www.nhsinform.scot
Open in
urlscan Pro
13.107.226.45
Malicious Activity!
Public Scan
Effective URL: https://www.nhsinform.scot/illnesses-and-conditions/mental-health
Submission: On May 16 via api from US — Scanned from GB
Summary
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on August 3rd 2023. Valid for: a year.
This is the only time www.nhsinform.scot was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: NHS UK (Healthcare)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 20.0.114.104 20.0.114.104 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
2 | 13.107.226.45 13.107.226.45 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
34 | 20.209.7.1 20.209.7.1 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
3 | 104.17.25.14 104.17.25.14 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 172.67.8.54 172.67.8.54 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
13 | 18.245.31.69 18.245.31.69 | 16509 (AMAZON-02) (AMAZON-02) | |
2 | 142.250.181.232 142.250.181.232 | 15169 (GOOGLE) (GOOGLE) | |
2 | 172.217.16.202 172.217.16.202 | 15169 (GOOGLE) (GOOGLE) | |
1 | 80.75.66.243 80.75.66.243 | 20860 (IOMART-AS) (IOMART-AS) | |
2 | 18.245.86.39 18.245.86.39 | 16509 (AMAZON-02) (AMAZON-02) | |
3 | 142.250.74.206 142.250.74.206 | 15169 (GOOGLE) (GOOGLE) | |
1 | 18.66.102.53 18.66.102.53 | 16509 (AMAZON-02) (AMAZON-02) | |
2 | 54.216.252.255 54.216.252.255 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 216.239.34.36 216.239.34.36 | 15169 (GOOGLE) (GOOGLE) | |
2 | 74.125.133.157 74.125.133.157 | 15169 (GOOGLE) (GOOGLE) | |
1 | 142.250.185.67 142.250.185.67 | 15169 (GOOGLE) (GOOGLE) | |
1 | 13.32.27.19 13.32.27.19 | 16509 (AMAZON-02) (AMAZON-02) | |
71 | 17 |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
PTR: ingress.nhsscotland.net
www.moodjuice.scot.nhs.uk |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
appnhs24wp41a8c38064.blob.core.windows.net |
ASN16509 (AMAZON-02, US)
PTR: server-18-245-31-69.fra56.r.cloudfront.net
www.browsealoud.com |
ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f8.1e100.net
www.googletagmanager.com |
ASN15169 (GOOGLE, US)
PTR: fra16s65-in-f10.1e100.net
maps.googleapis.com |
ASN20860 (IOMART-AS, GB)
PTR: 80-75-66-243.civiccomputing.com
apikeys.civiccomputing.com |
ASN16509 (AMAZON-02, US)
PTR: server-18-245-86-39.fra60.r.cloudfront.net
plus.browsealoud.com |
ASN15169 (GOOGLE, US)
PTR: fra24s02-in-f14.1e100.net
www.google-analytics.com |
ASN16509 (AMAZON-02, US)
PTR: server-18-66-102-53.fra56.r.cloudfront.net
static.hotjar.com |
ASN16509 (AMAZON-02, US)
PTR: ec2-54-216-252-255.eu-west-1.compute.amazonaws.com
in2.taskanalytics.com |
ASN15169 (GOOGLE, US)
PTR: wo-in-f157.1e100.net
stats.g.doubleclick.net |
ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f3.1e100.net
www.google.co.uk |
ASN16509 (AMAZON-02, US)
PTR: server-13-32-27-19.fra56.r.cloudfront.net
script.hotjar.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
34 |
windows.net
appnhs24wp41a8c38064.blob.core.windows.net — Cisco Umbrella Rank: 369869 |
1 MB |
15 |
browsealoud.com
www.browsealoud.com — Cisco Umbrella Rank: 31699 plus.browsealoud.com — Cisco Umbrella Rank: 31574 |
280 KB |
3 |
google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 32 |
21 KB |
3 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 237 |
168 KB |
2 |
doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 89 |
404 B |
2 |
taskanalytics.com
in2.taskanalytics.com — Cisco Umbrella Rank: 649497 |
103 KB |
2 |
hotjar.com
static.hotjar.com — Cisco Umbrella Rank: 742 script.hotjar.com — Cisco Umbrella Rank: 988 |
60 KB |
2 |
googleapis.com
maps.googleapis.com — Cisco Umbrella Rank: 361 |
68 KB |
2 |
googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 39 |
193 KB |
2 |
civiccomputing.com
cc.cdn.civiccomputing.com — Cisco Umbrella Rank: 18257 apikeys.civiccomputing.com — Cisco Umbrella Rank: 18464 |
94 KB |
2 |
nhsinform.scot
www.nhsinform.scot — Cisco Umbrella Rank: 233371 |
49 KB |
1 |
google.co.uk
www.google.co.uk — Cisco Umbrella Rank: 3755 |
63 B |
1 |
google.com
region1.analytics.google.com — Cisco Umbrella Rank: 3095 |
256 B |
1 |
scot.nhs.uk
1 redirects
www.moodjuice.scot.nhs.uk |
114 B |
71 | 14 |
Domain | Requested by | |
---|---|---|
34 | appnhs24wp41a8c38064.blob.core.windows.net |
www.nhsinform.scot
appnhs24wp41a8c38064.blob.core.windows.net |
13 | www.browsealoud.com |
www.nhsinform.scot
www.browsealoud.com |
3 | www.google-analytics.com |
www.googletagmanager.com
www.google-analytics.com |
3 | cdnjs.cloudflare.com |
www.nhsinform.scot
cdnjs.cloudflare.com |
2 | stats.g.doubleclick.net |
www.googletagmanager.com
www.google-analytics.com |
2 | in2.taskanalytics.com |
www.googletagmanager.com
in2.taskanalytics.com |
2 | plus.browsealoud.com |
www.browsealoud.com
|
2 | maps.googleapis.com |
appnhs24wp41a8c38064.blob.core.windows.net
maps.googleapis.com |
2 | www.googletagmanager.com |
www.nhsinform.scot
www.googletagmanager.com |
2 | www.nhsinform.scot |
www.nhsinform.scot
|
1 | script.hotjar.com |
static.hotjar.com
|
1 | www.google.co.uk |
www.nhsinform.scot
|
1 | region1.analytics.google.com |
www.googletagmanager.com
|
1 | static.hotjar.com |
www.googletagmanager.com
|
1 | apikeys.civiccomputing.com |
cc.cdn.civiccomputing.com
|
1 | cc.cdn.civiccomputing.com |
www.nhsinform.scot
|
1 | www.moodjuice.scot.nhs.uk | 1 redirects |
71 | 17 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.nhs24.scot |
contactscotland-bsl.org |
www.facebook.com |
twitter.com |
www.youtube.com |
www.taskanalytics.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
www.nhsinform.scot Sectigo RSA Domain Validation Secure Server CA |
2023-08-03 - 2024-08-02 |
a year | crt.sh |
*.blob.core.windows.net Microsoft Azure RSA TLS Issuing CA 07 |
2024-04-18 - 2025-04-13 |
a year | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2023-07-03 - 2024-07-02 |
a year | crt.sh |
cc.cdn.civiccomputing.com GTS CA 1P5 |
2024-04-03 - 2024-07-02 |
3 months | crt.sh |
www.browsealoud.com Amazon RSA 2048 M02 |
2023-10-28 - 2024-11-24 |
a year | crt.sh |
*.google-analytics.com WR2 |
2024-05-06 - 2024-07-29 |
3 months | crt.sh |
upload.video.google.com WR2 |
2024-05-06 - 2024-07-29 |
3 months | crt.sh |
apikeys.civiccomputing.com R3 |
2024-04-14 - 2024-07-13 |
3 months | crt.sh |
plus.browsealoud.com Amazon RSA 2048 M03 |
2024-05-01 - 2025-05-30 |
a year | crt.sh |
*.hotjar.com Amazon ECDSA 256 M03 |
2024-02-07 - 2025-03-08 |
a year | crt.sh |
in2.taskanalytics.com R3 |
2024-05-15 - 2024-08-13 |
3 months | crt.sh |
*.g.doubleclick.net GTS CA 1C3 |
2024-05-06 - 2024-07-29 |
3 months | crt.sh |
*.google.co.uk WR2 |
2024-05-06 - 2024-07-29 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.nhsinform.scot/illnesses-and-conditions/mental-health
Frame ID: 69E8E0B1AD72E0060B9089EAF6BE4ED5
Requests: 72 HTTP requests in this frame
Screenshot
Page Title
Mental health | NHS informPage URL History Show full URLs
-
http://www.moodjuice.scot.nhs.uk/
HTTP 307
https://www.moodjuice.scot.nhs.uk/ HTTP 301
https://www.nhsinform.scot/illnesses-and-conditions/mental-health Page URL
Detected technologies
WordPress (CMS) ExpandDetected patterns
- <link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
- /wp-(?:content|includes)/
Google Maps (Maps) Expand
Detected patterns
- //maps\.google(?:apis)?\.com/maps/api/js
Bootstrap (Web Frameworks) Expand
Detected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Yoast SEO (SEO) Expand
Detected patterns
- <!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -
CIVIC (Cookie compliance) Expand
Detected patterns
- cc\.cdn\.civiccomputing\.com
Font Awesome (Font Scripts) Expand
Detected patterns
- <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Google Analytics (Analytics) Expand
Detected patterns
- google-analytics\.com/(?:ga|urchin|analytics)\.js
Google Tag Manager (Tag Managers) Expand
Detected patterns
- googletagmanager\.com/gtm\.js
- googletagmanager\.com/gtag/js
Hotjar (Analytics) Expand
Detected patterns
- //static\.hotjar\.com/
Texthelp (Accessibility) Expand
Detected patterns
- browsealoud\.com/.*/browsealoud\.js
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
jQuery Migrate (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?
Page Statistics
6 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: By Task Analytics
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://www.moodjuice.scot.nhs.uk/
HTTP 307
https://www.moodjuice.scot.nhs.uk/ HTTP 301
https://www.nhsinform.scot/illnesses-and-conditions/mental-health Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
71 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
mental-health
www.nhsinform.scot/illnesses-and-conditions/ Redirect Chain
|
230 KB 48 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
global.css
appnhs24wp41a8c38064.blob.core.windows.net/blobappnhs24wp41a8c38064/wp-content/themes/nhsinform/assets/css/ |
87 KB 87 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
style.css
appnhs24wp41a8c38064.blob.core.windows.net/blobappnhs24wp41a8c38064/wp-includes/css/dist/block-library/ |
110 KB 110 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
style-index.css
appnhs24wp41a8c38064.blob.core.windows.net/blobappnhs24wp41a8c38064/wp-content/plugins/plethora-tabs-accordions/build/ |
31 KB 31 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
style.css
appnhs24wp41a8c38064.blob.core.windows.net/blobappnhs24wp41a8c38064/wp-content/plugins/advanced-admin-search/css/ |
15 KB 16 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
menu-image.css
appnhs24wp41a8c38064.blob.core.windows.net/blobappnhs24wp41a8c38064/wp-content/plugins/menu-image/includes/css/ |
3 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
dashicons.css
appnhs24wp41a8c38064.blob.core.windows.net/blobappnhs24wp41a8c38064/wp-includes/css/ |
61 KB 61 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
style.css
appnhs24wp41a8c38064.blob.core.windows.net/blobappnhs24wp41a8c38064/wp-content/themes/nhsinform/ |
2 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
all.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.2.1/css/ |
100 KB 19 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrap.min.css
appnhs24wp41a8c38064.blob.core.windows.net/blobappnhs24wp41a8c38064/wp-content/themes/nhsinform/assets/css/ |
160 KB 160 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
custom.css
appnhs24wp41a8c38064.blob.core.windows.net/blobappnhs24wp41a8c38064/wp-content/themes/nhsinform/assets/css/ |
111 KB 111 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ssds.css
appnhs24wp41a8c38064.blob.core.windows.net/blobappnhs24wp41a8c38064/wp-content/themes/nhsinform/assets/css/ |
57 KB 58 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
layoutTemp.css
appnhs24wp41a8c38064.blob.core.windows.net/blobappnhs24wp41a8c38064/wp-content/themes/nhsinform/assets/css/ |
89 KB 90 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-admin-desktop-search.js
appnhs24wp41a8c38064.blob.core.windows.net/blobappnhs24wp41a8c38064/wp-content/plugins/advanced-admin-search/js/ |
6 KB 7 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-admin-mobile-search.js
appnhs24wp41a8c38064.blob.core.windows.net/blobappnhs24wp41a8c38064/wp-content/plugins/advanced-admin-search/js/ |
6 KB 7 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-admin-page-search.js
appnhs24wp41a8c38064.blob.core.windows.net/blobappnhs24wp41a8c38064/wp-content/plugins/advanced-admin-search/js/ |
667 B 1 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.js
appnhs24wp41a8c38064.blob.core.windows.net/blobappnhs24wp41a8c38064/wp-includes/js/jquery/ |
278 KB 279 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-migrate.js
appnhs24wp41a8c38064.blob.core.windows.net/blobappnhs24wp41a8c38064/wp-includes/js/jquery/ |
31 KB 32 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
frontend.js
appnhs24wp41a8c38064.blob.core.windows.net/blobappnhs24wp41a8c38064/wp-content/plugins/stop-user-enumeration/frontend/js/ |
486 B 959 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo.svg
appnhs24wp41a8c38064.blob.core.windows.net/blobappnhs24wp41a8c38064/wp-content/uploads/2023/03/ |
3 KB 4 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
home-nhs.png
appnhs24wp41a8c38064.blob.core.windows.net/blobappnhs24wp41a8c38064/wp-content/uploads/2023/06/ |
369 B 827 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
jquery.auto-complete.min.js
cdnjs.cloudflare.com/ajax/libs/jquery-autocomplete/1.0.7/ |
4 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
launchpad-icon.svg
www.nhsinform.scot/wp-content/themes/nhsinform/assets/images/ |
916 B 912 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bsl-logo.svg
appnhs24wp41a8c38064.blob.core.windows.net/blobappnhs24wp41a8c38064/wp-content/uploads/2023/03/ |
2 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
cookieControl-9.x.min.js
cc.cdn.civiccomputing.com/9/ |
328 KB 93 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
tabs.jquery-plugin.js
appnhs24wp41a8c38064.blob.core.windows.net/blobappnhs24wp41a8c38064/wp-content/plugins/plethora-tabs-accordions/js/ |
15 KB 16 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
accordion.jquery-plugin.js
appnhs24wp41a8c38064.blob.core.windows.net/blobappnhs24wp41a8c38064/wp-content/plugins/plethora-tabs-accordions/js/ |
10 KB 11 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-3.3.1.min.js
appnhs24wp41a8c38064.blob.core.windows.net/blobappnhs24wp41a8c38064/wp-content/themes/nhsinform/assets/js/ |
85 KB 85 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrap.bundle.min.js
appnhs24wp41a8c38064.blob.core.windows.net/blobappnhs24wp41a8c38064/wp-content/themes/nhsinform/assets/js/ |
76 KB 77 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
custom-js.js
appnhs24wp41a8c38064.blob.core.windows.net/blobappnhs24wp41a8c38064/wp-content/themes/nhsinform/js/ |
8 KB 8 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
selfHelpGuide.js
appnhs24wp41a8c38064.blob.core.windows.net/blobappnhs24wp41a8c38064/wp-content/themes/nhsinform/js/ |
29 KB 30 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
geolocation.js
appnhs24wp41a8c38064.blob.core.windows.net/blobappnhs24wp41a8c38064/wp-content/themes/nhsinform/js/ |
8 KB 8 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.cookie.min.js
appnhs24wp41a8c38064.blob.core.windows.net/blobappnhs24wp41a8c38064/wp-content/themes/nhsinform/js/ |
1 KB 2 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ba.js
www.browsealoud.com/plus/scripts/3.1.0/ |
4 KB 2 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
global.js
appnhs24wp41a8c38064.blob.core.windows.net/blobappnhs24wp41a8c38064/wp-content/themes/nhsinform/assets/js/ |
5 KB 5 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gtm.js
www.googletagmanager.com/ |
338 KB 94 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
d513e15e-8f35-4129-ad05-481815e52625.woff2
appnhs24wp41a8c38064.blob.core.windows.net/blobappnhs24wp41a8c38064/wp-content/themes/nhsinform/assets/fonts/ |
17 KB 17 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
0078f486-8e52-42c0-ad81-3c8d3d43f48e.woff2
appnhs24wp41a8c38064.blob.core.windows.net/blobappnhs24wp41a8c38064/wp-content/themes/nhsinform/assets/fonts/ |
18 KB 18 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
fa-solid-900.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.2.1/webfonts/ |
147 KB 148 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
launchpad-icon-2.svg
appnhs24wp41a8c38064.blob.core.windows.net/blobappnhs24wp41a8c38064/wp-content/themes/nhsinform/assets/images/ |
2 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
footer-social-icons.png
appnhs24wp41a8c38064.blob.core.windows.net/blobappnhs24wp41a8c38064/wp-content/themes/nhsinform/assets/images/ |
21 KB 21 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
maps.googleapis.com/maps/api/ |
201 KB 68 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
v
apikeys.civiccomputing.com/c/ |
625 B 1009 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
296 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
version.json
www.browsealoud.com/ |
31 B 503 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
www.nhsinform.scot.js
plus.browsealoud.com/js/urlinfo/ |
691 B 1 KB |
XHR
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sri.json
www.browsealoud.com/modules/3.9.3/ |
478 B 952 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
www.googletagmanager.com/gtag/ |
296 KB 99 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
analytics.js
www.google-analytics.com/ |
52 KB 21 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
hotjar-994111.js
static.hotjar.com/c/ |
10 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
tm.js
in2.taskanalytics.com/ |
93 KB 94 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
browsealoud.js
www.browsealoud.com/modules/3.9.3/ |
59 KB 37 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
www.nhsinform.scot.js
plus.browsealoud.com/js/urlinfo/ |
691 B 0 |
Fetch
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
155.1c50ed64d515d3010904.js
www.browsealoud.com/modules/3.9.3/ |
76 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
143.1c50ed64d515d3010904.js
www.browsealoud.com/modules/3.9.3/ |
34 KB 10 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
collect
region1.analytics.google.com/g/ |
0 256 B |
Ping
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
collect
stats.g.doubleclick.net/g/ |
0 56 B |
Ping
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
ga-audiences
www.google.co.uk/ads/ |
42 B 63 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
66.1c50ed64d515d3010904.js
www.browsealoud.com/modules/3.9.3/ |
9 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
modules.4d9dd1518dc89987e57a.js
script.hotjar.com/ |
222 KB 55 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
135.1c50ed64d515d3010904.js
www.browsealoud.com/modules/3.9.3/ |
269 KB 87 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
144.1c50ed64d515d3010904.js
www.browsealoud.com/modules/3.9.3/ |
11 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
gen_204
maps.googleapis.com/maps/api/mapsjs/ |
3 B 45 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
03394
in2.taskanalytics.com/ |
8 KB 9 KB |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
3.1c50ed64d515d3010904.js
www.browsealoud.com/modules/3.9.3/ |
304 KB 73 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
2.1c50ed64d515d3010904.js
www.browsealoud.com/modules/3.9.3/ |
66 KB 15 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
157.1c50ed64d515d3010904.js
www.browsealoud.com/modules/3.9.3/ |
22 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
139.1c50ed64d515d3010904.js
www.browsealoud.com/modules/3.9.3/ |
101 KB 13 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
collect
www.google-analytics.com/j/ |
4 B 211 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
collect
www.google-analytics.com/ |
35 B 131 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
favicon.png
appnhs24wp41a8c38064.blob.core.windows.net/blobappnhs24wp41a8c38064/wp-content/uploads/2023/03/ |
702 B 1 KB |
Other
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
collect
stats.g.doubleclick.net/j/ |
1 B 348 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: NHS UK (Healthcare)72 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| advanced_admin_search function| AASKP_adminMenuSearch function| AASKP_desktopSearch function| ASAK_pageView function| AASKP_adminMenuMobileSearch function| AASKP_mobileSearch function| AASKP_displayInputBox function| clickLink function| $ function| jQuery object| dataLayer object| keyJson function| getSSDCookie function| setImmediate function| clearImmediate object| regeneratorRuntime object| CookieControl number| uidEvent object| bootstrap function| searchToggle function| HamburgerClick function| list_scroll function| feedbackFormTongle function| pageRedirect undefined| viewModelSHG undefined| workingDomain undefined| url undefined| protocol undefined| trackingGoogleID undefined| hotJarAdded undefined| injectGT function| Question function| Exception function| SHGViewModel function| getLocation function| setPosition function| showError function| validateInput function| valid_postcode function| equalheight function| scrollToAnchor function| doGoogleTracking object| config function| toggleBar function| globalClass function| breadcrumb_bg function| stickTop function| searchServiceCenter object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga function| hj object| _hjSettings function| onYouTubeIframeAPIReady object| wpSpeechstreamToolbar object| gaGlobal object| hjSiteSettings function| hjBootstrap object| hjLazyModules object| hjBootstrapCalled object| google object| module$exports$mapsapi$geometry$spherical object| reactiveElementVersions object| module$contents$mapsapi$overlay$overlayView_OverlayView function| TA boolean| TA_run object| ReachDeck object| BrowseAloud object| gaplugins object| gaData8 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.www.nhsinform.scot/ | Name: ARRAffinity Value: 780bb34fe11d9d1cdcd8ed2fd260f18264aaf54661274da18bc24dcae4afa00f |
|
.www.nhsinform.scot/ | Name: ARRAffinitySameSite Value: 780bb34fe11d9d1cdcd8ed2fd260f18264aaf54661274da18bc24dcae4afa00f |
|
.nhsinform.scot/ | Name: _hjSessionUser_994111 Value: eyJpZCI6ImJkZDJkOWMxLWMzMjItNTJjNC1iYzM2LWM2NTQyN2QxOTcwYiIsImNyZWF0ZWQiOjE3MTU4NzY1NzU2NjQsImV4aXN0aW5nIjp0cnVlfQ== |
|
.nhsinform.scot/ | Name: _hjSession_994111 Value: eyJpZCI6Ijk3MTg0ZjdlLWUwOWUtNDhhMC1hOGUyLWE0ODM1OTEzOWY5NCIsImMiOjE3MTU4NzY1NzU2NjQsInMiOjEsInIiOjAsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0= |
|
.nhsinform.scot/ | Name: _ga Value: GA1.2.1396439732.1715876575 |
|
.nhsinform.scot/ | Name: _gid Value: GA1.2.399719377.1715876576 |
|
.nhsinform.scot/ | Name: _gat_UA-840144-9 Value: 1 |
|
.nhsinform.scot/ | Name: _ga_W11LKE0340 Value: GS1.1.1715876575.1.0.1715876575.60.0.0 |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=31536000; includeSubDomains; preload |
X-Content-Type-Options | nosniff |
X-Frame-Options | SAMEORIGIN |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
apikeys.civiccomputing.com
appnhs24wp41a8c38064.blob.core.windows.net
cc.cdn.civiccomputing.com
cdnjs.cloudflare.com
in2.taskanalytics.com
maps.googleapis.com
plus.browsealoud.com
region1.analytics.google.com
script.hotjar.com
static.hotjar.com
stats.g.doubleclick.net
www.browsealoud.com
www.google-analytics.com
www.google.co.uk
www.googletagmanager.com
www.moodjuice.scot.nhs.uk
www.nhsinform.scot
104.17.25.14
13.107.226.45
13.32.27.19
142.250.181.232
142.250.185.67
142.250.74.206
172.217.16.202
172.67.8.54
18.245.31.69
18.245.86.39
18.66.102.53
20.0.114.104
20.209.7.1
216.239.34.36
54.216.252.255
74.125.133.157
80.75.66.243
03a4d89f69c4c3387ef2d45519454baddd7772cdf23562cb7552eacb5d89ee02
083cd02ae45e1950acfd68fd1d8435059877c807b7cbaf8ec0393d1ec546eeee
09f417c2e643b736c19e96b99e166681af1002e9b192b84e4e85b0794e764f7f
0f2702f26bd6482e31895c7a95f61749e8692d9170ddeb0ea4fe102ff9ad8bd9
0f49d5c7982068f1f0fa6a13611236383a3a6a74139a917963ff4c21bb01b71f
0fa9c4812500f65378b98f91a9c4a0848772b7f352887b81942c942e21bac560
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
1677b30deb6c0128bf182b76c165d2aa7c69c3102fec79a0484bbe2abb207b94
1771fb9faa52eee780bcfbb6218fa4bd2e61cd3a1b00547a0bc546afac340094
1e2ba28f81d0e8d3bc6b0f37760edf67ac61e4d960fab5d3766f62b9c55f2c1e
2e0372211993871d02d178c3d706a4c3c4dc830d5f11c05bb4c13c2f51e91e31
331f4bf5a16ee2f3934dd9450554f85b69776120e8590959b8c449dbfa593d8a
3c5d222399d9fa649c99361cbea1348c558f3352ec919729c7ce513e3c7ad792
453c06b657dfde66cb3a88a952795b75884a028f7397d20c2d4c071bc58c719c
492b783a66b9e65b6f68f8665bfcfa1cb8dd711c5b09cf2f21217e58b0ddf7ff
52bd26a79e5b8a45366870064b5fb76271b0e2e7fe95b0a17f4c49c303868db9
542ac9710755dc86db2158e653217b0e70aa05b583d41719ff5b1d6b62967857
54990694e32caffbd6ae456736353e57530a8a1f8325546648918346b00b3948
550f4187e20554bf44d326294d1ed92ae447fccc74a5ee3fb6506b427c7aef6c
5636e6f5714674d11a1c6ca0f287b7c2bc724a93d2acdd48f0ecb623afdffe48
58c84479d2f141a1e4af17eae01f72d933ae0ba1d51007b5da59c52f13379bd2
5a27761ece752747fc51cb8bb7664a45b4bb8b6bb83df735b9d5cf13e02dc0d1
5b963e35e364217c8b05278d599718667ea46ca61b87c5f88ddcefef7aa93fca
62f74b1cf824a89f03554c638e719594c309b4d8a627a758928c0516fa7890ab
650e460e5d03ba5d082aa6bb88cbdd92308e6ccc519c0876ca4d45324b3c5fa9
67042d031a4de7d7b32a5c9e43b6a40a79d67d95d0d7eff19f9aded2f3749dd0
6752b9ba151a25703b2e5d17ad9ff42615f8940b591694fa8e42ab1034f476b5
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6d44607b11ae66abd7486c834194eed3829ee5008d9d894aa9e55910755f66a6
7495e1b524dacd63733337c95a0d57099cbe4f3fccd0fcbab18ae5dd1e391f14
75db663f63c3505c2d1d2c41b82da41465bcd39b390516728f7fd323f95f644e
76a35bcc8643db0c378ac4a7c90e4eacb8d84f79fd905f5e2cc8d56e14185fc6
79f4395a4b0eb00e99854f63d1a62e0def14a72bceccfcf8b26110c4fcae8c78
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8414ed5d15ecb929aa7a1ded252f254ce9f2bbe28f8319f4321868403f300a6d
84b0d90a518e353080c0d6584433782483ab7f66d43358c068c4ef24a186951e
8bbc0a7737643dd7c2344ba961592632153cb5353c92c5127339627e14b09143
8f06540fd77f1effe1e2da8ea10cec4a382dda9cc6ef05d816e1d6de444072f2
946028bbb7723f54fd740c488b20d9d43d1ee36c358eea1dbcee8e8e56d2adc1
9b480206940c2a9f8e6732f4e02ffe589764792651a0538052b45ba22b5025f1
9c9224b0743c9ae4c456fdb5a45303c1110253b1a88f6d143cedf2b4acb9032e
a914dcbc1a475591ca1493cc05020c4d6e32b2d24d5e0094a13840ed00ca0038
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
b161ee80677b79c00be7b107336b4afc29647e8b515428f6567258f291fa9de5
b32f792c2668021745db3a67095de143835ef4985dfdd186e9c4c421126174e0
b6f1d460569c1d30fc7f5e41038e56bf8aff5aa7c68e2ec9de0d0a98c56a708c
bccf88d088c16555354992b87b49b9c3607e48a6f448bdd3f53297628212aed5
be649478628a8fd14921696b08d0831e681b2ca92fc56712ea5e51aa2ec936f0
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
cad777db3229a05a0c7849943d6e8af08ee5e6e56686b37c8f5fc4571001b2fd
cece1097f127c3259563e9936c64b658830b75f606b503a191e52d39ac0a6556
d1939f958a1802fb8d78e787090f472f3da5260e3f085443fcef1e813595f92d
d1cfb61deb46e6ce7afcf071a59e2745b410c2a989344c7840a02f53c8174165
d40efcac911d8964f3728eaa767de281306ff55ba9377435a3364d4d1e1613f6
d4225365045b29d9deede600c5697408cc5a9369a1733948b4685904d5b040f1
d64fd9b4dfc20f5d0e98faa22298f795a6ac8b502d978b06a25e528d7d8dfbdc
da496323a0a01c9149f19aa23c3f0e5e7896d5799e8884d8acc60915ef403e0f
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e34dfabbfd02bb9c69405ab352e6587197945a0136a753fcde8e1b03dfba6825
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3d63103e26023ed9b92ebae6f8d0a707d57ce40a2a909a0995f32b8922d2156
ed51b26255aa8caaa8355a315a17917fb76d707cadcf7334884ae427aae0943d
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f19a2caed31371a51d467f290b1d9b3a32cfb77ebeb71403c2f0da1761d0b722
f5210fa3e7f0245a4c51eb7f280092c0ef99fdd28c45e17dab8cc5854fdf4fd3
f52315e6265e558da04fadb0837860cd7c6b998ca22261021c94187ce99adaf4
f59dc3f08bfc65f71da4dfd376f9f92bc6ab5467c650f68e24f21bbe2f919664
f785ee2005753af30899958e8f92c1f9a6e039b50e5f7138b42d0f6f5a06d208
f95f04d46bfc1a89faaca0c02e91609fbaf2fee824670e990a396be7a6e4e259
fc25b95cdbfb16d7373d72511c63c167c5f57cd8ec8bb17423b4245e4507c2ca