buildcron.com
Open in
urlscan Pro
119.18.54.55
Malicious Activity!
Public Scan
Submission: On March 16 via api from US — Scanned from DE
Summary
TLS certificate: Issued by R3 on March 6th 2022. Valid for: 3 months.
This is the only time buildcron.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: AT&T (Telecommunication)Domain & IP information
ASN16509 (AMAZON-02, US)
PTR: ec2-54-194-228-85.eu-west-1.compute.amazonaws.com
dpm.demdex.net |
ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f6.1e100.net
fls.doubleclick.net |
ASN15169 (GOOGLE, US)
www.googletagmanager.com |
ASN16509 (AMAZON-02, US)
PTR: ec2-54-154-249-228.eu-west-1.compute.amazonaws.com
attservicesinc.tt.omtrdc.net |
ASN16509 (AMAZON-02, US)
PTR: ec2-54-76-200-156.eu-west-1.compute.amazonaws.com
att.demdex.net |
ASN15169 (GOOGLE, US)
PTR: fra15s46-in-f2.1e100.net
www.googleadservices.com |
ASN16509 (AMAZON-02, US)
PTR: ec2-18-185-251-21.eu-central-1.compute.amazonaws.com
aa.agkn.com |
ASN29990 (ASN-APPNEX, US)
PTR: 721.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
ib.adnxs.com |
ASN797 (AMERITECH-AS, US)
PTR: clcontent-al.att.com
signin.att.com |
ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com
idsync.rlcdn.com |
ASN20446 (STACKPATH-CDN, US)
PTR: vip0x013.map2.ssl.hwcdn.net
servedby.flashtalking.com |
ASN32934 (FACEBOOK, US)
connect.facebook.net |
ASN16509 (AMAZON-02, US)
PTR: ec2-34-252-195-101.eu-west-1.compute.amazonaws.com
ml314.com |
ASN32934 (FACEBOOK, US)
www.facebook.com |
ASN16509 (AMAZON-02, US)
PTR: ec2-3-127-180-130.eu-central-1.compute.amazonaws.com
d.agkn.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
19 |
att.com
www.att.com — Cisco Umbrella Rank: 11263 smetrics.att.com Failed signin.att.com — Cisco Umbrella Rank: 21525 |
249 KB |
17 |
att.net
home.secureapp.att.net |
220 KB |
7 |
demdex.net
1 redirects
dpm.demdex.net — Cisco Umbrella Rank: 184 att.demdex.net — Cisco Umbrella Rank: 20538 |
9 KB |
5 |
googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 54 |
207 KB |
3 |
amazon-adsystem.com
2 redirects
s.amazon-adsystem.com — Cisco Umbrella Rank: 260 |
2 KB |
3 |
adnxs.com
2 redirects
ib.adnxs.com — Cisco Umbrella Rank: 205 |
2 KB |
3 |
buildcron.com
buildcron.com |
5 KB |
2 |
flashtalking.com
servedby.flashtalking.com — Cisco Umbrella Rank: 655 |
3 KB |
2 |
rlcdn.com
2 redirects
idsync.rlcdn.com — Cisco Umbrella Rank: 281 |
803 B |
2 |
bing.com
bat.bing.com — Cisco Umbrella Rank: 338 |
538 B |
2 |
agkn.com
1 redirects
aa.agkn.com — Cisco Umbrella Rank: 393 d.agkn.com — Cisco Umbrella Rank: 492 |
927 B |
1 |
facebook.com
www.facebook.com — Cisco Umbrella Rank: 96 |
297 B |
1 |
ml314.com
1 redirects
ml314.com — Cisco Umbrella Rank: 1299 |
474 B |
1 |
twitter.com
analytics.twitter.com — Cisco Umbrella Rank: 464 |
166 B |
1 |
facebook.net
connect.facebook.net — Cisco Umbrella Rank: 124 |
74 KB |
1 |
googleadservices.com
www.googleadservices.com — Cisco Umbrella Rank: 101 |
15 KB |
1 |
omtrdc.net
attservicesinc.tt.omtrdc.net — Cisco Umbrella Rank: 23523 |
312 B |
1 |
doubleclick.net
fls.doubleclick.net — Cisco Umbrella Rank: 415 |
719 B |
67 | 18 |
Domain | Requested by | |
---|---|---|
18 | www.att.com |
buildcron.com
www.att.com |
17 | home.secureapp.att.net |
buildcron.com
home.secureapp.att.net |
6 | dpm.demdex.net |
1 redirects
www.att.com
buildcron.com |
5 | www.googletagmanager.com |
www.att.com
|
3 | s.amazon-adsystem.com | 2 redirects |
3 | ib.adnxs.com | 2 redirects |
3 | buildcron.com |
buildcron.com
www.att.com |
2 | servedby.flashtalking.com |
www.att.com
servedby.flashtalking.com |
2 | idsync.rlcdn.com | 2 redirects |
2 | bat.bing.com |
www.att.com
|
1 | d.agkn.com | |
1 | www.facebook.com | |
1 | ml314.com | 1 redirects |
1 | analytics.twitter.com | |
1 | connect.facebook.net |
www.att.com
|
1 | signin.att.com |
www.att.com
|
1 | aa.agkn.com | 1 redirects |
1 | www.googleadservices.com |
www.googletagmanager.com
|
1 | att.demdex.net |
www.att.com
|
1 | attservicesinc.tt.omtrdc.net |
www.att.com
|
1 | fls.doubleclick.net |
www.att.com
|
0 | smetrics.att.com Failed |
www.att.com
|
67 | 22 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.att.net |
www.att.com |
watch.att.com |
envivo.att.yahoo.com |
loginprodx.att.net |
attreg.att.net |
about.att.com |
www.xandr.com |
survey.foreseeresults.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.squareo.in R3 |
2022-03-06 - 2022-06-04 |
3 months | crt.sh |
*.att.com DigiCert TLS RSA SHA256 2020 CA1 |
2022-01-03 - 2023-01-04 |
a year | crt.sh |
home.secureapp.att.net DigiCert SHA2 Secure Server CA |
2020-07-10 - 2022-09-17 |
2 years | crt.sh |
*.demdex.net DigiCert TLS RSA SHA256 2020 CA1 |
2021-10-19 - 2022-11-19 |
a year | crt.sh |
*.doubleclick.net GTS CA 1C3 |
2022-02-17 - 2022-05-12 |
3 months | crt.sh |
*.google-analytics.com GTS CA 1C3 |
2022-02-17 - 2022-05-12 |
3 months | crt.sh |
*.tt.omtrdc.net DigiCert TLS RSA SHA256 2020 CA1 |
2021-10-11 - 2022-10-12 |
a year | crt.sh |
www.googleadservices.com GTS CA 1C3 |
2022-02-17 - 2022-05-12 |
3 months | crt.sh |
www.bing.com Microsoft RSA TLS CA 01 |
2021-12-22 - 2022-06-22 |
6 months | crt.sh |
servedby.flashtalking.com DigiCert TLS RSA SHA256 2020 CA1 |
2022-01-27 - 2023-02-24 |
a year | crt.sh |
*.facebook.com DigiCert SHA2 High Assurance Server CA |
2021-12-23 - 2022-03-23 |
3 months | crt.sh |
*.adnxs.com GeoTrust ECC CA 2018 |
2022-02-11 - 2023-03-14 |
a year | crt.sh |
*.twitter.com DigiCert TLS RSA SHA256 2020 CA1 |
2022-01-06 - 2023-01-05 |
a year | crt.sh |
*.agkn.com RapidSSL RSA CA 2018 |
2020-07-25 - 2022-09-18 |
2 years | crt.sh |
This page contains 3 frames:
Primary Page:
https://buildcron.com/dpseoueaq/att/att/AT&T.htm
Frame ID: 9D554BCA67EB77BBECD5391E5DC7D2F0
Requests: 56 HTTP requests in this frame
Frame:
https://att.demdex.net/dest5.html?d_nsid=0
Frame ID: 95E3E0F737F04A2F61794256301FFB34
Requests: 7 HTTP requests in this frame
Frame:
https://servedby.flashtalking.com/container/19536;124481;13503;iframe/?ft_referrer=https%3A//buildcron.com/dpseoueaq/att/att/AT%26T.htm&ns=&cb=374471.8614379734
Frame ID: 717BB2ABF4566D9BAAA56BA753ADE876
Requests: 2 HTTP requests in this frame
Screenshot
Page Title
AT&T - LoginDetected technologies
AppNexus (Advertising Networks) ExpandDetected patterns
- adnxs\.(?:net|com)
DoubleClick Floodlight (Advertising Networks) Expand
Detected patterns
- https?://fls\.doubleclick\.net
Google Tag Manager (Tag Managers) Expand
Detected patterns
- googletagmanager\.com/gtag/js
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
17 Outgoing links
These are links going to different origins than the main page.
Title: att.net
Search URL Search Domain Scan URL
Title: att.com
Search URL Search Domain Scan URL
Title: uverse.com
Search URL Search Domain Scan URL
Title: En Español
Search URL Search Domain Scan URL
Title: AT&T Support
Search URL Search Domain Scan URL
Title: Learn about shared passwords for AT&T email.
Search URL Search Domain Scan URL
Title: Forgot User ID?
Search URL Search Domain Scan URL
Title: Forgot Password?
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: Terms
Search URL Search Domain Scan URL
Title: Privacy
Search URL Search Domain Scan URL
Title: Advertise
Search URL Search Domain Scan URL
Title: Advertising Choices
Search URL Search Domain Scan URL
Title: Acceptable Use Policy
Search URL Search Domain Scan URL
Title: Feedback
Search URL Search Domain Scan URL
Title: © 2020 AT&T Intellectual Property
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 40- https://aa.agkn.com/adscores/g.pixel?sid=9211132908&aam=05708523076802492602614774521354209655 HTTP 302
- https://dpm.demdex.net/ibs:dpid=21&dpuuid=165020404092000199400
- https://ib.adnxs.com/getuid?https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D358%26dpuuid%3D%24UID HTTP 307
- https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fdpm.demdex.net%252Fibs%253Adpid%253D358%2526dpuuid%253D%2524UID HTTP 302
- https://dpm.demdex.net/ibs:dpid=358&dpuuid=1820663866665058300
- https://idsync.rlcdn.com/365868.gif?partner_uid=05708523076802492602614774521354209655 HTTP 307
- https://idsync.rlcdn.com/1000.gif?memo=CKyqFhIxCi0IARCYEhomMDU3MDg1MjMwNzY4MDI0OTI2MDI2MTQ3NzQ1MjEzNTQyMDk2NTUQABoNCIyLx5EGEgUI6AcQAEIASgA HTTP 307
- https://dpm.demdex.net/ibs:dpid=477&dpuuid=b422adf252671b23e3f235df392cd35c11cdf9bda83ae6212b86420521f531dfb0da87c991749652
- https://ml314.com/utsync.ashx?eid=50112&et=0&gdpr=0&gdpr_consent=&return=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D22052%26dpuuid%3D[PersonID] HTTP 302
- https://dpm.demdex.net/ibs:dpid=22052&dpuuid=3625828196429070473
- https://s.amazon-adsystem.com/dcm?pid=5c420d2b-f139-4fee-b0c0-89a7b8ce9433 HTTP 302
- https://s.amazon-adsystem.com/dcm?pid=5c420d2b-f139-4fee-b0c0-89a7b8ce9433&dcc=t HTTP 302
- https://dpm.demdex.net/ibs:dpid=139200&dpuuid=nxPUQWxwQRau2QyCrAQ5XA&redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dadobe.com%26id%3D%24%7BDD_UUID%7D HTTP 302
- https://s.amazon-adsystem.com/ecm3?ex=adobe.com&id=05708523076802492602614774521354209655
67 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
AT&T.htm
buildcron.com/dpseoueaq/att/att/ |
10 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
detm-container-hdr.js
www.att.com/scripts/adobe/prod/ |
105 KB 29 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
_fontface.css
home.secureapp.att.net/css/sso/slid/1201/ |
0 960 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main.css
home.secureapp.att.net/css/sso/slid/1201/ |
28 KB 29 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-1.5.1.min.js
home.secureapp.att.net/js/jquery/ |
83 KB 84 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.simplemodal.js
home.secureapp.att.net/js/jquery/simplemodal/ |
9 KB 10 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
script.js
home.secureapp.att.net/js/sso/slid/1201/ |
53 KB 54 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Button.png
home.secureapp.att.net/design/CDLS10/img/logos/ |
2 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
AT&T_logo.png
home.secureapp.att.net/design/CDLS10/img/logos/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
detm-container-ftr.js
www.att.com/scripts/adobe/prod/ |
666 B 802 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
id
dpm.demdex.net/ |
1 KB 1 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
mbox-contents.js
www.att.com/scripts/adobe/prod/ |
110 KB 36 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ssaf-uc.js
www.att.com/scripts/ssaf_universal_client/prod/ |
110 KB 22 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
marketing.min.js
www.att.com/scripts/adobe/prod/ |
362 KB 65 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
engage.min.js
www.att.com/scripts/adobe/prod/ |
132 KB 33 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
json
fls.doubleclick.net/ |
40 B 719 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
www.googletagmanager.com/gtag/ |
89 KB 36 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
www.googletagmanager.com/gtag/ |
99 KB 39 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
www.googletagmanager.com/gtag/ |
99 KB 39 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
www.googletagmanager.com/gtag/ |
145 KB 53 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
www.googletagmanager.com/gtag/ |
99 KB 39 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
eComm_Universal_AppNexus.js
www.att.com/scripts/adobe/prod/mktg-rules/global/ |
559 B 791 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
eComm_Universal_Bing.js
www.att.com/scripts/adobe/prod/mktg-rules/global/ |
775 B 904 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
eComm_Universal_Facebook.js
www.att.com/scripts/adobe/prod/mktg-rules/global/ |
834 B 939 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
id
smetrics.att.com/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mobile.css
home.secureapp.att.net/css/sso/slid/1201/ |
4 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
delivery
attservicesinc.tt.omtrdc.net/rest/v1/ |
49 B 312 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
webtrends.min.js
buildcron.com/commonLogin/igate_edam/staticContent/images/SLID/js/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
pageBg.png
home.secureapp.att.net/design/cdls10/img/ui/ |
169 B 1001 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
btnSumbit.png
home.secureapp.att.net/img/sso/slid/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
footerBg.png
home.secureapp.att.net/design/CDLS10/img/ui/ |
560 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
dest5.html
att.demdex.net/ Frame 95E3 |
7 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
conversion_async.js
www.googleadservices.com/pagead/ |
39 KB 15 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
attGlobalNavHeader-bg.gif
home.secureapp.att.net/design/cdls20/img/ui/ |
149 B 981 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
att_globe_blue_80x80.png
home.secureapp.att.net/design/CDLS10/img/logos/ |
16 KB 17 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
support-icon.jpg
home.secureapp.att.net/img/sso/slid/ |
2 KB 2 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
txt-clear.png
home.secureapp.att.net/img/sso/slid/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ques.png
home.secureapp.att.net/img/sso/slid/ |
363 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
appnexus.js
www.att.com/scripts/adobe/prod/ |
7 KB 3 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
facebook.js
www.att.com/scripts/adobe/prod/ |
92 KB 24 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bing.js
www.att.com/scripts/adobe/prod/ |
30 KB 9 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ibs:dpid=21&dpuuid=165020404092000199400
dpm.demdex.net/ Frame 95E3 Redirect Chain
|
42 B 945 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
18003891
bat.bing.com/p/action/ |
0 388 B |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ibs:dpid=358&dpuuid=1820663866665058300
dpm.demdex.net/ Frame 95E3 Redirect Chain
|
42 B 945 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
context.dll
home.secureapp.att.net/attportal/s/ |
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
attmonetization.config.js
www.att.com/scripts/adobe/prod/attmonetization/js/ |
27 KB 2 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
keepAlive.js
signin.att.com/static/ciam/en/common/js/ |
1 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Flashtalking_Consumer.js
www.att.com/scripts/adobe/prod/mktg-rules/global/ |
2 KB 1 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
eComm_Visitor_DIR.js
www.att.com/scripts/adobe/prod/mktg-rules/global/ |
19 KB 4 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jsPlugin.js
www.att.com/MEG/chatserver/js/ |
84 KB 16 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
controllerdata
buildcron.com/ssaf/ssafc/v1/ |
583 B 390 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ibs:dpid=477&dpuuid=b422adf252671b23e3f235df392cd35c11cdf9bda83ae6212b86420521f531dfb0da87c991749652
dpm.demdex.net/ Frame 95E3 Redirect Chain
|
42 B 945 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
aggregateinfo
www.att.com/msapi/chatlogicprocessor/v1/user/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
servedby.flashtalking.com/container/19536;124481;13503;iframe/ Frame 717B |
2 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
128900881029137
connect.facebook.net/signals/config/ |
257 KB 74 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
0
bat.bing.com/action/ |
0 150 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
pixie
ib.adnxs.com/ |
42 B 345 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
servedby.flashtalking.com/segment/2/read/a;;pixel/ Frame 717B |
42 B 496 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
adsct
analytics.twitter.com/i/ Frame 95E3 |
0 166 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ibs:dpid=22052&dpuuid=3625828196429070473
dpm.demdex.net/ Frame 95E3 Redirect Chain
|
42 B 945 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
www.facebook.com/tr/ |
44 B 297 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ecm3
s.amazon-adsystem.com/ Frame 95E3 Redirect Chain
|
43 B 556 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H2 |
log
www.att.com/msapi/chatlogicprocessor/v1/user/ Frame |
0 0 |
Preflight
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST |
log
www.att.com/msapi/chatlogicprocessor/v1/user/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST |
log
www.att.com/msapi/chatlogicprocessor/v1/user/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H2 |
log
www.att.com/msapi/chatlogicprocessor/v1/user/ Frame |
0 0 |
Preflight
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
d.agkn.com/pixel/8597/ |
43 B 597 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- smetrics.att.com
- URL
- https://smetrics.att.com/id?d_visid_ver=3.4.0&d_fieldgroup=A&mcorgid=55633F7A534535110A490D44%40AdobeOrg&mid=05444423023926526862606361352729419605&ts=1647429003907
- Domain
- www.att.com
- URL
- https://www.att.com/msapi/chatlogicprocessor/v1/user/aggregateinfo?url=https%3A%2F%2Fbuildcron.com%2Fdpseoueaq%2Fatt%2Fatt%2FAT%26T.htm
- Domain
- www.att.com
- URL
- https://www.att.com/msapi/chatlogicprocessor/v1/user/log
- Domain
- www.att.com
- URL
- https://www.att.com/msapi/chatlogicprocessor/v1/user/log
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: AT&T (Telecommunication)194 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 function| structuredClone object| oncontextlost object| oncontextrestored string| hcc string| mid string| adobe_mc number| ts string| href object| hcc_check undefined| analytics_app_visitor_id undefined| newurl undefined| halo_app_visitor_id object| detm_last_link_info function| isIE function| _pageLoadDetector function| _earlyAnalytics function| e boolean| disableAudienceManager object| visitor object| DataMappingInterface string| detm_tag_notification_key string| legacyModeKey string| retireDLKey object| scripts object| script string| src function| satelliteDetector function| scriptExecutor string| filesadded boolean| monecontwatched function| loadAdsFile function| injectHtmlTag function| executeMonetizationTagInjection function| injectMonetization function| iterateANConfigObj function| findAccurateConfig object| detmScriptLoaderConfig function| detmScriptLoader object| detmLoader boolean| AllowDelayedLoad function| dunBradstreet undefined| dnbvid object| earlyAnalytics object| chatAnalytics function| Visitor object| s_c_il number| s_c_in boolean| detmDisabled object| detmScriptExecutor function| detmDomainMapper object| detmTagControls string| path object| _satellite object| head_ab boolean| pageLoadFired function| targetView function| listAbVariants function| targetPageParams object| targetGlobalSettings function| ab$ function| ABJSFrameworkLibrary object| adobe object| ___target_traces function| mboxCreate function| mboxDefine function| mboxUpdate string| AB_LOCATION_CHANGE string| sdidUrl function| docReady object| ddo function| AnalyticsNotificationFramework object| domainName object| linker number| ga_checkOutStep number| ga_pageLoadCount number| loggedIn string| authenticationStatus object| gamktEventTypes object| gamktEventNames object| gamktElements string| gaCustomEvent object| gamarketingANF number| chatTestFlag function| loadMarketingFile object| mktDataEvtType undefined| mktDataEvtName object| mktDataEvtVariable string| mktCustomEvent object| mktVariable string| pageFlowCode string| pageLanguage string| pagePageName string| pageFriendlyPageName string| pageLiabilityType string| pageCustomerType string| accountInFocusUserType string| userType string| flowCode function| getCookie function| getQueryVariable function| setCookie function| DIRECTVPageInterest function| gtag object| google_tag_manager object| dataLayer object| google_tag_data string| evtAction string| evtCode string| successFlag string| statusMessage string| errorType string| linkName string| linkPosition string| linkDestinationUrl string| chatInviteType string| chatSessionId string| chatBusinessUnit string| chatAgentGroup string| pageName string| chatState object| chatLaunchedListener object| chatEngagedListener object| agentAssignedListener object| c2cStateChanged object| InqRegistry object| antiClickjack undefined| noFrameBusting string| _host function| $ function| jQuery string| agent string| ORIGINATION_POINT_URL string| RETURN_URL string| CANCEL_URL function| getWindowWidth function| getWindowHeight function| GetURLParameter function| setRegURL function| logPgvw function| refer function| submitForm function| trimAll function| chkTick function| unchkTick function| getElementsByClassName function| btnChange function| acctSelBtnEnable function| ie6Img function| getYadContents function| init undefined| countdownElement function| overlay function| cancelLoad function| Redirecturl string| focusableElementsString function| trapTabKey function| supportRedirect function| webtrendsAsyncInit function| detmExecuteFooter object| DARLA_CONFIG string| q1Zidx string| q2Zidx string| scriptUrl function| pixie object| s_3_Integrate_DFA_get_0 undefined| uc_dfa_val undefined| dfaSuccess string| attSid function| fbq function| _fbq object| uetq function| GooglemKTybQhCsO function| google_trackConversion function| UET object| s_att object| ONE-G8V3SQCVEX-2062 object| appMonetizationFtrUnitsConfig function| andiEventListener string| andiCurrentPageUrlJSPluginExecuted boolean| andiJSPluginUnloadEventListenerExist string| megTabId object| ft_onetag_13503 object| pageInfo undefined| comScore undefined| url string| customerType string| language string| liabilitytype string| friendlypagename undefined| salesforceDataLayer function| refreshTGuardSession function| addPixelImage21 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.buildcron.com/ | Name: at_check Value: true |
|
.buildcron.com/ | Name: mbox Value: session#e6a5d27b93d44a0886cd236689695ba0#1647430864 |
|
.demdex.net/ | Name: demdex Value: 05708523076802492602614774521354209655 |
|
.buildcron.com/ | Name: _gcl_au Value: 1.1.629516284.1647429004 |
|
buildcron.com/ | Name: AMCVS_55633F7A534535110A490D44%40AdobeOrg Value: 1 |
|
.att.com/ | Name: s_ecid Value: MCMID%7C05444423023926526862606361352729419605 |
|
buildcron.com/ | Name: AMCV_55633F7A534535110A490D44%40AdobeOrg Value: 1994364360%7CMCIDTS%7C19068%7CMCMID%7C05444423023926526862606361352729419605%7CMCAAMLH-1648033803%7C6%7CMCAAMB-1648033803%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1647436203s%7CNONE%7CMCAID%7CNONE%7CvVersion%7C3.4.0 |
|
.doubleclick.net/ | Name: test_cookie Value: CheckForPermission |
|
.agkn.com/ | Name: ab Value: 0001%3AwTI9q%2BGHs7eHTAndq6jAis%2BnSG4ZNHTP |
|
.dpm.demdex.net/ | Name: dpm Value: 05708523076802492602614774521354209655 |
|
.bing.com/ | Name: MUID Value: 10DD5BEB50D7692237CE4A8251BC6824 |
|
.adnxs.com/ | Name: uuid2 Value: 1820663866665058300 |
|
.buildcron.com/ | Name: _uetsid Value: a1ba2710a51911ecbd36e9869f662eaa |
|
.buildcron.com/ | Name: _uetvid Value: a1ba2c60a51911ecabc2db2d32018d11 |
|
.flashtalking.com/ | Name: flashtalkingad1 Value: "GUID=51884D763FBFDF" |
|
.rlcdn.com/ | Name: rlas3 Value: YZYVqstO5qfTEMdqZQ9so2O7DUxUvtCq1M/oTOQx+ro= |
|
.demdex.net/ | Name: dextp Value: 21-1-1647429004492|358-1-1647429004593|477-1-1647429004696|1123-1-1647429004798|22052-1-1647429004899|139200-1-1647429005001 |
|
.rlcdn.com/ | Name: pxrc Value: CIyLx5EGEgUI6AcQABIGCPHrARAA |
|
.amazon-adsystem.com/ | Name: ad-id Value: A-qlApw79E9evIsvw5DjCQQ |
|
.amazon-adsystem.com/ | Name: ad-privacy Value: 0 |
|
.agkn.com/ | Name: u Value: C|0CAAAAAAAKcSCDQAAAAAAAS1dAAAAAA |
18 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
aa.agkn.com
analytics.twitter.com
att.demdex.net
attservicesinc.tt.omtrdc.net
bat.bing.com
buildcron.com
connect.facebook.net
d.agkn.com
dpm.demdex.net
fls.doubleclick.net
home.secureapp.att.net
ib.adnxs.com
idsync.rlcdn.com
ml314.com
s.amazon-adsystem.com
servedby.flashtalking.com
signin.att.com
smetrics.att.com
www.att.com
www.facebook.com
www.googleadservices.com
www.googletagmanager.com
smetrics.att.com
www.att.com
104.244.42.131
119.18.54.55
142.250.185.230
144.160.36.70
144.161.106.163
172.217.16.130
18.185.251.21
185.33.221.91
209.197.3.19
209.54.177.54
2620:1ec:c11::200
2a00:1450:4001:82f::2008
2a02:26f0:fb:5b4::2db1
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
3.127.180.130
34.252.195.101
35.244.174.68
54.154.249.228
54.194.228.85
54.76.200.156
01a7e22fd83c617ff55898233518c54a9ecce7e0de3e8a63c4fa59315b029c6b
022034ee6f5920db13cae95c1912ba84d695f7d6f5318005947b7c8059393a93
05006418ab1e1d9a45e461e3b3d44f6c06939a29ebe1613de0feefc2cb32fc85
0b41f69e6564b9c89b1b344744c5b06eb4adc0e584028909286d2b936e1afed5
0b97d9dc41f0f5b928a14af68f165e790a4b1d7a52e948347c1b6e3e82ef1bde
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
1ae55eee9d98c2f4c7fdb3e9add8ffec1f75fda9a2053df845a87e38d113873d
1bf3b44e8ba90fbf4dfd61319f5d918e133f3dfe55b4dcec35e8f6e0e501b40a
1c592a51351836456628c2cb9a7dd86d41257d821f8926b137c8f5c63aaf0ca3
27da51ec2023f96407f92161ddda0e290b0661a765822ff03e5d61f3aecf8aa0
2b0b047ba39cf12db0504d6b0c904d63d1c13f5950f4103da2688c9f989a7a01
33a050282e9356be2f2d8538f376fcbc4c7bbc778c4517375b44dad46d48389e
370cb63119bc0d295c50903465a851655942f314b5302cc6a55f1b24ef51662e
43f774da83292822f54305d69e01286ca018b6f3f0fe86250451ad93d9252f9c
47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292
4c9c37a1df2f86203bead731b4097469c01ea4668a83672b4ffaa1bf1a7b5e29
4ceb898e480093264750e5bfe5b28fb6334c0aef570b990ca001a838dd787fce
4f976fc8ada6265bad7ac3d36c991cacebe0da3fe902ccd67280be8e6b13ed94
5fd69c4fa9f1a2a6fbdab11ff45053dbd08237e6190dfc9c071fadd08fe9b7d5
601f450bfc37544f6ebbdcbecf66d18121b3a6c99ff9ab31994769f1b08f6e86
61e91515aaf72cba3014a136331a138eca6b27831c8f2e6b0c128825243f5263
623b1b42bd72baaf5dcfd6881afc9bac75b940ba6036907edd6ae496d69c7ec0
70ac34d176f59098e867cd1008c65de5e945ae2ee702444a4e6e9ee10ae314dd
70b5a6613f03d3c015d826185e39839e6dbc2d03871f151bafbed5cc58503f69
739a4e29b172109d074da5c2c75d3320ba8324bc368eb2deaa4178cdb343e17e
7bdc3b6e756669eda5388a22a39d384b7b920473a50c3f2c2a93bdee2ed0986e
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
8a3495a284924254e2f2caa6a60d7fce77aaaa10a33e789fad7a53dbcafdcf84
8e6ec1efd720fba57823309829b05bb57ebb5716c813c88b3c88cf36ab9aa5e9
9880eb5b6a6b1dec8f568c14a1a5be755c460d2ea2df66fa7b5e6b99227f7128
9c5f5d51f4119cac7ad2a692f7de836540078180b7c281e580cfeda3a6a551f2
a2558ac9e710af08c2492d23e87baeb3768e8c9ca209fa56b20fe319a564c2cb
a5182fbd8bbbbc358b704a5a070ffad58bd079b7800803935d9e3b2b8b9c5d87
a654c6d34da5a0bc6926a5801d8e98adc98f605f1ac2dbbf584e522fac1fef04
a8c89bb3937cdc4a70b3568eae5a390d918433be78f89deba07846932ae7c695
ac840990603819c38555a492a7d5fa3aa15c168756aca9f298afcb5ab336ad69
addb99b564439fef77b8d8520521884809d92594a005d1e67b8f0b59347b17e7
afff8d18165e483a6f6847e66ca78dd813af6ff5448f988bcc9c0daed216384a
b632a6a0334c1702ba8c2d5b4e49ff79059b32af6599c747d27c373799c1af28
b872b4ad2e649961fbf3cdc43966716bd820301634adebaf5329c1aa22a1f7ee
bba4bf5001c7eb5c7658b0c359177835ce4130528f5d235bfeb41594095b5ee1
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c537cf7e2770d1b4953255dfccff8e0bdbfd4adb4e88d868e353208ae7ff13c1
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
dcd414c5449bd6c50360aa7c9a52f5c407c8ee612d473ec4298bc807d5c287bf
dfa35aa4643a991e1d2ec6e3562e1a0465174c7200a7572c92619904bb08530f
e32a6ae5e43f7f652674e0f03dc23f86839f839b29ee4e63c01c93da180bb0d0
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ea2d61e53ac4a3c971d584eec6056203d6a8b16ebbf1640ff703759380586140
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef5831657e8bbb3bb1f856181e25839be124a370b16ba2972175dc4d4605226c
fdee766a03e4032897a2cd75326c135d8e938592bfb00f12ed5b4eb223f54c3f