urlscan.io logo urlscan.io
SecurityTrails logo

medinavethall.com Open in urlscan Pro
104.238.93.84  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://medinavethall.com/Adob/
Submission: On February 18 via manual from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 12 IPs in 4 countries across 12 domains to perform 30 HTTP transactions. The main IP is 104.238.93.84, located in United States and belongs to AS-26496-GO-DADDY-COM-LLC, US. The main domain is medinavethall.com.
TLS certificate: Issued by R3 on January 17th 2022. Valid for: 3 months.
This is the only time medinavethall.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: AT&T (Telecommunication)

Domain & IP information

IP Address AS Autonomous System
1 104.238.93.84 26496 (AS-26496-...)
4 2a02:26f0:710... 20940 (AKAMAI-ASN1)
1 2606:4700:10:... 13335 (CLOUDFLAR...)
5 144.160.125.207 797 (AMERITECH-AS)
1 6 34.242.49.38 16509 (AMAZON-02)
1 142.250.185.230 15169 (GOOGLE)
1 54.155.222.85 16509 (AMAZON-02)
5 35.225.144.85 15169 (GOOGLE)
1 35.239.162.91 15169 (GOOGLE)
1 1 3.9.96.172 16509 (AMAZON-02)
2 2 37.252.173.22 29990 (ASN-APPNEX)
2 2 35.244.174.68 15169 (GOOGLE)
1 104.244.42.195 13414 (TWITTER)
1 1 52.208.138.90 16509 (AMAZON-02)
2 3 52.46.154.242 16509 (AMAZON-02)
30 12
1    104.238.93.84 (United States)

ASN26496 (AS-26496-GO-DADDY-COM-LLC, US)
PTR: ip-104-238-93-84.ip.secureserver.net
medinavethall.com
4    2a02:26f0:7100:192::2db1 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
www.att.com
1    2606:4700:10::ac43:149e (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.quantummetric.com
5    144.160.125.207 (Dallas, United States)

ASN797 (AMERITECH-AS, US)
PTR: clcontent-da.att.com
signin-static-js.att.com
signin.att.com
6    34.242.49.38 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-242-49-38.eu-west-1.compute.amazonaws.com
dpm.demdex.net
1    142.250.185.230 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f6.1e100.net
fls.doubleclick.net
1    54.155.222.85 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-155-222-85.eu-west-1.compute.amazonaws.com
att.demdex.net
5    35.225.144.85 (Council Bluffs, United States)

ASN15169 (GOOGLE, US)
PTR: 85.144.225.35.bc.googleusercontent.com
att-app.quantummetric.com
1    35.239.162.91 (Council Bluffs, United States)

ASN15169 (GOOGLE, US)
PTR: 91.162.239.35.bc.googleusercontent.com
att-sync.quantummetric.com
1    3.9.96.172 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-9-96-172.eu-west-2.compute.amazonaws.com
aa.agkn.com
2    37.252.173.22 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 536.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
ib.adnxs.com
2    35.244.174.68 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com
idsync.rlcdn.com
1    104.244.42.195 (United States)

ASN13414 (TWITTER, US)
analytics.twitter.com
1    52.208.138.90 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-208-138-90.eu-west-1.compute.amazonaws.com
ml314.com
3    52.46.154.242 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
s.amazon-adsystem.com
Apex Domain
Subdomains		 Transfer
9 att.com
www.att.com — Cisco Umbrella Rank: 9221
signin-static-js.att.com — Cisco Umbrella Rank: 34404
signin.att.com — Cisco Umbrella Rank: 22415
smetrics.att.com Failed
304 KB
7 demdex.net
dpm.demdex.net — Cisco Umbrella Rank: 187
att.demdex.net — Cisco Umbrella Rank: 20739
9 KB
7 quantummetric.com
cdn.quantummetric.com — Cisco Umbrella Rank: 2776
att-app.quantummetric.com — Cisco Umbrella Rank: 21819
att-sync.quantummetric.com — Cisco Umbrella Rank: 22570
111 KB
3 amazon-adsystem.com
s.amazon-adsystem.com — Cisco Umbrella Rank: 266
2 KB
2 rlcdn.com
idsync.rlcdn.com — Cisco Umbrella Rank: 283
803 B
2 adnxs.com
ib.adnxs.com — Cisco Umbrella Rank: 210
2 KB
1 ml314.com
ml314.com — Cisco Umbrella Rank: 1357
474 B
1 twitter.com
analytics.twitter.com — Cisco Umbrella Rank: 468
354 B
1 agkn.com
aa.agkn.com — Cisco Umbrella Rank: 388
329 B
1 doubleclick.net
fls.doubleclick.net — Cisco Umbrella Rank: 428
719 B
1 medinavethall.com
medinavethall.com
4 KB
0 Failed
function sub() { [native code] }. Failed
30 12
Domain Requested by
6 dpm.demdex.net 1 redirects www.att.com
medinavethall.com
5 att-app.quantummetric.com cdn.quantummetric.com
4 signin.att.com medinavethall.com
signin.att.com
4 www.att.com medinavethall.com
www.att.com
3 s.amazon-adsystem.com 2 redirects
2 idsync.rlcdn.com 2 redirects
2 ib.adnxs.com 2 redirects
1 ml314.com 1 redirects
1 analytics.twitter.com medinavethall.com
1 aa.agkn.com 1 redirects
1 att-sync.quantummetric.com cdn.quantummetric.com
1 att.demdex.net www.att.com
1 fls.doubleclick.net www.att.com
1 signin-static-js.att.com medinavethall.com
1 cdn.quantummetric.com medinavethall.com
1 medinavethall.com
0 smetrics.att.com Failed www.att.com
0 66f84f86-d3ab-41cb-8e63-2e76288df6a6 Failed medinavethall.com
30 18

This site contains links to these domains. Also see Links.

Domain
attreg.att.net
www.att.com
about.att.com
Subject Issuer Validity Valid
www.medinavethall.com
R3		 2022-01-17 -
2022-04-17		 3 months crt.sh
*.att.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-01-03 -
2023-01-04		 a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2021-07-17 -
2022-07-16		 a year crt.sh
*.demdex.net
DigiCert TLS RSA SHA256 2020 CA1		 2021-10-19 -
2022-11-19		 a year crt.sh
*.doubleclick.net
GTS CA 1C3		 2022-01-17 -
2022-04-11		 3 months crt.sh
*.quantummetric.com
Sectigo RSA Domain Validation Secure Server CA		 2022-01-18 -
2023-02-13		 a year crt.sh
*.twitter.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-01-06 -
2023-01-05		 a year crt.sh

This page contains 3 frames:

Primary Page: https://medinavethall.com/Adob/
Frame ID: 05173FDCB13D718EC2759C51FFA23175
Requests: 17 HTTP requests in this frame

Frame: https://att.demdex.net/dest5.html?d_nsid=0
Frame ID: 32551DBAA2FE2A843FAF865BB0BAADF4
Requests: 7 HTTP requests in this frame

Frame: https://att-app.quantummetric.com/?T=B&u=https%3A%2F%2Fmedinavethall.com%2FAdob%2F&t=1645183959213&v=1645183959242&z=1&S=0&N=0&P=0
Frame ID: 7884DDCB0D077A38B4134E466C62D558
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Login Screen

Detected technologies

Overall confidence: 100%
Detected patterns
  • https?://fls\.doubleclick\.net

Page Statistics

30
Requests

70 %
HTTPS

13 %
IPv6

12
Domains

18
Subdomains

12
IPs

4
Countries

429 kB
Transfer

1331 kB
Size

18
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 18
  • https://aa.agkn.com/adscores/g.pixel?sid=9211132908&aam=68206402249674776333874115302891201040 HTTP 302
  • https://dpm.demdex.net/ibs:dpid=21&dpuuid=164911204066000203187
Request Chain 20
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D358%26dpuuid%3D%24UID HTTP 307
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fdpm.demdex.net%252Fibs%253Adpid%253D358%2526dpuuid%253D%2524UID HTTP 302
  • https://dpm.demdex.net/ibs:dpid=358&dpuuid=3551065886413761851
Request Chain 21
  • https://idsync.rlcdn.com/365868.gif?partner_uid=68206402249674776333874115302891201040 HTTP 307
  • https://idsync.rlcdn.com/1000.gif?memo=CKyqFhIxCi0IARCYEhomNjgyMDY0MDIyNDk2NzQ3NzYzMzM4NzQxMTUzMDI4OTEyMDEwNDAQABoNCNeHvpAGEgUI6AcQAEIASgA HTTP 307
  • https://dpm.demdex.net/ibs:dpid=477&dpuuid=61a4ee7b9f715e8d466deffca2a6dcda88ec35aca6ecc8b29e11ccb1d53d8b82b0da87c991749652
Request Chain 24
  • https://ml314.com/utsync.ashx?eid=50112&et=0&gdpr=0&gdpr_consent=&return=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D22052%26dpuuid%3D[PersonID] HTTP 302
  • https://dpm.demdex.net/ibs:dpid=22052&dpuuid=3625225547007131648
Request Chain 26
  • https://s.amazon-adsystem.com/dcm?pid=5c420d2b-f139-4fee-b0c0-89a7b8ce9433 HTTP 302
  • https://s.amazon-adsystem.com/dcm?pid=5c420d2b-f139-4fee-b0c0-89a7b8ce9433&dcc=t HTTP 302
  • https://dpm.demdex.net/ibs:dpid=139200&dpuuid=bl9RGyhWQhGnackMxhhkAw&redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dadobe.com%26id%3D%24%7BDD_UUID%7D HTTP 302
  • https://s.amazon-adsystem.com/ecm3?ex=adobe.com&id=68206402249674776333874115302891201040

30 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
medinavethall.com/Adob/ 		13 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://medinavethall.com/Adob/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.238.93.84 , United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
ip-104-238-93-84.ip.secureserver.net
Software
Apache/2.4.52 (cPanel) OpenSSL/1.1.1m mod_bwlimited/1.4 /
Resource Hash
1f51e300fb78e427e8e262ecd8a8ae743928fba7bd15ff455df0b090043d9bda
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

x-content-type-options
nosniff
last-modified
Fri, 18 Jun 2021 08:51:38 GMT
accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
x-robots-tag
noindex, nofollow
content-length
3894
content-type
text/html
date
Fri, 18 Feb 2022 11:32:37 GMT
server
Apache/2.4.52 (cPanel) OpenSSL/1.1.1m mod_bwlimited/1.4
webrtc-patch.js
66f84f86-d3ab-41cb-8e63-2e76288df6a6/scripts/ 		0
0
detm-container-hdr.js
www.att.com/scripts/adobe/prod/ 		105 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.att.com/scripts/adobe/prod/detm-container-hdr.js
Requested by
Host: medinavethall.com
URL: https://medinavethall.com/Adob/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:7100:192::2db1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
7bdc3b6e756669eda5388a22a39d384b7b920473a50c3f2c2a93bdee2ed0986e
Security Headers
Name Value
Strict-Transport-Security max-age=15768000 ; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://medinavethall.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 18 Feb 2022 11:32:37 GMT
content-encoding
gzip
last-modified
Thu, 27 Jan 2022 01:14:26 GMT
server
AkamaiNetStorage
etag
"ff2d1f6fe0e56c19f6c533e0ec86388c:1643246066.413841"
vary
Accept-Encoding
strict-transport-security
max-age=15768000 ; preload
content-type
application/x-javascript
cache-control
no-cache, private, max-age=7776000
server-timing
cdn-cache; desc=HIT, edge; dur=1
aka-global-request-id-uxtime
0.9e247e68.1645183957.47bd56c4
accept-ranges
bytes
content-length
29742
quantum-att.js
cdn.quantummetric.com/qscripts/ 		530 KB
110 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.quantummetric.com/qscripts/quantum-att.js
Requested by
Host: medinavethall.com
URL: https://medinavethall.com/Adob/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:149e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2c6cc549f14adedb4ad387791ac829e5f4b1f8a49e3bb9dfdb34526f42fc65fe
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://medinavethall.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 18 Feb 2022 11:32:38 GMT
content-encoding
br
cf-cache-status
EXPIRED
server
cloudflare
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
etag
W/"164514680400616388072440641645174806769"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=300, stale-while-revalidate=21600, stale-if-error=21600
strict-transport-security
max-age=31536000
cf-ray
6df6ef961d589271-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
att_common.js
signin-static-js.att.com/scripts/ 		238 KB
136 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://signin-static-js.att.com/scripts/att_common.js?seed=AIAdd0h0AQAA6kiC7Kp0vUzSc_cb_gMW6QKhtQqAdL0AQMhZb0ijGLcencwV&X-IOZYaZcd--z=q
Requested by
Host: medinavethall.com
URL: https://medinavethall.com/Adob/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
144.160.125.207 Dallas, United States, ASN797 (AMERITECH-AS, US),
Reverse DNS
clcontent-da.att.com
Software
/
Resource Hash
ec47b41c30e1f7e3531e728781eb9dc897186cb586bf83e73c2cace9ac0d8522
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Frame-Options SAMEORIGIN

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://medinavethall.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 18 Feb 2022 11:32:38 GMT
content-encoding
gzip
x-frame-options
SAMEORIGIN
iam_on
D511
p3p
CP="NON CUR OTPi OUR NOR UNI"
cache-control
no-cache, no-store, must-revalidate
transfer-encoding
chunked
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript; charset=UTF-8
expires
0
ssaf-uc.js
www.att.com/scripts/ssaf_universal_client/prod/ 		110 KB
22 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.att.com/scripts/ssaf_universal_client/prod/ssaf-uc.js
Requested by
Host: medinavethall.com
URL: https://medinavethall.com/Adob/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:7100:192::2db1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Akamai Resource Optimizer /
Resource Hash
b7d49dcc921586c93ac6cda9acd5257b0ca5b82f660f91dd0512a709c1243d07
Security Headers
Name Value
Strict-Transport-Security max-age=15768000 ; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://medinavethall.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

aka-global-request-id-uxtime
0.2f7f1cb8.1644418996.f7bbf48, 0.9e247e68.1645183959.47bd6162
date
Fri, 18 Feb 2022 11:32:39 GMT
content-encoding
br
last-modified
Wed, 09 Feb 2022 15:03:17 GMT
server
Akamai Resource Optimizer
etag
"c80f97a7fd3f02e26159cef4eebb0b69:1642179994.356211"
strict-transport-security
max-age=15768000 ; preload
content-type
application/x-javascript
cache-control
max-age=3600
server-timing
cdn-cache; desc=HIT, edge; dur=1
accept-ranges
bytes
content-length
21754
styles.css
signin.att.com/static/siam/en/halo_c/halo-c-login/ 		154 KB
33 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://signin.att.com/static/siam/en/halo_c/halo-c-login/styles.css?v=8.2.6
Requested by
Host: medinavethall.com
URL: https://medinavethall.com/Adob/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
144.160.125.207 Dallas, United States, ASN797 (AMERITECH-AS, US),
Reverse DNS
clcontent-da.att.com
Software
/
Resource Hash
98607414db657e129003305c46e2b6cdcc612a7e770654894d72693bb9a75b72
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Frame-Options SAMEORIGIN

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://medinavethall.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 18 Feb 2022 11:32:38 GMT
content-encoding
gzip
last-modified
Thu, 17 Feb 2022 20:38:23 GMT
etag
"267f4-5d83cbf51cdc0"
x-frame-options
SAMEORIGIN
iam_on
D511
p3p
CP="NON CUR OTPi OUR NOR UNI"
access-control-allow-origin
*
transfer-encoding
chunked
strict-transport-security
max-age=31536000; includeSubDomains; preload
accept-ranges
bytes
content-type
text/css
apser
p211
logo.svg
signin.att.com/static/siam/en/halo_c/halo-c-login/assets/images/ 		8 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://signin.att.com/static/siam/en/halo_c/halo-c-login/assets/images/logo.svg
Requested by
Host: medinavethall.com
URL: https://medinavethall.com/Adob/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
144.160.125.207 Dallas, United States, ASN797 (AMERITECH-AS, US),
Reverse DNS
clcontent-da.att.com
Software
/
Resource Hash
6982fbe858e30068de9301b49438c83838bc7beb058146703b22b701e6709c7e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Frame-Options SAMEORIGIN

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://medinavethall.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 18 Feb 2022 11:32:39 GMT
last-modified
Thu, 26 Aug 2021 01:56:38 GMT
etag
"20b1-5ca6cad666180"
x-frame-options
SAMEORIGIN
iam_on
D511
p3p
CP="NON CUR OTPi OUR NOR UNI"
access-control-allow-origin
*
strict-transport-security
max-age=31536000; includeSubDomains; preload
accept-ranges
bytes
content-type
image/svg+xml
apser
p192
content-length
8369
detm-container-ftr.js
www.att.com/scripts/adobe/prod/ 		666 B
802 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.att.com/scripts/adobe/prod/detm-container-ftr.js
Requested by
Host: medinavethall.com
URL: https://medinavethall.com/Adob/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:7100:192::2db1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
43f774da83292822f54305d69e01286ca018b6f3f0fe86250451ad93d9252f9c
Security Headers
Name Value
Strict-Transport-Security max-age=15768000 ; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://medinavethall.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

aka-global-request-id-uxtime
0.8e3a2f17.1645074180.dc35151, 0.9e247e68.1645183959.47bd610b
date
Fri, 18 Feb 2022 11:32:39 GMT
content-encoding
gzip
last-modified
Fri, 30 Jul 2021 00:16:43 GMT
server
AkamaiNetStorage
etag
"d5c61c3be97b0718b3548d0ec26dc0ef:1627604203.48042"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
no-cache, private, max-age=7776000
server-timing
cdn-cache; desc=HIT, edge; dur=12
strict-transport-security
max-age=15768000 ; preload
accept-ranges
bytes
content-length
368
id
dpm.demdex.net/ 		1 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://dpm.demdex.net/id?d_visid_ver=3.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=55633F7A534535110A490D44%40AdobeOrg&d_nsid=0&ts=1645183957727
Requested by
Host: www.att.com
URL: https://www.att.com/scripts/adobe/prod/detm-container-hdr.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.242.49.38 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-242-49-38.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
2ebc223604943d8bf2b1e4bf049ef3d5145ad567efca365dd1869a3811b13cb3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://medinavethall.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

DCS
dcs-prod-irl1-1-v028-09d666913.edge-irl1.demdex.com UNKNOWN
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-TID
gzSqIsevQPk=
Vary
Origin
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin
https://medinavethall.com
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json;charset=utf-8
Content-Length
595
Expires
Thu, 01 Jan 1970 00:00:00 UTC
mbox-contents.js
www.att.com/scripts/adobe/prod/ 		110 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.att.com/scripts/adobe/prod/mbox-contents.js
Requested by
Host: www.att.com
URL: https://www.att.com/scripts/adobe/prod/detm-container-hdr.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:7100:192::2db1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
1ae55eee9d98c2f4c7fdb3e9add8ffec1f75fda9a2053df845a87e38d113873d
Security Headers
Name Value
Strict-Transport-Security max-age=15768000 ; preload

Request headers

Referer
https://medinavethall.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

aka-global-request-id-uxtime
0.2f33ca17.1645074179.1eb04e8d, 0.9e247e68.1645183957.47bd57ae
date
Fri, 18 Feb 2022 11:32:37 GMT
content-encoding
gzip
last-modified
Wed, 18 Aug 2021 00:04:34 GMT
server
AkamaiNetStorage
etag
"dd2b31903c705fca23fee971dae7fe9c:1629245074.953647"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
no-cache, private, max-age=7776000
server-timing
cdn-cache; desc=HIT, edge; dur=1
strict-transport-security
max-age=15768000 ; preload
accept-ranges
bytes
content-length
36188
expires
Sun, 20 Mar 2022 11:32:37 GMT
id
smetrics.att.com/ 		0
0
acd700b6-5d91-4bd1-acd4-2c3dce004fc3
https://medinavethall.com/ 		17 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://medinavethall.com/acd700b6-5d91-4bd1-acd4-2c3dce004fc3
Requested by
Host: medinavethall.com
URL: https://medinavethall.com/Adob/
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
80001c402149eff011b5e7e87c3dd72dc2de45d3d430d98418eb62c2ec5ad596

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Length
17224
Content-Type
application/javascript
json
fls.doubleclick.net/ 		40 B
719 B 		Script
General
Check archive.org
Download Go to
Full URL
https://fls.doubleclick.net/json?spot=6100125&src=&var=s_3_Integrate_DFA_get_0&host=integrate.112.2o7.net%2Fdfa_echo%3Fvar%3Ds_3_Integrate_DFA_get_0%26AQE%3D1%26A2S%3D1&ord=1645183959091
Requested by
Host: www.att.com
URL: https://www.att.com/scripts/ssaf_universal_client/prod/ssaf-uc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.230 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f6.1e100.net
Software
cafe /
Resource Hash
e32a6ae5e43f7f652674e0f03dc23f86839f839b29ee4e63c01c93da180bb0d0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://medinavethall.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 18 Feb 2022 11:32:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
60
x-xss-protection
0
pragma
no-cache
server
cafe
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
no-cache, must-revalidate
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
ATTAleckSans_W_Rg.woff2
signin.att.com/static/siam/en/halo_c/halo-c-login/assets/fonts/att/ATTAleckSans/woff2/ 		18 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://signin.att.com/static/siam/en/halo_c/halo-c-login/assets/fonts/att/ATTAleckSans/woff2/ATTAleckSans_W_Rg.woff2
Requested by
Host: signin.att.com
URL: https://signin.att.com/static/siam/en/halo_c/halo-c-login/styles.css?v=8.2.6
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
144.160.125.207 Dallas, United States, ASN797 (AMERITECH-AS, US),
Reverse DNS
clcontent-da.att.com
Software
/
Resource Hash
e2740c7b209e33aca7176250d80f94b4924e5e5d18076ee3b95f32a0e20d1f58
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://signin.att.com/static/siam/en/halo_c/halo-c-login/styles.css?v=8.2.6
Origin
https://medinavethall.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 18 Feb 2022 11:32:39 GMT
last-modified
Thu, 17 Feb 2022 20:38:23 GMT
etag
"4830-5d83cbf51cdc0"
x-frame-options
SAMEORIGIN
iam_on
D511
p3p
CP="NON CUR OTPi OUR NOR UNI"
access-control-allow-origin
*
strict-transport-security
max-age=31536000; includeSubDomains; preload
accept-ranges
bytes
apser
p514
content-length
18480
ATTAleckSans_W_Md.woff2
signin.att.com/static/siam/en/halo_c/halo-c-login/assets/fonts/att/ATTAleckSans/woff2/ 		19 KB
20 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://signin.att.com/static/siam/en/halo_c/halo-c-login/assets/fonts/att/ATTAleckSans/woff2/ATTAleckSans_W_Md.woff2
Requested by
Host: signin.att.com
URL: https://signin.att.com/static/siam/en/halo_c/halo-c-login/styles.css?v=8.2.6
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
144.160.125.207 Dallas, United States, ASN797 (AMERITECH-AS, US),
Reverse DNS
clcontent-da.att.com
Software
/
Resource Hash
59ea63b5ffe0f060e37c24a44b6406943df9e4fca39e2ef43023c2ae9783f220
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://signin.att.com/static/siam/en/halo_c/halo-c-login/styles.css?v=8.2.6
Origin
https://medinavethall.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 18 Feb 2022 11:32:39 GMT
last-modified
Thu, 17 Feb 2022 20:38:23 GMT
etag
"4c8c-5d83cbf51cdc0"
x-frame-options
SAMEORIGIN
iam_on
D511
p3p
CP="NON CUR OTPi OUR NOR UNI"
access-control-allow-origin
*
strict-transport-security
max-age=31536000; includeSubDomains; preload
accept-ranges
bytes
apser
p001
content-length
19596
dest5.html
att.demdex.net/ Frame 3255 		7 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://att.demdex.net/dest5.html?d_nsid=0
Requested by
Host: www.att.com
URL: https://www.att.com/scripts/adobe/prod/detm-container-hdr.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.155.222.85 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-155-222-85.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://medinavethall.com/

Response headers

Accept-Ranges
bytes
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding
gzip
Content-Type
text/html;charset=UTF-8
date
Fri, 18 Feb 2022 11:32:39 GMT
DCS
dcs-prod-irl1-2-v028-0bb7c21e2.edge-irl1.demdex.com UNKNOWN
Expires
Thu, 01 Jan 1970 00:00:00 UTC
last-modified
Mon, 14 Feb 2022 16:08:27 GMT
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
vary
accept-encoding
X-TID
jXxzB6HUSLw=
Content-Length
2791
Connection
keep-alive
/
att-app.quantummetric.com/ Frame 7884 		90 B
429 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://att-app.quantummetric.com/?T=B&u=https%3A%2F%2Fmedinavethall.com%2FAdob%2F&t=1645183959213&v=1645183959242&z=1&S=0&N=0&P=0
Requested by
Host: cdn.quantummetric.com
URL: https://cdn.quantummetric.com/qscripts/quantum-att.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.225.144.85 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
85.144.225.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
e691dfee670314cedc398c0bf887d18f757cf34acf03f15c7015a47f48ba5f8c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type
text/plain

Response headers

date
Fri, 18 Feb 2022 11:32:39 GMT
content-encoding
gzip
server
nginx
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://medinavethall.com
access-control-allow-credentials
true
strict-transport-security
max-age=31536000
/
att-sync.quantummetric.com/ Frame 7884 		0
157 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://att-sync.quantummetric.com/?T=B&u=https%3A%2F%2Fmedinavethall.com%2FAdob%2F&t=1645183959213&v=1645183959244&z=1&Q=1&Y=1&X=01eedb88e68b47aa66416e24f74a07b7
Requested by
Host: cdn.quantummetric.com
URL: https://cdn.quantummetric.com/qscripts/quantum-att.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.239.162.91 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
91.162.239.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://medinavethall.com
date
Fri, 18 Feb 2022 11:32:39 GMT
access-control-allow-credentials
true
server
nginx
content-length
0
strict-transport-security
max-age=31536000
content-type
application/json
ibs:dpid=21&dpuuid=164911204066000203187
dpm.demdex.net/ Frame 3255
Redirect Chain
  • https://aa.agkn.com/adscores/g.pixel?sid=9211132908&aam=68206402249674776333874115302891201040
  • https://dpm.demdex.net/ibs:dpid=21&dpuuid=164911204066000203187
42 B
945 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/ibs:dpid=21&dpuuid=164911204066000203187
Requested by
Host: medinavethall.com
URL: https://medinavethall.com/Adob/
Protocol
HTTP/1.1
Server
34.242.49.38 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-242-49-38.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://att.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

DCS
dcs-prod-irl1-1-v028-04e5f36c3.edge-irl1.demdex.com UNKNOWN
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-TID
hCBI9E4gROg=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Type
image/gif
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

pragma
no-cache
date
Fri, 18 Feb 2022 11:32:39 GMT
server
AAWebServer
p3p
policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
location
https://dpm.demdex.net/ibs:dpid=21&dpuuid=164911204066000203187
cache-control
no-cache, no-store, must-revalidate
content-length
0
expires
0
truncated
/ 		89 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
50e6072d26098d48004a30addeecabd5b22b91e5ccdf9dd86f96459783e3ac23

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Type
image/png
ibs:dpid=358&dpuuid=3551065886413761851
dpm.demdex.net/ Frame 3255
Redirect Chain
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D358%26dpuuid%3D%24UID
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fdpm.demdex.net%252Fibs%253Adpid%253D358%2526dpuuid%253D%2524UID
  • https://dpm.demdex.net/ibs:dpid=358&dpuuid=3551065886413761851
42 B
945 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/ibs:dpid=358&dpuuid=3551065886413761851
Requested by
Host: medinavethall.com
URL: https://medinavethall.com/Adob/
Protocol
HTTP/1.1
Server
34.242.49.38 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-242-49-38.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://att.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

DCS
dcs-prod-irl1-1-v028-09d666913.edge-irl1.demdex.com UNKNOWN
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-TID
455K24Q9RTA=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Type
image/gif
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Pragma
no-cache
Date
Fri, 18 Feb 2022 11:32:39 GMT
X-Proxy-Origin
84.19.175.165; 84.19.175.165; 536.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid
48e2145a-c4d2-45aa-8ef4-390ad0b883ec
Server
nginx/1.21.3
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://dpm.demdex.net/ibs:dpid=358&dpuuid=3551065886413761851
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
ibs:dpid=477&dpuuid=61a4ee7b9f715e8d466deffca2a6dcda88ec35aca6ecc8b29e11ccb1d53d8b82b0da87c991749652
dpm.demdex.net/ Frame 3255
Redirect Chain
  • https://idsync.rlcdn.com/365868.gif?partner_uid=68206402249674776333874115302891201040
  • https://idsync.rlcdn.com/1000.gif?memo=CKyqFhIxCi0IARCYEhomNjgyMDY0MDIyNDk2NzQ3NzYzMzM4NzQxMTUzMDI4OTEyMDEwNDAQABoNCNeHvpAGEgUI6AcQAEIASgA
  • https://dpm.demdex.net/ibs:dpid=477&dpuuid=61a4ee7b9f715e8d466deffca2a6dcda88ec35aca6ecc8b29e11ccb1d53d8b82b0da87c991749652
42 B
945 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/ibs:dpid=477&dpuuid=61a4ee7b9f715e8d466deffca2a6dcda88ec35aca6ecc8b29e11ccb1d53d8b82b0da87c991749652
Requested by
Host: medinavethall.com
URL: https://medinavethall.com/Adob/
Protocol
HTTP/1.1
Server
34.242.49.38 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-242-49-38.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://att.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

DCS
dcs-prod-irl1-2-v028-091a3d7f6.edge-irl1.demdex.com UNKNOWN
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-TID
ceEFSz5bQXU=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Type
image/gif
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

date
Fri, 18 Feb 2022 11:32:39 GMT
via
1.1 google
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://dpm.demdex.net/ibs:dpid=477&dpuuid=61a4ee7b9f715e8d466deffca2a6dcda88ec35aca6ecc8b29e11ccb1d53d8b82b0da87c991749652
cache-control
no-cache, no-store
timing-allow-origin
*
alt-svc
clear
content-length
0
adsct
analytics.twitter.com/i/ Frame 3255 		43 B
354 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://analytics.twitter.com/i/adsct?p_user_id=68206402249674776333874115302891201040&p_id=38594
Requested by
Host: medinavethall.com
URL: https://medinavethall.com/Adob/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.195 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=631138519

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://att.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-response-time
115
date
Fri, 18 Feb 2022 11:32:39 GMT
server
tsa_o
strict-transport-security
max-age=631138519
content-type
image/gif;charset=utf-8
cache-control
no-cache, no-store, max-age=0
x-connection-hash
0b9614357fedb7278ab705396107829e0dd0cdec4ace8de20317cf595594aaf7
content-length
43
/
att-app.quantummetric.com/ Frame 7884 		28 B
251 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://att-app.quantummetric.com/?s=14427543eab46ff4b6ececc6840981a8&H=d2c9823d30899319bb63fd48&Q=3
Requested by
Host: cdn.quantummetric.com
URL: https://cdn.quantummetric.com/qscripts/quantum-att.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.225.144.85 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
85.144.225.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
12d77f615d7df0946899d769baa6094c8060d6006df35a1afb54c152b070871e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 18 Feb 2022 11:32:39 GMT
content-encoding
gzip
server
nginx
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://medinavethall.com
access-control-allow-credentials
true
strict-transport-security
max-age=31536000
ibs:dpid=22052&dpuuid=3625225547007131648
dpm.demdex.net/ Frame 3255
Redirect Chain
  • https://ml314.com/utsync.ashx?eid=50112&et=0&gdpr=0&gdpr_consent=&return=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D22052%26dpuuid%3D[PersonID]
  • https://dpm.demdex.net/ibs:dpid=22052&dpuuid=3625225547007131648
42 B
945 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/ibs:dpid=22052&dpuuid=3625225547007131648
Requested by
Host: medinavethall.com
URL: https://medinavethall.com/Adob/
Protocol
HTTP/1.1
Server
34.242.49.38 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-242-49-38.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://att.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

DCS
dcs-prod-irl1-2-v028-0d3310425.edge-irl1.demdex.com UNKNOWN
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-TID
GzQQ9fiVQBI=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Type
image/gif
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Pragma
no-cache
Date
Fri, 18 Feb 2022 11:32:39 GMT
Server
Microsoft-IIS/10.0
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
p3P
CP="NON DSP COR ADMo PSAo DEVo BUS COM UNI NAV DEM STA"
Location
https://dpm.demdex.net/ibs:dpid=22052&dpuuid=3625225547007131648
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
185
Expires
0,Sat, 19 Feb 2022 06:32:40 GMT
/
att-app.quantummetric.com/ Frame 7884 		0
156 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://att-app.quantummetric.com/?T=B&u=https%3A%2F%2Fmedinavethall.com%2FAdob%2F&t=1645183959213&v=1645183959940&H=d2c9823d30899319bb63fd48&s=14427543eab46ff4b6ececc6840981a8&U=0d52980e0bedf3bba9ff939cb858885c&z=1&Q=2&S=0&N=0
Requested by
Host: cdn.quantummetric.com
URL: https://cdn.quantummetric.com/qscripts/quantum-att.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.225.144.85 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
85.144.225.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://medinavethall.com
date
Fri, 18 Feb 2022 11:32:40 GMT
access-control-allow-credentials
true
server
nginx
content-length
0
strict-transport-security
max-age=31536000
content-type
application/json
ecm3
s.amazon-adsystem.com/ Frame 3255
Redirect Chain
  • https://s.amazon-adsystem.com/dcm?pid=5c420d2b-f139-4fee-b0c0-89a7b8ce9433
  • https://s.amazon-adsystem.com/dcm?pid=5c420d2b-f139-4fee-b0c0-89a7b8ce9433&dcc=t
  • https://dpm.demdex.net/ibs:dpid=139200&dpuuid=bl9RGyhWQhGnackMxhhkAw&redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dadobe.com%26id%3D%24%7BDD_UUID%7D
  • https://s.amazon-adsystem.com/ecm3?ex=adobe.com&id=68206402249674776333874115302891201040
43 B
556 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/ecm3?ex=adobe.com&id=68206402249674776333874115302891201040
Protocol
HTTP/1.1
Server
52.46.154.242 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://att.demdex.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 18 Feb 2022 11:32:40 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
ZBWT94K78WEJKKXWJJBG
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

DCS
dcs-prod-irl1-1-v028-0d02bd033.edge-irl1.demdex.com UNKNOWN
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-TID
n4p6uwKKT8A=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location
https://s.amazon-adsystem.com/ecm3?ex=adobe.com&id=68206402249674776333874115302891201040
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 UTC
/
att-app.quantummetric.com/ Frame 7884 		0
156 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://att-app.quantummetric.com/?T=B&u=https%3A%2F%2Fmedinavethall.com%2FAdob%2F&t=1645183959213&v=1645183960064&H=d2c9823d30899319bb63fd48&s=14427543eab46ff4b6ececc6840981a8&z=1&S=881&N=2&P=1
Requested by
Host: cdn.quantummetric.com
URL: https://cdn.quantummetric.com/qscripts/quantum-att.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.225.144.85 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
85.144.225.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://medinavethall.com
date
Fri, 18 Feb 2022 11:32:40 GMT
access-control-allow-credentials
true
server
nginx
content-length
0
strict-transport-security
max-age=31536000
content-type
application/json
/
att-app.quantummetric.com/ Frame 7884 		0
156 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://att-app.quantummetric.com/?T=B&u=https%3A%2F%2Fmedinavethall.com%2FAdob%2F&t=1645183959213&v=1645183964242&H=d2c9823d30899319bb63fd48&s=14427543eab46ff4b6ececc6840981a8&z=1&S=1226&N=8&P=2
Requested by
Host: cdn.quantummetric.com
URL: https://cdn.quantummetric.com/qscripts/quantum-att.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.225.144.85 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
85.144.225.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://medinavethall.com
date
Fri, 18 Feb 2022 11:32:44 GMT
access-control-allow-credentials
true
server
nginx
content-length
0
strict-transport-security
max-age=31536000
content-type
application/json
/
att-app.quantummetric.com/ Frame 7884 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
66f84f86-d3ab-41cb-8e63-2e76288df6a6
URL
moz-extension://66f84f86-d3ab-41cb-8e63-2e76288df6a6/scripts/webrtc-patch.js
Domain
smetrics.att.com
URL
https://smetrics.att.com/id?d_visid_ver=3.4.0&d_fieldgroup=A&mcorgid=55633F7A534535110A490D44%40AdobeOrg&mid=68291155119746825313864566845269685298&ts=1645183957892
Domain
att-app.quantummetric.com
URL
https://att-app.quantummetric.com/?T=B&u=https%3A%2F%2Fmedinavethall.com%2FAdob%2F&t=1645183959213&v=1645183964365&H=d2c9823d30899319bb63fd48&s=14427543eab46ff4b6ececc6840981a8&z=1&Q=2&S=672&N=1

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: AT&T (Telecommunication)

86 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 function| structuredClone string| detmScriptLoadType string| hcc string| mid string| adobe_mc number| ts string| href object| hcc_check undefined| analytics_app_visitor_id undefined| newurl undefined| halo_app_visitor_id object| detm_last_link_info function| isIE function| _pageLoadDetector function| _earlyAnalytics function| e boolean| disableAudienceManager object| visitor object| DataMappingInterface string| detm_tag_notification_key string| legacyModeKey string| retireDLKey object| scripts object| script string| src function| satelliteDetector function| scriptExecutor string| filesadded boolean| monecontwatched function| loadAdsFile function| injectHtmlTag function| executeMonetizationTagInjection function| injectMonetization function| iterateANConfigObj function| findAccurateConfig object| detmScriptLoaderConfig function| detmScriptLoader object| detmLoader boolean| AllowDelayedLoad function| dunBradstreet undefined| dnbvid object| earlyAnalytics object| chatAnalytics function| Visitor object| s_c_il number| s_c_in boolean| detmDisabled object| detmScriptExecutor function| detmDomainMapper object| detmTagControls string| path object| _satellite object| head_ab boolean| pageLoadFired function| targetView function| listAbVariants function| targetPageParams object| targetGlobalSettings function| ab$ function| ABJSFrameworkLibrary object| adobe function| mboxCreate function| mboxDefine function| mboxUpdate string| AB_LOCATION_CHANGE string| sdidUrl function| QuantumMetricInstrumentationStart object| QuantumMetricAPI function| qmflate function| docReady object| ddo function| AnalyticsNotificationFramework object| loginJspEnvVars string| loginLanguage function| detmExecuteFooter boolean| qmIDPErrSet boolean| qm3377 object| s_3_Integrate_DFA_get_0 object| uc_dfa_val number| dfaSuccess boolean| evaluation boolean| qmEPSet boolean| qmSetDC

18 Cookies

Domain/Path Name / Value
.demdex.net/ Name: demdex
Value: 68206402249674776333874115302891201040
medinavethall.com/ Name: AMCVS_55633F7A534535110A490D44%40AdobeOrg
Value: 1
.att.com/ Name: s_ecid
Value: MCMID%7C68291155119746825313864566845269685298
medinavethall.com/ Name: AMCV_55633F7A534535110A490D44%40AdobeOrg
Value: 1994364360%7CMCIDTS%7C19042%7CMCMID%7C68291155119746825313864566845269685298%7CMCAAMLH-1645788757%7C6%7CMCAAMB-1645788757%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1645191157s%7CNONE%7CMCAID%7CNONE%7CvVersion%7C3.4.0
.doubleclick.net/ Name: test_cookie
Value: CheckForPermission
.agkn.com/ Name: ab
Value: 0001%3ATz38vT8UCmUiLfhWqj%2By1AEDgTGC0v5N
.rlcdn.com/ Name: rlas3
Value: wLfPvD1JeYemyoYbW+TcWHupzMZT7j46TXiDN4w7D7A=
.adnxs.com/ Name: uuid2
Value: 3551065886413761851
.rlcdn.com/ Name: pxrc
Value: CNeHvpAGEgUI6AcQABIGCPHrARAA
.dpm.demdex.net/ Name: dpm
Value: 68206402249674776333874115302891201040
att-app.quantummetric.com/ Name: s
Value: 14427543eab46ff4b6ececc6840981a8
att-app.quantummetric.com/ Name: U
Value: 0d52980e0bedf3bba9ff939cb858885c
.medinavethall.com/ Name: QuantumMetricSessionID
Value: 14427543eab46ff4b6ececc6840981a8
.medinavethall.com/ Name: QuantumMetricUserID
Value: 0d52980e0bedf3bba9ff939cb858885c
.twitter.com/ Name: personalization_id
Value: "v1_m/v2pbAGQG7IZcWYpJ83Yg=="
.demdex.net/ Name: dextp
Value: 21-1-1645183959461|358-1-1645183959562|477-1-1645183959664|1123-1-1645183959764|22052-1-1645183959865|139200-1-1645183959966
.amazon-adsystem.com/ Name: ad-id
Value: A3YCDpdwpE72lqhLT1LmK5Y
.amazon-adsystem.com/ Name: ad-privacy
Value: 0

5 Console Messages

Source Level URL
Text
network error URL: moz-extension://66f84f86-d3ab-41cb-8e63-2e76288df6a6/scripts/webrtc-patch.js
Message:
Failed to load resource: net::ERR_UNKNOWN_URL_SCHEME
javascript warning URL: https://www.att.com/scripts/adobe/prod/detm-container-hdr.js(Line 7)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://www.att.com/scripts/adobe/prod/mbox-contents.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://www.att.com/scripts/adobe/prod/detm-container-hdr.js(Line 7)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://www.att.com/scripts/adobe/prod/mbox-contents.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript error URL: https://medinavethall.com/Adob/
Message:
Access to XMLHttpRequest at 'https://smetrics.att.com/id?d_visid_ver=3.4.0&d_fieldgroup=A&mcorgid=55633F7A534535110A490D44%40AdobeOrg&mid=68291155119746825313864566845269685298&ts=1645183957892' from origin 'https://medinavethall.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://smetrics.att.com/id?d_visid_ver=3.4.0&d_fieldgroup=A&mcorgid=55633F7A534535110A490D44%40AdobeOrg&mid=68291155119746825313864566845269685298&ts=1645183957892
Message:
Failed to load resource: net::ERR_FAILED

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

66f84f86-d3ab-41cb-8e63-2e76288df6a6
aa.agkn.com
analytics.twitter.com
att-app.quantummetric.com
att-sync.quantummetric.com
att.demdex.net
cdn.quantummetric.com
dpm.demdex.net
fls.doubleclick.net
ib.adnxs.com
idsync.rlcdn.com
medinavethall.com
ml314.com
s.amazon-adsystem.com
signin-static-js.att.com
signin.att.com
smetrics.att.com
www.att.com
66f84f86-d3ab-41cb-8e63-2e76288df6a6
att-app.quantummetric.com
smetrics.att.com
104.238.93.84
104.244.42.195
142.250.185.230
144.160.125.207
2606:4700:10::ac43:149e
2a02:26f0:7100:192::2db1
3.9.96.172
34.242.49.38
35.225.144.85
35.239.162.91
35.244.174.68
37.252.173.22
52.208.138.90
52.46.154.242
54.155.222.85
12d77f615d7df0946899d769baa6094c8060d6006df35a1afb54c152b070871e
1ae55eee9d98c2f4c7fdb3e9add8ffec1f75fda9a2053df845a87e38d113873d
1f51e300fb78e427e8e262ecd8a8ae743928fba7bd15ff455df0b090043d9bda
2c6cc549f14adedb4ad387791ac829e5f4b1f8a49e3bb9dfdb34526f42fc65fe
2ebc223604943d8bf2b1e4bf049ef3d5145ad567efca365dd1869a3811b13cb3
43f774da83292822f54305d69e01286ca018b6f3f0fe86250451ad93d9252f9c
50e6072d26098d48004a30addeecabd5b22b91e5ccdf9dd86f96459783e3ac23
59ea63b5ffe0f060e37c24a44b6406943df9e4fca39e2ef43023c2ae9783f220
6982fbe858e30068de9301b49438c83838bc7beb058146703b22b701e6709c7e
7bdc3b6e756669eda5388a22a39d384b7b920473a50c3f2c2a93bdee2ed0986e
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
80001c402149eff011b5e7e87c3dd72dc2de45d3d430d98418eb62c2ec5ad596
98607414db657e129003305c46e2b6cdcc612a7e770654894d72693bb9a75b72
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
b7d49dcc921586c93ac6cda9acd5257b0ca5b82f660f91dd0512a709c1243d07
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
e2740c7b209e33aca7176250d80f94b4924e5e5d18076ee3b95f32a0e20d1f58
e32a6ae5e43f7f652674e0f03dc23f86839f839b29ee4e63c01c93da180bb0d0
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e691dfee670314cedc398c0bf887d18f757cf34acf03f15c7015a47f48ba5f8c
ec47b41c30e1f7e3531e728781eb9dc897186cb586bf83e73c2cace9ac0d8522
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629