URL: https://vueloparapente.com/css/app/
Submission: On September 10 via automatic, source phishtank

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 24 HTTP transactions. The main IP is 89.46.90.95, located in Spain and belongs to PROFESIONALHOSTING, ES. The main domain is vueloparapente.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on July 21st 2020. Valid for: 3 months.
This is the only time vueloparapente.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Unicredit (Banking)

Domain & IP information

IP Address AS Autonomous System
4 89.46.90.95 201446 (PROFESION...)
20 213.134.66.112 15515 (UNICREDIT...)
24 2
Apex Domain
Subdomains
Transfer
20 ucgstatic.eu
at-assets.ucgstatic.eu
2 MB
4 vueloparapente.com
vueloparapente.com
45 KB
24 2
Domain Requested by
20 at-assets.ucgstatic.eu vueloparapente.com
at-assets.ucgstatic.eu
4 vueloparapente.com vueloparapente.com
24 2

This site contains links to these domains. Also see Links.

Domain
www.bankaustria.at
sicherheit.bankaustria.at
Subject Issuer Validity Valid
vueloparapente.com
Let's Encrypt Authority X3
2020-07-21 -
2020-10-19
3 months crt.sh
at-assets.ucgstatic.eu
Actalis Organization Validated Server CA G2
2019-10-10 -
2020-10-10
a year crt.sh

This page contains 1 frames:

Primary Page: https://vueloparapente.com/css/app/
Frame ID: EAEACAE6FD5854C4A0A5B1C24BE34112
Requests: 24 HTTP requests in this frame

Screenshot


Detected technologies

Overall confidence: 100%
Detected patterns
  • script /\/etc\/designs\//i

Overall confidence: 100%
Detected patterns
  • script /\/etc\/designs\//i

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

24
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

1637 kB
Transfer

3460 kB
Size

2
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

24 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Cookie set /
vueloparapente.com/css/app/
0
548 B
Document
General
Full URL
https://vueloparapente.com/css/app/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
89.46.90.95 , Spain, ASN201446 (PROFESIONALHOSTING, ES),
Reverse DNS
dns9095.phdns17.es
Software
Apache / PleskLin
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=63072000;
X-Content-Type-Options nosniff

Request headers

Host
vueloparapente.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 10 Sep 2020 09:18:02 GMT
Server
Apache
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate
Pragma
no-cache
Refresh
0
Set-Cookie
PHPSESSID=37977oqpd1bfjiq39lfqkcqgon; path=/ visited=yes; expires=Thu, 10-Sep-2020 10:18:02 GMT; Max-Age=3600
Strict-Transport-Security
max-age=63072000;
X-Content-Type-Options
nosniff
X-Powered-By
PleskLin
Content-Length
0
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8
Primary Request Cookie set /
vueloparapente.com/css/app/
44 KB
44 KB
Document
General
Full URL
https://vueloparapente.com/css/app/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
89.46.90.95 , Spain, ASN201446 (PROFESIONALHOSTING, ES),
Reverse DNS
dns9095.phdns17.es
Software
Apache / PleskLin
Resource Hash
0dcd92fb976169bda6390e4fb1ffeeac58ec97d538560a5efc1d352093a0efa7
Security Headers
Name Value
Strict-Transport-Security max-age=63072000;
X-Content-Type-Options nosniff

Request headers

Host
vueloparapente.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
same-origin
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
document
Referer
https://vueloparapente.com/css/app/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Cookie
visited=yes; PHPSESSID=37977oqpd1bfjiq39lfqkcqgon
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://vueloparapente.com/css/app/

Response headers

Date
Thu, 10 Sep 2020 09:18:02 GMT
Server
Apache
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate
Pragma
no-cache
Set-Cookie
visited=yes; expires=Thu, 10-Sep-2020 10:18:02 GMT; Max-Age=3600
Strict-Transport-Security
max-age=63072000;
X-Content-Type-Options
nosniff
X-Powered-By
PleskLin
Content-Length
45016
Keep-Alive
timeout=5, max=99
Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8
head_at_login.js
at-assets.ucgstatic.eu/etc/designs/gimb/clientlibs/
1 MB
281 KB
Script
General
Full URL
https://at-assets.ucgstatic.eu/etc/designs/gimb/clientlibs/head_at_login.js
Requested by
Host: vueloparapente.com
URL: https://vueloparapente.com/css/app/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
213.134.66.112 Milan, Italy, ASN15515 (UNICREDIT-AS-VR-IT Via Alessandro Specchi 16, IT),
Reverse DNS
Software
/
Resource Hash
76640a7e083e1d5ccb55e15341b3f79a9ad6466c4e4c4eab3be0e3ead5ac3f5f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 10 Sep 2020 09:18:02 GMT
Content-Encoding
gzip
Vary
Accept-Encoding
ETag
W/"123748"
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubdomains; preload
Content-Type
application/x-javascript
VTS-H3
GP RM AS
Cache-Control
max-age=2592000
Transfer-Encoding
chunked
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=83
X-XSS-Protection
1; mode=block
Expires
Sat, 10 Oct 2020 09:18:02 GMT
head_at_login.css
at-assets.ucgstatic.eu/etc/designs/gimb/clientlibs/
1 MB
343 KB
Stylesheet
General
Full URL
https://at-assets.ucgstatic.eu/etc/designs/gimb/clientlibs/head_at_login.css
Requested by
Host: vueloparapente.com
URL: https://vueloparapente.com/css/app/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
213.134.66.112 Milan, Italy, ASN15515 (UNICREDIT-AS-VR-IT Via Alessandro Specchi 16, IT),
Reverse DNS
Software
/
Resource Hash
98b2827fab95bfdde5be192269406f258dfd1a555f77b8662c12969779f16f3d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 10 Sep 2020 09:18:02 GMT
Content-Encoding
gzip
Vary
Accept-Encoding
ETag
"12e1c3"
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubdomains; preload
Content-Type
text/css
VTS-H3
GP RM AS
Cache-Control
max-age=2592000
Transfer-Encoding
chunked
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=42
X-XSS-Protection
1; mode=block
Expires
Sat, 10 Oct 2020 09:18:02 GMT
BAMofUC-logo-flat.svg
at-assets.ucgstatic.eu/content/dam/gimb/at/Common%20area/
9 KB
10 KB
Image
General
Full URL
https://at-assets.ucgstatic.eu/content/dam/gimb/at/Common%20area/BAMofUC-logo-flat.svg
Requested by
Host: vueloparapente.com
URL: https://vueloparapente.com/css/app/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
213.134.66.112 Milan, Italy, ASN15515 (UNICREDIT-AS-VR-IT Via Alessandro Specchi 16, IT),
Reverse DNS
Software
/
Resource Hash
208b4feaf8e35d6c6cc15eb83133d392297a0723562bc07d584d17bbea505514
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 10 Sep 2020 09:18:03 GMT
Strict-Transport-Security
max-age=31536000; includeSubdomains; preload
Last-Modified
Wed, 09 Sep 2020 23:01:23 GMT
ETag
"243b-5aee96e3857ce"
X-Frame-Options
SAMEORIGIN
Content-Type
image/svg+xml
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=90
Content-Length
9275
X-XSS-Protection
1; mode=block
login-common.min.160120181900.css
at-assets.ucgstatic.eu/etc/designs/gimb/functions/EP5-PSA-LOGIN/at/css/
284 B
846 B
Stylesheet
General
Full URL
https://at-assets.ucgstatic.eu/etc/designs/gimb/functions/EP5-PSA-LOGIN/at/css/login-common.min.160120181900.css
Requested by
Host: vueloparapente.com
URL: https://vueloparapente.com/css/app/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
213.134.66.112 Milan, Italy, ASN15515 (UNICREDIT-AS-VR-IT Via Alessandro Specchi 16, IT),
Reverse DNS
Software
/
Resource Hash
f1f25ad9f8e560d4435186484b1f6a64984cfe527a7edc0ce221539cd08adb50
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 10 Sep 2020 09:18:03 GMT
Content-Encoding
gzip
Vary
Accept-Encoding
ETag
"11c"
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubdomains; preload
Content-Type
text/css
VTS-H3
GP RM AS
Cache-Control
max-age=2592000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=51
Content-Length
226
X-XSS-Protection
1; mode=block
Expires
Sat, 10 Oct 2020 09:18:03 GMT
login.min.160120181900.css
at-assets.ucgstatic.eu/etc/designs/gimb/functions/EP5-PSA-LOGIN/at/css/
10 KB
3 KB
Stylesheet
General
Full URL
https://at-assets.ucgstatic.eu/etc/designs/gimb/functions/EP5-PSA-LOGIN/at/css/login.min.160120181900.css
Requested by
Host: vueloparapente.com
URL: https://vueloparapente.com/css/app/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
213.134.66.112 Milan, Italy, ASN15515 (UNICREDIT-AS-VR-IT Via Alessandro Specchi 16, IT),
Reverse DNS
Software
/
Resource Hash
52233e04b02bc65a0829b831984a21aa78be101de2d33e837435890c6239a952
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 10 Sep 2020 09:18:03 GMT
Content-Encoding
gzip
Vary
Accept-Encoding
ETag
"279d"
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubdomains; preload
Content-Type
text/css
VTS-H3
GP RM AS
Cache-Control
max-age=2592000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=71
Content-Length
2458
X-XSS-Protection
1; mode=block
Expires
Sat, 10 Oct 2020 09:18:03 GMT
dkStep.min.160120181900.css
at-assets.ucgstatic.eu/etc/designs/gimb/functions/EP5-PSA-LOGIN/at/css/dkLibs/
2 KB
1 KB
Stylesheet
General
Full URL
https://at-assets.ucgstatic.eu/etc/designs/gimb/functions/EP5-PSA-LOGIN/at/css/dkLibs/dkStep.min.160120181900.css
Requested by
Host: vueloparapente.com
URL: https://vueloparapente.com/css/app/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
213.134.66.112 Milan, Italy, ASN15515 (UNICREDIT-AS-VR-IT Via Alessandro Specchi 16, IT),
Reverse DNS
Software
/
Resource Hash
1e3ee0e0a80fa4ee97e7dfc365a431d2f83ef471193e7460d76dd27357f9e55b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 10 Sep 2020 09:18:03 GMT
Content-Encoding
gzip
Vary
Accept-Encoding
ETag
"75b"
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubdomains; preload
Content-Type
text/css
VTS-H3
GP RM AS
Cache-Control
max-age=2592000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=90
Content-Length
539
X-XSS-Protection
1; mode=block
Expires
Sat, 10 Oct 2020 09:18:03 GMT
dkBase.min.160120181900.js
at-assets.ucgstatic.eu/etc/designs/gimb/functions/EP5-PSA-LOGIN/at/js/dkLibs/
100 KB
28 KB
Script
General
Full URL
https://at-assets.ucgstatic.eu/etc/designs/gimb/functions/EP5-PSA-LOGIN/at/js/dkLibs/dkBase.min.160120181900.js
Requested by
Host: vueloparapente.com
URL: https://vueloparapente.com/css/app/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
213.134.66.112 Milan, Italy, ASN15515 (UNICREDIT-AS-VR-IT Via Alessandro Specchi 16, IT),
Reverse DNS
Software
/
Resource Hash
f76477d88e5e2a121c634655f3c4f440177e2548c4fada45f01f4efd528a49f7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 10 Sep 2020 09:18:03 GMT
Content-Encoding
gzip
Vary
Accept-Encoding
ETag
"191d9"
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubdomains; preload
Content-Type
application/x-javascript
VTS-H3
GP RM AS
Cache-Control
max-age=2592000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=67
Content-Length
27552
X-XSS-Protection
1; mode=block
Expires
Sat, 10 Oct 2020 09:18:03 GMT
login.js.faces
vueloparapente.com/EP5-PSA-LOGIN/javax.faces.resource/js/
0
0
Script
General
Full URL
https://vueloparapente.com/EP5-PSA-LOGIN/javax.faces.resource/js/login.js.faces?ln=multicountry&v=1.0
Requested by
Host: vueloparapente.com
URL: https://vueloparapente.com/css/app/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
89.46.90.95 , Spain, ASN201446 (PROFESIONALHOSTING, ES),
Reverse DNS
dns9095.phdns17.es
Software
Apache / PleskLin
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=63072000;
X-Content-Type-Options nosniff

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 10 Sep 2020 09:18:03 GMT
X-Content-Type-Options
nosniff
Last-Modified
Sun, 24 Nov 2019 13:07:57 GMT
Server
Apache
X-Powered-By
PleskLin
Strict-Transport-Security
max-age=63072000;
Content-Type
text/html
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Content-Length
1028
ETag
"404-5981755fa4456"
managelanguage.min.160120181900.css
at-assets.ucgstatic.eu/etc/designs/gimb/functions/EP5-PSA-MANAGELANGUAGE/css/
3 KB
1 KB
Stylesheet
General
Full URL
https://at-assets.ucgstatic.eu/etc/designs/gimb/functions/EP5-PSA-MANAGELANGUAGE/css/managelanguage.min.160120181900.css
Requested by
Host: vueloparapente.com
URL: https://vueloparapente.com/css/app/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
213.134.66.112 Milan, Italy, ASN15515 (UNICREDIT-AS-VR-IT Via Alessandro Specchi 16, IT),
Reverse DNS
Software
/
Resource Hash
a3dd9710fe95bc29d47926850d50692442a6843fb9458a4769794c799ef05a57
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 10 Sep 2020 09:18:03 GMT
Content-Encoding
gzip
Vary
Accept-Encoding
ETag
"b68"
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubdomains; preload
Content-Type
text/css
VTS-H3
GP RM AS
Cache-Control
max-age=2592000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=67
Content-Length
843
X-XSS-Protection
1; mode=block
Expires
Sat, 10 Oct 2020 09:18:03 GMT
1548766786234.png
at-assets.ucgstatic.eu/content/gimb_at/de/login/login/_jcr_content/footer/img1.img.png/
642 B
1 KB
Image
General
Full URL
https://at-assets.ucgstatic.eu/content/gimb_at/de/login/login/_jcr_content/footer/img1.img.png/1548766786234.png
Requested by
Host: vueloparapente.com
URL: https://vueloparapente.com/css/app/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
213.134.66.112 Milan, Italy, ASN15515 (UNICREDIT-AS-VR-IT Via Alessandro Specchi 16, IT),
Reverse DNS
Software
/
Resource Hash
f6a7fe1701c494d326f91474b7c2e5fb3df70e06f194fd0259a1ec2d596b3ab3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 10 Sep 2020 09:18:03 GMT
ETag
"282"
X-Frame-Options
SAMEORIGIN
Connection
Keep-Alive
Content-Type
image/png
X-XSS-Protection
1; mode=block
Cache-Control
max-age=2592000
Strict-Transport-Security
max-age=31536000; includeSubdomains; preload
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=82
Content-Length
642
VTS-H2
FP FD FR
Expires
Sat, 10 Oct 2020 09:18:03 GMT
1548766786234.png
at-assets.ucgstatic.eu/content/gimb_at/de/login/login/_jcr_content/footer/img4.img.png/
618 B
1 KB
Image
General
Full URL
https://at-assets.ucgstatic.eu/content/gimb_at/de/login/login/_jcr_content/footer/img4.img.png/1548766786234.png
Requested by
Host: vueloparapente.com
URL: https://vueloparapente.com/css/app/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
213.134.66.112 Milan, Italy, ASN15515 (UNICREDIT-AS-VR-IT Via Alessandro Specchi 16, IT),
Reverse DNS
Software
/
Resource Hash
2da0c47f226b01671a0d983f484796dba219e7954f0b6a54131961badf3f5fec
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 10 Sep 2020 09:18:03 GMT
ETag
"26a"
X-Frame-Options
SAMEORIGIN
Connection
Keep-Alive
Content-Type
image/png
X-XSS-Protection
1; mode=block
Cache-Control
max-age=2592000
Strict-Transport-Security
max-age=31536000; includeSubdomains; preload
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=41
Content-Length
618
VTS-H2
FP FD FR
Expires
Sat, 10 Oct 2020 09:18:03 GMT
1548766786234.png
at-assets.ucgstatic.eu/content/gimb_at/de/login/login/_jcr_content/footer/img5.img.png/
611 B
1 KB
Image
General
Full URL
https://at-assets.ucgstatic.eu/content/gimb_at/de/login/login/_jcr_content/footer/img5.img.png/1548766786234.png
Requested by
Host: vueloparapente.com
URL: https://vueloparapente.com/css/app/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
213.134.66.112 Milan, Italy, ASN15515 (UNICREDIT-AS-VR-IT Via Alessandro Specchi 16, IT),
Reverse DNS
Software
/
Resource Hash
0199fe56946047083e3626f0cdd15895ffcbbdf8ff1babaaf088ce7059cc8a92
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 10 Sep 2020 09:18:03 GMT
ETag
"263"
X-Frame-Options
SAMEORIGIN
Connection
Keep-Alive
Content-Type
image/png
X-XSS-Protection
1; mode=block
Cache-Control
max-age=2592000
Strict-Transport-Security
max-age=31536000; includeSubdomains; preload
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=89
Content-Length
611
VTS-H2
FP FD FR
Expires
Sat, 10 Oct 2020 09:18:03 GMT
sprite-common.png
at-assets.ucgstatic.eu/etc/designs/gimb/img/
22 KB
23 KB
Image
General
Full URL
https://at-assets.ucgstatic.eu/etc/designs/gimb/img/sprite-common.png
Requested by
Host: at-assets.ucgstatic.eu
URL: https://at-assets.ucgstatic.eu/etc/designs/gimb/clientlibs/head_at_login.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
213.134.66.112 Milan, Italy, ASN15515 (UNICREDIT-AS-VR-IT Via Alessandro Specchi 16, IT),
Reverse DNS
Software
/
Resource Hash
9ba28c18fb75f3a6fcee96df6421c475570a4161b0c59637b878d7b4520169c3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://at-assets.ucgstatic.eu/etc/designs/gimb/clientlibs/head_at_login.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 10 Sep 2020 09:18:03 GMT
ETag
"58ad"
X-Frame-Options
SAMEORIGIN
Connection
Keep-Alive
Content-Type
image/png
X-XSS-Protection
1; mode=block
Cache-Control
max-age=2592000
Strict-Transport-Security
max-age=31536000; includeSubdomains; preload
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=95
Content-Length
22701
VTS-H2
FP FD FR
Expires
Sat, 10 Oct 2020 09:18:03 GMT
IconWerk2-mono-v05.woff
at-assets.ucgstatic.eu/etc/designs/gimb/fonts/
14 KB
15 KB
Font
General
Full URL
https://at-assets.ucgstatic.eu/etc/designs/gimb/fonts/IconWerk2-mono-v05.woff
Requested by
Host: at-assets.ucgstatic.eu
URL: https://at-assets.ucgstatic.eu/etc/designs/gimb/clientlibs/head_at_login.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
213.134.66.112 Milan, Italy, ASN15515 (UNICREDIT-AS-VR-IT Via Alessandro Specchi 16, IT),
Reverse DNS
Software
/
Resource Hash
18b1c0abd01d9dd86722431ca611b9e4aa23025948fa2c9a39efd20de667f2c6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Origin
https://vueloparapente.com
Referer
https://at-assets.ucgstatic.eu/etc/designs/gimb/clientlibs/head_at_login.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 10 Sep 2020 09:18:03 GMT
Strict-Transport-Security
max-age=31536000; includeSubdomains; preload
VTS-H4
GN LM
ETag
"3844"
X-Frame-Options
SAMEORIGIN
Access-Control-Allow-Origin
*
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=50
Content-Length
14404
X-XSS-Protection
1; mode=block
unicredit-regular.otf
at-assets.ucgstatic.eu/etc/designs/gimb/fonts/
98 KB
98 KB
Font
General
Full URL
https://at-assets.ucgstatic.eu/etc/designs/gimb/fonts/unicredit-regular.otf
Requested by
Host: at-assets.ucgstatic.eu
URL: https://at-assets.ucgstatic.eu/etc/designs/gimb/clientlibs/head_at_login.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
213.134.66.112 Milan, Italy, ASN15515 (UNICREDIT-AS-VR-IT Via Alessandro Specchi 16, IT),
Reverse DNS
Software
/
Resource Hash
fb3eee259238bb8f097a10f92ad30df49fe02fa3889ee4ee64407514840383a5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Origin
https://vueloparapente.com
Referer
https://at-assets.ucgstatic.eu/etc/designs/gimb/clientlibs/head_at_login.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 10 Sep 2020 09:18:03 GMT
Strict-Transport-Security
max-age=31536000; includeSubdomains; preload
VTS-H4
GN LM
ETag
"186c0"
X-Frame-Options
SAMEORIGIN
Access-Control-Allow-Origin
*
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=41
Content-Length
100032
X-XSS-Protection
1; mode=block
unicredit-medium.otf
at-assets.ucgstatic.eu/etc/designs/gimb/fonts/
114 KB
115 KB
Font
General
Full URL
https://at-assets.ucgstatic.eu/etc/designs/gimb/fonts/unicredit-medium.otf
Requested by
Host: at-assets.ucgstatic.eu
URL: https://at-assets.ucgstatic.eu/etc/designs/gimb/clientlibs/head_at_login.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
213.134.66.112 Milan, Italy, ASN15515 (UNICREDIT-AS-VR-IT Via Alessandro Specchi 16, IT),
Reverse DNS
Software
/
Resource Hash
2ad850adfd4c44eca0fb84badbd18222af65c98d9086d5175b22d3b02f1fe67c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Origin
https://vueloparapente.com
Referer
https://at-assets.ucgstatic.eu/etc/designs/gimb/clientlibs/head_at_login.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 10 Sep 2020 09:18:03 GMT
Strict-Transport-Security
max-age=31536000; includeSubdomains; preload
VTS-H4
GN LM
ETag
"1c9fc"
X-Frame-Options
SAMEORIGIN
Access-Control-Allow-Origin
*
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=94
Content-Length
117244
X-XSS-Protection
1; mode=block
login.js.faces
vueloparapente.com/EP5-PSA-LOGIN/javax.faces.resource/js/
0
0
Script
General
Full URL
https://vueloparapente.com/EP5-PSA-LOGIN/javax.faces.resource/js/login.js.faces?ln=multicountry&v=1.0
Requested by
Host: vueloparapente.com
URL: https://vueloparapente.com/css/app/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
89.46.90.95 , Spain, ASN201446 (PROFESIONALHOSTING, ES),
Reverse DNS
dns9095.phdns17.es
Software
Apache / PleskLin
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=63072000;
X-Content-Type-Options nosniff

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 10 Sep 2020 09:18:03 GMT
X-Content-Type-Options
nosniff
Last-Modified
Sun, 24 Nov 2019 13:07:57 GMT
Server
Apache
X-Powered-By
PleskLin
Strict-Transport-Security
max-age=63072000;
Content-Type
text/html
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=97
Content-Length
1028
ETag
"404-5981755fa4456"
unicredit-light.otf
at-assets.ucgstatic.eu/etc/designs/gimb/fonts/
102 KB
103 KB
Font
General
Full URL
https://at-assets.ucgstatic.eu/etc/designs/gimb/fonts/unicredit-light.otf
Requested by
Host: at-assets.ucgstatic.eu
URL: https://at-assets.ucgstatic.eu/etc/designs/gimb/clientlibs/head_at_login.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
213.134.66.112 Milan, Italy, ASN15515 (UNICREDIT-AS-VR-IT Via Alessandro Specchi 16, IT),
Reverse DNS
Software
/
Resource Hash
d91ea6df371995153328efe12017133994e9e25881f620ee00942462251cfeaa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Origin
https://vueloparapente.com
Referer
https://at-assets.ucgstatic.eu/etc/designs/gimb/clientlibs/head_at_login.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 10 Sep 2020 09:18:03 GMT
Strict-Transport-Security
max-age=31536000; includeSubdomains; preload
VTS-H4
GN LM
ETag
"19930"
X-Frame-Options
SAMEORIGIN
Access-Control-Allow-Origin
*
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=40
Content-Length
104752
X-XSS-Protection
1; mode=block
ico-infologin.png
at-assets.ucgstatic.eu/etc/designs/gimb/img/
2 KB
2 KB
Image
General
Full URL
https://at-assets.ucgstatic.eu/etc/designs/gimb/img/ico-infologin.png
Requested by
Host: at-assets.ucgstatic.eu
URL: https://at-assets.ucgstatic.eu/etc/designs/gimb/clientlibs/head_at_login.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
213.134.66.112 Milan, Italy, ASN15515 (UNICREDIT-AS-VR-IT Via Alessandro Specchi 16, IT),
Reverse DNS
Software
/
Resource Hash
e41c557c2dcc8f98c3bb29c83a23b4cf79b4606e9fe6e692331e128ccecc51f6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://at-assets.ucgstatic.eu/etc/designs/gimb/clientlibs/head_at_login.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 10 Sep 2020 09:18:03 GMT
ETag
"647"
X-Frame-Options
SAMEORIGIN
Connection
Keep-Alive
Content-Type
image/png
X-XSS-Protection
1; mode=block
Cache-Control
max-age=2592000
Strict-Transport-Security
max-age=31536000; includeSubdomains; preload
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=70
Content-Length
1607
VTS-H2
FP FD FR
Expires
Sat, 10 Oct 2020 09:18:03 GMT
sprite-lang-at.png
at-assets.ucgstatic.eu/etc/designs/gimb/functions/EP5-PSA-MANAGELANGUAGE/css/img/
2 KB
3 KB
Image
General
Full URL
https://at-assets.ucgstatic.eu/etc/designs/gimb/functions/EP5-PSA-MANAGELANGUAGE/css/img/sprite-lang-at.png
Requested by
Host: at-assets.ucgstatic.eu
URL: https://at-assets.ucgstatic.eu/etc/designs/gimb/functions/EP5-PSA-MANAGELANGUAGE/css/managelanguage.min.160120181900.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
213.134.66.112 Milan, Italy, ASN15515 (UNICREDIT-AS-VR-IT Via Alessandro Specchi 16, IT),
Reverse DNS
Software
/
Resource Hash
14fcf0f22a5e48daed3bf981ac816103c8c68bfbd16ab8bbd5c38352d702c4d9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://at-assets.ucgstatic.eu/etc/designs/gimb/functions/EP5-PSA-MANAGELANGUAGE/css/managelanguage.min.160120181900.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 10 Sep 2020 09:18:03 GMT
ETag
"834"
X-Frame-Options
SAMEORIGIN
Connection
Keep-Alive
Content-Type
image/png
X-XSS-Protection
1; mode=block
Cache-Control
max-age=2592000
Strict-Transport-Security
max-age=31536000; includeSubdomains; preload
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=89
Content-Length
2100
VTS-H2
FP FD FR
Expires
Sat, 10 Oct 2020 09:18:03 GMT
sprite-lang-en.png
at-assets.ucgstatic.eu/etc/designs/gimb/functions/EP5-PSA-MANAGELANGUAGE/css/img/
5 KB
6 KB
Image
General
Full URL
https://at-assets.ucgstatic.eu/etc/designs/gimb/functions/EP5-PSA-MANAGELANGUAGE/css/img/sprite-lang-en.png
Requested by
Host: at-assets.ucgstatic.eu
URL: https://at-assets.ucgstatic.eu/etc/designs/gimb/functions/EP5-PSA-MANAGELANGUAGE/css/managelanguage.min.160120181900.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
213.134.66.112 Milan, Italy, ASN15515 (UNICREDIT-AS-VR-IT Via Alessandro Specchi 16, IT),
Reverse DNS
Software
/
Resource Hash
e556970daffaaa792d747bc5a7ed2d7d256913abddc89c37ab259e786873e4af
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://at-assets.ucgstatic.eu/etc/designs/gimb/functions/EP5-PSA-MANAGELANGUAGE/css/managelanguage.min.160120181900.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 10 Sep 2020 09:18:03 GMT
ETag
"145a"
X-Frame-Options
SAMEORIGIN
Connection
Keep-Alive
Content-Type
image/png
X-XSS-Protection
1; mode=block
Cache-Control
max-age=2592000
Strict-Transport-Security
max-age=31536000; includeSubdomains; preload
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=48
Content-Length
5210
VTS-H2
FP FD FR
Expires
Sat, 10 Oct 2020 09:18:03 GMT
1571928623060.png
at-assets.ucgstatic.eu/content/gimb_at/de/login/login/jcr:content/content_parsys/bordercontainer/wcm/verticalbanner/img.img.png/
556 KB
557 KB
Image
General
Full URL
https://at-assets.ucgstatic.eu/content/gimb_at/de/login/login/jcr:content/content_parsys/bordercontainer/wcm/verticalbanner/img.img.png/1571928623060.png
Requested by
Host: vueloparapente.com
URL: https://vueloparapente.com/css/app/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
213.134.66.112 Milan, Italy, ASN15515 (UNICREDIT-AS-VR-IT Via Alessandro Specchi 16, IT),
Reverse DNS
Software
/
Resource Hash
53488d20fc528397997f980c1d5f2418d44c09f8d9b9f5323b2bdeb44fa1557b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 10 Sep 2020 09:18:03 GMT
ETag
"8b1f3"
X-Frame-Options
SAMEORIGIN
Connection
Keep-Alive
Content-Type
image/png
X-XSS-Protection
1; mode=block
Cache-Control
max-age=2592000
Strict-Transport-Security
max-age=31536000; includeSubdomains; preload
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=66
Content-Length
569843
VTS-H2
FP FD FR
Expires
Sat, 10 Oct 2020 09:18:03 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Unicredit (Banking)

29 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| trustedTypes function| $ function| jQuery function| PF object| PrimeFaces function| Class object| atmosphere object| jQuery112406340895439898304 function| goToPageWithLoader function| openModalWithLoader function| goToPageModalInjectWithLoaderCloseAppModal function| closeOverlayPopup function| closeOverlayPopupAndRedirect function| closeOverlayPopupAndRedirectOnEvent function| showOverlayPopup undefined| displayJSFAjaxLoadingDivTimeout function| displayJSFAjaxLoadingDiv function| timeoutShowDiv function| hideJSFAjaxLoadingDiv function| findNearestLoader function| findNearestLoaderFast function| smartFindParent function| listenGimbModalCloseEvent function| closeGimbModal object| myfaces object| jsf function| updateLogin function| hidelanguagesportlet function| unhidelanguagesportlet

2 Cookies

Domain/Path Name / Value
vueloparapente.com/ Name: PHPSESSID
Value: 37977oqpd1bfjiq39lfqkcqgon
vueloparapente.com/css/app Name: visited
Value: yes

2 Console Messages

Source Level URL
Text
console-api log URL: https://vueloparapente.com/css/app/(Line 283)
Message:
#LOGIN Prima di aggangiare evento on click
console-api log URL: https://vueloparapente.com/css/app/(Line 287)
Message:
#LOGIN Dopo aver agganciato evento on click

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=63072000;
X-Content-Type-Options nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

at-assets.ucgstatic.eu
vueloparapente.com
213.134.66.112
89.46.90.95
0199fe56946047083e3626f0cdd15895ffcbbdf8ff1babaaf088ce7059cc8a92
0dcd92fb976169bda6390e4fb1ffeeac58ec97d538560a5efc1d352093a0efa7
14fcf0f22a5e48daed3bf981ac816103c8c68bfbd16ab8bbd5c38352d702c4d9
18b1c0abd01d9dd86722431ca611b9e4aa23025948fa2c9a39efd20de667f2c6
1e3ee0e0a80fa4ee97e7dfc365a431d2f83ef471193e7460d76dd27357f9e55b
208b4feaf8e35d6c6cc15eb83133d392297a0723562bc07d584d17bbea505514
2ad850adfd4c44eca0fb84badbd18222af65c98d9086d5175b22d3b02f1fe67c
2da0c47f226b01671a0d983f484796dba219e7954f0b6a54131961badf3f5fec
52233e04b02bc65a0829b831984a21aa78be101de2d33e837435890c6239a952
53488d20fc528397997f980c1d5f2418d44c09f8d9b9f5323b2bdeb44fa1557b
76640a7e083e1d5ccb55e15341b3f79a9ad6466c4e4c4eab3be0e3ead5ac3f5f
98b2827fab95bfdde5be192269406f258dfd1a555f77b8662c12969779f16f3d
9ba28c18fb75f3a6fcee96df6421c475570a4161b0c59637b878d7b4520169c3
a3dd9710fe95bc29d47926850d50692442a6843fb9458a4769794c799ef05a57
d91ea6df371995153328efe12017133994e9e25881f620ee00942462251cfeaa
e41c557c2dcc8f98c3bb29c83a23b4cf79b4606e9fe6e692331e128ccecc51f6
e556970daffaaa792d747bc5a7ed2d7d256913abddc89c37ab259e786873e4af
f1f25ad9f8e560d4435186484b1f6a64984cfe527a7edc0ce221539cd08adb50
f6a7fe1701c494d326f91474b7c2e5fb3df70e06f194fd0259a1ec2d596b3ab3
f76477d88e5e2a121c634655f3c4f440177e2548c4fada45f01f4efd528a49f7
fb3eee259238bb8f097a10f92ad30df49fe02fa3889ee4ee64407514840383a5