cancel-payee-secure.com Open in urlscan Pro
199.188.201.84  Malicious Activity! Public Scan

Submitted URL: http://cancel-payee-secure.com/
Effective URL: https://cancel-payee-secure.com/
Submission: On March 15 via manual from GB

Summary

This website contacted 5 IPs in 3 countries across 5 domains to perform 29 HTTP transactions. The main IP is 199.188.201.84, located in United States and belongs to NAMECHEAP-NET, US. The main domain is cancel-payee-secure.com.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on March 11th 2021. Valid for: a year.
This is the only time cancel-payee-secure.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Barclays (Banking)

Domain & IP information

IP Address AS Autonomous System
1 6 199.188.201.84 22612 (NAMECHEAP...)
2 23.79.129.43 16625 (AKAMAI-AS)
17 23.36.238.127 16625 (AKAMAI-AS)
1 2001:4de0:ac1... 20446 (HIGHWINDS3)
29 5
Domain Requested by
17 bank.barclays.co.uk cancel-payee-secure.com
bank.barclays.co.uk
6 cancel-payee-secure.com 1 redirects cancel-payee-secure.com
code.jquery.com
2 tags.tiqcdn.com cancel-payee-secure.com
tags.tiqcdn.com
1 code.jquery.com cancel-payee-secure.com
0 cfr.eu.v2.we-stats.com Failed bank.barclays.co.uk
29 5

This site contains links to these domains. Also see Links.

Domain
www.barclays.co.uk
status.uk.barclays
www.bsigroup.com
www.iso.org
www.fscs.org.uk
Subject Issuer Validity Valid
cancel-payee-secure.com
Sectigo RSA Domain Validation Secure Server CA
2021-03-11 -
2022-03-11
a year crt.sh
*.tiqcdn.com
DigiCert SHA2 Secure Server CA
2020-03-16 -
2021-06-15
a year crt.sh
bank.barclays.co.uk
Entrust Certification Authority - L1M
2021-01-08 -
2021-09-10
8 months crt.sh
jquery.org
Sectigo RSA Domain Validation Secure Server CA
2020-10-06 -
2021-10-16
a year crt.sh

This page contains 1 frames:

Primary Page: https://cancel-payee-secure.com/
Frame ID: DB65ECC99EF4652EFEAA59EECECD7D65
Requests: 31 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. http://cancel-payee-secure.com/ HTTP 301
    https://cancel-payee-secure.com/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

29
Requests

86 %
HTTPS

25 %
IPv6

5
Domains

5
Subdomains

5
IPs

3
Countries

712 kB
Transfer

2293 kB
Size

4
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://cancel-payee-secure.com/ HTTP 301
    https://cancel-payee-secure.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

29 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
cancel-payee-secure.com/
Redirect Chain
  • http://cancel-payee-secure.com/
  • https://cancel-payee-secure.com/
69 KB
12 KB
Document
General
Full URL
https://cancel-payee-secure.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
199.188.201.84 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
Software
Apache / PHP/7.2.34
Resource Hash
d870eda8b8c5f3c2254199a30e23030f6db054144c8d00484b5bd6bbcd7b07dc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
cancel-payee-secure.com
:scheme
https
:path
/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 15 Mar 2021 14:26:20 GMT
server
Apache
x-powered-by
PHP/7.2.34
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html; charset=UTF-8
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload;
referrer-policy
no-referrer-when-downgrade

Redirect headers

date
Mon, 15 Mar 2021 14:26:20 GMT
server
Apache
location
https://cancel-payee-secure.com/
content-length
240
content-type
text/html; charset=iso-8859-1
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload;
referrer-policy
no-referrer-when-downgrade
utag.js
tags.tiqcdn.com/utag/barclaysuk/barclays-olb/prod/
160 KB
29 KB
Script
General
Full URL
https://tags.tiqcdn.com/utag/barclaysuk/barclays-olb/prod/utag.js
Requested by
Host: cancel-payee-secure.com
URL: https://cancel-payee-secure.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.79.129.43 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-79-129-43.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
e7ae57b0d2e853b851ade7878dce6dfe2f64cbbee88273d5b68049b1dc939d72

Request headers

Referer
https://cancel-payee-secure.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 15 Mar 2021 14:26:21 GMT
content-encoding
gzip
last-modified
Thu, 04 Feb 2021 13:55:27 GMT
server
AkamaiNetStorage
etag
"9094cf95c302ead85a60b9a54b1fed2a:1612446926.806536"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=300
accept-ranges
bytes
content-length
29228
expires
Mon, 15 Mar 2021 14:31:21 GMT
bdlLogin-dss-jquery-libraries.min.js
cancel-payee-secure.com/authlogin/
0
0
Script
General
Full URL
https://cancel-payee-secure.com/authlogin/bdlLogin-dss-jquery-libraries.min.js?v=1606745934868
Requested by
Host: cancel-payee-secure.com
URL: https://cancel-payee-secure.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
199.188.201.84 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
Software
Apache /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cancel-payee-secure.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 15 Mar 2021 14:26:21 GMT
referrer-policy
no-referrer-when-downgrade
server
Apache
x-frame-options
SAMEORIGIN
content-type
text/html; charset=iso-8859-1
x-xss-protection
1; mode=block
strict-transport-security
max-age=31536000; includeSubDomains; preload;
content-length
315
x-content-type-options
nosniff
polyfill.wp.js
bank.barclays.co.uk//authlogin/lib/
98 KB
98 KB
Script
General
Full URL
https://bank.barclays.co.uk//authlogin/lib/polyfill.wp.js
Requested by
Host: cancel-payee-secure.com
URL: https://cancel-payee-secure.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.36.238.127 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-36-238-127.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
02e9e14e36ad05a2a528e81898868b7c9fb738980d111599f4460dc7926aa1b0
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://cancel-payee-secure.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
last-modified
Wed, 17 Feb 2021 15:21:26 GMT
etag
"18659-602d3476"
content-type
application/x-javascript
date
Mon, 15 Mar 2021 14:26:21 GMT
accept-ranges
bytes
content-length
99929
x-ua-compatible
chrome=IE6
angular.min.js
bank.barclays.co.uk//js/myBarclays/vendor/angular/
105 KB
39 KB
Script
General
Full URL
https://bank.barclays.co.uk//js/myBarclays/vendor/angular/angular.min.js
Requested by
Host: cancel-payee-secure.com
URL: https://cancel-payee-secure.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.36.238.127 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-36-238-127.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
f8ea0e980b8bdca260f9f81d0e98360c3080fdc7fd3992cf611e05701e2e8a36
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://cancel-payee-secure.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
gzip
last-modified
Tue, 23 Feb 2021 15:01:47 GMT
etag
"9bd6-603518db"
vary
accept-encoding
content-type
application/x-javascript
date
Mon, 15 Mar 2021 14:26:21 GMT
accept-ranges
bytes
content-length
39894
x-ua-compatible
chrome=IE6
angular-route.min.js
bank.barclays.co.uk//js/myBarclays/vendor/angular/
4 KB
2 KB
Script
General
Full URL
https://bank.barclays.co.uk//js/myBarclays/vendor/angular/angular-route.min.js
Requested by
Host: cancel-payee-secure.com
URL: https://cancel-payee-secure.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.36.238.127 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-36-238-127.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
225667650d0be401e4cb148aa2dea5ad695c19563d2f94cfa20aa7082c5c966a
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://cancel-payee-secure.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
gzip
last-modified
Tue, 23 Feb 2021 15:01:46 GMT
etag
"75b-603518da"
vary
accept-encoding
content-type
application/x-javascript
date
Mon, 15 Mar 2021 14:26:21 GMT
accept-ranges
bytes
content-length
1883
x-ua-compatible
chrome=IE6
angular-sanitize.min.js
bank.barclays.co.uk//js/myBarclays/vendor/angular/
4 KB
3 KB
Script
General
Full URL
https://bank.barclays.co.uk//js/myBarclays/vendor/angular/angular-sanitize.min.js
Requested by
Host: cancel-payee-secure.com
URL: https://cancel-payee-secure.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.36.238.127 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-36-238-127.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
20318e023853ac4d3e1f231b0532de4c39d83c629a4155756c021e57825dc884
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://cancel-payee-secure.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
gzip
last-modified
Tue, 23 Feb 2021 15:01:46 GMT
etag
"96c-603518da"
vary
accept-encoding
content-type
application/x-javascript
date
Mon, 15 Mar 2021 14:26:21 GMT
accept-ranges
bytes
content-length
2412
x-ua-compatible
chrome=IE6
bdlLogin-rolb-dss.min.js
bank.barclays.co.uk//authlogin/
254 KB
66 KB
Script
General
Full URL
https://bank.barclays.co.uk//authlogin/bdlLogin-rolb-dss.min.js?v=1606745934868
Requested by
Host: cancel-payee-secure.com
URL: https://cancel-payee-secure.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.36.238.127 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-36-238-127.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
1d3fef663505e5ce8eccf28b01bb423260210ff6e57c33853adf372194c3f593
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://cancel-payee-secure.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
gzip
last-modified
Wed, 17 Feb 2021 15:21:37 GMT
etag
"10572-602d3481"
vary
accept-encoding
content-type
application/x-javascript
date
Mon, 15 Mar 2021 14:26:21 GMT
accept-ranges
bytes
content-length
66930
x-ua-compatible
chrome=IE6
bdlLogin-libraries.min.js
bank.barclays.co.uk//authlogin/
70 KB
27 KB
Script
General
Full URL
https://bank.barclays.co.uk//authlogin/bdlLogin-libraries.min.js?v=1606745934868
Requested by
Host: cancel-payee-secure.com
URL: https://cancel-payee-secure.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.36.238.127 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-36-238-127.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
67e3278677fecc5edfca819d999dab44c2dc394ca642d7fa91c52fa2036e0ed3
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://cancel-payee-secure.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
gzip
last-modified
Wed, 17 Feb 2021 15:21:37 GMT
etag
"6976-602d3481"
vary
accept-encoding
content-type
application/x-javascript
date
Mon, 15 Mar 2021 14:26:21 GMT
accept-ranges
bytes
content-length
26998
x-ua-compatible
chrome=IE6
bdlLogin-rolb-app.min.js
bank.barclays.co.uk//authlogin/
265 KB
74 KB
Script
General
Full URL
https://bank.barclays.co.uk//authlogin/bdlLogin-rolb-app.min.js?v=1606745934868
Requested by
Host: cancel-payee-secure.com
URL: https://cancel-payee-secure.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.36.238.127 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-36-238-127.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
05587b282038be2386813602e2abbd2b686330803e399433747f915120d10c60
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://cancel-payee-secure.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
gzip
last-modified
Wed, 17 Feb 2021 15:21:37 GMT
etag
"124cb-602d3481"
vary
accept-encoding
content-type
application/x-javascript
date
Mon, 15 Mar 2021 14:26:21 GMT
accept-ranges
bytes
content-length
74955
x-ua-compatible
chrome=IE6
s_codecookies.js
bank.barclays.co.uk//js/sitecatalyst/
51 KB
20 KB
Script
General
Full URL
https://bank.barclays.co.uk//js/sitecatalyst/s_codecookies.js
Requested by
Host: cancel-payee-secure.com
URL: https://cancel-payee-secure.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.36.238.127 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-36-238-127.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
4443260f173a9227f2afb899b9e4337b364bcf78df56c322d6c19e4a6edf01d6
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://cancel-payee-secure.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
gzip
last-modified
Tue, 23 Feb 2021 15:01:47 GMT
etag
"4e4c-603518db"
vary
accept-encoding
content-type
application/x-javascript
date
Mon, 15 Mar 2021 14:26:21 GMT
accept-ranges
bytes
content-length
20044
x-ua-compatible
chrome=IE6
6bb5a42d.min.js
bank.barclays.co.uk//js/bc/2.8.1/
340 KB
88 KB
Script
General
Full URL
https://bank.barclays.co.uk//js/bc/2.8.1/6bb5a42d.min.js
Requested by
Host: cancel-payee-secure.com
URL: https://cancel-payee-secure.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.36.238.127 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-36-238-127.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
52aa6e020c0bb612dd9221d801a3ebda86836e047dbd30e21069248669061cbb
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://cancel-payee-secure.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
gzip
last-modified
Tue, 23 Feb 2021 15:01:39 GMT
etag
"15e7f-603518d3"
vary
accept-encoding
content-type
application/x-javascript
date
Mon, 15 Mar 2021 14:26:21 GMT
accept-ranges
bytes
content-length
89727
x-ua-compatible
chrome=IE6
jquery-3.5.1.js
code.jquery.com/
281 KB
83 KB
Script
General
Full URL
https://code.jquery.com/jquery-3.5.1.js
Requested by
Host: cancel-payee-secure.com
URL: https://cancel-payee-secure.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4de0:ac18::1:a:3b , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
nginx /
Resource Hash
416a3b2c3bf16d64f6b5b6d0f7b079df2267614dd6847fc2f3271b4409233c37

Request headers

Origin
https://cancel-payee-secure.com
Referer
https://cancel-payee-secure.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 15 Mar 2021 14:26:21 GMT
content-encoding
gzip
last-modified
Mon, 04 May 2020 23:02:39 GMT
server
nginx
etag
W/"5eb09f0f-4638e"
vary
Accept-Encoding
x-hw
1615818381.dop054.fr8.t,1615818381.cds204.fr8.hc,1615818381.cds234.fr8.c
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=315360000, public
accept-ranges
bytes
content-length
84374
rolb-theme-2-0.css
bank.barclays.co.uk/authlogin/css/
333 KB
69 KB
Stylesheet
General
Full URL
https://bank.barclays.co.uk/authlogin/css/rolb-theme-2-0.css?v=1606745934868
Requested by
Host: cancel-payee-secure.com
URL: https://cancel-payee-secure.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.36.238.127 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-36-238-127.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
073f5b7ffebc61098e2b649f2067252032ff1865167948af2a8847f5d8f760f6
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://cancel-payee-secure.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
gzip
last-modified
Wed, 17 Feb 2021 15:21:37 GMT
etag
"11062-602d3481"
vary
accept-encoding
content-type
text/css
date
Mon, 15 Mar 2021 14:26:21 GMT
accept-ranges
bytes
content-length
69730
x-ua-compatible
chrome=IE6
authlogin-bdl.min.css
bank.barclays.co.uk/authlogin/css/
45 KB
45 KB
Stylesheet
General
Full URL
https://bank.barclays.co.uk/authlogin/css/authlogin-bdl.min.css?v=1606745934868
Requested by
Host: cancel-payee-secure.com
URL: https://cancel-payee-secure.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.36.238.127 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-36-238-127.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
c7588e66ab3dfc34b4beda8e07aa630e5a764a001d7568244ef963c3620f3365
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://cancel-payee-secure.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
last-modified
Wed, 17 Feb 2021 15:21:35 GMT
etag
"b345-602d347f"
content-type
text/css
date
Mon, 15 Mar 2021 14:26:21 GMT
accept-ranges
bytes
content-length
45893
x-ua-compatible
chrome=IE6
1321217916907-bsikitemarklogo.png
bank.barclays.co.uk/OLB/A/Content/Images/
13 KB
13 KB
Image
General
Full URL
https://bank.barclays.co.uk/OLB/A/Content/Images/1321217916907-bsikitemarklogo.png
Requested by
Host: cancel-payee-secure.com
URL: https://cancel-payee-secure.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.36.238.127 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-36-238-127.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
90326fd2ae35b37049ca9b624acb2b698be96a509f3619cf647d686433eaaa15
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://cancel-payee-secure.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
last-modified
Thu, 13 Jun 2019 15:08:21 GMT
etag
"34cc-5d0266e5"
content-type
image/png
date
Mon, 15 Mar 2021 14:26:21 GMT
accept-ranges
bytes
content-length
13516
x-ua-compatible
chrome=IE6
1321217916492-iso27001footer.JPG
bank.barclays.co.uk/OLB/A/Content/Images/
24 KB
24 KB
Image
General
Full URL
https://bank.barclays.co.uk/OLB/A/Content/Images/1321217916492-iso27001footer.JPG
Requested by
Host: cancel-payee-secure.com
URL: https://cancel-payee-secure.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.36.238.127 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-36-238-127.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
03c2526a71f8b178491bca3226f69d72a28aa606133527c00b28adab490f940d
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://cancel-payee-secure.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
last-modified
Thu, 13 Jun 2019 15:10:15 GMT
etag
"5e04-5d026757"
content-type
image/jpeg
date
Mon, 15 Mar 2021 14:26:21 GMT
accept-ranges
bytes
content-length
24068
x-ua-compatible
chrome=IE6
1321217918424-cyberfooter.jpg
bank.barclays.co.uk/OLB/A/Content/Images/
9 KB
9 KB
Image
General
Full URL
https://bank.barclays.co.uk/OLB/A/Content/Images/1321217918424-cyberfooter.jpg
Requested by
Host: cancel-payee-secure.com
URL: https://cancel-payee-secure.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.36.238.127 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-36-238-127.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
effa2f551ae3f572384002e36028aa1e85544462f42c28065731284e8f81bfcd
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://cancel-payee-secure.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
last-modified
Thu, 13 Jun 2019 15:09:04 GMT
etag
"2406-5d026710"
content-type
image/jpeg
date
Mon, 15 Mar 2021 14:26:21 GMT
accept-ranges
bytes
content-length
9222
x-ua-compatible
chrome=IE6
login-fscs.png
bank.barclays.co.uk/OLB/A/Content/Images/
5 KB
6 KB
Image
General
Full URL
https://bank.barclays.co.uk/OLB/A/Content/Images/login-fscs.png
Requested by
Host: cancel-payee-secure.com
URL: https://cancel-payee-secure.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.36.238.127 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-36-238-127.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
2aa89b0d3ed189360406952265076a3f79ea08b045f2e07d7d71e3c38982533e
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://cancel-payee-secure.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
last-modified
Wed, 09 Sep 2020 09:55:15 GMT
etag
"152b-5f58a683"
content-type
image/png
date
Mon, 15 Mar 2021 14:26:21 GMT
accept-ranges
bytes
content-length
5419
x-ua-compatible
chrome=IE6
bdlLogin.bootstrap.min.js
bank.barclays.co.uk/authlogin/
19 KB
4 KB
Script
General
Full URL
https://bank.barclays.co.uk/authlogin/bdlLogin.bootstrap.min.js?v=1606745934868
Requested by
Host: cancel-payee-secure.com
URL: https://cancel-payee-secure.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.36.238.127 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-36-238-127.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
fca63a7a3eb5d2b14c03d129964c75182fbedf12ac40f123ea52daa277d5f4a2
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://cancel-payee-secure.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
gzip
last-modified
Wed, 17 Feb 2021 15:21:37 GMT
etag
"ce1-602d3481"
vary
accept-encoding
content-type
application/x-javascript
date
Mon, 15 Mar 2021 14:26:21 GMT
accept-ranges
bytes
content-length
3297
x-ua-compatible
chrome=IE6
truncated
/
2 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
91a06213190743f440aa3411f1393afaf3de8b3b6309d6677fb7680248f09e91

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=US-ASCII
truncated
/
2 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e111be4c24fc0743ca7eb1c4873a64bb234135b9bea86cabd922a5caabb6c9c6

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=US-ASCII
Padlock_icon.svg
bank.barclays.co.uk/authlogin/img/
2 KB
1 KB
Image
General
Full URL
https://bank.barclays.co.uk/authlogin/img/Padlock_icon.svg
Requested by
Host: bank.barclays.co.uk
URL: https://bank.barclays.co.uk/authlogin/css/authlogin-bdl.min.css?v=1606745934868
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.36.238.127 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-36-238-127.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
b173ff6e97748a8a4e079bf7afa965e4d264fa43a351c4a0bf2c130bc65b4366
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://bank.barclays.co.uk/authlogin/css/authlogin-bdl.min.css?v=1606745934868
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-encoding
gzip
last-modified
Wed, 17 Feb 2021 15:21:38 GMT
etag
"2f3-602d3482"
vary
accept-encoding
content-type
image/svg+xml
date
Mon, 15 Mar 2021 14:26:21 GMT
accept-ranges
bytes
content-length
755
x-ua-compatible
chrome=IE6
expert-sans-regular.woff
bank.barclays.co.uk/authlogin/css/fonts/
0
0

expert-sans-light.woff
bank.barclays.co.uk/authlogin/css/fonts/
0
0

8f002498-1a89-4ff2-ab92-e1c549283179
https://cancel-payee-secure.com/
139 KB
0
Other
General
Full URL
blob:https://cancel-payee-secure.com/8f002498-1a89-4ff2-ab92-e1c549283179
Requested by
Host: cancel-payee-secure.com
URL: https://cancel-payee-secure.com/
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ed6604f7293bcfe87ee03795e418c40cb40a96444a320d45bb97dfdcf40a14b8

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length
142652
Content-Type
application/javascript
utag.v.js
tags.tiqcdn.com/utag/tiqapp/
2 B
202 B
Script
General
Full URL
https://tags.tiqcdn.com/utag/tiqapp/utag.v.js?a=barclaysuk/barclays-olb/202102041355&cb=1615818381830
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/barclaysuk/barclays-olb/prod/utag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.79.129.43 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-79-129-43.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb

Request headers

Referer
https://cancel-payee-secure.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 15 Mar 2021 14:26:21 GMT
last-modified
Thu, 14 Apr 2016 16:57:51 GMT
server
AkamaiNetStorage
etag
"7bc0ee636b3b83484fc3b9348863bd22:1460653071"
content-type
application/x-javascript
cache-control
max-age=600
accept-ranges
bytes
content-length
2
expires
Mon, 15 Mar 2021 14:36:21 GMT
cr.png
cfr.eu.v2.we-stats.com/api/v1/
0
0

activity.php
cancel-payee-secure.com/files/
18 B
503 B
XHR
General
Full URL
https://cancel-payee-secure.com/files/activity.php
Requested by
Host: code.jquery.com
URL: https://code.jquery.com/jquery-3.5.1.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
199.188.201.84 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
Software
Apache / PHP/7.2.34
Resource Hash
94f9149f1315d2a1b9f44a7fd18360f4ef65b7255fbde2d926619c00b37fcbe9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Referer
https://cancel-payee-secure.com/
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 15 Mar 2021 14:26:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
Apache
x-powered-by
PHP/7.2.34
x-frame-options
SAMEORIGIN
content-type
text/html; charset=UTF-8
cache-control
no-store, no-cache, must-revalidate
strict-transport-security
max-age=31536000; includeSubDomains; preload;
vary
Accept-Encoding
content-length
38
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
expires
Thu, 19 Nov 1981 08:52:00 GMT
activity.php
cancel-payee-secure.com/files/
18 B
503 B
XHR
General
Full URL
https://cancel-payee-secure.com/files/activity.php
Requested by
Host: code.jquery.com
URL: https://code.jquery.com/jquery-3.5.1.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
199.188.201.84 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
Software
Apache / PHP/7.2.34
Resource Hash
94f9149f1315d2a1b9f44a7fd18360f4ef65b7255fbde2d926619c00b37fcbe9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Referer
https://cancel-payee-secure.com/
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 15 Mar 2021 14:26:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
Apache
x-powered-by
PHP/7.2.34
x-frame-options
SAMEORIGIN
content-type
text/html; charset=UTF-8
cache-control
no-store, no-cache, must-revalidate
strict-transport-security
max-age=31536000; includeSubDomains; preload;
vary
Accept-Encoding
content-length
38
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
expires
Thu, 19 Nov 1981 08:52:00 GMT
activity.php
cancel-payee-secure.com/files/
18 B
503 B
XHR
General
Full URL
https://cancel-payee-secure.com/files/activity.php
Requested by
Host: code.jquery.com
URL: https://code.jquery.com/jquery-3.5.1.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
199.188.201.84 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
Software
Apache / PHP/7.2.34
Resource Hash
94f9149f1315d2a1b9f44a7fd18360f4ef65b7255fbde2d926619c00b37fcbe9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Referer
https://cancel-payee-secure.com/
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 15 Mar 2021 14:26:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
Apache
x-powered-by
PHP/7.2.34
x-frame-options
SAMEORIGIN
content-type
text/html; charset=UTF-8
cache-control
no-store, no-cache, must-revalidate
strict-transport-security
max-age=31536000; includeSubDomains; preload;
vary
Accept-Encoding
content-length
38
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
expires
Thu, 19 Nov 1981 08:52:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
bank.barclays.co.uk
URL
https://bank.barclays.co.uk/authlogin/css/fonts/expert-sans-regular.woff
Domain
bank.barclays.co.uk
URL
https://bank.barclays.co.uk/authlogin/css/fonts/expert-sans-light.woff
Domain
cfr.eu.v2.we-stats.com
URL
https://cfr.eu.v2.we-stats.com/api/v1/cr.png?cid=dagoth&snum=1615818381960-sjn0000258-2ebbc739-18b8-409f-b424-9173b20c0aeb&muid=1615818381686-457E39E4-4D8D-4FA3-8A37-3B2E3C8AA0C6

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Barclays (Banking)

118 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated boolean| utag_condload object| utag boolean| __tealium_twc_switch object| utag_cfg_ovrd object| __core-js_shared__ object| core object| global object| System function| asap function| Observable function| setImmediate function| clearImmediate object| regeneratorRuntime boolean| _babelPolyfill object| angular number| ng339 function| _ function| getElementsByClassName function| getTextContent function| scFixed function| scFixed1Tag function| scAppendWholeTag function| scLowRankTag function| scProductsTag function| scSetLinkNameTag function| scCombinedP123 function| scRemap function| tagPageView function| tagAjaxContent function| tagQueryContents function| setFromClickTagsFTB function| scLinkTrack function| scLinkTrackError function| dcsMultiTrack function| scMeta function| scSetInitial function| scSetDerived function| isLoginPage function| isHomePage function| scSetHelpCardButtons function| scCleanUpEvents function| scLoginPagesTracking function| scCleanUp function| scSetValidationErrorMessage function| fireLoadEvent function| scSetErrorMessage function| scSetErrorServiceMessage function| scSetImpressions function| scSetLOGIN_METHOD function| scSetLOGIN_MECHANISM function| scSetLoginEvents function| scSetDeepLink function| scSetdcsuri function| scSetProducts function| scSetView function| getProp34 function| scSetPurchaseTracking function| scSetActivityTracking function| scSetLoginReg function| scSetPageName function| isMultipleSavedUsers function| scSetEvents function| scSetDcsvid function| scBarclaysCookieConsent function| scMapTag function| scSetTag function| scAddTag function| scUpdateLinkTrack function| scSaveBasePageName function| scRestoreBasePageName function| scSaveTakeoverPageName function| scRestoreTakeoverPageName object| AppName object| authloginDigitalData string| s_account object| dcs2sc string| scBasePageName string| scTakeoverPageName object| _self object| Prism undefined| WebAnalytics object| s function| s_doPlugins string| s_code undefined| s_objectID function| s_gi function| s_giqf string| s_an function| s_sp function| s_jn function| s_rep function| s_d function| s_fe function| s_fa function| s_ft object| s_c_il number| s_c_in number| s_giq object| cdApi function| $ function| jQuery boolean| ie8 object| browser_detect function| mboxDefine function| mboxUpdate string| pathref object| dataLayer number| interval function| heartbeat

4 Cookies

Domain/Path Name / Value
.cancel-payee-secure.com/ Name: cdSNum
Value: 1615818381960-sjn0000258-2ebbc739-18b8-409f-b424-9173b20c0aeb
.cancel-payee-secure.com/ Name: cdContextId
Value: 2
.cancel-payee-secure.com/ Name: bmuid
Value: 1615818381686-457E39E4-4D8D-4FA3-8A37-3B2E3C8AA0C6
.cancel-payee-secure.com/ Name: utag_main
Value: v_id:01783647d84b00229a8ceab16bf000072002006a00b08$_sn:1$_se:1$_ss:1$_st:1615820181389$ses_id:1615818381389%3Bexp-session$_pn:1%3Bexp-session

3 Console Messages

Source Level URL
Text
console-api log URL: https://cancel-payee-secure.com/(Line 642)
Message:
[object Object]
console-api log URL: https://cancel-payee-secure.com/(Line 642)
Message:
[object Object]
console-api log URL: https://cancel-payee-secure.com/(Line 642)
Message:
[object Object]

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bank.barclays.co.uk
cancel-payee-secure.com
cfr.eu.v2.we-stats.com
code.jquery.com
tags.tiqcdn.com
bank.barclays.co.uk
cfr.eu.v2.we-stats.com
199.188.201.84
2001:4de0:ac18::1:a:3b
23.36.238.127
23.79.129.43
02e9e14e36ad05a2a528e81898868b7c9fb738980d111599f4460dc7926aa1b0
03c2526a71f8b178491bca3226f69d72a28aa606133527c00b28adab490f940d
05587b282038be2386813602e2abbd2b686330803e399433747f915120d10c60
073f5b7ffebc61098e2b649f2067252032ff1865167948af2a8847f5d8f760f6
1d3fef663505e5ce8eccf28b01bb423260210ff6e57c33853adf372194c3f593
20318e023853ac4d3e1f231b0532de4c39d83c629a4155756c021e57825dc884
225667650d0be401e4cb148aa2dea5ad695c19563d2f94cfa20aa7082c5c966a
2aa89b0d3ed189360406952265076a3f79ea08b045f2e07d7d71e3c38982533e
416a3b2c3bf16d64f6b5b6d0f7b079df2267614dd6847fc2f3271b4409233c37
4443260f173a9227f2afb899b9e4337b364bcf78df56c322d6c19e4a6edf01d6
52aa6e020c0bb612dd9221d801a3ebda86836e047dbd30e21069248669061cbb
67e3278677fecc5edfca819d999dab44c2dc394ca642d7fa91c52fa2036e0ed3
90326fd2ae35b37049ca9b624acb2b698be96a509f3619cf647d686433eaaa15
91a06213190743f440aa3411f1393afaf3de8b3b6309d6677fb7680248f09e91
94f9149f1315d2a1b9f44a7fd18360f4ef65b7255fbde2d926619c00b37fcbe9
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb
b173ff6e97748a8a4e079bf7afa965e4d264fa43a351c4a0bf2c130bc65b4366
c7588e66ab3dfc34b4beda8e07aa630e5a764a001d7568244ef963c3620f3365
d870eda8b8c5f3c2254199a30e23030f6db054144c8d00484b5bd6bbcd7b07dc
e111be4c24fc0743ca7eb1c4873a64bb234135b9bea86cabd922a5caabb6c9c6
e7ae57b0d2e853b851ade7878dce6dfe2f64cbbee88273d5b68049b1dc939d72
ed6604f7293bcfe87ee03795e418c40cb40a96444a320d45bb97dfdcf40a14b8
effa2f551ae3f572384002e36028aa1e85544462f42c28065731284e8f81bfcd
f8ea0e980b8bdca260f9f81d0e98360c3080fdc7fd3992cf611e05701e2e8a36
fca63a7a3eb5d2b14c03d129964c75182fbedf12ac40f123ea52daa277d5f4a2