bt-verifybilling.com
Open in
urlscan Pro
104.21.35.238
Malicious Activity!
Public Scan
Effective URL: http://bt-verifybilling.com/login.php?0ZLR9BLOXGP&inID=HFLIOXuMCAuWoSOAmaBrJMYqeNGjgKLKncOUbzMFtLwGMbJKwvbmACzVsxEn
Submission: On September 16 via api from GB — Scanned from DE
Summary
This is the only time bt-verifybilling.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: BT (Telecommunication)Domain & IP information
ASN22822 (LLNW, US)
PTR: https-68-142-70-29.any.llnw.net
img01.bt.co.uk |
ASN16625 (AKAMAI-AS, US)
PTR: a2-18-232-23.deploy.static.akamaitechnologies.com
assets.adobedtm.com |
ASN22822 (LLNW, US)
PTR: https-178-79-242-150.fra.llnw.net
assets.bt.com |
ASN16509 (AMAZON-02, US)
PTR: ec2-52-17-54-18.eu-west-1.compute.amazonaws.com
dpm.demdex.net |
ASN16509 (AMAZON-02, US)
PTR: s3-3-w.amazonaws.com
ee-tagging.s3.amazonaws.com |
ASN16509 (AMAZON-02, US)
PTR: server-52-222-236-95.fra56.r.cloudfront.net
consent-pref.trustarc.com |
ASN16509 (AMAZON-02, US)
PTR: ec2-108-128-243-138.eu-west-1.compute.amazonaws.com
britishtelecom.demdex.net |
ASN16509 (AMAZON-02, US)
PTR: ec2-99-80-210-73.eu-west-1.compute.amazonaws.com
cm.everesttech.net |
ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-35.fra50.r.cloudfront.net
consent-st.trustarc.com |
ASN29990 (ASN-APPNEX, US)
PTR: 730.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
ib.adnxs.com |
ASN14618 (AMAZON-AES, US)
PTR: ec2-34-202-206-65.compute-1.amazonaws.com
prefmgr-cookie.truste-svc.net |
ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
PTR: a-0001.a-msedge.net
c.bing.com |
ASN16509 (AMAZON-02, US)
PTR: ec2-52-214-235-66.eu-west-1.compute.amazonaws.com
ads.avocet.io | |
ads.avct.cloud |
Apex Domain Subdomains |
Transfer | |
---|---|---|
28 |
bt.co.uk
img01.bt.co.uk |
353 KB |
20 |
trustarc.com
consent.trustarc.com consent-pref.trustarc.com consent-st.trustarc.com |
351 KB |
12 |
adobedtm.com
assets.adobedtm.com |
162 KB |
8 |
demdex.net
1 redirects
dpm.demdex.net britishtelecom.demdex.net |
10 KB |
3 |
bt.com
home.bt.com assets.bt.com |
7 KB |
2 |
avct.cloud
2 redirects
ads.avct.cloud |
880 B |
2 |
adform.net
2 redirects
c1.adform.net |
963 B |
2 |
adnxs.com
2 redirects
ib.adnxs.com |
2 KB |
2 |
bt-verifybilling.com
1 redirects
bt-verifybilling.com |
9 KB |
1 |
avocet.io
1 redirects
ads.avocet.io |
194 B |
1 |
bing.com
1 redirects
c.bing.com |
421 B |
1 |
twitter.com
analytics.twitter.com |
581 B |
1 |
truste-svc.net
prefmgr-cookie.truste-svc.net |
2 KB |
1 |
everesttech.net
1 redirects
cm.everesttech.net |
517 B |
1 |
cloudfront.net
d36kespjlw4605.cloudfront.net |
405 B |
1 |
amazonaws.com
ee-tagging.s3.amazonaws.com |
26 KB |
75 | 16 |
Domain | Requested by | |
---|---|---|
28 | img01.bt.co.uk |
bt-verifybilling.com
img01.bt.co.uk |
12 | consent-pref.trustarc.com |
consent.trustarc.com
consent-pref.trustarc.com |
12 | assets.adobedtm.com |
bt-verifybilling.com
assets.adobedtm.com |
7 | consent.trustarc.com |
assets.adobedtm.com
consent.trustarc.com bt-verifybilling.com |
7 | dpm.demdex.net |
1 redirects
bt-verifybilling.com
|
2 | ads.avct.cloud | 2 redirects |
2 | c1.adform.net | 2 redirects |
2 | ib.adnxs.com | 2 redirects |
2 | home.bt.com |
bt-verifybilling.com
img01.bt.co.uk |
2 | bt-verifybilling.com | 1 redirects |
1 | ads.avocet.io | 1 redirects |
1 | c.bing.com | 1 redirects |
1 | analytics.twitter.com |
bt-verifybilling.com
|
1 | prefmgr-cookie.truste-svc.net |
bt-verifybilling.com
|
1 | consent-st.trustarc.com |
consent-pref.trustarc.com
|
1 | cm.everesttech.net | 1 redirects |
1 | britishtelecom.demdex.net |
assets.adobedtm.com
|
1 | d36kespjlw4605.cloudfront.net |
img01.bt.co.uk
|
1 | ee-tagging.s3.amazonaws.com |
bt-verifybilling.com
|
1 | assets.bt.com |
img01.bt.co.uk
|
75 | 20 |
This site contains links to these domains. Also see Links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
www.bt.com GeoTrust EV RSA CA 2018 |
2020-09-30 - 2021-10-05 |
a year | crt.sh |
*.demdex.net DigiCert TLS RSA SHA256 2020 CA1 |
2020-12-02 - 2022-01-02 |
a year | crt.sh |
assets.adobedtm.com DigiCert TLS RSA SHA256 2020 CA1 |
2021-01-08 - 2021-09-30 |
9 months | crt.sh |
*.s3.amazonaws.com DigiCert Baltimore CA-2 G2 |
2021-01-11 - 2022-02-11 |
a year | crt.sh |
*.trustarc.com Go Daddy Secure Certificate Authority - G2 |
2020-05-21 - 2022-07-17 |
2 years | crt.sh |
*.cloudfront.net Amazon |
2021-03-19 - 2022-03-17 |
a year | crt.sh |
*.twitter.com DigiCert TLS RSA SHA256 2020 CA1 |
2021-02-05 - 2022-02-04 |
a year | crt.sh |
This page contains 5 frames:
Primary Page:
http://bt-verifybilling.com/login.php?0ZLR9BLOXGP&inID=HFLIOXuMCAuWoSOAmaBrJMYqeNGjgKLKncOUbzMFtLwGMbJKwvbmACzVsxEn
Frame ID: 28AB1D5D87A1D681A2F541967DD2EFCA
Requests: 53 HTTP requests in this frame
Frame:
http://consent-pref.trustarc.com/?type=bt_consumer1&site=bt-consumer1.com&action=notice&country=de&locale=en&behavior=expressed>m=true&ostype=mobile&layout=default_eu&uid=a4b047ad-b32a-4afe-b9ca-2c2d2e660608&irm=undefined&from=http://consent.trustarc.com/
Frame ID: 1BA14692DDB3EAED45C2FB2F636285AF
Requests: 15 HTTP requests in this frame
Frame:
https://britishtelecom.demdex.net/dest5.html?d_nsid=0
Frame ID: 232963D395E6812D87552A167EC4DABC
Requests: 6 HTTP requests in this frame
Frame:
http://consent-pref.trustarc.com/defaultpreferencemanager/3D1DCD2BF0C50EAF0926E06B9412811A.cache.html
Frame ID: B0BDEA48B3E79D6E32BA6CBA3BEF2B12
Requests: 1 HTTP requests in this frame
Frame:
http://prefmgr-cookie.truste-svc.net/cookie_js/cookie_iframe.html?parent=http://consent-pref.trustarc.com/?type=bt_consumer1&site=bt-consumer1.com&action=notice&country=de&locale=en&behavior=expressed>m=true&ostype=mobile&layout=default_eu&uid=a4b047ad-b32a-4afe-b9ca-2c2d2e660608&irm=undefined&from=http://consent.trustarc.com/
Frame ID: E30A3F90E8A910283480C8476B1295C9
Requests: 1 HTTP requests in this frame
Screenshot
Page Title
BT.com Log inPage URL History Show full URLs
-
http://bt-verifybilling.com/
HTTP 302
http://bt-verifybilling.com/login.php?0ZLR9BLOXGP&inID=HFLIOXuMCAuWoSOAmaBrJMYqeNGjgKLKncOUbzMFtLwGMbJKw... Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
Modernizr (JavaScript Libraries) Expand
Detected patterns
- ([\d.]+)?/modernizr(?:\.([\d.]+))?.*\.js
TrustArc (Cookie compliance) Expand
Detected patterns
- consent\.trustarc\.com
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
jQuery UI (JavaScript Libraries) Expand
Detected patterns
- jquery-ui[.-]([\d.]*\d)[^/]*\.js
- jquery-ui.*\.js
Page Statistics
35 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Title: Forgotten your login details?
Search URL Search Domain Scan URL
Title: Security
Search URL Search Domain Scan URL
Title: Help
Search URL Search Domain Scan URL
Title: Create one
Search URL Search Domain Scan URL
Title: Track your order >
Search URL Search Domain Scan URL
Title: Report or track a fault >
Search URL Search Domain Scan URL
Title: Pay a bill >
Search URL Search Domain Scan URL
Title: Get help or contact us >
Search URL Search Domain Scan URL
Title: Download the My BT App >
Search URL Search Domain Scan URL
Title: Go to our email log in page >
Search URL Search Domain Scan URL
Title: For business and public sector
Search URL Search Domain Scan URL
Title: For global business
Search URL Search Domain Scan URL
Title: BT Group
Search URL Search Domain Scan URL
Title: Wifi
Search URL Search Domain Scan URL
Title: BT Ireland
Search URL Search Domain Scan URL
Title: BT Shop
Search URL Search Domain Scan URL
Title: Business Direct
Search URL Search Domain Scan URL
Title: Openreach
Search URL Search Domain Scan URL
Title: The Phone Book
Search URL Search Domain Scan URL
Title: BT Wholesale
Search URL Search Domain Scan URL
Title: BT Redcare
Search URL Search Domain Scan URL
Title: Contact BT
Search URL Search Domain Scan URL
Title: Careers
Search URL Search Domain Scan URL
Title: Sitemap
Search URL Search Domain Scan URL
Title: Privacy
Search URL Search Domain Scan URL
Title: Cookies
Search URL Search Domain Scan URL
Title: Terms of use
Search URL Search Domain Scan URL
Title: Codes of practice
Search URL Search Domain Scan URL
Title: Broadband Universal Service
Search URL Search Domain Scan URL
Title: Make a complaint
Search URL Search Domain Scan URL
Title: T&Cs
Search URL Search Domain Scan URL
Title: Modern Slavery Statement
Search URL Search Domain Scan URL
Title: Here For You - helping you communicate
Search URL Search Domain Scan URL
Title: Accessibility
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://bt-verifybilling.com/
HTTP 302
http://bt-verifybilling.com/login.php?0ZLR9BLOXGP&inID=HFLIOXuMCAuWoSOAmaBrJMYqeNGjgKLKncOUbzMFtLwGMbJKwvbmACzVsxEn Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 27- https://dpm.demdex.net/id?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=0AA54673527831890A490D45%40AdobeOrg&d_nsid=0&ts=1631793674344 HTTP 302
- https://dpm.demdex.net/id/rd?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=0AA54673527831890A490D45%40AdobeOrg&d_nsid=0&ts=1631793674344
- https://cm.everesttech.net/cm/dd?d_uuid=31823727673507356873166142071370181170 HTTP 302
- https://dpm.demdex.net/ibs:dpid=411&dpuuid=YUMyCgAAAGO7pgP0
- https://ib.adnxs.com/getuid?https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D358%26dpuuid%3D%24UID HTTP 307
- https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fdpm.demdex.net%252Fibs%253Adpid%253D358%2526dpuuid%253D%2524UID HTTP 302
- https://dpm.demdex.net/ibs:dpid=358&dpuuid=158358477591642391
- https://c.bing.com/c.gif?uid=31823727673507356873166142071370181170&Red3=MSAdobe_pd&gdpr=0&gdpr_consent= HTTP 302
- https://dpm.demdex.net/ibs:dpid=1957&dpuuid=23701B66FE55617009300BD2FFDE6083
- https://c1.adform.net/serving/cookie/match?party=1007&cid=31823727673507356873166142071370181170&noredirect=v2 HTTP 302
- https://c1.adform.net/serving/cookie/match?CC=1&party=1007&cid=31823727673507356873166142071370181170&noredirect=v2 HTTP 302
- https://dpm.demdex.net/ibs:dpid=1586&dpuuid=2234533833396537136
- https://ads.avocet.io/getuid?url=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D183896%26dpuuid%3D%7B%7BUUID%7D%7D HTTP 301
- https://ads.avct.cloud/getuid?r=1&url=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D183896%26dpuuid%3D%7B%7BUUID%7D%7D HTTP 307
- https://ads.avct.cloud/getuid?bounce=true&r=1&url=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D183896%26dpuuid%3D%7B%7BUUID%7D%7D HTTP 302
- https://dpm.demdex.net/ibs:dpid=183896&dpuuid=410629ca-3a3b-44a9-8950-3008b33218de
75 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
login.php
bt-verifybilling.com/ Redirect Chain
|
33 KB 8 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login-datalayer.js
img01.bt.co.uk/s/assets/290321/js/ |
710 B 896 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
common-reset.css
img01.bt.co.uk/s/assets/290321/css/ |
65 KB 35 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
common.css
img01.bt.co.uk/s/assets/290321/css/ |
181 KB 34 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
index.css
img01.bt.co.uk/s/assets/290321/aauth/css/ |
125 KB 20 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bts-common.css
img01.bt.co.uk/s/assets/290321/css/ |
88 KB 13 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
aref.min.js
img01.bt.co.uk/s/assets/290321/js/ |
460 B 804 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
launch-ENfdadf1bb09d848de85923e05be32e7d1.min.js
assets.adobedtm.com/ |
511 KB 129 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
modernizr_jquery_cookies.js
img01.bt.co.uk/s/assets/290321/js/ |
107 KB 40 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
dantegh.api-1.1.js
img01.bt.co.uk/s/assets/290321/js/ |
47 KB 12 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
sportnav.api.js
img01.bt.co.uk/s/assets/290321/js/ |
62 KB 14 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login-index.css
img01.bt.co.uk/s/assets/290321/css/ |
76 KB 14 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.cookie.js
img01.bt.co.uk/s/assets/290321/js/ |
819 B 898 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
rebrand-bt-logo-login-page-136440342141502601-200609022505.png
home.bt.com//images/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ArcotAdapterIntegration.js
img01.bt.co.uk/s/assets/290321/aauth/js/ |
5 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
dantegf.api-1.0.js
img01.bt.co.uk/s/assets/290321/js/ |
7 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login.js
img01.bt.co.uk/s/assets/290321/js/ |
12 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
core.js
img01.bt.co.uk/s/assets/290321/js/ |
6 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bttv_rg-webfont.woff
img01.bt.co.uk/s/assets/290321/aauth/css/fonts/ |
26 KB 26 KB |
Font
application/x-font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
override.css
assets.bt.com/v1/btcomd/assets/css/ |
6 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
42 KB 42 KB |
Font
font/truetype |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logintextboxbg.png
img01.bt.co.uk/s/assets/290321/images/ |
966 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icons-sprite-8bit.png
img01.bt.co.uk/s/assets/290321/images/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
LoginButtonBg.png
img01.bt.co.uk/s/assets/290321/images/ |
211 B 608 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login-back.png
img01.bt.co.uk/s/assets/290321/images/ |
279 B 698 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ajaxapic
home.bt.com/ |
3 KB 2 KB |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
responsive-footer.css
img01.bt.co.uk/s/assets/130921/css/ |
8 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bt-footer-bg.jpg
img01.bt.co.uk/s/assets/290321/images/ |
1 KB 2 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
rd
dpm.demdex.net/id/ Redirect Chain
|
1 KB 1 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
AppMeasurement.min.js
assets.adobedtm.com/extensions/EPbde2f7ca14e540399dcc1f8208860b7b/ |
33 KB 12 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
AppMeasurement_Module_ActivityMap.min.js
assets.adobedtm.com/extensions/EPbde2f7ca14e540399dcc1f8208860b7b/ |
3 KB 2 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
AppMeasurement_Module_AudienceManagement.min.js
assets.adobedtm.com/extensions/EPbde2f7ca14e540399dcc1f8208860b7b/ |
25 KB 9 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
exhaust_testing.js
ee-tagging.s3.amazonaws.com/tools/exhaust/1.3.1/ |
26 KB 26 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
notice
consent.trustarc.com/ |
9 KB 4 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ip.php
d36kespjlw4605.cloudfront.net/ |
41 B 405 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
RC6eeaf4f8a518465687d99bf5a97c446b-source.min.js
assets.adobedtm.com/468fd5a0b220/5e2a7b1f96d2/2774605620b4/ |
350 B 485 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
RC7df78ad313ee427b899df99d58d4bf5a-source.min.js
assets.adobedtm.com/468fd5a0b220/5e2a7b1f96d2/2774605620b4/ |
1 KB 874 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
RC0822ae277fa54e86a381f8f5ce01b091-source.min.js
assets.adobedtm.com/468fd5a0b220/5e2a7b1f96d2/2774605620b4/ |
545 B 613 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
RC488e232c9d0543d58b2215a05c11ca7b-source.min.js
assets.adobedtm.com/468fd5a0b220/5e2a7b1f96d2/2774605620b4/ |
438 B 544 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
v1.7-1747
consent.trustarc.com/asset/notice.js/v/ |
72 KB 23 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
log
consent.trustarc.com/ |
43 B 383 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
consent-pref.trustarc.com/ Frame 1BA1 |
5 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
noticemsg
consent.trustarc.com/ |
43 B 687 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
dest5.html
britishtelecom.demdex.net/ Frame 2329 |
7 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ibs:dpid=411&dpuuid=YUMyCgAAAGO7pgP0
dpm.demdex.net/ Redirect Chain
|
42 B 945 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
defaultpreferencemanager.nocache.js
consent-pref.trustarc.com/defaultpreferencemanager/ Frame 1BA1 |
5 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
get
consent-st.trustarc.com/ Frame 1BA1 |
20 KB 5 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
loading.gif
consent-pref.trustarc.com/images/ Frame 1BA1 |
3 KB 3 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
3D1DCD2BF0C50EAF0926E06B9412811A.cache.html
consent-pref.trustarc.com/defaultpreferencemanager/ Frame B0BD |
140 KB 46 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
truste
consent-pref.trustarc.com/defaultpreferencemanager/ Frame 1BA1 |
969 B 977 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
truste
consent-pref.trustarc.com/defaultpreferencemanager/ Frame 1BA1 |
48 B 535 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
EuPreferenceManager.css
consent-pref.trustarc.com/ Frame 1BA1 |
27 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
10.cache.js
consent-pref.trustarc.com/defaultpreferencemanager/deferredjs/3D1DCD2BF0C50EAF0926E06B9412811A/ Frame 1BA1 |
243 KB 84 KB |
XHR
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
1.cache.js
consent-pref.trustarc.com/defaultpreferencemanager/deferredjs/3D1DCD2BF0C50EAF0926E06B9412811A/ Frame 1BA1 |
19 KB 8 KB |
XHR
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ibs:dpid=358&dpuuid=158358477591642391
dpm.demdex.net/ Frame 2329 Redirect Chain
|
42 B 945 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
responsive-footer.min.js
img01.bt.co.uk/s/assets/130921/js/ |
970 B 1013 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo-footer2018.svg
img01.bt.co.uk/s/assets/130921/images/logo/ |
1 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cookie_iframe.html
prefmgr-cookie.truste-svc.net/cookie_js/ Frame E30A |
5 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
truste
consent-pref.trustarc.com/defaultpreferencemanager/ Frame 1BA1 |
733 B 804 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
truste
consent-pref.trustarc.com/defaultpreferencemanager/ Frame 1BA1 |
29 KB 7 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
BTFont_Rg.woff
img01.bt.co.uk/s/assets/130921/fonts/bt/ |
58 KB 58 KB |
Font
application/x-font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bttvicons.woff
img01.bt.co.uk/s/assets/130921/fonts/bt/ |
8 KB 9 KB |
Font
application/x-font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
adsct
analytics.twitter.com/i/ Frame 2329 |
43 B 581 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ibs:dpid=1957&dpuuid=23701B66FE55617009300BD2FFDE6083
dpm.demdex.net/ Frame 2329 Redirect Chain
|
42 B 945 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-ui-1.9.2.custom.min.js
img01.bt.co.uk/s/assets/290321/js/ |
171 KB 50 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bt.cookies.js
img01.bt.co.uk/s/assets/290321/globalheader/ |
0 408 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
RCabd3150ca9f241c7bbac2e3e4e90fe9a-source.min.js
assets.adobedtm.com/468fd5a0b220/5e2a7b1f96d2/2774605620b4/ |
623 B 608 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
RCca6c6861f25e4738a76b657218a45028-source.min.js
assets.adobedtm.com/468fd5a0b220/5e2a7b1f96d2/2774605620b4/ |
6 KB 2 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
RC31e920520b184dd1bbc4f4e454edd285-source.min.js
assets.adobedtm.com/468fd5a0b220/5e2a7b1f96d2/2774605620b4/ |
6 KB 2 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
RC0c1b9f8436dd499b876d20d63cec4db4-source.min.js
assets.adobedtm.com/468fd5a0b220/5e2a7b1f96d2/2774605620b4/ |
6 KB 2 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ibs:dpid=1586&dpuuid=2234533833396537136
dpm.demdex.net/ Frame 2329 Redirect Chain
|
42 B 945 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ibs:dpid=183896&dpuuid=410629ca-3a3b-44a9-8950-3008b33218de
dpm.demdex.net/ Frame 2329 Redirect Chain
|
42 B 945 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
6.cache.js
consent-pref.trustarc.com/defaultpreferencemanager/deferredjs/3D1DCD2BF0C50EAF0926E06B9412811A/ Frame 1BA1 |
7 KB 3 KB |
XHR
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
get
consent.trustarc.com/ Frame 1BA1 |
57 KB 57 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
get
consent.trustarc.com/ Frame 1BA1 |
57 KB 58 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
get
consent.trustarc.com/ Frame 1BA1 |
35 KB 36 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: BT (Telecommunication)124 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 object| onbeforexrselect boolean| originAgentCluster string| analyticsPageName object| tar string| formTarget object| digitalData object| _exhaust_init_queue function| emitToExhaust object| cookieutilities object| btCookiesAPI object| Modernizr object| html5 function| yepnope function| $ function| jQuery function| getInternetExplorerVersion boolean| jQueryScriptOutputted undefined| searchStatusVal object| DanteGH object| Encoder object| user function| jqdgh object| SportNav string| static_root object| omni object| funccmd boolean| sportpage object| ads function| mobileSearchBTS string| loginpagetype function| reportErrors function| expireCookie function| getUserStatus function| logDetails string| customView undefined| e undefined| loggedinCustomer undefined| xloginExists undefined| elbcExists object| authFailureReasonCookie undefined| usrName undefined| owmhash undefined| mxhash undefined| xloginArr undefined| target undefined| targetParts undefined| redirectUrl undefined| samltkns undefined| settings string| pageType function| hexDecode function| restorePlusSymbols function| ArcotExtractUserMsg function| hexEncode string| frgtdetail string| bghexcolor string| ua function| getAndriodBanner object| DanteGF object| FooterEncoder object| portalcookie function| jqdgf object| footerconfig undefined| loadgf function| displayerrors function| setUsernameFromCookie function| checkPwdEnc number| submitcount function| validEmail function| setRememberMeCookiees object| bt object| lbi function| downloadJSAtOnload object| _satellite boolean| __satelliteLoaded object| adobe function| Visitor object| s_c_il number| s_c_in string| h object| _exhaust object| expiry object| flags function| AppMeasurement_Module_ActivityMap function| AppMeasurement_Module_AudienceManagement function| DIL function| AppMeasurement function| s_gi function| s_pgicq number| s_objectID number| s_giq object| s function| _truste_eumap object| truste function| _truste_eu object| PREF_MGR_API_DEBUG object| PrivacyManagerAPI object| TRUSTE_CMAPI_DEBUG function| MessageQueue function| testObject function| testAccount function| testBasket object| transaction_ids object| basket_ids function| parseStringVars number| recent_page_request_timeout number| recent_page_request_index function| productStringToTable object| exhaust_testing_config string| rebrandLogo string| oldlogo string| newlogo function| RadarSearch_LaunchRule function| RadarSearch_Script function| Syringe function| SyringeEvent function| SyringeEvent_Click function| SyringeInjection function| SyringeInjection_Pixel function| SyringeInjection_Script function| SyringeInjection_LaunchDirectCall function| DP_jQuery_163179367499514 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
bt-verifybilling.com/ | Name: PHPSESSID Value: 12346d6436810f64adf1337216046b66 |
|
bt-verifybilling.com/ | Name: btVisitedCookie Value: 0 |
|
.demdex.net/ | Name: demdex Value: 31823727673507356873166142071370181170 |
|
.bt-verifybilling.com/ | Name: AMCVS_0AA54673527831890A490D45%40AdobeOrg Value: 1 |
|
.everesttech.net/ | Name: everest_g_v2 Value: g_surferid~YUMyCgAAAGO7pgP0 |
|
.dpm.demdex.net/ | Name: dpm Value: 31823727673507356873166142071370181170 |
|
.bt-verifybilling.com/ | Name: AMCV_0AA54673527831890A490D45%40AdobeOrg Value: -1124106680%7CMCIDTS%7C18887%7CMCMID%7C23530691952216391142845621497802307263%7CMCAAMLH-1632398474%7C6%7CMCAAMB-1632398474%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1631800874s%7CNONE%7CMCSYNCSOP%7C411-18894%7CvVersion%7C5.2.0 |
|
.adnxs.com/ | Name: uuid2 Value: 158358477591642391 |
|
.twitter.com/ | Name: personalization_id Value: "v1_hNtdLn4jc8KB410HXguDbg==" |
|
.bing.com/ | Name: MUID Value: 23701B66FE55617009300BD2FFDE6083 |
|
.adform.net/ | Name: C Value: 1 |
|
.demdex.net/ | Name: dextp Value: 358-1-1631793674697|1123-1-1631793674800|1957-1-1631793674901|1586-1-1631793675002|183896-1-1631793675102 |
|
.adform.net/ | Name: uid Value: 2234533833396537136 |
|
ads.avct.cloud/ | Name: uuid Value: 410629ca-3a3b-44a9-8950-3008b33218de |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ads.avct.cloud
ads.avocet.io
analytics.twitter.com
assets.adobedtm.com
assets.bt.com
britishtelecom.demdex.net
bt-verifybilling.com
c.bing.com
c1.adform.net
cm.everesttech.net
consent-pref.trustarc.com
consent-st.trustarc.com
consent.trustarc.com
d36kespjlw4605.cloudfront.net
dpm.demdex.net
ee-tagging.s3.amazonaws.com
home.bt.com
ib.adnxs.com
img01.bt.co.uk
prefmgr-cookie.truste-svc.net
104.21.35.238
104.244.42.195
108.128.243.138
143.204.98.35
178.79.242.150
18.66.137.228
185.33.221.14
2.18.232.23
204.79.197.200
34.202.206.65
37.157.3.30
52.17.54.18
52.214.235.66
52.218.29.218
52.222.236.95
65.9.71.16
68.142.68.29
68.142.70.29
99.80.210.73
01d8392d309a9710cf9fd39fca617d2af21e2f877c09193ef9e33a3083404941
02dd879a56452934584a191110a1d8aafb8377ed6f905d31a60008da6bfd0bbc
0445d756d77b0cd2e37f28e1e30d33f096cf0d62e31b717729b7074b1410bfc7
0486530f1e98818865754a08e1b5442ac5a6a36a6bf6042e3b3338a532e998d2
07e9d4d6a617d90407a0041a950912ba8f85bcb61be41deec67fc95aa16062a1
0a01a2caeb53e417261ff8650bec2fb7175a3dcafce24c1a6781354f726b0c0a
0b6111bcc547c27931d83a87133975e8c918932f144a509240210b956d1b4e43
1041e539882900a6955cd9a61a4f790d95ee9fb3c18cc12d1330d00cd6f78433
1313323817898228d6399b6de26686f15af3bfc9ebda293cc7656e27611673f9
1377d1117ed253cbd2efb57e5d0567fb4bffdfa48fd258d241670b516e174d00
1ea22ef5cc12712e650ac15269e8e7b75904f47246ce6eb04bf0fcd42f8bed77
20ca4a60bd5242f69283fadbe4a4af55bee69c5864ce81fb2b11a2a7b70b0ed0
26946f4351e726c1fdf9f7783c03ec0cd8534f954a8a51f15319a746262228b7
2b1930ba4a2e3f401d744fc3d55c2464a79736bfbc0f0875d98dca864b16449f
32f9b445cdf66b5aa8fc260f589ec18984fbe2042fd319c5693c8054c6378de8
330c54b74b453f6d086933cce146ead03e561fc20321119e5551657f0a1c433f
35e60937d2b6f3421ce0a07635476b7f4d216ba09c6ad2bc7a29e8b960ce3f90
3a02e3952b63d0981e3020955b24d6182dd15f0ea8d6f07b41279b517a206b90
3ab188d6cbe03d181c10ede40d6292456677fd5fa6be9edd2b2f86649a223732
3b08992554ee957c4fa7e6f2a2a743bf222c14e3b641dbd36cb7a8998741a55d
3b46519f4a78284448a47d47c257f94bce9307a4b94bc6abe9aaa8bb5efd9d0f
40216b59ea72eef1c67a9507ce543da022a953dfd4a6aded64408c01aa424aa2
425f3e3943172803a8b9f0520d73b6227698f8bbf8eeb304045996e201d3fbf6
49b1107c4782c8cd60dce7dadd701116777a8097936dc6fa3e1b526a5f7bf4b3
5d59d71fa30604e26c815b2bcfea777bef1564467e2ff9b1b4dc45ca2ee0f6fe
5fec331e4a79b49d22b0c9dc7ea1db7f7b9daac7b405a1465b764d563a24b0c0
651e08f586165960697eabab39ba2193b81a2dc196d8214d1a7bb2c3d226d474
670d9073ccec70934db12cf5580205e55d8e2613e7b51a632736abb72bf8eb42
69d69dc6cce3189131122e62348f90002469c58b896939d8a48f6eedd2fa02e7
6b275117fdc1f1f49f642525b24af8729b0342cbd6d4c1d90de54aa26b30a83a
6c15da6e07c5e0c79941d5f3e5e5839e1b1d87d3f03badceb337e88bbe78609f
6de9b19d62ae2029b5d7c51c7eb8fcbdee6503abf32cd74fa3963c76490bc0ac
6f74888de1f7e175e7a8d9f4a482f1eb678d3a1f960113ba27d1a259264256cf
7086efded1ab8547dd9fd796a65030bdfaaf7bb188137495ef1e32100416f19d
7583bdd341399e600785dab65ac725a95dced3b0054ed8ca9b8d69fbde04def8
76fb7bf7179f6f96422d148f0fdc3e29254a4c3d0695614925cb931724c750ef
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
7de05da657b85ed4236f5a2c515b7adf9efd17bc61c7289f69fa43667cad8f9d
7deb5405a84486905b040b40d17438fbdfe40db3e1fff910992758e27dc59d43
8173c9c7e6621a53dcfc67d287a719a4bde1fc826f77adf7f0d1e0b6f4126833
825b16287a8db27a3546a7525e951bc18329378fe02a1917ee6ff1702cf2384c
8e0276bb55f38a0946337c6d5ce1f88e1cd3bb8cc9560a35e5b061bb27fb1f16
8e22393ccb68dc082147bfa49d28b25932064bcb01bbcd2b48148cbe4791bb06
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
a20d8da2ff276ff2007c305688d48ceedfa74f62b0b0f9d91ef10e84470f1b0f
a2ea72aac1d255823b18f4e67a137511ba739e11b3d8267bdfe6ea63c43abb7d
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
c4357236faa88551ac127de4b3fd1deab8c9463cfe3b127bc8836d3b55863469
c471c762b4eb8ce3aac5aec2b1aac9bf9e8ccb8d2fe84d74c940e9ad2c5bc168
c8f47c528c93a4dc7104388ee8d7e5fd2e67efd2cc641116825f4d539198cd2a
c9e0440c652f9a8a3dd5ac8fab9bf9ca808a30ffcd53d539a1675e4cd4c6633e
cb4c44eaca90eb7a65b16558e7844cb61bb696756b904c4bf80279e3bb6333a9
cbf86fc1cedf23b294f4610fe0140df33f350071028953d6cc1c2c4249851038
d1a596f14425ca6825185ffefef827af5e7958ef109eeb0bcc66dafbcd19131f
d4a986c22ae001e743c50f59d647eabba306e35899b7aec56992e37833bd7015
d4bef2d91bd01eaeba3c9d62545eb98cec13e41bfacdbf28cf1c17bc7f1a35e4
d68009559c2405a20697e16a1640b61484d438cb65e453cd65222f18203326a5
d6b423c91328eec9c218dd8b21ae1e676987d574e5432411a32806e5dd2bde32
d86306cfb344762984b47aff717491662e6c9de66d26b7513fd99b6e450a6384
ddca02caf5a9068ea6b249f96e2d27f02bef000881a34736b44a62fa1bcd27cc
e014265842033575dbe2ed755b7c67ea1103ab262737508d5b4185c58b0bf849
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3f7a58fe67b04d01e049ca1cd6604b939cd660eb2df6a2d7fa3fca4c01676b0
e5356c4d200584b116d9ac14f89d883b120dbe4d7878914a4fa22358074c74f8
e5f0058d3d737d25b691728bce12a7d0b77183781c936ca8152e28cacf9e6e3f
eb7cfd3d959b2e09c170f532e29f8b825f9bc770b2279fde58e595617753e244
ecbff32f4e513b13f557f387f508545cb6ba328c6d240bb63f04cf8336092dab
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef203c78f49eb32821e0c6ce993bb2d35a0c58fe770fe5ccbcfe5585a01e2ba4
f1ba71d3bf034aeceecb8895e71a44f4806dbb5bcc44e46fd8fc461a774eb880
fb4f69078c24ab4a77db8c99fd19f05ead8878306c9e79b08656feb9ebcc328e