kreweofbush.com
Open in
urlscan Pro
169.197.183.150
Malicious Activity!
Public Scan
Effective URL: https://kreweofbush.com/AT&T/
Submission: On October 13 via automatic, source openphish — Scanned from DE
Summary
TLS certificate: Issued by R3 on October 12th 2021. Valid for: 3 months.
This is the only time kreweofbush.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: AT&T (Telecommunication)Domain & IP information
ASN14618 (AMAZON-AES, US)
PTR: ec2-52-200-40-111.compute-1.amazonaws.com
lapis-infrequent-child.glitch.me |
ASN16625 (AKAMAI-AS, US)
PTR: a104-111-216-57.deploy.static.akamaitechnologies.com
www.att.com |
ASN16509 (AMAZON-02, US)
PTR: ec2-52-49-107-116.eu-west-1.compute.amazonaws.com
dpm.demdex.net |
ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f6.1e100.net
fls.doubleclick.net |
ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f8.1e100.net
www.googletagmanager.com |
ASN16509 (AMAZON-02, US)
PTR: ec2-34-249-52-209.eu-west-1.compute.amazonaws.com
attservicesinc.tt.omtrdc.net |
ASN16509 (AMAZON-02, US)
PTR: ec2-52-17-95-93.eu-west-1.compute.amazonaws.com
att.demdex.net |
ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f2.1e100.net
www.googleadservices.com |
ASN16509 (AMAZON-02, US)
PTR: ec2-18-169-90-17.eu-west-2.compute.amazonaws.com
aa.agkn.com |
ASN29990 (ASN-APPNEX, US)
PTR: 723.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
ib.adnxs.com |
ASN797 (AMERITECH-AS, US)
PTR: clcontent-da.att.com
signin.att.com |
ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com
idsync.rlcdn.com |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
na5.thunderhead.com |
ASN20446 (HIGHWINDS3, US)
PTR: vip0x013.map2.ssl.hwcdn.net
servedby.flashtalking.com |
ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-01-frx5.fbcdn.net
connect.facebook.net |
ASN32934 (FACEBOOK, US)
PTR: edge-star-mini-shv-01-frx5.facebook.com
www.facebook.com |
ASN16509 (AMAZON-02, US)
PTR: ec2-52-208-138-90.eu-west-1.compute.amazonaws.com
ml314.com |
ASN15169 (GOOGLE, US)
PTR: 98.198.186.35.bc.googleusercontent.com
mediaeastv3.inq.com |
ASN16509 (AMAZON-02, US)
PTR: ec2-18-184-251-131.eu-central-1.compute.amazonaws.com
d.agkn.com |
Domain | Requested by | |
---|---|---|
17 | home.secureapp.att.net |
kreweofbush.com
home.secureapp.att.net |
17 | www.att.com |
kreweofbush.com
www.att.com |
6 | dpm.demdex.net |
1 redirects
www.att.com
kreweofbush.com |
5 | www.googletagmanager.com |
www.att.com
|
3 | s.amazon-adsystem.com | 2 redirects |
3 | ib.adnxs.com | 2 redirects |
3 | kreweofbush.com |
www.att.com
mediaeastv3.inq.com |
2 | att.inq.com |
www.att.com
mediaeastv3.inq.com |
2 | servedby.flashtalking.com |
www.att.com
servedby.flashtalking.com |
2 | idsync.rlcdn.com | 2 redirects |
2 | bat.bing.com |
www.att.com
|
1 | d.agkn.com | |
1 | mediaeastv3.inq.com |
att.inq.com
|
1 | ml314.com | 1 redirects |
1 | analytics.twitter.com | |
1 | www.facebook.com | |
1 | connect.facebook.net |
www.att.com
|
1 | na5.thunderhead.com | |
1 | signin.att.com |
www.att.com
|
1 | aa.agkn.com | 1 redirects |
1 | www.googleadservices.com |
www.googletagmanager.com
|
1 | att.demdex.net |
www.att.com
|
1 | attservicesinc.tt.omtrdc.net |
www.att.com
|
1 | fls.doubleclick.net |
www.att.com
|
1 | lapis-infrequent-child.glitch.me | |
0 | smetrics.att.com Failed |
www.att.com
|
68 | 26 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.att.net |
www.att.com |
watch.att.com |
envivo.att.yahoo.com |
attreg.att.net |
about.att.com |
www.xandr.com |
survey.foreseeresults.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
glitch.com Amazon |
2021-01-18 - 2022-02-15 |
a year | crt.sh |
kreweofbush.com R3 |
2021-10-12 - 2022-01-10 |
3 months | crt.sh |
*.att.com DigiCert SHA2 Secure Server CA |
2021-01-05 - 2022-01-09 |
a year | crt.sh |
home.secureapp.att.net DigiCert SHA2 Secure Server CA |
2020-07-10 - 2022-09-17 |
2 years | crt.sh |
*.demdex.net DigiCert TLS RSA SHA256 2020 CA1 |
2020-12-02 - 2022-01-02 |
a year | crt.sh |
*.doubleclick.net GTS CA 1C3 |
2021-09-13 - 2021-11-20 |
2 months | crt.sh |
*.google-analytics.com GTS CA 1C3 |
2021-09-13 - 2021-11-20 |
2 months | crt.sh |
*.tt.omtrdc.net DigiCert TLS RSA SHA256 2020 CA1 |
2021-10-11 - 2022-10-12 |
a year | crt.sh |
www.googleadservices.com GTS CA 1C3 |
2021-09-13 - 2021-11-20 |
2 months | crt.sh |
www.bing.com Microsoft RSA TLS CA 02 |
2021-09-30 - 2022-03-30 |
6 months | crt.sh |
*.thunderhead.com DigiCert TLS RSA SHA256 2020 CA1 |
2021-09-10 - 2022-10-11 |
a year | crt.sh |
servedby.flashtalking.com DigiCert TLS RSA SHA256 2020 CA1 |
2021-02-04 - 2022-02-22 |
a year | crt.sh |
*.facebook.com DigiCert SHA2 High Assurance Server CA |
2021-09-09 - 2021-12-08 |
3 months | crt.sh |
*.adnxs.com GeoTrust ECC CA 2018 |
2021-03-05 - 2022-02-19 |
a year | crt.sh |
*.twitter.com DigiCert TLS RSA SHA256 2020 CA1 |
2021-02-05 - 2022-02-04 |
a year | crt.sh |
*.inq.com GeoTrust RSA CA 2018 |
2019-10-30 - 2021-12-08 |
2 years | crt.sh |
s.amazon-adsystem.com Amazon |
2021-07-14 - 2022-06-27 |
a year | crt.sh |
*.agkn.com RapidSSL RSA CA 2018 |
2020-07-25 - 2022-09-18 |
2 years | crt.sh |
This page contains 4 frames:
Primary Page:
https://kreweofbush.com/AT&T/
Frame ID: 32F8C46129E59FAE2EB13327A1C59077
Requests: 58 HTTP requests in this frame
Frame:
https://att.demdex.net/dest5.html?d_nsid=0
Frame ID: D9ACF19EDF542004A803010CE5D30EDF
Requests: 7 HTTP requests in this frame
Frame:
https://servedby.flashtalking.com/container/19536;124481;13503;iframe/?ft_referrer=https%3A//kreweofbush.com/AT%26T/&ns=https%3A//lapis-infrequent-child.glitch.me/&cb=216906.20858698772
Frame ID: CA7002433D41DA8416F089D6A745F228
Requests: 2 HTTP requests in this frame
Frame:
https://kreweofbush.com/inqChat.html?IFRAME&nuance-frame-ac=0
Frame ID: FDA1CB8D1DF368A3855DD66EE83ECE0E
Requests: 1 HTTP requests in this frame
Screenshot
Page Title
AT&T - LoginPage URL History Show full URLs
- https://lapis-infrequent-child.glitch.me/ Page URL
- https://kreweofbush.com/AT&T/ Page URL
Detected technologies
AppNexus (Advertising Networks) ExpandDetected patterns
- adnxs\.(?:net|com)
DoubleClick Floodlight (Advertising Networks) Expand
Detected patterns
- https?://fls\.doubleclick\.net
Google Tag Manager (Tag Managers) Expand
Detected patterns
- googletagmanager\.com/gtag/js
Webtrends (Analytics) Expand
Detected patterns
- <img[^>]+id="DCSIMG"[^>]+webtrends
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
15 Outgoing links
These are links going to different origins than the main page.
Title: att.net
Search URL Search Domain Scan URL
Title: att.com
Search URL Search Domain Scan URL
Title: uverse.com
Search URL Search Domain Scan URL
Title: En Español
Search URL Search Domain Scan URL
Title: AT&T Support
Search URL Search Domain Scan URL
Title: Learn about shared passwords for AT&T email.
Search URL Search Domain Scan URL
Title: Forgot Email/User ID?
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: Terms
Search URL Search Domain Scan URL
Title: Privacy
Search URL Search Domain Scan URL
Title: Advertise
Search URL Search Domain Scan URL
Title: Advertising Choices
Search URL Search Domain Scan URL
Title: Acceptable Use Policy
Search URL Search Domain Scan URL
Title: Feedback
Search URL Search Domain Scan URL
Title: © 2020 AT&T Intellectual Property
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://lapis-infrequent-child.glitch.me/ Page URL
- https://kreweofbush.com/AT&T/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 41- https://aa.agkn.com/adscores/g.pixel?sid=9211132908&aam=47427785147745080252636714059432918125 HTTP 302
- https://dpm.demdex.net/ibs:dpid=21&dpuuid=164870703938000212063
- https://ib.adnxs.com/getuid?https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D358%26dpuuid%3D%24UID HTTP 307
- https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fdpm.demdex.net%252Fibs%253Adpid%253D358%2526dpuuid%253D%2524UID HTTP 302
- https://dpm.demdex.net/ibs:dpid=358&dpuuid=2594849408506462147
- https://idsync.rlcdn.com/365868.gif?partner_uid=47427785147745080252636714059432918125 HTTP 307
- https://idsync.rlcdn.com/1000.gif?memo=CKyqFhIxCi0IARCYEhomNDc0Mjc3ODUxNDc3NDUwODAyNTI2MzY3MTQwNTk0MzI5MTgxMjUQABoNCIy5m4sGEgUI6AcQAEIASgA HTTP 307
- https://dpm.demdex.net/ibs:dpid=477&dpuuid=f58975e358d8eb30f6a57e8749f5473629744ed1879331dc41b671dba678e87fb0da87c991749652
- https://ml314.com/utsync.ashx?eid=50112&et=0&gdpr=0&gdpr_consent=&return=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D22052%26dpuuid%3D[PersonID] HTTP 302
- https://dpm.demdex.net/ibs:dpid=22052&dpuuid=3622258563204776015
- https://s.amazon-adsystem.com/dcm?pid=5c420d2b-f139-4fee-b0c0-89a7b8ce9433 HTTP 302
- https://s.amazon-adsystem.com/dcm?pid=5c420d2b-f139-4fee-b0c0-89a7b8ce9433&dcc=t HTTP 302
- https://dpm.demdex.net/ibs:dpid=139200&dpuuid=sxx6g0pvRYO-pbFYHPlm-Q&redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dadobe.com%26id%3D%24%7BDD_UUID%7D HTTP 302
- https://s.amazon-adsystem.com/ecm3?ex=adobe.com&id=47427785147745080252636714059432918125
68 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
lapis-infrequent-child.glitch.me/ |
334 B 514 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
/
kreweofbush.com/AT&T/ |
8 KB 9 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
detm-container-hdr.js
www.att.com/scripts/adobe/prod/ |
103 KB 29 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main.css
home.secureapp.att.net/css/sso/slid/1201/ |
28 KB 29 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-1.5.1.min.js
home.secureapp.att.net/js/jquery/ |
83 KB 84 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.simplemodal.js
home.secureapp.att.net/js/jquery/simplemodal/ |
9 KB 10 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
script.js
home.secureapp.att.net/js/sso/slid/1201/ |
53 KB 54 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Button.png
home.secureapp.att.net/design/CDLS10/img/logos/ |
2 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
AT&T_logo.png
home.secureapp.att.net/design/CDLS10/img/logos/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
detm-container-ftr.js
www.att.com/scripts/adobe/prod/ |
666 B 738 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
id
dpm.demdex.net/ |
1 KB 1 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
mbox-contents.js
www.att.com/scripts/adobe/prod/ |
110 KB 36 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ssaf-uc.js
www.att.com/scripts/ssaf_universal_client/prod/ |
108 KB 21 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
marketing.min.js
www.att.com/scripts/adobe/prod/ |
489 KB 73 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
engage.min.js
www.att.com/scripts/adobe/prod/ |
50 KB 10 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
json
fls.doubleclick.net/ |
40 B 740 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
www.googletagmanager.com/gtag/ |
90 KB 37 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
www.googletagmanager.com/gtag/ |
96 KB 39 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
www.googletagmanager.com/gtag/ |
96 KB 38 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
www.googletagmanager.com/gtag/ |
101 KB 39 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
www.googletagmanager.com/gtag/ |
96 KB 38 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
eComm_Universal_AppNexus.js
www.att.com/scripts/adobe/prod/mktg-rules/global/ |
559 B 822 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
eComm_Universal_Bing.js
www.att.com/scripts/adobe/prod/mktg-rules/global/ |
775 B 1 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
eComm_Universal_Facebook.js
www.att.com/scripts/adobe/prod/mktg-rules/global/ |
834 B 970 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mobile.css
home.secureapp.att.net/css/sso/slid/1201/ |
4 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
id
smetrics.att.com/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
delivery
attservicesinc.tt.omtrdc.net/rest/v1/ |
49 B 314 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
webtrends.min.js
home.secureapp.att.net/js/webtrends/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
pageBg.png
home.secureapp.att.net/design/cdls10/img/ui/ |
169 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
btnSumbit.png
home.secureapp.att.net/img/sso/slid/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
footerBg.png
home.secureapp.att.net/design/CDLS10/img/ui/ |
560 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
dest5.html
att.demdex.net/ Frame D9AC |
7 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
attGlobalNavHeader-bg.gif
home.secureapp.att.net/design/cdls20/img/ui/ |
149 B 981 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
att_globe_blue_80x80.png
home.secureapp.att.net/design/CDLS10/img/logos/ |
16 KB 17 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
support-icon.jpg
home.secureapp.att.net/img/sso/slid/ |
2 KB 2 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
txt-clear.png
home.secureapp.att.net/img/sso/slid/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ques.png
home.secureapp.att.net/img/sso/slid/ |
363 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
appnexus.js
www.att.com/scripts/adobe/prod/ |
7 KB 3 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bing.js
www.att.com/scripts/adobe/prod/ |
30 KB 9 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
facebook.js
www.att.com/scripts/adobe/prod/ |
92 KB 24 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
conversion_async.js
www.googleadservices.com/pagead/ |
37 KB 15 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
18003891
bat.bing.com/p/action/ |
0 274 B |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ibs:dpid=21&dpuuid=164870703938000212063
dpm.demdex.net/ Frame D9AC Redirect Chain
|
42 B 945 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ibs:dpid=358&dpuuid=2594849408506462147
dpm.demdex.net/ Frame D9AC Redirect Chain
|
42 B 945 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
context.dll
home.secureapp.att.net/attportal/s/ |
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
attmonetization.config.js
www.att.com/scripts/adobe/prod/attmonetization/js/ |
30 KB 2 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
keepAlive.js
signin.att.com/static/ciam/en/common/js/ |
1 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Thunderhead_Consumer.js
www.att.com/scripts/adobe/prod/mktg-rules/global/ |
43 KB 13 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Flashtalking_Consumer.js
www.att.com/scripts/adobe/prod/mktg-rules/global/ |
2 KB 1 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
eComm_Visitor_DIR.js
www.att.com/scripts/adobe/prod/mktg-rules/global/ |
19 KB 4 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jsPlugin.js
www.att.com/MEG/chatserver/js/ |
55 KB 12 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
controllerdata
kreweofbush.com/ssaf/ssafc/v1/ |
315 B 515 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ibs:dpid=477&dpuuid=f58975e358d8eb30f6a57e8749f5473629744ed1879331dc41b671dba678e87fb0da87c991749652
dpm.demdex.net/ Frame D9AC Redirect Chain
|
42 B 945 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
error
na5.thunderhead.com/one/rt/web/v1/ONE-G8V3SQCVEX-2062/ |
35 B 231 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
servedby.flashtalking.com/container/19536;124481;13503;iframe/ Frame CA70 |
2 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
128900881029137
connect.facebook.net/signals/config/ |
257 KB 73 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
0
bat.bing.com/action/ |
0 149 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
pixie
ib.adnxs.com/ |
42 B 337 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
www.facebook.com/tr/ |
44 B 313 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
adsct
analytics.twitter.com/i/ Frame D9AC |
43 B 582 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
servedby.flashtalking.com/segment/2/read/a;;pixel/ Frame CA70 |
42 B 496 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
inqChatLaunch10004119.js
att.inq.com/chatskins/launch/ |
13 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ibs:dpid=22052&dpuuid=3622258563204776015
dpm.demdex.net/ Frame D9AC Redirect Chain
|
42 B 945 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ecm3
s.amazon-adsystem.com/ Frame D9AC Redirect Chain
|
43 B 556 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
chatLoader.min.js
mediaeastv3.inq.com/media/launch/ |
21 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
resolvePage
att.inq.com/tagserver/launch/ |
33 B 990 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
inqChat.html
kreweofbush.com/ Frame FDA1 |
315 B 515 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
d.agkn.com/pixel/8597/ |
43 B 593 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- smetrics.att.com
- URL
- https://smetrics.att.com/id?d_visid_ver=3.4.0&d_fieldgroup=A&mcorgid=55633F7A534535110A490D44%40AdobeOrg&mid=47342943973102284432663124030360906319&ts=1634131083484
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: AT&T (Telecommunication)217 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 object| 2 object| onbeforexrselect boolean| originAgentCluster string| mid string| adobe_mc string| href undefined| analytics_app_visitor_id undefined| ts undefined| newurl object| detm_last_link_info function| isIE function| _pageLoadDetector function| _earlyAnalytics function| e boolean| disableAudienceManager object| visitor object| DataMappingInterface string| detm_tag_notification_key string| legacyModeKey string| retireDLKey object| scripts object| script string| src function| satelliteDetector function| scriptExecutor string| filesadded boolean| monecontwatched function| loadAdsFile function| injectHtmlTag function| executeMonetizationTagInjection function| injectMonetization function| iterateANConfigObj function| findAccurateConfig object| detmScriptLoaderConfig function| detmScriptLoader object| detmLoader boolean| AllowDelayedLoad function| dunBradstreet undefined| dnbvid object| earlyAnalytics object| chatAnalytics function| Visitor object| s_c_il number| s_c_in boolean| detmDisabled object| detmScriptExecutor function| detmDomainMapper object| detmTagControls string| path object| _satellite object| head_ab boolean| pageLoadFired function| targetView function| listAbVariants function| targetPageParams object| targetGlobalSettings function| ab$ function| ABJSFrameworkLibrary object| adobe object| ___target_traces function| mboxCreate function| mboxDefine function| mboxUpdate string| AB_LOCATION_CHANGE string| sdidUrl function| docReady object| ddo function| AnalyticsNotificationFramework object| domainName object| linker number| ga_checkOutStep number| ga_pageLoadCount number| loggedIn string| authenticationStatus object| gamktEventTypes object| gamktEventNames object| gamktElements string| gaCustomEvent object| gamarketingANF number| chatTestFlag function| loadMarketingFile object| mktDataEvtType undefined| mktDataEvtName object| mktDataEvtVariable string| mktCustomEvent object| mktVariable string| pageFlowCode string| pageLanguage string| pagePageName string| pageFriendlyPageName string| pageLiabilityType string| pageCustomerType string| accountInFocusUserType string| userType string| flowCode function| getCookie function| getQueryVariable function| setCookie function| gtag object| google_tag_manager object| dataLayer object| google_tag_data string| evtAction string| evtCode string| successFlag string| statusMessage string| errorType string| linkName string| linkPosition string| linkDestinationUrl string| chatInviteType string| chatSessionId string| chatBusinessUnit string| chatAgentGroup string| pageName string| chatState object| chatLaunchedListener object| chatEngagedListener object| agentAssignedListener object| c2cStateChanged object| InqRegistry object| antiClickjack undefined| noFrameBusting string| _host function| $ function| jQuery string| agent string| ORIGINATION_POINT_URL string| RETURN_URL string| CANCEL_URL function| getWindowWidth function| getWindowHeight function| GetURLParameter function| setRegURL function| logPgvw function| refer function| submitForm function| trimAll function| chkTick function| unchkTick function| getElementsByClassName function| btnChange function| acctSelBtnEnable function| ie6Img function| getYadContents function| init undefined| countdownElement function| overlay function| cancelLoad function| Redirecturl string| focusableElementsString function| trapTabKey function| supportRedirect function| webtrendsAsyncInit function| detmExecuteFooter string| q1Zidx string| q2Zidx string| scriptUrl function| pixie object| uetq object| s_3_Integrate_DFA_get_0 undefined| uc_dfa_val undefined| dfaSuccess string| attSid function| fbq function| _fbq function| UET function| GooglemKTybQhCsO function| google_trackConversion object| s_att number| jsPluginLoaded object| appMonetizationFtrUnitsConfig object| ONE-G8V3SQCVEX-2062 object| ft_onetag_13503 object| pageInfo undefined| comScore undefined| url string| customerType string| language string| liabilitytype string| friendlypagename undefined| salesforceDataLayer function| andiApiDomain function| getDataLayerAttributes function| postRequest function| putRequest function| getRequest function| getRequestWithoutFallback function| sendDataLayerAttr function| callSSAFAttributes function| enableUIListener function| showMegChatIcon function| isANDiLoadedOnThisPage function| loadNuanceChatIcon function| hideNuanceChatBot function| loadMegUIState function| getDeviceType function| isDesktop function| megConditionsForUnauthenicatedURL function| enableMEG function| cookieExist function| getCurrentPageUrl function| buildApiUrlWithDomain function| isLowerEnv function| chatABCookieExpiry function| suppressChat function| evaluateLegacySettings function| secureProtocol function| getParentV3LanderConfig function| loadChat object| v3Lander object| v3LanderConfig object| __webpack_exports__ function| refreshTGuardSession function| addPixelImage23 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.kreweofbush.com/ | Name: at_check Value: true |
|
.kreweofbush.com/ | Name: mbox Value: session#5f0080bde8c84046b1d00ada3a7979b8#1634132944 |
|
.kreweofbush.com/ | Name: _gcl_au Value: 1.1.760116188.1634131083 |
|
.demdex.net/ | Name: demdex Value: 47427785147745080252636714059432918125 |
|
kreweofbush.com/ | Name: AMCVS_55633F7A534535110A490D44%40AdobeOrg Value: 1 |
|
.att.com/ | Name: s_ecid Value: MCMID%7C47342943973102284432663124030360906319 |
|
kreweofbush.com/ | Name: AMCV_55633F7A534535110A490D44%40AdobeOrg Value: 1994364360%7CMCIDTS%7C18914%7CMCMID%7C47342943973102284432663124030360906319%7CMCAAMLH-1634735883%7C6%7CMCAAMB-1634735883%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1634138283s%7CNONE%7CMCAID%7CNONE%7CvVersion%7C3.4.0 |
|
kreweofbush.com/ | Name: IV_JCT Value: %2FcommonLogin |
|
.doubleclick.net/ | Name: test_cookie Value: CheckForPermission |
|
.agkn.com/ | Name: ab Value: 0001%3APO0YbWhHLYgdaxPLCvG7rxCuQ4QXzRRR |
|
.bing.com/ | Name: MUID Value: 3411A32AD0E16E9B2BD8B3E5D1A46F41 |
|
.dpm.demdex.net/ | Name: dpm Value: 47427785147745080252636714059432918125 |
|
.adnxs.com/ | Name: uuid2 Value: 2594849408506462147 |
|
.kreweofbush.com/ | Name: _uetsid Value: ff7c14c02c2711ec9276f10abb046cdf |
|
.kreweofbush.com/ | Name: _uetvid Value: ff7c56702c2711ec8393cdd606e9f15a |
|
.rlcdn.com/ | Name: rlas3 Value: BhjELHeN4I2kM1EbgFJKx4T7VWPm1Xtq38IvQYudrvQ= |
|
.rlcdn.com/ | Name: pxrc Value: CIy5m4sGEgUI6AcQABIGCPHrARAA |
|
.flashtalking.com/ | Name: flashtalkingad1 Value: "GUID=503460EAB1DA39" |
|
.twitter.com/ | Name: personalization_id Value: "v1_HyVkpQAIe+M/iXK+fshMxQ==" |
|
.demdex.net/ | Name: dextp Value: 21-1-1634131084080|358-1-1634131084181|477-1-1634131084293|1123-1-1634131084402|22052-1-1634131084503|139200-1-1634131084604 |
|
.amazon-adsystem.com/ | Name: ad-id Value: A-jTk4RwSkkpnMepw7zY-h4 |
|
.amazon-adsystem.com/ | Name: ad-privacy Value: 0 |
|
.agkn.com/ | Name: u Value: C|0CAAAAAAAKPmZDQAAAAAAAS1dAAAAAA |
12 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
aa.agkn.com
analytics.twitter.com
att.demdex.net
att.inq.com
attservicesinc.tt.omtrdc.net
bat.bing.com
connect.facebook.net
d.agkn.com
dpm.demdex.net
fls.doubleclick.net
home.secureapp.att.net
ib.adnxs.com
idsync.rlcdn.com
kreweofbush.com
lapis-infrequent-child.glitch.me
mediaeastv3.inq.com
ml314.com
na5.thunderhead.com
s.amazon-adsystem.com
servedby.flashtalking.com
signin.att.com
smetrics.att.com
www.att.com
www.facebook.com
www.googleadservices.com
www.googletagmanager.com
smetrics.att.com
104.111.216.57
104.244.42.3
13.107.21.200
142.250.185.198
142.250.185.226
142.250.185.232
144.160.125.207
144.160.36.70
169.197.183.150
18.169.90.17
18.184.251.131
185.33.221.87
185.60.216.19
185.60.216.35
206.17.25.188
209.197.3.19
34.249.52.209
35.186.198.98
35.244.174.68
51.105.108.194
52.17.95.93
52.200.40.111
52.208.138.90
52.46.154.242
52.49.107.116
01a7e22fd83c617ff55898233518c54a9ecce7e0de3e8a63c4fa59315b029c6b
06ccf87a4243b47fa210ec452eda0a1f153b0077e4df8b3d9569747c3d2ecb3d
0b97d9dc41f0f5b928a14af68f165e790a4b1d7a52e948347c1b6e3e82ef1bde
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
1ae55eee9d98c2f4c7fdb3e9add8ffec1f75fda9a2053df845a87e38d113873d
1bf3b44e8ba90fbf4dfd61319f5d918e133f3dfe55b4dcec35e8f6e0e501b40a
1c592a51351836456628c2cb9a7dd86d41257d821f8926b137c8f5c63aaf0ca3
27da51ec2023f96407f92161ddda0e290b0661a765822ff03e5d61f3aecf8aa0
2b342cf2e6bd2c4a025e6d689d433bdbdb47e4d3050265adebe9c1f6518c29af
2e8f4f6158ee4e23d270f962be25b0a2a1e56b62c32eaeaf96c46c329b507dec
33a050282e9356be2f2d8538f376fcbc4c7bbc778c4517375b44dad46d48389e
3531bc20d89ce933d3e2a2b412d9bc486f49a3b2bea7c22faa260b5ef42d7e26
3b76af0996a49e3ee22507ab6569588c2a41b1929560f8beccbdd87786b7abde
42ae15fce5b5588f138369542659d2e23dda10674ab04a630fc76b5981c17694
43f774da83292822f54305d69e01286ca018b6f3f0fe86250451ad93d9252f9c
47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292
5c2bb4799afe71e3806de817e1e14868d170da40d3bf8df3f59e550fb23a57c1
5fd69c4fa9f1a2a6fbdab11ff45053dbd08237e6190dfc9c071fadd08fe9b7d5
601f450bfc37544f6ebbdcbecf66d18121b3a6c99ff9ab31994769f1b08f6e86
61e91515aaf72cba3014a136331a138eca6b27831c8f2e6b0c128825243f5263
623b1b42bd72baaf5dcfd6881afc9bac75b940ba6036907edd6ae496d69c7ec0
69c00a3d9551ee5fba7241f241f4c49bc24ae47cb3b51194ddcfc440f59dcb9c
69e68aded7e45ade0acaaef106c5a1d401e1039a58a8726db68cfaee23fe86e7
70ac34d176f59098e867cd1008c65de5e945ae2ee702444a4e6e9ee10ae314dd
70b5a6613f03d3c015d826185e39839e6dbc2d03871f151bafbed5cc58503f69
764b9e9f3ad386aaa5cdeae9368353994de61c0bede087c8f7e3579cb443de3b
7b601d114daf5033ca1b7c37beab9a717e1edbf6e9049d488e36af4ed4d85ea4
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
823571b6b93129145b1b4e2b1e20a966814a5b8793922f35cdde8f9b8e3bf772
82d044da888a6c8e27a37a1e7aafdbe8d0e03692b06573264340ff710085beda
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
83ac91a538a22b81898930c967888e6adff2d0186f419aa27149de238bb9b127
8e170827cf6b2dfdb810cef652d70f9cbd9ff58f4242cb735622833b5ff69bd3
8e6ec1efd720fba57823309829b05bb57ebb5716c813c88b3c88cf36ab9aa5e9
8f8db4ef23c07f4d5d5afa894ac5c709f8ca8861c0ce12eccce3abcaf8068f2b
9880eb5b6a6b1dec8f568c14a1a5be755c460d2ea2df66fa7b5e6b99227f7128
a3cffb20a62d234c050990dc421d2b44e079342248dc3eefb45fb9a5b466a99e
a5182fbd8bbbbc358b704a5a070ffad58bd079b7800803935d9e3b2b8b9c5d87
a8c89bb3937cdc4a70b3568eae5a390d918433be78f89deba07846932ae7c695
ac840990603819c38555a492a7d5fa3aa15c168756aca9f298afcb5ab336ad69
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
b632a6a0334c1702ba8c2d5b4e49ff79059b32af6599c747d27c373799c1af28
b87057677da170d5e8c86a667b21cc365c7462e5407d5a9dae9d00c7dfd050dd
bba4bf5001c7eb5c7658b0c359177835ce4130528f5d235bfeb41594095b5ee1
c0cbcf6d984828a28c305b0f6c1f35dc370e41809c55c2c20906033ce4a81aee
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c226d105958223685f509c7d514b32791a68d648877e9092b5b85169fdf81000
c537cf7e2770d1b4953255dfccff8e0bdbfd4adb4e88d868e353208ae7ff13c1
cd9495421d504b3beca8f82bc5f39720e6e47d184fe4f8d71c6706e25c425858
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d302b3e4668a75d063f684d6e2381b29e4ab727267c33b239de4e67cc71ed92c
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
dfa35aa4643a991e1d2ec6e3562e1a0465174c7200a7572c92619904bb08530f
e32a6ae5e43f7f652674e0f03dc23f86839f839b29ee4e63c01c93da180bb0d0
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef5831657e8bbb3bb1f856181e25839be124a370b16ba2972175dc4d4605226c
f88d44583c9ec680fd5e57ff5afdffc69e74d771aff19168ea86a968a0e6a6e8
fdee766a03e4032897a2cd75326c135d8e938592bfb00f12ed5b4eb223f54c3f