urlscan.io logo urlscan.io
SecurityTrails logo

medinavethall.com Open in urlscan Pro
104.238.93.84  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://medinavethall.com/Adob/
Submission: On February 17 via automatic, source phishtank — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 13 IPs in 3 countries across 12 domains to perform 28 HTTP transactions. The main IP is 104.238.93.84, located in United States and belongs to AS-26496-GO-DADDY-COM-LLC, US. The main domain is medinavethall.com.
TLS certificate: Issued by R3 on January 17th 2022. Valid for: 3 months.
This is the only time medinavethall.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: AT&T (Telecommunication)

Domain & IP information

IP Address AS Autonomous System
1 104.238.93.84 26496 (AS-26496-...)
4 2a02:26f0:170... 20940 (AKAMAI-ASN1)
1 2606:4700:10:... 13335 (CLOUDFLAR...)
1 144.161.77.234 797 (AMERITECH-AS)
4 144.161.106.163 797 (AMERITECH-AS)
1 6 34.251.87.153 16509 (AMAZON-02)
1 142.250.185.198 15169 (GOOGLE)
1 52.213.251.128 16509 (AMAZON-02)
4 35.188.134.222 15169 (GOOGLE)
1 35.239.162.91 15169 (GOOGLE)
1 1 52.28.188.15 16509 (AMAZON-02)
2 2 37.252.172.37 29990 (ASN-APPNEX)
2 2 35.244.174.68 15169 (GOOGLE)
1 104.244.42.3 13414 (TWITTER)
1 1 52.211.195.119 16509 (AMAZON-02)
2 3 209.54.180.3 16509 (AMAZON-02)
28 13
1    104.238.93.84 (United States)

ASN26496 (AS-26496-GO-DADDY-COM-LLC, US)
PTR: ip-104-238-93-84.ip.secureserver.net
medinavethall.com
4    2a02:26f0:1700:392::2db1 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
www.att.com
1    2606:4700:10::ac43:149e (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.quantummetric.com
1    144.161.77.234 (United States)

ASN797 (AMERITECH-AS, US)
PTR: clcontent-ff.att.com
signin-static-js.att.com
4    144.161.106.163 (United States)

ASN797 (AMERITECH-AS, US)
PTR: clcontent-al.att.com
signin.att.com
6    34.251.87.153 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-251-87-153.eu-west-1.compute.amazonaws.com
dpm.demdex.net
1    142.250.185.198 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f6.1e100.net
fls.doubleclick.net
1    52.213.251.128 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-213-251-128.eu-west-1.compute.amazonaws.com
att.demdex.net
4    35.188.134.222 (Council Bluffs, United States)

ASN15169 (GOOGLE, US)
PTR: 222.134.188.35.bc.googleusercontent.com
att-app.quantummetric.com
1    35.239.162.91 (Council Bluffs, United States)

ASN15169 (GOOGLE, US)
PTR: 91.162.239.35.bc.googleusercontent.com
att-sync.quantummetric.com
1    52.28.188.15 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-28-188-15.eu-central-1.compute.amazonaws.com
aa.agkn.com
2    37.252.172.37 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 691.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
ib.adnxs.com
2    35.244.174.68 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com
idsync.rlcdn.com
1    104.244.42.3 (United States)

ASN13414 (TWITTER, US)
analytics.twitter.com
1    52.211.195.119 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-211-195-119.eu-west-1.compute.amazonaws.com
ml314.com
3    209.54.180.3 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
s.amazon-adsystem.com
Apex Domain
Subdomains		 Transfer
9 att.com
www.att.com — Cisco Umbrella Rank: 9221
signin-static-js.att.com — Cisco Umbrella Rank: 34404
signin.att.com — Cisco Umbrella Rank: 22415
smetrics.att.com Failed
303 KB
7 demdex.net
dpm.demdex.net — Cisco Umbrella Rank: 187
att.demdex.net — Cisco Umbrella Rank: 20739
9 KB
6 quantummetric.com
cdn.quantummetric.com — Cisco Umbrella Rank: 2776
att-app.quantummetric.com — Cisco Umbrella Rank: 21819
att-sync.quantummetric.com — Cisco Umbrella Rank: 22570
111 KB
3 amazon-adsystem.com
s.amazon-adsystem.com — Cisco Umbrella Rank: 266
2 KB
2 rlcdn.com
idsync.rlcdn.com — Cisco Umbrella Rank: 283
804 B
2 adnxs.com
ib.adnxs.com — Cisco Umbrella Rank: 210
2 KB
1 ml314.com
ml314.com — Cisco Umbrella Rank: 1357
474 B
1 twitter.com
analytics.twitter.com — Cisco Umbrella Rank: 468
355 B
1 agkn.com
aa.agkn.com — Cisco Umbrella Rank: 388
328 B
1 doubleclick.net
fls.doubleclick.net — Cisco Umbrella Rank: 428
719 B
1 medinavethall.com
medinavethall.com
4 KB
0 Failed
function sub() { [native code] }. Failed
28 12
Domain Requested by
6 dpm.demdex.net 1 redirects www.att.com
medinavethall.com
4 att-app.quantummetric.com cdn.quantummetric.com
4 signin.att.com medinavethall.com
signin.att.com
4 www.att.com medinavethall.com
www.att.com
3 s.amazon-adsystem.com 2 redirects
2 idsync.rlcdn.com 2 redirects
2 ib.adnxs.com 2 redirects
1 ml314.com 1 redirects
1 analytics.twitter.com medinavethall.com
1 aa.agkn.com 1 redirects
1 att-sync.quantummetric.com cdn.quantummetric.com
1 att.demdex.net www.att.com
1 fls.doubleclick.net www.att.com
1 signin-static-js.att.com medinavethall.com
1 cdn.quantummetric.com medinavethall.com
1 medinavethall.com
0 smetrics.att.com Failed www.att.com
0 66f84f86-d3ab-41cb-8e63-2e76288df6a6 Failed medinavethall.com
28 18

This site contains links to these domains. Also see Links.

Domain
attreg.att.net
www.att.com
about.att.com
Subject Issuer Validity Valid
www.medinavethall.com
R3		 2022-01-17 -
2022-04-17		 3 months crt.sh
*.att.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-01-03 -
2023-01-04		 a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2021-07-17 -
2022-07-16		 a year crt.sh
*.demdex.net
DigiCert TLS RSA SHA256 2020 CA1		 2021-10-19 -
2022-11-19		 a year crt.sh
*.doubleclick.net
GTS CA 1C3		 2022-01-17 -
2022-04-11		 3 months crt.sh
*.quantummetric.com
Sectigo RSA Domain Validation Secure Server CA		 2022-01-18 -
2023-02-13		 a year crt.sh
*.twitter.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-01-06 -
2023-01-05		 a year crt.sh

This page contains 3 frames:

Primary Page: https://medinavethall.com/Adob/
Frame ID: 510A85324CAB0B41BB4A2E06E7B10509
Requests: 17 HTTP requests in this frame

Frame: https://att.demdex.net/dest5.html?d_nsid=0
Frame ID: F5263BCE6C372844C60015F9F0398988
Requests: 7 HTTP requests in this frame

Frame: https://att-app.quantummetric.com/?T=B&u=https%3A%2F%2Fmedinavethall.com%2FAdob%2F&t=1645139790744&v=1645139790769&z=1&S=0&N=0&P=0
Frame ID: 647F39B0ED91144DC66856664668BBBD
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Login Screen

Detected technologies

Overall confidence: 100%
Detected patterns
  • https?://fls\.doubleclick\.net

Page Statistics

28
Requests

71 %
HTTPS

13 %
IPv6

12
Domains

18
Subdomains

13
IPs

3
Countries

428 kB
Transfer

1328 kB
Size

18
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 18
  • https://aa.agkn.com/adscores/g.pixel?sid=9211132908&aam=15604545077233129322032604224153996672 HTTP 302
  • https://dpm.demdex.net/ibs:dpid=21&dpuuid=165011104065000599084
Request Chain 20
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D358%26dpuuid%3D%24UID HTTP 307
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fdpm.demdex.net%252Fibs%253Adpid%253D358%2526dpuuid%253D%2524UID HTTP 302
  • https://dpm.demdex.net/ibs:dpid=358&dpuuid=6158702627672074974
Request Chain 21
  • https://idsync.rlcdn.com/365868.gif?partner_uid=15604545077233129322032604224153996672 HTTP 307
  • https://idsync.rlcdn.com/1000.gif?memo=CKyqFhIxCi0IARCYEhomMTU2MDQ1NDUwNzcyMzMxMjkzMjIwMzI2MDQyMjQxNTM5OTY2NzIQABoNCM-uu5AGEgUI6AcQAEIASgA HTTP 307
  • https://dpm.demdex.net/ibs:dpid=477&dpuuid=e37b6696e8d53f8383442c890a77f51914b529405d5acbcc4bbd29c6d92200fcb0da87c991749652
Request Chain 25
  • https://ml314.com/utsync.ashx?eid=50112&et=0&gdpr=0&gdpr_consent=&return=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D22052%26dpuuid%3D[PersonID] HTTP 302
  • https://dpm.demdex.net/ibs:dpid=22052&dpuuid=3625213690484621369
Request Chain 27
  • https://s.amazon-adsystem.com/dcm?pid=5c420d2b-f139-4fee-b0c0-89a7b8ce9433 HTTP 302
  • https://s.amazon-adsystem.com/dcm?pid=5c420d2b-f139-4fee-b0c0-89a7b8ce9433&dcc=t HTTP 302
  • https://dpm.demdex.net/ibs:dpid=139200&dpuuid=jIN7-FfzQ92QguEFEPKBUQ&redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dadobe.com%26id%3D%24%7BDD_UUID%7D HTTP 302
  • https://s.amazon-adsystem.com/ecm3?ex=adobe.com&id=15604545077233129322032604224153996672

28 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
medinavethall.com/Adob/ 		13 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://medinavethall.com/Adob/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.238.93.84 , United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
ip-104-238-93-84.ip.secureserver.net
Software
Apache/2.4.52 (cPanel) OpenSSL/1.1.1m mod_bwlimited/1.4 /
Resource Hash
1f51e300fb78e427e8e262ecd8a8ae743928fba7bd15ff455df0b090043d9bda
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

x-content-type-options
nosniff
last-modified
Fri, 18 Jun 2021 08:51:38 GMT
accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
x-robots-tag
noindex, nofollow
content-length
3894
content-type
text/html
date
Thu, 17 Feb 2022 23:16:29 GMT
server
Apache/2.4.52 (cPanel) OpenSSL/1.1.1m mod_bwlimited/1.4
webrtc-patch.js
66f84f86-d3ab-41cb-8e63-2e76288df6a6/scripts/ 		0
0
detm-container-hdr.js
www.att.com/scripts/adobe/prod/ 		105 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.att.com/scripts/adobe/prod/detm-container-hdr.js
Requested by
Host: medinavethall.com
URL: https://medinavethall.com/Adob/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:1700:392::2db1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
7bdc3b6e756669eda5388a22a39d384b7b920473a50c3f2c2a93bdee2ed0986e
Security Headers
Name Value
Strict-Transport-Security max-age=15768000 ; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://medinavethall.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Thu, 17 Feb 2022 23:16:29 GMT
content-encoding
gzip
last-modified
Thu, 27 Jan 2022 01:14:26 GMT
server
AkamaiNetStorage
etag
"ff2d1f6fe0e56c19f6c533e0ec86388c:1643246066.413841"
vary
Accept-Encoding
strict-transport-security
max-age=15768000 ; preload
content-type
application/x-javascript
cache-control
no-cache, private, max-age=7776000
server-timing
cdn-cache; desc=HIT, edge; dur=1
aka-global-request-id-uxtime
0.166656b8.1645139789.1b01bb4d
accept-ranges
bytes
content-length
29742
quantum-att.js
cdn.quantummetric.com/qscripts/ 		530 KB
110 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.quantummetric.com/qscripts/quantum-att.js
Requested by
Host: medinavethall.com
URL: https://medinavethall.com/Adob/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:149e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0771bc105917259976c322e8bde62921c26041afc83772f1ebf9fc8c8490ee8a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://medinavethall.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Thu, 17 Feb 2022 23:16:29 GMT
content-encoding
br
cf-cache-status
EXPIRED
server
cloudflare
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
etag
W/"164513807531916388072440641645088407151"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=300, stale-while-revalidate=21600, stale-if-error=21600
strict-transport-security
max-age=31536000
cf-ray
6df2b9423c796964-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
att_common.js
signin-static-js.att.com/scripts/ 		235 KB
136 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://signin-static-js.att.com/scripts/att_common.js?seed=AIAdd0h0AQAA6kiC7Kp0vUzSc_cb_gMW6QKhtQqAdL0AQMhZb0ijGLcencwV&X-IOZYaZcd--z=q
Requested by
Host: medinavethall.com
URL: https://medinavethall.com/Adob/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
144.161.77.234 , United States, ASN797 (AMERITECH-AS, US),
Reverse DNS
clcontent-ff.att.com
Software
/
Resource Hash
c1d27b620fc5df37e0362f5411434cdc79a5dde796f31e358f66007fa2066497
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Frame-Options SAMEORIGIN

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://medinavethall.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 17 Feb 2022 23:16:30 GMT
content-encoding
gzip
x-frame-options
SAMEORIGIN
iam_on
605
p3p
CP="NON CUR OTPi OUR NOR UNI"
cache-control
no-cache, no-store, must-revalidate
transfer-encoding
chunked
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript; charset=UTF-8
expires
0
ssaf-uc.js
www.att.com/scripts/ssaf_universal_client/prod/ 		110 KB
22 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.att.com/scripts/ssaf_universal_client/prod/ssaf-uc.js
Requested by
Host: medinavethall.com
URL: https://medinavethall.com/Adob/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:1700:392::2db1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Akamai Resource Optimizer /
Resource Hash
b7d49dcc921586c93ac6cda9acd5257b0ca5b82f660f91dd0512a709c1243d07
Security Headers
Name Value
Strict-Transport-Security max-age=15768000 ; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://medinavethall.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

aka-global-request-id-uxtime
0.2f7f1cb8.1644418996.f7bbf48, 0.166656b8.1645139790.1b01c0d1
date
Thu, 17 Feb 2022 23:16:30 GMT
content-encoding
br
last-modified
Wed, 09 Feb 2022 15:03:17 GMT
server
Akamai Resource Optimizer
etag
"c80f97a7fd3f02e26159cef4eebb0b69:1642179994.356211"
strict-transport-security
max-age=15768000 ; preload
content-type
application/x-javascript
cache-control
max-age=3600
server-timing
cdn-cache; desc=HIT, edge; dur=1
accept-ranges
bytes
content-length
21754
styles.css
signin.att.com/static/siam/en/halo_c/halo-c-login/ 		154 KB
33 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://signin.att.com/static/siam/en/halo_c/halo-c-login/styles.css?v=8.2.6
Requested by
Host: medinavethall.com
URL: https://medinavethall.com/Adob/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
144.161.106.163 , United States, ASN797 (AMERITECH-AS, US),
Reverse DNS
clcontent-al.att.com
Software
/
Resource Hash
98607414db657e129003305c46e2b6cdcc612a7e770654894d72693bb9a75b72
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Frame-Options SAMEORIGIN

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://medinavethall.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Thu, 17 Feb 2022 23:16:29 GMT
content-encoding
gzip
last-modified
Thu, 10 Feb 2022 20:45:00 GMT
etag
"267f4-5d7b00617eb00"
x-frame-options
SAMEORIGIN
iam_on
A191
p3p
CP="NON CUR OTPi OUR NOR UNI"
access-control-allow-origin
*
transfer-encoding
chunked
strict-transport-security
max-age=31536000; includeSubDomains; preload
accept-ranges
bytes
content-type
text/css
apser
p206
logo.svg
signin.att.com/static/siam/en/halo_c/halo-c-login/assets/images/ 		8 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://signin.att.com/static/siam/en/halo_c/halo-c-login/assets/images/logo.svg
Requested by
Host: medinavethall.com
URL: https://medinavethall.com/Adob/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
144.161.106.163 , United States, ASN797 (AMERITECH-AS, US),
Reverse DNS
clcontent-al.att.com
Software
/
Resource Hash
6982fbe858e30068de9301b49438c83838bc7beb058146703b22b701e6709c7e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Frame-Options SAMEORIGIN

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://medinavethall.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Thu, 17 Feb 2022 23:16:30 GMT
last-modified
Wed, 25 Aug 2021 23:29:55 GMT
etag
"20b1-5ca6aa0b342c0"
x-frame-options
SAMEORIGIN
iam_on
A191
p3p
CP="NON CUR OTPi OUR NOR UNI"
access-control-allow-origin
*
strict-transport-security
max-age=31536000; includeSubDomains; preload
accept-ranges
bytes
content-type
image/svg+xml
apser
p206
content-length
8369
detm-container-ftr.js
www.att.com/scripts/adobe/prod/ 		666 B
802 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.att.com/scripts/adobe/prod/detm-container-ftr.js
Requested by
Host: medinavethall.com
URL: https://medinavethall.com/Adob/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:1700:392::2db1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
43f774da83292822f54305d69e01286ca018b6f3f0fe86250451ad93d9252f9c
Security Headers
Name Value
Strict-Transport-Security max-age=15768000 ; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://medinavethall.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

aka-global-request-id-uxtime
0.8e3a2f17.1645074180.dc35151, 0.166656b8.1645139789.1b01c05f
date
Thu, 17 Feb 2022 23:16:30 GMT
content-encoding
gzip
last-modified
Fri, 30 Jul 2021 00:16:43 GMT
server
AkamaiNetStorage
etag
"d5c61c3be97b0718b3548d0ec26dc0ef:1627604203.48042"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
no-cache, private, max-age=7776000
server-timing
cdn-cache; desc=HIT, edge; dur=1
strict-transport-security
max-age=15768000 ; preload
accept-ranges
bytes
content-length
368
id
dpm.demdex.net/ 		1 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://dpm.demdex.net/id?d_visid_ver=3.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=55633F7A534535110A490D44%40AdobeOrg&d_nsid=0&ts=1645139789220
Requested by
Host: www.att.com
URL: https://www.att.com/scripts/adobe/prod/detm-container-hdr.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.251.87.153 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-251-87-153.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
ad7cc5172ab5e25b059226c09c7fd45f01275d8280e96f46c3a47fc7f46f0cd8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://medinavethall.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

DCS
dcs-prod-irl1-2-v028-026ed319a.edge-irl1.demdex.com UNKNOWN
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-TID
lzSfxG1dSuw=
Vary
Origin
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin
https://medinavethall.com
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json;charset=utf-8
Content-Length
593
Expires
Thu, 01 Jan 1970 00:00:00 UTC
mbox-contents.js
www.att.com/scripts/adobe/prod/ 		110 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.att.com/scripts/adobe/prod/mbox-contents.js
Requested by
Host: www.att.com
URL: https://www.att.com/scripts/adobe/prod/detm-container-hdr.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:1700:392::2db1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
1ae55eee9d98c2f4c7fdb3e9add8ffec1f75fda9a2053df845a87e38d113873d
Security Headers
Name Value
Strict-Transport-Security max-age=15768000 ; preload

Request headers

Referer
https://medinavethall.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

aka-global-request-id-uxtime
0.8c3a2f17.1645074180.12fc973b, 0.166656b8.1645139789.1b01bbc2
date
Thu, 17 Feb 2022 23:16:29 GMT
content-encoding
gzip
last-modified
Wed, 18 Aug 2021 00:04:34 GMT
server
AkamaiNetStorage
etag
"dd2b31903c705fca23fee971dae7fe9c:1629245074.953647"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
no-cache, private, max-age=7776000
server-timing
cdn-cache; desc=HIT, edge; dur=1
strict-transport-security
max-age=15768000 ; preload
accept-ranges
bytes
content-length
36188
expires
Sat, 19 Mar 2022 23:16:29 GMT
id
smetrics.att.com/ 		0
0
cf3fb28f-f2c7-4b44-a5c5-cc8157b8856b
https://medinavethall.com/ 		17 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://medinavethall.com/cf3fb28f-f2c7-4b44-a5c5-cc8157b8856b
Requested by
Host: medinavethall.com
URL: https://medinavethall.com/Adob/
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
80001c402149eff011b5e7e87c3dd72dc2de45d3d430d98418eb62c2ec5ad596

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Length
17224
Content-Type
application/javascript
json
fls.doubleclick.net/ 		40 B
719 B 		Script
General
Check archive.org
Download Go to
Full URL
https://fls.doubleclick.net/json?spot=6100125&src=&var=s_3_Integrate_DFA_get_0&host=integrate.112.2o7.net%2Fdfa_echo%3Fvar%3Ds_3_Integrate_DFA_get_0%26AQE%3D1%26A2S%3D1&ord=1645139790084
Requested by
Host: www.att.com
URL: https://www.att.com/scripts/ssaf_universal_client/prod/ssaf-uc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.198 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f6.1e100.net
Software
cafe /
Resource Hash
e32a6ae5e43f7f652674e0f03dc23f86839f839b29ee4e63c01c93da180bb0d0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://medinavethall.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Thu, 17 Feb 2022 23:16:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
60
x-xss-protection
0
pragma
no-cache
server
cafe
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
no-cache, must-revalidate
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
ATTAleckSans_W_Rg.woff2
signin.att.com/static/siam/en/halo_c/halo-c-login/assets/fonts/att/ATTAleckSans/woff2/ 		18 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://signin.att.com/static/siam/en/halo_c/halo-c-login/assets/fonts/att/ATTAleckSans/woff2/ATTAleckSans_W_Rg.woff2
Requested by
Host: signin.att.com
URL: https://signin.att.com/static/siam/en/halo_c/halo-c-login/styles.css?v=8.2.6
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
144.161.106.163 , United States, ASN797 (AMERITECH-AS, US),
Reverse DNS
clcontent-al.att.com
Software
/
Resource Hash
e2740c7b209e33aca7176250d80f94b4924e5e5d18076ee3b95f32a0e20d1f58
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://signin.att.com/static/siam/en/halo_c/halo-c-login/styles.css?v=8.2.6
Origin
https://medinavethall.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Thu, 17 Feb 2022 23:16:31 GMT
last-modified
Thu, 10 Feb 2022 20:45:00 GMT
etag
"4830-5d7b00617eb00"
x-frame-options
SAMEORIGIN
iam_on
A191
p3p
CP="NON CUR OTPi OUR NOR UNI"
access-control-allow-origin
*
strict-transport-security
max-age=31536000; includeSubDomains; preload
accept-ranges
bytes
apser
p206
content-length
18480
ATTAleckSans_W_Md.woff2
signin.att.com/static/siam/en/halo_c/halo-c-login/assets/fonts/att/ATTAleckSans/woff2/ 		19 KB
20 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://signin.att.com/static/siam/en/halo_c/halo-c-login/assets/fonts/att/ATTAleckSans/woff2/ATTAleckSans_W_Md.woff2
Requested by
Host: signin.att.com
URL: https://signin.att.com/static/siam/en/halo_c/halo-c-login/styles.css?v=8.2.6
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
144.161.106.163 , United States, ASN797 (AMERITECH-AS, US),
Reverse DNS
clcontent-al.att.com
Software
/
Resource Hash
59ea63b5ffe0f060e37c24a44b6406943df9e4fca39e2ef43023c2ae9783f220
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://signin.att.com/static/siam/en/halo_c/halo-c-login/styles.css?v=8.2.6
Origin
https://medinavethall.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Thu, 17 Feb 2022 23:16:31 GMT
last-modified
Thu, 10 Feb 2022 20:45:00 GMT
etag
"4c8c-5d7b00617eb00"
x-frame-options
SAMEORIGIN
iam_on
A191
p3p
CP="NON CUR OTPi OUR NOR UNI"
access-control-allow-origin
*
strict-transport-security
max-age=31536000; includeSubDomains; preload
accept-ranges
bytes
apser
p208
content-length
19596
dest5.html
att.demdex.net/ Frame F526 		7 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://att.demdex.net/dest5.html?d_nsid=0
Requested by
Host: www.att.com
URL: https://www.att.com/scripts/adobe/prod/detm-container-hdr.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.213.251.128 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-213-251-128.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://medinavethall.com/

Response headers

Accept-Ranges
bytes
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding
gzip
Content-Type
text/html;charset=UTF-8
date
Thu, 17 Feb 2022 23:16:30 GMT
DCS
dcs-prod-irl1-1-v028-06f56e816.edge-irl1.demdex.com UNKNOWN
Expires
Thu, 01 Jan 1970 00:00:00 UTC
last-modified
Mon, 14 Feb 2022 15:26:36 GMT
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
vary
accept-encoding
X-TID
8rCSD2cYQXw=
transfer-encoding
chunked
Connection
keep-alive
/
att-app.quantummetric.com/ Frame 647F 		90 B
432 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://att-app.quantummetric.com/?T=B&u=https%3A%2F%2Fmedinavethall.com%2FAdob%2F&t=1645139790744&v=1645139790769&z=1&S=0&N=0&P=0
Requested by
Host: cdn.quantummetric.com
URL: https://cdn.quantummetric.com/qscripts/quantum-att.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.188.134.222 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
222.134.188.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
043bce3889ed63ab5df06701794325a52149af2f66f2863b6e8a5d23e647a5ec
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type
text/plain

Response headers

date
Thu, 17 Feb 2022 23:16:31 GMT
content-encoding
gzip
server
nginx
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://medinavethall.com
access-control-allow-credentials
true
strict-transport-security
max-age=31536000
/
att-sync.quantummetric.com/ Frame 647F 		0
157 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://att-sync.quantummetric.com/?T=B&u=https%3A%2F%2Fmedinavethall.com%2FAdob%2F&t=1645139790744&v=1645139790770&z=1&Q=1&Y=1&X=e2c45849a6044f17c03baa5ec7d8a831
Requested by
Host: cdn.quantummetric.com
URL: https://cdn.quantummetric.com/qscripts/quantum-att.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.239.162.91 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
91.162.239.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://medinavethall.com
date
Thu, 17 Feb 2022 23:16:31 GMT
access-control-allow-credentials
true
server
nginx
content-length
0
strict-transport-security
max-age=31536000
content-type
application/json
ibs:dpid=21&dpuuid=165011104065000599084
dpm.demdex.net/ Frame F526
Redirect Chain
  • https://aa.agkn.com/adscores/g.pixel?sid=9211132908&aam=15604545077233129322032604224153996672
  • https://dpm.demdex.net/ibs:dpid=21&dpuuid=165011104065000599084
42 B
945 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/ibs:dpid=21&dpuuid=165011104065000599084
Requested by
Host: medinavethall.com
URL: https://medinavethall.com/Adob/
Protocol
HTTP/1.1
Server
34.251.87.153 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-251-87-153.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://att.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

DCS
dcs-prod-irl1-1-v028-0df4ab81f.edge-irl1.demdex.com UNKNOWN
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-TID
NHpQYJXAQXU=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Type
image/gif
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

pragma
no-cache
date
Thu, 17 Feb 2022 23:16:30 GMT
server
AAWebServer
p3p
policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
location
https://dpm.demdex.net/ibs:dpid=21&dpuuid=165011104065000599084
cache-control
no-cache, no-store, must-revalidate
content-length
0
expires
0
truncated
/ 		89 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
50e6072d26098d48004a30addeecabd5b22b91e5ccdf9dd86f96459783e3ac23

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Type
image/png
ibs:dpid=358&dpuuid=6158702627672074974
dpm.demdex.net/ Frame F526
Redirect Chain
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D358%26dpuuid%3D%24UID
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fdpm.demdex.net%252Fibs%253Adpid%253D358%2526dpuuid%253D%2524UID
  • https://dpm.demdex.net/ibs:dpid=358&dpuuid=6158702627672074974
42 B
945 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/ibs:dpid=358&dpuuid=6158702627672074974
Requested by
Host: medinavethall.com
URL: https://medinavethall.com/Adob/
Protocol
HTTP/1.1
Server
34.251.87.153 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-251-87-153.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://att.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

DCS
dcs-prod-irl1-2-v028-094b93d81.edge-irl1.demdex.com UNKNOWN
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-TID
Vx/66TcXQUA=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Type
image/gif
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Pragma
no-cache
Date
Thu, 17 Feb 2022 23:16:31 GMT
X-Proxy-Origin
217.114.215.131; 217.114.215.131; 691.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid
47215e59-a7a8-4eb1-9253-62afda84073b
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://dpm.demdex.net/ibs:dpid=358&dpuuid=6158702627672074974
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
ibs:dpid=477&dpuuid=e37b6696e8d53f8383442c890a77f51914b529405d5acbcc4bbd29c6d92200fcb0da87c991749652
dpm.demdex.net/ Frame F526
Redirect Chain
  • https://idsync.rlcdn.com/365868.gif?partner_uid=15604545077233129322032604224153996672
  • https://idsync.rlcdn.com/1000.gif?memo=CKyqFhIxCi0IARCYEhomMTU2MDQ1NDUwNzcyMzMxMjkzMjIwMzI2MDQyMjQxNTM5OTY2NzIQABoNCM-uu5AGEgUI6AcQAEIASgA
  • https://dpm.demdex.net/ibs:dpid=477&dpuuid=e37b6696e8d53f8383442c890a77f51914b529405d5acbcc4bbd29c6d92200fcb0da87c991749652
42 B
945 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/ibs:dpid=477&dpuuid=e37b6696e8d53f8383442c890a77f51914b529405d5acbcc4bbd29c6d92200fcb0da87c991749652
Requested by
Host: medinavethall.com
URL: https://medinavethall.com/Adob/
Protocol
HTTP/1.1
Server
34.251.87.153 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-251-87-153.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://att.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

DCS
dcs-prod-irl1-2-v028-026ed319a.edge-irl1.demdex.com UNKNOWN
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-TID
QNtCl9OLQgM=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Type
image/gif
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

date
Thu, 17 Feb 2022 23:16:31 GMT
via
1.1 google
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://dpm.demdex.net/ibs:dpid=477&dpuuid=e37b6696e8d53f8383442c890a77f51914b529405d5acbcc4bbd29c6d92200fcb0da87c991749652
cache-control
no-cache, no-store
timing-allow-origin
*
alt-svc
clear
content-length
0
/
att-app.quantummetric.com/ Frame 647F 		28 B
251 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://att-app.quantummetric.com/?s=7280b2fd0da46c6d4798707d736856a8&H=aabbdaf437fffad924a90e81&Q=3
Requested by
Host: cdn.quantummetric.com
URL: https://cdn.quantummetric.com/qscripts/quantum-att.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.188.134.222 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
222.134.188.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
12d77f615d7df0946899d769baa6094c8060d6006df35a1afb54c152b070871e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Thu, 17 Feb 2022 23:16:31 GMT
content-encoding
gzip
server
nginx
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://medinavethall.com
access-control-allow-credentials
true
strict-transport-security
max-age=31536000
adsct
analytics.twitter.com/i/ Frame F526 		43 B
355 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://analytics.twitter.com/i/adsct?p_user_id=15604545077233129322032604224153996672&p_id=38594
Requested by
Host: medinavethall.com
URL: https://medinavethall.com/Adob/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.3 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=631138519

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://att.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-response-time
108
date
Thu, 17 Feb 2022 23:16:31 GMT
server
tsa_o
strict-transport-security
max-age=631138519
content-type
image/gif;charset=utf-8
cache-control
no-cache, no-store, max-age=0
x-connection-hash
d6a21ae43b5d050b4520cb4489c5ab1e2bc81046b9ebc586bffda3f20f2a2d1e
content-length
43
/
att-app.quantummetric.com/ Frame 647F 		0
156 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://att-app.quantummetric.com/?T=B&u=https%3A%2F%2Fmedinavethall.com%2FAdob%2F&t=1645139790744&v=1645139791296&H=aabbdaf437fffad924a90e81&s=7280b2fd0da46c6d4798707d736856a8&U=bc44d645cf1d942fae55dd63e079e07c&z=1&Q=2&S=0&N=0
Requested by
Host: cdn.quantummetric.com
URL: https://cdn.quantummetric.com/qscripts/quantum-att.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.188.134.222 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
222.134.188.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://medinavethall.com
date
Thu, 17 Feb 2022 23:16:31 GMT
access-control-allow-credentials
true
server
nginx
content-length
0
strict-transport-security
max-age=31536000
content-type
application/json
ibs:dpid=22052&dpuuid=3625213690484621369
dpm.demdex.net/ Frame F526
Redirect Chain
  • https://ml314.com/utsync.ashx?eid=50112&et=0&gdpr=0&gdpr_consent=&return=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D22052%26dpuuid%3D[PersonID]
  • https://dpm.demdex.net/ibs:dpid=22052&dpuuid=3625213690484621369
42 B
945 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/ibs:dpid=22052&dpuuid=3625213690484621369
Protocol
HTTP/1.1
Server
34.251.87.153 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-251-87-153.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://att.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

DCS
dcs-prod-irl1-1-v028-020c7aa3d.edge-irl1.demdex.com UNKNOWN
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-TID
VsKEhmWeQzs=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Type
image/gif
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Pragma
no-cache
Date
Thu, 17 Feb 2022 23:16:30 GMT
Server
Microsoft-IIS/10.0
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
p3P
CP="NON DSP COR ADMo PSAo DEVo BUS COM UNI NAV DEM STA"
Location
https://dpm.demdex.net/ibs:dpid=22052&dpuuid=3625213690484621369
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
185
Expires
0,Fri, 18 Feb 2022 18:16:31 GMT
/
att-app.quantummetric.com/ Frame 647F 		0
156 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://att-app.quantummetric.com/?T=B&u=https%3A%2F%2Fmedinavethall.com%2FAdob%2F&t=1645139790744&v=1645139791423&H=aabbdaf437fffad924a90e81&s=7280b2fd0da46c6d4798707d736856a8&z=1&S=879&N=2&P=1
Requested by
Host: cdn.quantummetric.com
URL: https://cdn.quantummetric.com/qscripts/quantum-att.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.188.134.222 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
222.134.188.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://medinavethall.com
date
Thu, 17 Feb 2022 23:16:31 GMT
access-control-allow-credentials
true
server
nginx
content-length
0
strict-transport-security
max-age=31536000
content-type
application/json
ecm3
s.amazon-adsystem.com/ Frame F526
Redirect Chain
  • https://s.amazon-adsystem.com/dcm?pid=5c420d2b-f139-4fee-b0c0-89a7b8ce9433
  • https://s.amazon-adsystem.com/dcm?pid=5c420d2b-f139-4fee-b0c0-89a7b8ce9433&dcc=t
  • https://dpm.demdex.net/ibs:dpid=139200&dpuuid=jIN7-FfzQ92QguEFEPKBUQ&redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dadobe.com%26id%3D%24%7BDD_UUID%7D
  • https://s.amazon-adsystem.com/ecm3?ex=adobe.com&id=15604545077233129322032604224153996672
43 B
556 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/ecm3?ex=adobe.com&id=15604545077233129322032604224153996672
Protocol
HTTP/1.1
Server
209.54.180.3 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://att.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 17 Feb 2022 23:16:32 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
4YG52F9ZDJHC87J6DWSY
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

DCS
dcs-prod-irl1-1-v028-0d02bd033.edge-irl1.demdex.com UNKNOWN
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-TID
vUOYSl/hTcw=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location
https://s.amazon-adsystem.com/ecm3?ex=adobe.com&id=15604545077233129322032604224153996672
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
66f84f86-d3ab-41cb-8e63-2e76288df6a6
URL
moz-extension://66f84f86-d3ab-41cb-8e63-2e76288df6a6/scripts/webrtc-patch.js
Domain
smetrics.att.com
URL
https://smetrics.att.com/id?d_visid_ver=3.4.0&d_fieldgroup=A&mcorgid=55633F7A534535110A490D44%40AdobeOrg&mid=15689298331377564222042222453229968290&ts=1645139789395

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: AT&T (Telecommunication)

86 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 function| structuredClone string| detmScriptLoadType string| hcc string| mid string| adobe_mc number| ts string| href object| hcc_check undefined| analytics_app_visitor_id undefined| newurl undefined| halo_app_visitor_id object| detm_last_link_info function| isIE function| _pageLoadDetector function| _earlyAnalytics function| e boolean| disableAudienceManager object| visitor object| DataMappingInterface string| detm_tag_notification_key string| legacyModeKey string| retireDLKey object| scripts object| script string| src function| satelliteDetector function| scriptExecutor string| filesadded boolean| monecontwatched function| loadAdsFile function| injectHtmlTag function| executeMonetizationTagInjection function| injectMonetization function| iterateANConfigObj function| findAccurateConfig object| detmScriptLoaderConfig function| detmScriptLoader object| detmLoader boolean| AllowDelayedLoad function| dunBradstreet undefined| dnbvid object| earlyAnalytics object| chatAnalytics function| Visitor object| s_c_il number| s_c_in boolean| detmDisabled object| detmScriptExecutor function| detmDomainMapper object| detmTagControls string| path object| _satellite object| head_ab boolean| pageLoadFired function| targetView function| listAbVariants function| targetPageParams object| targetGlobalSettings function| ab$ function| ABJSFrameworkLibrary object| adobe function| mboxCreate function| mboxDefine function| mboxUpdate string| AB_LOCATION_CHANGE string| sdidUrl function| QuantumMetricInstrumentationStart object| QuantumMetricAPI function| qmflate function| docReady object| ddo function| AnalyticsNotificationFramework object| s_3_Integrate_DFA_get_0 object| uc_dfa_val number| dfaSuccess object| loginJspEnvVars string| loginLanguage function| detmExecuteFooter boolean| qmIDPErrSet boolean| qm3377 boolean| evaluation boolean| qmEPSet boolean| qmSetDC

18 Cookies

Domain/Path Name / Value
.demdex.net/ Name: demdex
Value: 15604545077233129322032604224153996672
medinavethall.com/ Name: AMCVS_55633F7A534535110A490D44%40AdobeOrg
Value: 1
.att.com/ Name: s_ecid
Value: MCMID%7C15689298331377564222042222453229968290
medinavethall.com/ Name: AMCV_55633F7A534535110A490D44%40AdobeOrg
Value: 1994364360%7CMCIDTS%7C19041%7CMCMID%7C15689298331377564222042222453229968290%7CMCAAMLH-1645744589%7C6%7CMCAAMB-1645744589%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1645146989s%7CNONE%7CMCAID%7CNONE%7CvVersion%7C3.4.0
.doubleclick.net/ Name: test_cookie
Value: CheckForPermission
.agkn.com/ Name: ab
Value: 0001%3AeQ4xkz6jKZCQQPk1G1z7TGzDrfQ9zmXL
.dpm.demdex.net/ Name: dpm
Value: 15604545077233129322032604224153996672
.adnxs.com/ Name: uuid2
Value: 6158702627672074974
att-app.quantummetric.com/ Name: s
Value: 7280b2fd0da46c6d4798707d736856a8
att-app.quantummetric.com/ Name: U
Value: bc44d645cf1d942fae55dd63e079e07c
.medinavethall.com/ Name: QuantumMetricSessionID
Value: 7280b2fd0da46c6d4798707d736856a8
.medinavethall.com/ Name: QuantumMetricUserID
Value: bc44d645cf1d942fae55dd63e079e07c
.rlcdn.com/ Name: rlas3
Value: NGI8VEBqkmQYIJkpoQ8H8/4/AVBehqV+UD4zMhL2sh4=
.rlcdn.com/ Name: pxrc
Value: CM+uu5AGEgUI6AcQABIGCPHrARAA
.twitter.com/ Name: personalization_id
Value: "v1_tWSFC/H6JYtPVXE3u+Ch5w=="
.demdex.net/ Name: dextp
Value: 21-1-1645139790926|358-1-1645139791027|477-1-1645139791133|1123-1-1645139791257|22052-1-1645139791359|139200-1-1645139791460
.amazon-adsystem.com/ Name: ad-id
Value: A9hp87KMeESqhz8t3Zbyq2w
.amazon-adsystem.com/ Name: ad-privacy
Value: 0

5 Console Messages

Source Level URL
Text
network error URL: moz-extension://66f84f86-d3ab-41cb-8e63-2e76288df6a6/scripts/webrtc-patch.js
Message:
Failed to load resource: net::ERR_UNKNOWN_URL_SCHEME
javascript warning URL: https://www.att.com/scripts/adobe/prod/detm-container-hdr.js(Line 7)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://www.att.com/scripts/adobe/prod/mbox-contents.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://www.att.com/scripts/adobe/prod/detm-container-hdr.js(Line 7)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://www.att.com/scripts/adobe/prod/mbox-contents.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript error URL: https://medinavethall.com/Adob/
Message:
Access to XMLHttpRequest at 'https://smetrics.att.com/id?d_visid_ver=3.4.0&d_fieldgroup=A&mcorgid=55633F7A534535110A490D44%40AdobeOrg&mid=15689298331377564222042222453229968290&ts=1645139789395' from origin 'https://medinavethall.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://smetrics.att.com/id?d_visid_ver=3.4.0&d_fieldgroup=A&mcorgid=55633F7A534535110A490D44%40AdobeOrg&mid=15689298331377564222042222453229968290&ts=1645139789395
Message:
Failed to load resource: net::ERR_FAILED

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

66f84f86-d3ab-41cb-8e63-2e76288df6a6
aa.agkn.com
analytics.twitter.com
att-app.quantummetric.com
att-sync.quantummetric.com
att.demdex.net
cdn.quantummetric.com
dpm.demdex.net
fls.doubleclick.net
ib.adnxs.com
idsync.rlcdn.com
medinavethall.com
ml314.com
s.amazon-adsystem.com
signin-static-js.att.com
signin.att.com
smetrics.att.com
www.att.com
66f84f86-d3ab-41cb-8e63-2e76288df6a6
smetrics.att.com
104.238.93.84
104.244.42.3
142.250.185.198
144.161.106.163
144.161.77.234
209.54.180.3
2606:4700:10::ac43:149e
2a02:26f0:1700:392::2db1
34.251.87.153
35.188.134.222
35.239.162.91
35.244.174.68
37.252.172.37
52.211.195.119
52.213.251.128
52.28.188.15
043bce3889ed63ab5df06701794325a52149af2f66f2863b6e8a5d23e647a5ec
0771bc105917259976c322e8bde62921c26041afc83772f1ebf9fc8c8490ee8a
12d77f615d7df0946899d769baa6094c8060d6006df35a1afb54c152b070871e
1ae55eee9d98c2f4c7fdb3e9add8ffec1f75fda9a2053df845a87e38d113873d
1f51e300fb78e427e8e262ecd8a8ae743928fba7bd15ff455df0b090043d9bda
43f774da83292822f54305d69e01286ca018b6f3f0fe86250451ad93d9252f9c
50e6072d26098d48004a30addeecabd5b22b91e5ccdf9dd86f96459783e3ac23
59ea63b5ffe0f060e37c24a44b6406943df9e4fca39e2ef43023c2ae9783f220
6982fbe858e30068de9301b49438c83838bc7beb058146703b22b701e6709c7e
7bdc3b6e756669eda5388a22a39d384b7b920473a50c3f2c2a93bdee2ed0986e
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
80001c402149eff011b5e7e87c3dd72dc2de45d3d430d98418eb62c2ec5ad596
98607414db657e129003305c46e2b6cdcc612a7e770654894d72693bb9a75b72
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
ad7cc5172ab5e25b059226c09c7fd45f01275d8280e96f46c3a47fc7f46f0cd8
b7d49dcc921586c93ac6cda9acd5257b0ca5b82f660f91dd0512a709c1243d07
c1d27b620fc5df37e0362f5411434cdc79a5dde796f31e358f66007fa2066497
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
e2740c7b209e33aca7176250d80f94b4924e5e5d18076ee3b95f32a0e20d1f58
e32a6ae5e43f7f652674e0f03dc23f86839f839b29ee4e63c01c93da180bb0d0
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629