buildcron.com
Open in
urlscan Pro
119.18.54.55
Malicious Activity!
Public Scan
URL:
http://buildcron.com/dpseoueaq/att/att/AT&T.htm
Submission: On December 03 via manual from IN — Scanned from DE
Submission: On December 03 via manual from IN — Scanned from DE
Summary
This website contacted 18 IPs
in 4 countries
across 15 domains to perform 60 HTTP transactions.
The main IP is 119.18.54.55, located in
India and
belongs to PUBLIC-DOMAIN-REGISTRY, US.
The main domain is buildcron.com.
This is the only time buildcron.com was scanned on urlscan.io!
This is the only time buildcron.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: AT&T (Telecommunication)Domain & IP information
1
34.240.38.51
(Dublin, Ireland)
ASN16509 (AMAZON-02, US)
PTR: ec2-34-240-38-51.eu-west-1.compute.amazonaws.com
ASN16509 (AMAZON-02, US)
PTR: ec2-34-240-38-51.eu-west-1.compute.amazonaws.com
| dpm.demdex.net |
1
142.250.185.70
(United States)
ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f6.1e100.net
ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f6.1e100.net
| fls.doubleclick.net |
12
2a00:1450:4001:808::2008
(Frankfurt am Main, Germany)
ASN15169 (GOOGLE, US)
ASN15169 (GOOGLE, US)
| www.googletagmanager.com |
1
3.248.2.215
(Dublin, Ireland)
ASN16509 (AMAZON-02, US)
PTR: ec2-3-248-2-215.eu-west-1.compute.amazonaws.com
ASN16509 (AMAZON-02, US)
PTR: ec2-3-248-2-215.eu-west-1.compute.amazonaws.com
| attservicesinc.tt.omtrdc.net |
1
2.16.186.56
(Frankfurt am Main, Germany)
ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-16-186-56.deploy.static.akamaitechnologies.com
ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-16-186-56.deploy.static.akamaitechnologies.com
| fast.att.demdex.net |
1
144.160.125.207
(United States)
ASN797 (AMERITECH-AS, US)
PTR: clcontent-da.att.com
ASN797 (AMERITECH-AS, US)
PTR: clcontent-da.att.com
| signin.att.com |
2
104.109.57.2
(Frankfurt am Main, Germany)
ASN16625 (AKAMAI-AS, US)
PTR: a104-109-57-2.deploy.static.akamaitechnologies.com
ASN16625 (AKAMAI-AS, US)
PTR: a104-109-57-2.deploy.static.akamaitechnologies.com
| servedby.flashtalking.com |
1
2a03:2880:f02d:12:face:b00c:0:3
(Frankfurt am Main, Germany)
ASN32934 (FACEBOOK, US)
ASN32934 (FACEBOOK, US)
| connect.facebook.net |
1
37.252.173.215
(Frankfurt am Main, Germany)
ASN29990 (ASN-APPNEX, US)
PTR: 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
ASN29990 (ASN-APPNEX, US)
PTR: 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
| ib.adnxs.com |
1
2a03:2880:f12d:83:face:b00c:0:25de
(Frankfurt am Main, Germany)
ASN32934 (FACEBOOK, US)
ASN32934 (FACEBOOK, US)
| www.facebook.com |
1
2620:1ec:4a::28
(United States)
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
| media-us2.digital.nuance.com |
1
3.74.33.199
(Frankfurt am Main, Germany)
ASN16509 (AMAZON-02, US)
PTR: ec2-3-74-33-199.eu-central-1.compute.amazonaws.com
ASN16509 (AMAZON-02, US)
PTR: ec2-3-74-33-199.eu-central-1.compute.amazonaws.com
| d.agkn.com |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 17 |
att.net
home.secureapp.att.net |
220 KB |
| 17 |
att.com
www.att.com — Cisco Umbrella Rank: 12559 metrics.att.com Failed signin.att.com — Cisco Umbrella Rank: 22045 |
275 KB |
| 12 |
googletagmanager.com
6 redirects
www.googletagmanager.com — Cisco Umbrella Rank: 48 |
316 KB |
| 4 |
buildcron.com
buildcron.com |
6 KB |
| 2 |
inq.com
att.inq.com — Cisco Umbrella Rank: 29085 |
4 KB |
| 2 |
flashtalking.com
servedby.flashtalking.com — Cisco Umbrella Rank: 777 |
2 KB |
| 2 |
bing.com
bat.bing.com — Cisco Umbrella Rank: 345 |
602 B |
| 2 |
demdex.net
dpm.demdex.net — Cisco Umbrella Rank: 190 fast.att.demdex.net — Cisco Umbrella Rank: 176163 |
5 KB |
| 1 |
agkn.com
d.agkn.com — Cisco Umbrella Rank: 613 |
553 B |
| 1 |
nuance.com
media-us2.digital.nuance.com — Cisco Umbrella Rank: 29794 |
7 KB |
| 1 |
facebook.com
www.facebook.com — Cisco Umbrella Rank: 108 |
185 B |
| 1 |
adnxs.com
ib.adnxs.com — Cisco Umbrella Rank: 204 |
345 B |
| 1 |
facebook.net
connect.facebook.net — Cisco Umbrella Rank: 134 |
84 KB |
| 1 |
omtrdc.net
attservicesinc.tt.omtrdc.net — Cisco Umbrella Rank: 27045 |
449 B |
| 1 |
doubleclick.net
fls.doubleclick.net — Cisco Umbrella Rank: 444 |
702 B |
| 60 | 15 |
| Domain | Requested by | |
|---|---|---|
| 17 | home.secureapp.att.net |
buildcron.com
home.secureapp.att.net |
| 16 | www.att.com |
buildcron.com
www.att.com |
| 12 | www.googletagmanager.com |
6 redirects
buildcron.com
|
| 4 | buildcron.com |
buildcron.com
www.att.com media-us2.digital.nuance.com |
| 2 | att.inq.com |
www.att.com
media-us2.digital.nuance.com |
| 2 | servedby.flashtalking.com |
www.att.com
servedby.flashtalking.com |
| 2 | bat.bing.com |
www.att.com
|
| 1 | d.agkn.com | |
| 1 | media-us2.digital.nuance.com |
att.inq.com
|
| 1 | www.facebook.com | |
| 1 | ib.adnxs.com | |
| 1 | connect.facebook.net |
www.att.com
|
| 1 | signin.att.com |
www.att.com
|
| 1 | fast.att.demdex.net |
www.att.com
|
| 1 | attservicesinc.tt.omtrdc.net |
www.att.com
|
| 1 | fls.doubleclick.net |
www.att.com
|
| 1 | dpm.demdex.net |
www.att.com
|
| 0 | metrics.att.com Failed |
www.att.com
|
| 60 | 18 |
This site contains links to these domains. Also see Links.
| Domain |
|---|
| www.att.net |
| www.att.com |
| watch.att.com |
| envivo.att.yahoo.com |
| loginprodx.att.net |
| attreg.att.net |
| about.att.com |
| www.xandr.com |
| survey.foreseeresults.com |
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| *.att.com DigiCert TLS RSA SHA256 2020 CA1 |
2022-01-03 - 2023-01-04 |
a year | crt.sh |
| home.secureapp.att.net DigiCert TLS RSA SHA256 2020 CA1 |
2022-08-18 - 2023-09-18 |
a year | crt.sh |
| *.doubleclick.net GTS CA 1C3 |
2022-11-02 - 2023-01-25 |
3 months | crt.sh |
| www.bing.com Microsoft RSA TLS CA 02 |
2022-11-25 - 2023-05-25 |
6 months | crt.sh |
| servedby.flashtalking.com DigiCert TLS RSA SHA256 2020 CA1 |
2022-11-11 - 2023-11-12 |
a year | crt.sh |
| *.facebook.com DigiCert SHA2 High Assurance Server CA |
2022-09-11 - 2022-12-10 |
3 months | crt.sh |
| *.adnxs.com GeoTrust ECC CA 2018 |
2022-02-11 - 2023-03-14 |
a year | crt.sh |
| *.inq.com DigiCert Global G2 TLS RSA SHA256 2020 CA1 |
2022-09-14 - 2023-10-12 |
a year | crt.sh |
| *.digital.nuance.com DigiCert Global G2 TLS RSA SHA256 2020 CA1 |
2022-09-14 - 2023-10-12 |
a year | crt.sh |
This page contains 4 frames:
Primary Page:
http://buildcron.com/dpseoueaq/att/att/AT&T.htm
Frame ID: 7384D28CF492AD1D374FFE0138BE2967
Requests: 56 HTTP requests in this frame
Frame:
http://fast.att.demdex.net/dest5.html?d_nsid=0
Frame ID: 4168A7BBDDECD46C92F6583EE1689977
Requests: 1 HTTP requests in this frame
Frame:
https://servedby.flashtalking.com/container/19536;124481;13503;iframe/?ft_referrer=http%3A//buildcron.com/dpseoueaq/att/att/AT%26T.htm&ns=&cb=620611.9914468089
Frame ID: 39FCEDC2AE3A3C4DD12EBE8542A88419
Requests: 2 HTTP requests in this frame
Frame:
http://buildcron.com/inqChat.html?IFRAME&nuance-frame-ac=0
Frame ID: 8370220260623324B3E93ED164CDE55D
Requests: 1 HTTP requests in this frame
Screenshot
Page Title
AT&T - LoginDetected technologies
AppNexus
(Advertising Networks)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- adnxs\.(?:net|com)
DoubleClick Floodlight
(Advertising Networks)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- https?://fls\.doubleclick\.net
Google Tag Manager
(Tag Managers)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- googletagmanager\.com/gtag/js
jQuery
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
17 Outgoing links
These are links going to different origins than the main page.
URL: http://www.att.net/
Title: att.net
Title: att.net
Search URL Search Domain Scan URL
URL: http://www.att.com/
Title: att.com
Title: att.com
Search URL Search Domain Scan URL
URL: https://watch.att.com/uverse-tv/
Title: uverse.com
Title: uverse.com
Search URL Search Domain Scan URL
URL: https://envivo.att.yahoo.com/
Title: En Español
Title: En Español
Search URL Search Domain Scan URL
URL: https://www.att.com/esupport/index.jsp?App_ID=PBY
Title: AT&T Support
Title: AT&T Support
Search URL Search Domain Scan URL
URL: https://www.att.com/esupport/article.html#!/wireless/KM1187387
Title: Learn about shared passwords for AT&T email.
Title: Learn about shared passwords for AT&T email.
Search URL Search Domain Scan URL
URL: https://www.att.com/olam/unauth/enterEmailForgotId.myworld?origination_point=att.net&Return_URL=https://loginprodx.att.net/FIM/sps/ATTidp/saml20/logininitial?RequestBinding=HTTPPost&PartnerId=https%3A%2F%2Flogin.yahoo.com%2Fsaml%2F2.0%2Fatt&.lang=en-US&Target=https%3A%2F%2Fmail.yahoo.com%2Fd%3F.intl%3Dus%26.partner%3Dsbc%26.lang%3Den-US&Cancel_URL=https://loginprodx.att.net/FIM/sps/ATTidp/saml20/logininitial?RequestBinding=HTTPPost&PartnerId=https%3A%2F%2Flogin.yahoo.com%2Fsaml%2F2.0%2Fatt&.lang=en-US&Target=https%3A%2F%2Fmail.yahoo.com%2Fd%3F.intl%3Dus%26.partner%3Dsbc%26.lang%3Den-US
Title: Forgot User ID?
Title: Forgot User ID?
Search URL Search Domain Scan URL
URL: https://loginprodx.att.net/commonLogin/igate_edam/controller.do?TAM_OP=login&USERNAME=unauthenticated&ERROR_CODE=0x00000000&ERROR_TEXT=HPDBA0521I%20%20%20Successful%20completion&METHOD=GET&URL=%2FFIM%2Fsps%2FATTidp%2Fsaml20%2Flogininitial%3FRequestBinding%3DHTTPPost%26PartnerId%3Dhttps%253A%252F%252Flogin.yahoo.com%252Fsaml%252F2.0%252Fatt%26.lang%3Den-US%26Target%3Dhttps%253A%252F%252Fmail.yahoo.com%252Fd%253F.intl%253Dus%2526.partner%253Dsbc%2526.lang%253Den-US%3Ftucd567%3Dw&REFERER=https%3A%2F%2Fcurrently.att.yahoo.com%2F%3Fguccounter%3D1&HOSTNAME=loginprodx.att.net&AUTHNLEVEL=&FAILREASON=&PROTOCOL=https&OLDSESSION=#modal
Title: Forgot Password?
Title: Forgot Password?
Search URL Search Domain Scan URL
URL: https://attreg.att.net/PortalRegWeb/PortalRegController?callingAppId=OP&returnUrl=
Search URL Search Domain Scan URL
URL: https://loginprodx.att.net/commonLogin/igate_edam/controller.do?TAM_OP=login&USERNAME=unauthenticated&ERROR_CODE=0x00000000&ERROR_TEXT=HPDBA0521I%20%20%20Successful%20completion&METHOD=GET&URL=%2FFIM%2Fsps%2FATTidp%2Fsaml20%2Flogininitial%3FRequestBinding%3DHTTPPost%26PartnerId%3Dhttps%253A%252F%252Flogin.yahoo.com%252Fsaml%252F2.0%252Fatt%26.lang%3Den-US%26Target%3Dhttps%253A%252F%252Fmail.yahoo.com%252Fd%253F.intl%253Dus%2526.partner%253Dsbc%2526.lang%253Den-US%3Ftucd567%3Dw&REFERER=https%3A%2F%2Fcurrently.att.yahoo.com%2F%3Fguccounter%3D1&HOSTNAME=loginprodx.att.net&AUTHNLEVEL=&FAILREASON=&PROTOCOL=https&OLDSESSION=
Search URL Search Domain Scan URL
URL: https://www.att.com/legal/terms.attNetTermsOfUse.html
Title: Terms
Title: Terms
Search URL Search Domain Scan URL
URL: https://about.att.com/csr/home/privacy.html
Title: Privacy
Title: Privacy
Search URL Search Domain Scan URL
URL: https://www.xandr.com/
Title: Advertise
Title: Advertise
Search URL Search Domain Scan URL
URL: https://about.att.com/csr/home/privacy/full_privacy_policy.html#obc
Title: Advertising Choices
Title: Advertising Choices
Search URL Search Domain Scan URL
URL: https://www.att.com/legal/terms.aup.html
Title: Acceptable Use Policy
Title: Acceptable Use Policy
Search URL Search Domain Scan URL
URL: https://survey.foreseeresults.com/survey/display?cid=JxTg9PsUYKor4P5i9ne0Ug==&sid=s-feedback-en
Title: Feedback
Title: Feedback
Search URL Search Domain Scan URL
URL: http://www.att.net/s/context.dll?id=1400&type=clickthru&name=global.footer.att.IP&redirecturl=http://www.att.com/gen/privacy-policy?pid=2587
Title: © 2020 AT&T Intellectual Property
Title: © 2020 AT&T Intellectual Property
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 12- http://www.att.com/scripts/adobe/prod/marketing.min.js HTTP 307
- https://www.att.com/scripts/adobe/prod/marketing.min.js
- http://www.att.com/scripts/adobe/prod/engage.min.js HTTP 307
- https://www.att.com/scripts/adobe/prod/engage.min.js
- http://www.googletagmanager.com/gtag/js?id=DC-6100125&l=dataLayer&cx=c HTTP 302
- https://www.googletagmanager.com/gtag/js?id=DC-6100125&l=dataLayer&cx=c
- http://www.googletagmanager.com/gtag/js?id=DC-6143919&l=dataLayer&cx=c HTTP 302
- https://www.googletagmanager.com/gtag/js?id=DC-6143919&l=dataLayer&cx=c
- http://www.googletagmanager.com/gtag/js?id=AW-1036745755&l=dataLayer&cx=c HTTP 302
- https://www.googletagmanager.com/gtag/js?id=AW-1036745755&l=dataLayer&cx=c
- http://www.googletagmanager.com/gtag/js?id=AW-657864347&l=dataLayer&cx=c HTTP 302
- https://www.googletagmanager.com/gtag/js?id=AW-657864347&l=dataLayer&cx=c
- http://www.googletagmanager.com/gtag/js?id=AW-1049001539&l=dataLayer&cx=c HTTP 302
- https://www.googletagmanager.com/gtag/js?id=AW-1049001539&l=dataLayer&cx=c
- http://www.googletagmanager.com/gtag/js?id=AW-669961037&l=dataLayer&cx=c HTTP 302
- https://www.googletagmanager.com/gtag/js?id=AW-669961037&l=dataLayer&cx=c
60 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
Primary Request
AT&T.htm
buildcron.com/dpseoueaq/att/att/ |
10 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
detm-container-hdr.js
www.att.com/scripts/adobe/prod/ |
107 KB 30 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
_fontface.css
home.secureapp.att.net/css/sso/slid/1201/ |
0 960 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
main.css
home.secureapp.att.net/css/sso/slid/1201/ |
28 KB 29 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
jquery-1.5.1.min.js
home.secureapp.att.net/js/jquery/ |
83 KB 84 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
jquery.simplemodal.js
home.secureapp.att.net/js/jquery/simplemodal/ |
9 KB 10 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
script.js
home.secureapp.att.net/js/sso/slid/1201/ |
53 KB 54 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
Button.png
home.secureapp.att.net/design/CDLS10/img/logos/ |
2 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
AT&T_logo.png
home.secureapp.att.net/design/CDLS10/img/logos/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
detm-container-ftr.js
www.att.com/scripts/adobe/prod/ |
666 B 1 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
id
dpm.demdex.net/ |
1 KB 1 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
mbox-contents.js
www.att.com/scripts/adobe/prod/ |
110 KB 36 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
ssaf-uc.js
www.att.com/scripts/ssaf_universal_client/prod/ |
113 KB 22 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
marketing.min.js
www.att.com/scripts/adobe/prod/ Redirect Chain
|
363 KB 66 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
engage.min.js
www.att.com/scripts/adobe/prod/ Redirect Chain
|
196 KB 49 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
id
metrics.att.com/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
json
fls.doubleclick.net/ |
40 B 702 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
js
www.googletagmanager.com/gtag/ Redirect Chain
|
111 KB 43 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
js
www.googletagmanager.com/gtag/ Redirect Chain
|
111 KB 43 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
js
www.googletagmanager.com/gtag/ Redirect Chain
|
135 KB 52 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
js
www.googletagmanager.com/gtag/ Redirect Chain
|
135 KB 52 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
js
www.googletagmanager.com/gtag/ Redirect Chain
|
218 KB 72 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
js
www.googletagmanager.com/gtag/ Redirect Chain
|
135 KB 52 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
eComm_Universal_AppNexus.js
www.att.com/scripts/adobe/prod/mktg-rules/global/ |
559 B 871 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
eComm_Universal_Bing.js
www.att.com/scripts/adobe/prod/mktg-rules/global/ |
807 B 1013 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
eComm_Universal_Facebook.js
www.att.com/scripts/adobe/prod/mktg-rules/global/ |
834 B 1 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
mobile.css
home.secureapp.att.net/css/sso/slid/1201/ |
4 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST H/1.1 |
delivery
attservicesinc.tt.omtrdc.net/rest/v1/ |
49 B 449 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
webtrends.min.js
buildcron.com/commonLogin/igate_edam/staticContent/images/SLID/js/ |
6 B 259 B |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
pageBg.png
home.secureapp.att.net/design/cdls10/img/ui/ |
169 B 1001 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
btnSumbit.png
home.secureapp.att.net/img/sso/slid/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
footerBg.png
home.secureapp.att.net/design/CDLS10/img/ui/ |
560 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
dest5.html
fast.att.demdex.net/ Frame 4168 |
7 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
bing.js
www.att.com/scripts/adobe/prod/mktg-rules/global/ |
38 KB 12 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
attGlobalNavHeader-bg.gif
home.secureapp.att.net/design/cdls20/img/ui/ |
149 B 981 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
att_globe_blue_80x80.png
home.secureapp.att.net/design/CDLS10/img/logos/ |
16 KB 17 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
support-icon.jpg
home.secureapp.att.net/img/sso/slid/ |
2 KB 2 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
txt-clear.png
home.secureapp.att.net/img/sso/slid/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
ques.png
home.secureapp.att.net/img/sso/slid/ |
363 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
facebook.js
www.att.com/scripts/adobe/prod/ |
103 KB 28 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
appnexus.js
www.att.com/scripts/adobe/prod/ |
7 KB 3 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
18003891.js
bat.bing.com/p/action/ |
0 425 B |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
context.dll
home.secureapp.att.net/attportal/s/ |
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
attmonetization.config.js
www.att.com/scripts/adobe/prod/attmonetization/js/ |
40 KB 3 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
keepAlive.js
signin.att.com/static/ciam/en/common/js/ |
1 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
Flashtalking_Consumer.js
www.att.com/scripts/adobe/prod/mktg-rules/global/ |
2 KB 1 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
eComm_Visitor_DIR.js
www.att.com/scripts/adobe/prod/mktg-rules/global/ |
19 KB 4 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jsPlugin.js
www.att.com/MEG/chatserver/js/ |
89 KB 17 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST H/1.1 |
controllerdata
buildcron.com/ssaf/ssafc/v1/ |
6 B 259 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
/
servedby.flashtalking.com/container/19536;124481;13503;iframe/ Frame 39FC |
2 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
128900881029137
connect.facebook.net/signals/config/ |
289 KB 84 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
0
bat.bing.com/action/ |
0 177 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
pixie
ib.adnxs.com/ |
42 B 345 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
inqChatLaunch10004119.js
att.inq.com/chatskins/launch/ |
13 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
/
servedby.flashtalking.com/segment/2/read/a;;pixel/ Frame 39FC |
42 B 514 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
/
www.facebook.com/tr/ |
0 185 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
chatLoader.min.js
media-us2.digital.nuance.com/media/launch/ |
22 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
resolvePage
att.inq.com/tagserver/launch/ |
33 B 343 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
/
d.agkn.com/pixel/8597/ |
43 B 553 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
inqChat.html
buildcron.com/ Frame 8370 |
6 B 259 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- metrics.att.com
- URL
- http://metrics.att.com/id?d_visid_ver=3.4.0&d_fieldgroup=A&mcorgid=55633F7A534535110A490D44%40AdobeOrg&mid=06725535493896517473337205861924992467&ts=1670064057892
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: AT&T (Telecommunication)217 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 object| 2 object| oncontentvisibilityautostatechange string| hcc string| mid string| adobe_mc number| ts string| href object| hcc_check undefined| analytics_app_visitor_id undefined| newurl undefined| halo_app_visitor_id object| detm_last_link_info function| isIE function| _pageLoadDetector function| _earlyAnalytics function| e boolean| disableAudienceManager object| visitor object| DataMappingInterface string| detm_tag_notification_key string| legacyModeKey string| retireDLKey object| scripts object| script string| src function| satelliteDetector function| scriptExecutor string| filesadded boolean| monecontwatched function| loadAdsFile function| injectHtmlTag function| executeMonetizationTagInjection function| injectMonetization function| iterateANConfigObj function| findAccurateConfig object| detmScriptLoaderConfig function| detmScriptLoader object| detmLoader boolean| AllowDelayedLoad function| dunBradstreet undefined| dnbvid undefined| andiPresent undefined| scriptFiles undefined| vameg object| earlyAnalytics object| chatAnalytics function| Visitor object| s_c_il number| s_c_in boolean| detmDisabled object| detmScriptExecutor object| QMATT function| detmDomainMapper object| detmTagControls string| path object| _satellite object| head_ab boolean| pageLoadFired function| targetView function| listAbVariants function| targetPageParams object| targetGlobalSettings function| ab$ function| ABJSFrameworkLibrary object| adobe object| ___target_traces function| mboxCreate function| mboxDefine function| mboxUpdate string| AB_LOCATION_CHANGE string| sdidUrl function| docReady object| ddo object| ssaf function| AnalyticsNotificationFramework object| domainName object| linker number| ga_checkOutStep number| ga_pageLoadCount number| loggedIn string| authenticationStatus object| gamktEventTypes object| gamktEventNames object| gamktElements string| gaCustomEvent object| gamarketingANF number| chatTestFlag function| loadMarketingFile function| isQMLogin function| getCookie function| getQueryVariable function| setCookie function| DIRECTVPageInterest object| mktDataEvtType undefined| mktDataEvtName object| mktDataEvtVariable string| mktCustomEvent object| mktVariable string| pageFlowCode string| pageLanguage string| pagePageName string| pageFriendlyPageName string| pageLiabilityType string| pageCustomerType string| accountInFocusUserType string| userType string| flowCode string| fullURL string| domainURL string| pathURL string| sourceCode object| sourceCookie string| wExtndSource undefined| DiscountCode object| DNS_segment undefined| GPI undefined| qtm undefined| d undefined| DNS function| gtag object| google_tag_manager object| dataLayer string| evtAction string| evtCode string| successFlag string| statusMessage string| errorType string| linkName string| linkPosition string| linkDestinationUrl string| chatInviteType string| chatSessionId string| chatBusinessUnit string| chatAgentGroup string| pageName string| chatState object| chatLaunchedListener object| chatEngagedListener object| agentAssignedListener object| c2cStateChanged object| InqRegistry boolean| callMe object| antiClickjack undefined| noFrameBusting string| _host function| $ function| jQuery string| agent string| ORIGINATION_POINT_URL string| RETURN_URL string| CANCEL_URL function| getWindowWidth function| getWindowHeight function| GetURLParameter function| setRegURL function| logPgvw function| refer function| submitForm function| trimAll function| chkTick function| unchkTick function| getElementsByClassName function| btnChange function| acctSelBtnEnable function| ie6Img function| getYadContents function| init undefined| countdownElement function| overlay function| cancelLoad function| Redirecturl string| focusableElementsString function| trapTabKey function| supportRedirect function| webtrendsAsyncInit string| scriptUrl object| uetq function| detmExecuteFooter object| DARLA_CONFIG string| q1Zidx string| q2Zidx string| attSid function| fbq function| _fbq function| pixie function| UET function| UET_init function| UET_push object| ueto_9329dab1d2 object| s_3_Integrate_DFA_get_0 undefined| uc_dfa_val undefined| dfaSuccess object| google_tag_data object| s_att object| ONE-G8V3SQCVEX-2062 object| ft_onetag_13503 object| pageInfo undefined| comScore undefined| url string| customerType string| language string| liabilitytype string| friendlypagename object| appMonetizationFtrUnitsConfig function| andiEventListener string| andiCurrentPageUrlJSPluginExecuted function| evaluateLegacySettings function| secureProtocol function| getParentV3LanderConfig function| loadChat object| v3Lander object| v3LanderConfig object| __webpack_exports__ function| refreshTGuardSession function| addPixelImage10 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| .buildcron.com/ | Name: at_check Value: true |
|
| .buildcron.com/ | Name: mbox Value: session#81e09a66f1e14e96a3d2fd1214018266#1670065918 |
|
| buildcron.com/ | Name: AMCVS_55633F7A534535110A490D44%40AdobeOrg Value: 1 |
|
| buildcron.com/ | Name: AMCV_55633F7A534535110A490D44%40AdobeOrg Value: 1994364360%7CMCIDTS%7C19330%7CMCMID%7C06725535493896517473337205861924992467%7CMCAAMLH-1670668857%7C6%7CMCAAMB-1670668857%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1670071257s%7CNONE%7CMCAID%7CNONE%7CvVersion%7C3.4.0 |
|
| .doubleclick.net/ | Name: test_cookie Value: CheckForPermission |
|
| .buildcron.com/ | Name: _gcl_au Value: 1.1.895580630.1670064059 |
|
| .bing.com/ | Name: MUID Value: 18E1A7190F286DE505C4B5760EA36C77 |
|
| .buildcron.com/ | Name: _uetsid Value: f97b8d8072f611edb94cbf007124d5a8 |
|
| .buildcron.com/ | Name: _uetvid Value: f97c072072f611ed88e751e14b0af148 |
|
| .flashtalking.com/ | Name: flashtalkingad1 Value: "GUID=5450D8F101255B" |
9 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
| Source | Level | URL Text |
|---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
att.inq.com
attservicesinc.tt.omtrdc.net
bat.bing.com
buildcron.com
connect.facebook.net
d.agkn.com
dpm.demdex.net
fast.att.demdex.net
fls.doubleclick.net
home.secureapp.att.net
ib.adnxs.com
media-us2.digital.nuance.com
metrics.att.com
servedby.flashtalking.com
signin.att.com
www.att.com
www.facebook.com
www.googletagmanager.com
metrics.att.com
104.109.57.2
119.18.54.55
142.250.185.70
144.160.125.207
144.160.36.70
2.16.186.56
20.80.226.228
2620:1ec:4a::28
2620:1ec:c11::200
2a00:1450:4001:808::2008
2a02:26f0:1700:393::2db1
2a03:2880:f02d:12:face:b00c:0:3
2a03:2880:f12d:83:face:b00c:0:25de
3.248.2.215
3.74.33.199
34.240.38.51
37.252.173.215
01a7e22fd83c617ff55898233518c54a9ecce7e0de3e8a63c4fa59315b029c6b
05bebd61034ebbef8d6efa18bdd24375a92814425c16293589e4e13761905807
0c1c11e6d9b00df8a81a816d2f9789c3ad63910f550eb1af108d2f241c77c9ae
0c31ac905789222fc236147e023f9132db2a36fa2f2542ba59198e767079c121
15d70dd6d2024b7cc2925bcd47aad1a429b08042ebcc15364004c0c887f719d6
1c592a51351836456628c2cb9a7dd86d41257d821f8926b137c8f5c63aaf0ca3
27da51ec2023f96407f92161ddda0e290b0661a765822ff03e5d61f3aecf8aa0
29293537fff88ac91b77966a0a9e372cb3b92c451dec9e9021ce388c71558b3c
2b0b047ba39cf12db0504d6b0c904d63d1c13f5950f4103da2688c9f989a7a01
2f65af54de14766bbf8bd8a2d8c2fde55d8eda67b2a050ededed8a05b386c636
334d016f755cd6dc58c53a86e183882f8ec14f52fb05345887c8a5edd42c87b7
33a050282e9356be2f2d8538f376fcbc4c7bbc778c4517375b44dad46d48389e
370cb63119bc0d295c50903465a851655942f314b5302cc6a55f1b24ef51662e
43f774da83292822f54305d69e01286ca018b6f3f0fe86250451ad93d9252f9c
47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292
49c77e7170b923bcfedc878f7ab9b15bc06b912deb43a9a9c51d58733494fc9e
56e7892a7759ed710ae2d6c23de19acb3bbba7dd50398013972d84b1c846ad03
5c2bb4799afe71e3806de817e1e14868d170da40d3bf8df3f59e550fb23a57c1
5fd69c4fa9f1a2a6fbdab11ff45053dbd08237e6190dfc9c071fadd08fe9b7d5
601f450bfc37544f6ebbdcbecf66d18121b3a6c99ff9ab31994769f1b08f6e86
61e91515aaf72cba3014a136331a138eca6b27831c8f2e6b0c128825243f5263
63336f6a96719084892dddf45c8c19b128497a6b04bb0bcb083a07778e13dfcf
684e3b47c37c44dc00497d3a5a7c5b3aebf078f39b9c9235c5f9f91a7b5d64f2
70ac34d176f59098e867cd1008c65de5e945ae2ee702444a4e6e9ee10ae314dd
70b5a6613f03d3c015d826185e39839e6dbc2d03871f151bafbed5cc58503f69
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
83543dc25b03f7cc92538b32b9316d41874d3c720390f09dc8382b38e27de15d
8c28d3a690f5905a67e382bfb1b45cfeb46ac8911198a9a9ecccf61e7625849b
8e6ec1efd720fba57823309829b05bb57ebb5716c813c88b3c88cf36ab9aa5e9
94004e23805535343792270c371df0cefad33bf9fc9653b9f9ff152113e2a641
96a336c10df5d2c483fe92642643f39b70ca4636f8b9acd28ea678bbe837b78c
9880eb5b6a6b1dec8f568c14a1a5be755c460d2ea2df66fa7b5e6b99227f7128
998646ced61a081e43267d9dade969345d6ed9e9fc13a9d09f193d7da631226e
a5182fbd8bbbbc358b704a5a070ffad58bd079b7800803935d9e3b2b8b9c5d87
a8c89bb3937cdc4a70b3568eae5a390d918433be78f89deba07846932ae7c695
ac840990603819c38555a492a7d5fa3aa15c168756aca9f298afcb5ab336ad69
b632a6a0334c1702ba8c2d5b4e49ff79059b32af6599c747d27c373799c1af28
bba4bf5001c7eb5c7658b0c359177835ce4130528f5d235bfeb41594095b5ee1
c537cf7e2770d1b4953255dfccff8e0bdbfd4adb4e88d868e353208ae7ff13c1
caf7ce1a755363ce972446cbaa14af3224ea2775ead0ead7aa9ec4d9e0c97089
cef4189496d23a1555a6ed64901376afe650d5216d3b670d491beda49d0e0d76
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d50d115484f337976a64a7ff2df1c0c050a57f7ebbc58910f23c3f9b0f6779b6
dfa35aa4643a991e1d2ec6e3562e1a0465174c7200a7572c92619904bb08530f
e32a6ae5e43f7f652674e0f03dc23f86839f839b29ee4e63c01c93da180bb0d0
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e8263c64386fed1e3ef69d7ba78c08651d28d1366711db2b8e03cf39706aaef6
ee2b053bf423dde326070fc6ce0ceedd7211460f9d14dc0c982be7ffa9e59e13
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef5831657e8bbb3bb1f856181e25839be124a370b16ba2972175dc4d4605226c
f57a015bf914c4343db90c1d04c286816a77831c10dd4fc3db2e7880239d1fb2
fc7d9fa8170645da805312c9e1a877e4f4c645aaa50b5548d87c70593ba0eb22
fdee766a03e4032897a2cd75326c135d8e938592bfb00f12ed5b4eb223f54c3f