN31898 (ORACLE-BMC-31898, US)

attfraudnew.widget.custhelp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
13	custhelp.com attfraud.custhelp.com attfraudnew.widget.custhelp.com	185 KB
4	rnengage.com www.rnengage.com — Cisco Umbrella Rank: 15695	4 KB
1	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 295	30 KB
18	3

	Domain	Requested by
11	attfraud.custhelp.com	attfraud.custhelp.com
4	www.rnengage.com	attfraud.custhelp.com
2	attfraudnew.widget.custhelp.com	attfraud.custhelp.com
1	ajax.googleapis.com	attfraud.custhelp.com
18	4

This site contains links to these domains. Also see Links.

Domain
about.att.com

Subject Issuer	Validity	Valid
*.custhelp.com DigiCert TLS RSA SHA256 2020 CA1	`2022-03-11` - `2023-04-11`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-01-09` - `2023-04-03`	3 months	crt.sh
*.rnengage.com DigiCert TLS RSA SHA256 2020 CA1	`2022-10-12` - `2023-10-12`	a year	crt.sh
*.widget.custhelp.com DigiCert TLS RSA SHA256 2020 CA1	`2022-09-21` - `2023-10-12`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://attfraud.custhelp.com/app/mobility_id_claim_upload
Frame ID: C87B709408C04A85BD9A7F2BBF950462
Requests: 14 HTTP requests in this frame

Frame: https://www.rnengage.com/api/1/javascript/acs.js
Frame ID: DCCB52A21A7DA1F8951642758D636907
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

AT&T Global Fraud Management - Document Upload

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

18
Requests

100 %
HTTPS

25 %
IPv6

3
Domains

4
Subdomains

4
IPs

3
Countries

219 kB
Transfer

637 kB
Size

1
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://about.att.com/privacy.html
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://about.att.com/csr/home/privacy/rights_choices.html
Title: Do Not Sell My Personal Information

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

18 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request mobility_id_claim_upload Show response
attfraud.custhelp.com/app/ 39 KB
15 KB 949ms
398ms Document
text/html 138.1.123.58
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to

Full URL

https://attfraud.custhelp.com/app/mobility_id_claim_upload

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

138.1.123.58 Phoenix, United States, ASN31898 (ORACLE-BMC-31898, US),

Reverse DNS

Software

Resource Hash

d5265338b5b9ec046d193c97517afba3cedc1b4f4a1ea5fbb3284d903d2a78d8

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors DENY
Strict-Transport-Security	max-age=31536000
X-Content-Security-Policy	frame-ancestors DENY
X-Content-Type-Options	nosniff
X-Frame-Options	DENY sameorigin
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-cache, no-store
Connection: keep-alive
Content-Encoding: gzip
Content-Security-Policy: frame-ancestors DENY
Content-Type: text/html;charset=utf-8
Date: Mon, 30 Jan 2023 12:31:29 GMT
Expires: -1
F5_do_compression: yes
Pragma: no-cache
RNT-GK-Machine: 0.219
RNT-JN-Ext-Machine: 43.3
RNT-JN-Ext-UUID: dbc501b9-999a-45e2-9ed5-0f6bfbde5f40
RNT-JN-Int-Machine: 42.4
RNT-JN-Int-UUID: 1d2cbe0e-3d60-4b3d-a5b5-93163444b61b
RNT-Machine: 1.146
RNT-Time: D=245450 t=1675081889351804
Strict-Transport-Security: max-age=31536000
Transfer-Encoding: chunked
X-Content-Security-Policy: frame-ancestors DENY
X-Content-Type-Options: nosniff
X-Frame-Options: DENY sameorigin
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK att.themes.standard.SITE.css
attfraud.custhelp.com/euf/generated/optimized/1674830081/templates/ 20 KB
6 KB 288ms
150ms Stylesheet
text/css 138.1.123.58
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to

Full URL

https://attfraud.custhelp.com/euf/generated/optimized/1674830081/templates/att.themes.standard.SITE.css

Requested by

Host: attfraud.custhelp.com
URL: https://attfraud.custhelp.com/app/mobility_id_claim_upload

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

138.1.123.58 Phoenix, United States, ASN31898 (ORACLE-BMC-31898, US),

Reverse DNS

Software

Resource Hash

b71ed3af8c793100aecdddf3e5119153a0d48677b5b8d64fdd8f21a6de03995b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://attfraud.custhelp.com/app/mobility_id_claim_upload
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Mon, 30 Jan 2023 12:31:29 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
RNT-JN-Ext-UUID: 64d06413-3d96-4e38-b143-5338422a99d5
Transfer-Encoding: chunked
RNT-Machine: 0.67
Connection: keep-alive
F5_do_compression: yes
X-XSS-Protection: 1; mode=block
Last-Modified: Fri, 27 Jan 2023 14:35:02 GMT
X-Frame-Options: sameorigin
Content-Type: text/css
RNT-Time: D=1586 t=1675081889890831
Cache-Control: max-age=900
Accept-Ranges: bytes
RNT-JN-Ext-Machine: 43.4
Expires: Mon, 30 Jan 2023 12:46:29 GMT

GET
H/1.1 200
OK att.themes.standard.css
attfraud.custhelp.com/euf/generated/optimized/1674830081/templates/ 14 KB
4 KB 435ms
152ms Stylesheet
text/css 138.1.123.58
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to

Full URL

https://attfraud.custhelp.com/euf/generated/optimized/1674830081/templates/att.themes.standard.css

Requested by

Host: attfraud.custhelp.com
URL: https://attfraud.custhelp.com/app/mobility_id_claim_upload

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

138.1.123.58 Phoenix, United States, ASN31898 (ORACLE-BMC-31898, US),

Reverse DNS

Software

Resource Hash

8c5e698415f78e35c7a4db4e484dcf89144f0a87c66202bf04ac7e1312dfccb2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://attfraud.custhelp.com/app/mobility_id_claim_upload
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Mon, 30 Jan 2023 12:31:30 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
RNT-JN-Ext-UUID: 87e0110a-825a-4527-8d2a-516fec6e6355
Transfer-Encoding: chunked
RNT-Machine: 0.80
Connection: keep-alive
F5_do_compression: yes
X-XSS-Protection: 1; mode=block
Last-Modified: Fri, 27 Jan 2023 14:35:02 GMT
X-Frame-Options: sameorigin
Content-Type: text/css
RNT-Time: D=4107 t=1675081890036661
Cache-Control: max-age=900
Accept-Ranges: bytes
RNT-JN-Ext-Machine: 43.3
Expires: Mon, 30 Jan 2023 12:46:30 GMT

GET
H/1.1 200
OK mobility_id_claim_upload.themes.standard.css
attfraud.custhelp.com/euf/generated/optimized/1674830081/pages/ 6 KB
3 KB 432ms
149ms Stylesheet
text/css 138.1.123.58
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to

Full URL

https://attfraud.custhelp.com/euf/generated/optimized/1674830081/pages/mobility_id_claim_upload.themes.standard.css

Requested by

Host: attfraud.custhelp.com
URL: https://attfraud.custhelp.com/app/mobility_id_claim_upload

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

138.1.123.58 Phoenix, United States, ASN31898 (ORACLE-BMC-31898, US),

Reverse DNS

Software

Resource Hash

bdf79a966f81a321ca25455b0b5e5063205e4bc2de696f7e24a2c3b1f095fd45

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://attfraud.custhelp.com/app/mobility_id_claim_upload
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Mon, 30 Jan 2023 12:31:30 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
RNT-JN-Ext-UUID: eaa00d64-62c7-4309-9f69-84d16dfb979d
Transfer-Encoding: chunked
RNT-Machine: 1.149
Connection: keep-alive
F5_do_compression: yes
X-XSS-Protection: 1; mode=block
Last-Modified: Fri, 27 Jan 2023 14:35:08 GMT
X-Frame-Options: sameorigin
Content-Type: text/css
RNT-Time: D=1675 t=1675081890035910
Cache-Control: max-age=900
Accept-Ranges: bytes
RNT-JN-Ext-Machine: 43.4
Expires: Mon, 30 Jan 2023 12:46:30 GMT

GET
H/1.1 200
OK ATTLogo.png
attfraud.custhelp.com/euf/generated/optimized/1674830081/themes/standard/images/ 20 KB
21 KB 318ms
151ms Image
image/png 138.1.123.58
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://attfraud.custhelp.com/euf/generated/optimized/1674830081/themes/standard/images/ATTLogo.png

Requested by

Host: attfraud.custhelp.com
URL: https://attfraud.custhelp.com/app/mobility_id_claim_upload

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

138.1.123.58 Phoenix, United States, ASN31898 (ORACLE-BMC-31898, US),

Reverse DNS

Software

Resource Hash

26d3adab7d75521fa70f7d6fb85f75e8068ac1a38c4039e55a34144ce4aa221b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://attfraud.custhelp.com/app/mobility_id_claim_upload
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Mon, 30 Jan 2023 12:31:30 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
RNT-JN-Ext-UUID: 6da3d91a-08fb-4284-9bd8-53670f5eebae
RNT-Machine: 1.146
Connection: keep-alive
Content-Length: 20480
X-XSS-Protection: 1; mode=block
Last-Modified: Fri, 20 Mar 2020 21:05:39 GMT
X-Frame-Options: sameorigin
Content-Type: image/png
RNT-Time: D=1209 t=1675081890359838
Cache-Control: max-age=900
Accept-Ranges: bytes
RNT-JN-Ext-Machine: 43.4
Expires: Mon, 30 Jan 2023 12:46:30 GMT

GET
H/1.1 200
OK indicator.gif
attfraud.custhelp.com/euf/generated/optimized/1674830081/themes/standard/images/ 722 B
1 KB 432ms
148ms Image
image/gif 138.1.123.58
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://attfraud.custhelp.com/euf/generated/optimized/1674830081/themes/standard/images/indicator.gif

Requested by

Host: attfraud.custhelp.com
URL: https://attfraud.custhelp.com/app/mobility_id_claim_upload

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

138.1.123.58 Phoenix, United States, ASN31898 (ORACLE-BMC-31898, US),

Reverse DNS

Software

Resource Hash

caae15eec8bd2af1f0ee84b9aabef62a6fb1a2305f65ff4eb5d56773b159187f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://attfraud.custhelp.com/app/mobility_id_claim_upload
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Mon, 30 Jan 2023 12:31:30 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
RNT-JN-Ext-UUID: b2142a9f-c179-42d0-9ace-28dc02909df4
RNT-Machine: 1.149
Connection: keep-alive
Content-Length: 722
X-XSS-Protection: 1; mode=block
Last-Modified: Fri, 05 Nov 2021 11:08:24 GMT
X-Frame-Options: sameorigin
Content-Type: image/gif
RNT-Time: D=846 t=1675081890474166
Cache-Control: max-age=900
Accept-Ranges: bytes
RNT-JN-Ext-Machine: 43.2
Expires: Mon, 30 Jan 2023 12:46:30 GMT

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/2.1.1/ 82 KB
30 KB 32ms
8ms Script
text/javascript 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js

Requested by

Host: attfraud.custhelp.com
URL: https://attfraud.custhelp.com/app/mobility_id_claim_upload

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

874706b2b1311a0719b5267f7d1cf803057e367e94ae1ff7bf78c5450d30f5d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://attfraud.custhelp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:16:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 15307
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29671
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 30 Jan 2024 08:16:23 GMT

GET
H/1.1 200
OK RightNow.js Show response
attfraud.custhelp.com/euf/core/3.7/js/1.15/min/ 310 KB
97 KB 155ms
154ms Script
application/x-javascript 138.1.123.58
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to

Full URL

https://attfraud.custhelp.com/euf/core/3.7/js/1.15/min/RightNow.js

Requested by

Host: attfraud.custhelp.com
URL: https://attfraud.custhelp.com/app/mobility_id_claim_upload

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

138.1.123.58 Phoenix, United States, ASN31898 (ORACLE-BMC-31898, US),

Reverse DNS

Software

Resource Hash

9d2b8dc3696a7f4b1ef73de41cdcd60b1155477dc4cb9717da44d78944fe1447

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://attfraud.custhelp.com/app/mobility_id_claim_upload
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Mon, 30 Jan 2023 12:31:30 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
RNT-JN-Ext-UUID: 641fb448-dd39-4df5-938b-3718f8c46401
Transfer-Encoding: chunked
RNT-Machine: 0.79
Connection: keep-alive
F5_do_compression: yes
X-XSS-Protection: 1; mode=block
Last-Modified: Fri, 06 May 2022 03:26:21 GMT
X-Frame-Options: sameorigin
Content-Type: application/x-javascript
RNT-Time: D=4854 t=1675081890190727
Cache-Control: max-age=2592000
Accept-Ranges: bytes
RNT-JN-Ext-Machine: 43.4
Expires: Wed, 01 Mar 2023 12:31:30 GMT

GET
H/1.1 200
OK att.0cd9ec57899e5b627bda66e2359374bf.js Show response
attfraud.custhelp.com/euf/generated/optimized/1674830081/templates/ 108 KB
26 KB 149ms
148ms Script
application/x-javascript 138.1.123.58
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to

Full URL

https://attfraud.custhelp.com/euf/generated/optimized/1674830081/templates/att.0cd9ec57899e5b627bda66e2359374bf.js

Requested by

Host: attfraud.custhelp.com
URL: https://attfraud.custhelp.com/app/mobility_id_claim_upload

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

138.1.123.58 Phoenix, United States, ASN31898 (ORACLE-BMC-31898, US),

Reverse DNS

Software

Resource Hash

23c041c54701170299bdeb72e3ada00cc5cb4ba9c50f73dbd4e0d63120bede28

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://attfraud.custhelp.com/app/mobility_id_claim_upload
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Mon, 30 Jan 2023 12:31:30 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
RNT-JN-Ext-UUID: fa6ab93c-0fce-4177-ab23-ba0f0dde1597
Transfer-Encoding: chunked
RNT-Machine: 0.81
Connection: keep-alive
F5_do_compression: yes
X-XSS-Protection: 1; mode=block
Last-Modified: Fri, 27 Jan 2023 14:35:02 GMT
X-Frame-Options: sameorigin
Content-Type: application/x-javascript
RNT-Time: D=1526 t=1675081890190338
Cache-Control: max-age=900
Accept-Ranges: bytes
RNT-JN-Ext-Machine: 43.4
Expires: Mon, 30 Jan 2023 12:46:30 GMT

GET
H/1.1 200
OK mobility_id_claim_upload.c89987eab64c7490b700dac0b04545b7.js Show response
attfraud.custhelp.com/euf/generated/optimized/1674830081/pages/ 13 KB
4 KB 155ms
154ms Script
application/x-javascript 138.1.123.58
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to

Full URL

https://attfraud.custhelp.com/euf/generated/optimized/1674830081/pages/mobility_id_claim_upload.c89987eab64c7490b700dac0b04545b7.js

Requested by

Host: attfraud.custhelp.com
URL: https://attfraud.custhelp.com/app/mobility_id_claim_upload

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

138.1.123.58 Phoenix, United States, ASN31898 (ORACLE-BMC-31898, US),

Reverse DNS

Software

Resource Hash

9c56fdf798b18c495720c0abed1c1fe3adc535529634f1d3b62d2487630f0450

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://attfraud.custhelp.com/app/mobility_id_claim_upload
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Mon, 30 Jan 2023 12:31:30 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
RNT-JN-Ext-UUID: e3867979-6f6e-40db-baec-59406724a570
Transfer-Encoding: chunked
RNT-Machine: 0.81
Connection: keep-alive
F5_do_compression: yes
X-XSS-Protection: 1; mode=block
Last-Modified: Fri, 27 Jan 2023 14:35:08 GMT
X-Frame-Options: sameorigin
Content-Type: application/x-javascript
RNT-Time: D=4123 t=1675081890193386
Cache-Control: max-age=900
Accept-Ranges: bytes
RNT-JN-Ext-Machine: 43.3
Expires: Mon, 30 Jan 2023 12:46:30 GMT

GET
H/1.1 200
OK Markdown.Converter.min.js Show response
attfraud.custhelp.com/euf/core/3.7/thirdParty/js/ 13 KB
4 KB 152ms
151ms Script
application/x-javascript 138.1.123.58
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to

Full URL

https://attfraud.custhelp.com/euf/core/3.7/thirdParty/js/Markdown.Converter.min.js

Requested by

Host: attfraud.custhelp.com
URL: https://attfraud.custhelp.com/app/mobility_id_claim_upload

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

138.1.123.58 Phoenix, United States, ASN31898 (ORACLE-BMC-31898, US),

Reverse DNS

Software

Resource Hash

ab563f1073782f1b614402252fef9c48af2e1491f2fecf33cf098c47841c3c13

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://attfraud.custhelp.com/app/mobility_id_claim_upload
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Mon, 30 Jan 2023 12:31:30 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
RNT-JN-Ext-UUID: dc7f4840-a704-415c-8a07-5baa287396c2
Transfer-Encoding: chunked
RNT-Machine: 0.85
Connection: keep-alive
F5_do_compression: yes
X-XSS-Protection: 1; mode=block
Last-Modified: Fri, 17 Jul 2015 19:22:29 GMT
X-Frame-Options: sameorigin
Content-Type: application/x-javascript
RNT-Time: D=1613 t=1675081890191203
Cache-Control: max-age=900
Accept-Ranges: bytes
RNT-JN-Ext-Machine: 43.2
Expires: Mon, 30 Jan 2023 12:46:30 GMT

GET
H/1.1 200
OK buttonGradientCombo.png
attfraud.custhelp.com/euf/generated/optimized/1674830081/themes/standard/images/ 140 B
680 B 304ms
154ms Image
image/png 138.1.123.58
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://attfraud.custhelp.com/euf/generated/optimized/1674830081/themes/standard/images/buttonGradientCombo.png

Requested by

Host: attfraud.custhelp.com
URL: https://attfraud.custhelp.com/euf/generated/optimized/1674830081/templates/att.themes.standard.SITE.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

138.1.123.58 Phoenix, United States, ASN31898 (ORACLE-BMC-31898, US),

Reverse DNS

Software

Resource Hash

5898db0ae196380dedd0704e850bdca0616a37b513a3f74d8628dfbde3c548f6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://attfraud.custhelp.com/euf/generated/optimized/1674830081/templates/att.themes.standard.SITE.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Mon, 30 Jan 2023 12:31:30 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
RNT-JN-Ext-UUID: 10dbe110-a235-44b8-ac77-d2fee0ac3542
RNT-Machine: 1.146
Connection: keep-alive
Content-Length: 140
X-XSS-Protection: 1; mode=block
Last-Modified: Tue, 06 Aug 2013 22:32:38 GMT
X-Frame-Options: sameorigin
Content-Type: image/png
RNT-Time: D=3139 t=1675081890351426
Cache-Control: max-age=900
Accept-Ranges: bytes
RNT-JN-Ext-Machine: 43.4
Expires: Mon, 30 Jan 2023 12:46:30 GMT

GET
H/1.1 200
OK acs.js Show response
www.rnengage.com/api/1/javascript/ Frame DCCB 5 KB
3 KB 221ms
142ms Script
application/javascript 104.96.137.230
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.rnengage.com/api/1/javascript/acs.js

Requested by

Host: attfraud.custhelp.com
URL: https://attfraud.custhelp.com/app/mobility_id_claim_upload

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.96.137.230 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-96-137-230.deploy.static.akamaitechnologies.com

Software

Resource Hash

03d4dfb6155c4be430e4b8d85b190b6984caaed4a99c41df361efb44e45f48a8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://attfraud.custhelp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15724800; includeSubDomains
Content-Encoding: gzip
Date: Mon, 30 Jan 2023 12:31:30 GMT
Vary: Accept-Encoding
Content-Type: application/javascript; charset=UTF-8
Connection: keep-alive
Content-Length: 2500
Expires: Mon, 30 Jan 2023 12:31:30 GMT

GET
H/1.1 200
OK e.js Show response
www.rnengage.com/api/e/ca234047/ Frame DCCB 175 B
602 B 136ms
58ms Script
application/javascript 104.96.137.230
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.rnengage.com/api/e/ca234047/e.js

Requested by

Host: attfraud.custhelp.com
URL: https://attfraud.custhelp.com/app/mobility_id_claim_upload

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.96.137.230 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-96-137-230.deploy.static.akamaitechnologies.com

Software

Resource Hash

042a8f9e4ce5e644b9cfd66529e11adae88d843fb9ad25e2528e968d98a0dbcc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://attfraud.custhelp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15724800; includeSubDomains
Date: Mon, 30 Jan 2023 12:31:30 GMT
ETag: NlRl5cev
Content-Type: application/javascript; charset=UTF-8
Cache-Control: private
Connection: keep-alive
Content-Length: 175
Expires: Mon, 06 Feb 2023 08:29:52 GMT

GET
H/1.1 200
OK overlay-min.js Show response
attfraudnew.widget.custhelp.com/ci/cache/yuiCombo/3.18.1/overlay/ 465 B
1 KB 549ms
147ms Script
application/javascript 147.154.107.92
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to

Full URL

https://attfraudnew.widget.custhelp.com/ci/cache/yuiCombo/3.18.1/overlay/overlay-min.js

Requested by

Host: attfraud.custhelp.com
URL: https://attfraud.custhelp.com/euf/core/3.7/js/1.15/min/RightNow.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

147.154.107.92 Phoenix, United States, ASN31898 (ORACLE-BMC-31898, US),

Reverse DNS

Software

Resource Hash

94b4e8179d800ca6b20c7bdce7c8377990196c7bc5b693320d91a033d37fb98b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000, max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://attfraud.custhelp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Mon, 30 Jan 2023 12:31:31 GMT
Strict-Transport-Security: max-age=31536000, max-age=31536000
RNT-JN-Ext-UUID: 6e62230c-15b0-4912-85bd-c003f2eb996c
RNT-CTime: D=41776 t=1674795331958268
Age: 286560
RNT-Machine: 0.79
Connection: keep-alive
Content-Length: 465
F5_do_compression: yes
RNT-JN-Int-UUID: 82cf7ecd-d379-43a3-826e-2750f30b7e51
Last-Modified: Fri, 27 Jan 2023 04:55:31 GMT
Content-Type: application/javascript; charset=utf-8
RNT-Time: D=38278 t=1674795331960047
Cache-Control: max-age=315360000, public
RNT-JN-Int-Machine: 42.2
RNT-CMachine: 0.33
RNT-JN-Ext-Machine: 43.3
Expires: Fri, 23 Jan 2037 04:55:31 GMT

GET
H/1.1 200
OK r
www.rnengage.com/api/1/ Frame DCCB 43 B
275 B 109ms
108ms Image
image/gif 104.96.137.230
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.rnengage.com/api/1/r?Z=mbTZcpzz0&s=s-hFVv-p&uh=b84611d0&uc=attfraud.custhelp.com%2Fapp%2Fmobility_id_claim_upload&b=ca234047&i=attfraud%3Aattfraud&f=rnw&p=Customer%20Portal&v=22.11.0.1-b15-sp1&e=NlRl5cev&%230:redirectCount=0&%230:navType=0&a=script-page,view&n=script-page,response,i,539

Requested by

Host: attfraud.custhelp.com
URL: https://attfraud.custhelp.com/app/mobility_id_claim_upload

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.96.137.230 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-96-137-230.deploy.static.akamaitechnologies.com

Software

Resource Hash

98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://attfraud.custhelp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Pragma: no-cache
Strict-Transport-Security: max-age=15724800; includeSubDomains
Cache-Control: no-store
Date: Mon, 30 Jan 2023 12:31:30 GMT
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

GET
H/1.1 200
OK anim-scroll-min.js Show response
attfraudnew.widget.custhelp.com/ci/cache/yuiCombo/3.18.1/anim-base/anim-base-min.js&3.18.1/anim-scroll/ 5 KB
3 KB 147ms
147ms Script
application/javascript 147.154.107.92
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to

Full URL

https://attfraudnew.widget.custhelp.com/ci/cache/yuiCombo/3.18.1/anim-base/anim-base-min.js&3.18.1/anim-scroll/anim-scroll-min.js

Requested by

Host: attfraud.custhelp.com
URL: https://attfraud.custhelp.com/euf/core/3.7/js/1.15/min/RightNow.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

147.154.107.92 Phoenix, United States, ASN31898 (ORACLE-BMC-31898, US),

Reverse DNS

Software

Resource Hash

60d03e31f8079f81c53db9a5ed8a1256cc64b6852e48f9e337beffc637043440

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000, max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://attfraud.custhelp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Mon, 30 Jan 2023 12:31:31 GMT
Content-Encoding: gzip
Strict-Transport-Security: max-age=31536000, max-age=31536000
RNT-CTime: D=68408 t=1674796592302733
RNT-JN-Ext-UUID: 3c8d1685-5e13-4a56-9a02-83a05d0877e7
Age: 285299
Transfer-Encoding: chunked
RNT-Machine: 0.66
Connection: keep-alive
F5_do_compression: yes
RNT-JN-Int-UUID: bb388e47-775a-4264-b9b3-782d10898d7d
Last-Modified: Fri, 27 Jan 2023 05:16:32 GMT
Content-Type: application/javascript; charset=utf-8
RNT-Time: D=65302 t=1674796592304936
Cache-Control: max-age=315360000, public
RNT-JN-Int-Machine: 42.3
RNT-CMachine: 0.33
RNT-JN-Ext-Machine: 43.3
Expires: Fri, 23 Jan 2037 05:16:32 GMT

GET
H/1.1 200
OK r
www.rnengage.com/api/1/ Frame DCCB 43 B
275 B 71ms
71ms Image
image/gif 104.96.137.230
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.rnengage.com/api/1/r?Z=mbTZwst4o&s=s-hFVv-p&uh=b84611d0&uc=attfraud.custhelp.com%2Fapp%2Fmobility_id_claim_upload&b=ca234047&i=attfraud%3Aattfraud&f=rnw&p=Customer%20Portal&v=22.11.0.1-b15-sp1&e=NlRl5cev&%230:redirectCount=0&%230:navType=0&n=script-page,load,i,2651

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.96.137.230 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-96-137-230.deploy.static.akamaitechnologies.com

Software

Resource Hash

98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://attfraud.custhelp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Pragma: no-cache
Strict-Transport-Security: max-age=15724800; includeSubDomains
Cache-Control: no-store
Date: Mon, 30 Jan 2023 12:31:32 GMT
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

Verdicts & Comments Add Verdict or Comment

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			attfraud.custhelp.com/	1969-12-31 23:59:59	Name: cp_session Value: fUyJHaXBCOdM8m339x51Fbsk7NKQrnuLeaInpWjQ6oKEEpcoFAaYedPEO~9U9iyj4hKCl80fZv04r_R_eKYZoz5DP2Q7LAyqgKStMUhhClwOCNcfS3TmyfgpZEJCrnxAXvbcpnpm8ZVVJLjIDXnyfQeEI8CMMtPrhajD8d7~QykTKc6qtdTfpbEsyq_eDoq9QRcuPRW_Qu1YCy2avV9pgzXc_SfqVca1y~4bTfwWyiaL~hwbakOrN5aHgBDpCofTE56qw4P0bu7CmGSPVd~HkOUlaNLdbxu71PGt8_IwF0kmH~nQ2X9v5~Z3jlFD9XZbfXgmH9NOv4BiqJTJ4x9ZwieU9TjOP_1xHCX1RuGDw_LEAb5STmODIiaG1NHArxl204uP59V5D_CL99WbVExd8XP2HYoQWgTQL6Kwm2PWajRPsKwD8VJBdMR5jcdGAy38v3IaE5NX1chnsi7DM4udyPhSobKMoP~DBSo4nXsa9zH22QbAlmBWRPZA!!

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors DENY
Strict-Transport-Security	max-age=31536000
X-Content-Security-Policy	frame-ancestors DENY
X-Content-Type-Options	nosniff
X-Frame-Options	DENY sameorigin
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
attfraud.custhelp.com
attfraudnew.widget.custhelp.com
www.rnengage.com
104.96.137.230
138.1.123.58
147.154.107.92
2a00:1450:4001:810::200a
03d4dfb6155c4be430e4b8d85b190b6984caaed4a99c41df361efb44e45f48a8
042a8f9e4ce5e644b9cfd66529e11adae88d843fb9ad25e2528e968d98a0dbcc
23c041c54701170299bdeb72e3ada00cc5cb4ba9c50f73dbd4e0d63120bede28
26d3adab7d75521fa70f7d6fb85f75e8068ac1a38c4039e55a34144ce4aa221b
5898db0ae196380dedd0704e850bdca0616a37b513a3f74d8628dfbde3c548f6
60d03e31f8079f81c53db9a5ed8a1256cc64b6852e48f9e337beffc637043440
874706b2b1311a0719b5267f7d1cf803057e367e94ae1ff7bf78c5450d30f5d4
8c5e698415f78e35c7a4db4e484dcf89144f0a87c66202bf04ac7e1312dfccb2
94b4e8179d800ca6b20c7bdce7c8377990196c7bc5b693320d91a033d37fb98b
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
9c56fdf798b18c495720c0abed1c1fe3adc535529634f1d3b62d2487630f0450
9d2b8dc3696a7f4b1ef73de41cdcd60b1155477dc4cb9717da44d78944fe1447
ab563f1073782f1b614402252fef9c48af2e1491f2fecf33cf098c47841c3c13
b71ed3af8c793100aecdddf3e5119153a0d48677b5b8d64fdd8f21a6de03995b
bdf79a966f81a321ca25455b0b5e5063205e4bc2de696f7e24a2c3b1f095fd45
caae15eec8bd2af1f0ee84b9aabef62a6fb1a2305f65ff4eb5d56773b159187f
d5265338b5b9ec046d193c97517afba3cedc1b4f4a1ea5fbb3284d903d2a78d8

attfraud.custhelp.com Open in urlscan Pro 138.1.123.58 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

18 Requests

100 %HTTPS

25 %IPv6

3 Domains

4 Subdomains

4 IPs

3 Countries

219 kBTransfer

637 kBSize

1 Cookies

2 Outgoing links

Redirected requests

18 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

11 JavaScript Global Variables

1 Cookies

Security Headers

Indicators

attfraud.custhelp.com Open in urlscan Pro
138.1.123.58 Public Scan

Screenshot
Live screenshot

Full Image

18
Requests

100 %
HTTPS

25 %
IPv6

3
Domains

4
Subdomains

4
IPs

3
Countries

219 kB
Transfer

637 kB
Size

1
Cookies

18 HTTP transactions
0 data transactions