| att-105707-102076.square.site/ | 74.115.51.5 | 302 Found | 394 B |
URL User Request GET HTTP/1.1att-105707-102076.square.site/ IP74.115.51.5:80
File typeHTML document, ASCII text Hash52789ced086f5942908e8c79898cc720 11b7d8fe6addf0cc778071ac85410efdf3344b5f 91dc391876c5b25eb28672c0f19fa9104c94f1e8d0c390bb1fe48df8f426fd26
Analyzer | Verdict | Alert | OpenPhish | phishing | AT&T Inc. | PhishTank | phishing | Other |
GET / HTTP/1.1
Host: att-105707-102076.square.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Cookie: publishedsite-xsrf=eyJpdiI6IlZDdzNKd2Jqd1p2SCtXckxFNERxdFE9PSIsInZhbHVlIjoiQUphbS9EYUx1T3hsajlYdVpWcGRzNlBFSDVDcjlxZTFiVGsvZGw3TkxwZHZRM2MxVFlLcStmSWgwT1JCYWJxTEZBdy9maEtJUkpRTzJZTkFEMWJ1d1ZObGx5SWVJVFlxc3hYaXBKbHkzOTlYOUpZYitkVWd0R1pvWGVwUzBPai8iLCJtYWMiOiJhNDEyNzFmZjIxNjQzZWZhYmE4YmU4NjJkOWVjZDQ4YWEwYjhmYWIwNzY0NGNmZTZlZjI3ZjRiMDA4NWVjMGVjIiwidGFnIjoiIn0%3D; XSRF-TOKEN=eyJpdiI6Ijl3OVZuUXAyRStremJsOG9WaEkyMFE9PSIsInZhbHVlIjoiNzZpdFR1b0VTWmtRWUp4eHYxdW9UZld1N1l5SkhzLzNFeHk4dEFSUi9ya0V3K2dZRTNQYmhQM0diREt3cjJjRVlmME1IcUg5Sk1zcUZiclVCWFI5d0hKb3d1L2RqUUNXL1h6VzJtdnR3VTFZeWZEKzRUMVJtQVNiUEREdTcvYUYiLCJtYWMiOiJiMTM1ZTczYWU3OWFiNDY0ZTljNzk3NDI1YzhhZjY4MzgxZjIyOGM2Y2FiZjU0MThjMjllYzJjYzExYTczMWE2IiwidGFnIjoiIn0%3D; PublishedSiteSession=eyJpdiI6ImRzc3czeWk5ZzB2WTdaZFN2cy85bXc9PSIsInZhbHVlIjoiSU5jVm5RNGlUWTlkSHpwdVJhL1BPVjlmY2pWM1ByOTJVVXdRbEV4VDBqYkxja0dHR3p0Q1NTSnJtVVJRdk5WZXZxbVNDKzFXbDNRQjUzL2NXWVZqamxibGk3NWRqdGNVNVAvT1hvVmtWc2dWSEd4MTNUZi9CaGR4T0RVZ2Vpa0wiLCJtYWMiOiIwYzY5M2VjNTdmNDRlN2Y5OGZkZmMzODY4YmMwZWQ3ZDVjOTJiZWY3NWVlMjM3ZTc4ZWEwNGNlYTAxODIwMDdiIiwidGFnIjoiIn0%3D
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Date: Wed, 24 Apr 2024 04:39:28 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://att-105707-102076.square.site
CF-Ray: 879368e11a1a5695-OSL
CF-Cache-Status: DYNAMIC
Cache-Control: no-cache, private
X-Host: grn154.sf2p.intern.weebly.net
X-Request-ID: 6924bc5c0202e9f9dbfb6e5956a76ee6
X-Revision: f255cb7aee26d0a4d6045a89e6cf4977980a997a
Set-Cookie: publishedsite-xsrf=eyJpdiI6IlVLbkRIMzZ1NWV4NU5XWEhBQU5FUEE9PSIsInZhbHVlIjoidHR2RFRNaVZoYkR4SSt0R20vcWNvYWpPZHFaZjRpcm56R0dJejVENVMvRVJLSnhNUzBoYUYwUHRVZ1BiVW9NZ1NrUXdtcVR1TjMyUkNiQjA2U0xieG81QWY5cHdjN2hhY1k0WGllUFhnK3Z0alBEc2NNdFdPcXZIQlBFZGQzeWMiLCJtYWMiOiI1YWVkYjBlN2Y1MmI1ZjljNjdiZGE1MGQwN2MzMzM1MjhiNmFjNjc5Yjk0ODhiYTEyODk0M2ViOGNmZmQ1MzMwIiwidGFnIjoiIn0%3D; expires=Wed, 08-May-2024 04:39:28 GMT; Max-Age=1209600; path=/; samesite=lax
XSRF-TOKEN=eyJpdiI6ImlvOWlKSnJHQVhIbzNTcVdHQ1l6Z3c9PSIsInZhbHVlIjoicVlvNmtMRy9sNnJ1TWNtcFlXRERQcHNUOEdOTFdHT3RyRFR6N3p0NlZkbGp3cGRidjIzVzBrTTF2Sm9JMkg3SHRJbFBoQjBRc0tGaTV2WTlVUXpyZEhFbHdIb1NhRkVsOTVTaFpDb0xydnlSMTRXYzV2QXN1QitWU1FkWjZLQWIiLCJtYWMiOiI5Yzg5ZTExMWJiZjhhYmJmNWE3MjE0OGEwYWZiMzAzNWJmNmE5OGFmMzRjNmUxM2U1NjVjY2YyYjg3MTFkMWY3IiwidGFnIjoiIn0%3D; expires=Wed, 08-May-2024 04:39:28 GMT; Max-Age=1209600; path=/; samesite=lax
PublishedSiteSession=eyJpdiI6IlJETjh0bmRrTGR3YVZQcVZ3NjlGdmc9PSIsInZhbHVlIjoiM1FJdUlCZmQ4ZlRRMFZiLzFmUExjOTRTSmd0U0Zyb2FNazBncllNRXBxS1hWT3dHU3lzZldJS0VrNkZqZElTRjc1ckJTa3U5cVE4bUFZUXBGT1YzTW1iQmF0VTN3QXJwc0ozb1U3ZEltU0c4TzhTakF0cXpWY3Nla2FVK2RMZGciLCJtYWMiOiIzNzBmZWU4NDc0YjZmYzQwNzVkOGFiYzg3YjExNDRjNTY0YmFjODQ1NDBjYjQ0NzY0Mjc0ZWY5YTEzYjNhNGQ0IiwidGFnIjoiIn0%3D; expires=Wed, 08-May-2024 04:39:28 GMT; Max-Age=1209600; path=/; httponly; samesite=lax
__cf_bm=hCU1KxdKaCjc5L3dsbfUw_rfLBvfO9JlHMJxygevX1Y-1713933568-1.0.1.1-mfDfh05h4uoyY3kaRt_5Q2mbEbPUnv4el2dT5hPU0w9EeN3yZV9dqR9BrEKh_MbYm5EtY5evbHXh7OpmCzuDRw; path=/; expires=Wed, 24-Apr-24 05:09:28 GMT; domain=.square.site; HttpOnly; SameSite=None
Vary: Accept-Encoding
Server: cloudflare
|
| att-105707-102076.square.site/favicon.ico | 74.115.51.4 | 200 OK | 1 B |
URL GET HTTP/2att-105707-102076.square.site/favicon.ico IP74.115.51.4:443
Requested byhttps://att-105707-102076.square.site/ CertificateIssuerLet's Encrypt Subjectsquare.site Fingerprint52:97:AC:6B:DF:39:22:E7:27:37:98:58:0F:73:67:A2:E1:35:05:34 ValidityMon, 01 Apr 2024 00:25:07 GMT - Sun, 30 Jun 2024 00:25:06 GMT
File typevery short file (no magic) Hash93b885adfe0da089cdf634904fd59f71 5ba93c9db0cff93f52b521d7420e43f6eda2784f 6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer | Verdict | Alert | OpenPhish | phishing | AT&T Inc. | PhishTank | phishing | Other |
GET /favicon.ico HTTP/1.1
Host: att-105707-102076.square.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://att-105707-102076.square.site/
Cookie: publishedsite-xsrf=eyJpdiI6IlhMam1vbzF6UFczeVVCRHRoNEVhQWc9PSIsInZhbHVlIjoiZmx0djd1a3VDTWdZUDR4eHloK0p0NGJMWUVFcVkvMDQ0c2cyYVM2eWZWMGx5QXVKRTFKdDdTOTdvRnJ6bCsyRkFTRThHMmV6ZGc1SE92Zit4bVpZMndHZUIyejI1NG84TkFUVm90U01ka1E1OENaODJkTzlseFNxTW0yNEthRXkiLCJtYWMiOiI0N2YyZGNlZTQ5ZTdjMzkyMTgzNGU5ODFmMWY5MzAzOTY2MGFiZDMyMmZkNjlmYzIyMTZiYzE4NGVkYTIwMzQ4IiwidGFnIjoiIn0%3D; XSRF-TOKEN=eyJpdiI6InZMUFR5NlFlWTN1aDhiUWhQdWhyUWc9PSIsInZhbHVlIjoiYSt0cmNYZms5UkdZOEloUXU3QUUwSGhFNVR1TE4xN3d0Rm9YM1lEK0o2Z2prenFZaTJBeEhqWjJrWUJ2VUphcTZnMkdiU3BzSEVNZVhPRXNDeG92MW5XQXlRbll6QzdCWTFLQWlocVhsT0FGNFROOVhTQy9Cd2U0MVBtZzRiMEMiLCJtYWMiOiJkMWVhZjg1ZTIwMDkxNTAzNzg0NjUwOTYxNDhlNmNhODlmMTM2M2UzOTU2YWFkNmUxMTM1MTIyNmQ4NDI0Y2E4IiwidGFnIjoiIn0%3D; PublishedSiteSession=eyJpdiI6IkxIUGlZSFY2Z2lmOEZGOHpiS1VDZ2c9PSIsInZhbHVlIjoibTltZC9rbmk2Z1kyNFRBMTl1Sll4aXV3N2MyOW9hOXRyTEdtaWtGZnpWcCtFYVpzYmpLZlhPUHdjZkljYWxoQjVUVlJZOTRMNGdsOS8vd1p2MmhkdWZmUnNISjljZVJuZXI2cklKOThwS2k3NEJPdjRtbDZTanc5dzNjY0hKVTMiLCJtYWMiOiI1ZjcxMWUzN2M3MWIwYTRkY2NlZDIzMWQ5ZmY2MzZhZjM5ZjVkNjBhOGRlNzFhZTUwNGM1NjNiZWNiNjY4NWVjIiwidGFnIjoiIn0%3D; __cf_bm=nFLILefdTiqd9MCyQNYoRzAqMq6VJQeKCtWEOeRjRbY-1713933568-1.0.1.1-BnFCBhaJf.H.Mac.1xl8BSzg6Xxqw9F5DgjsInMa22alkMvaCtIHCoLoJFlTZsmWMM6omLSdSPZwbMRI5UJvcg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 24 Apr 2024 04:39:30 GMT
content-type: application/octet-stream
content-length: 1
cf-ray: 879368e8da765685-OSL
cf-cache-status: DYNAMIC
accept-ranges: bytes
cache-control: max-age=315360000
etag: "93b885adfe0da089cdf634904fd59f71"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Tue, 14 Apr 2020 20:17:36 GMT
x-amz-meta-s3cmd-attrs: atime:1586895392/ctime:1586718963/gid:0/gname:root/md5:93b885adfe0da089cdf634904fd59f71/mode:33188/mtime:1586718963/uid:0/uname:root
x-amz-request-id: tx00000ee7c0fc46bf1e30f-0065d8548c-e8f44ee-sfo1
x-host: blu65.sf2p.intern.weebly.net
x-request-id: 742ba7f99155cd0cc2a0482664a8645a
x-revision: f255cb7aee26d0a4d6045a89e6cf4977980a997a
x-rgw-object-type: Normal
vary: Accept-Encoding
server: cloudflare
X-Firefox-Spdy: h2
|
| aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml | 35.244.181.201 | | 444 B |
URL aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml IP35.244.181.201:0 ASN#396982 GOOGLE-CLOUD-PLATFORM
File typeXML 1.0 document, ASCII text, with very long lines (332) Hash3b324dec137a87ef7e24a30a65b13dd0 c0faa95b2f1018e264b3a14aaf50d1003e6c27b3 6cd0b591d9239fc8564627e92a804fc261951b1cbaf5fa58a8ada3cc13f51463
GET /update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml HTTP/1.1
Host: aus5.mozilla.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Cache-Control: no-cache
Pragma: no-cache
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
rule-id: unknown
rule-data-version: unknown
content-signature: x5u=https://content-signature-2.cdn.mozilla.net/chains/aus.content-signature.mozilla.org-2024-06-09-11-51-10.chain; p384ecdsa=tn18AszZ-pkTu7CQtW4VYuNdFN2HCl73GvIDinL7UcUH62IbpxUczgbBPPfpMiphyXWnk-Fr6I5KBQlwt5aWj1o_GclPj92ksCyFZZG5CkVXcAKVKuxGTdhZ7HkcmQnb
strict-transport-security: max-age=31536000;
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'
x-proxy-cache-status: EXPIRED
content-encoding: gzip
via: 1.1 google
date: Wed, 24 Apr 2024 04:38:32 GMT
content-type: text/xml; charset=utf-8
vary: Accept-Encoding
content-length: 444
age: 74
cache-control: public,max-age=90
alt-svc: clear
X-Firefox-Spdy: h2
|