seguridad89822.webcindario.com Open in urlscan Pro
5.57.226.202  Malicious Activity! Public Scan

1 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

32 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request ls19c5.html Show response seguridad89822.webcindario.com/bnac/adfs/	57 KB 14 KB	5173ms 48ms	Document text/html	5.57.226.202 SERVIHOSTING-AS A...
General Check archive.org Show headers Download Go to Full URL https://seguridad89822.webcindario.com/bnac/adfs/ls19c5.html?B Protocol H2 Security TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305 Server 5.57.226.202 Madrid, Spain, ASN29119 (SERVIHOSTING-AS AireNetworks, ES), Reverse DNS Software nginx / Webcindario Hosting Service Resource Hash 2b937ebea2fe5cdab645abf63777fc0d57b2dd6f3efc16e0ba1f8346eeba3248 Request headers :method GET :authority seguridad89822.webcindario.com :scheme https :path /bnac/adfs/ls19c5.html?B pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 accept-language de-DE,de;q=0.9 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site none sec-fetch-mode navigate sec-fetch-user ?1 sec-fetch-dest document accept-encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Accept-Language de-DE,de;q=0.9 Response headers server nginx date Wed, 15 Sep 2021 20:12:03 GMT content-type text/html vary Accept-Encoding set-cookie __muid=631dace94e3a31a854b68800191ed26367003f97; Domain=.webcindario.com; Path=/; Expires=Tue, 19 Jan 2038 03:14:11 GMT; HttpOnly x-powered-by Webcindario Hosting Service content-encoding gzip
GET H2	200	style8f57.css seguridad89822.webcindario.com/bnac/adfs/portal/css/	26 KB 6 KB	49ms 48ms	Stylesheet text/css	5.57.226.202 SERVIHOSTING-AS A...
General Check archive.org Show headers Download Go to Full URL https://seguridad89822.webcindario.com/bnac/adfs/portal/css/style8f57.css?id=0F9A4AAB2FC50B0189F436642AAAA301641D0685424D403AAAB8DD4459949820&rp=37d0e840-bdc3-e911-90f3-005056b6cfbb Requested by Host: seguridad89822.webcindario.com URL: https://seguridad89822.webcindario.com/bnac/adfs/ls19c5.html?B Protocol H2 Security TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305 Server 5.57.226.202 Madrid, Spain, ASN29119 (SERVIHOSTING-AS AireNetworks, ES), Reverse DNS Software nginx / Webcindario Hosting Service Resource Hash be73cab6c4c09afb515cd2c2b637cbfbd5d3ed3af0a8f6e153c6288684d5cdd3 Request headers :path /bnac/adfs/portal/css/style8f57.css?id=0F9A4AAB2FC50B0189F436642AAAA301641D0685424D403AAAB8DD4459949820&rp=37d0e840-bdc3-e911-90f3-005056b6cfbb pragma no-cache cookie __muid=631dace94e3a31a854b68800191ed26367003f97 accept-encoding gzip, deflate, br accept-language de-DE,de;q=0.9 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 sec-fetch-mode no-cors accept text/css,*/*;q=0.1 cache-control no-cache sec-fetch-dest style :authority seguridad89822.webcindario.com referer https://seguridad89822.webcindario.com/bnac/adfs/ls19c5.html?B :scheme https sec-fetch-site same-origin :method GET Accept-Language de-DE,de;q=0.9 Referer https://seguridad89822.webcindario.com/bnac/adfs/ls19c5.html?B User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers date Wed, 15 Sep 2021 20:12:03 GMT content-encoding gzip last-modified Sat, 11 Sep 2021 20:15:29 GMT server nginx x-powered-by Webcindario Hosting Service etag W/"613d0e61-667d" vary Accept-Encoding content-type text/css
GET H2	200	/ Show response hosting.miarroba.info/	1 KB 1 KB	5529ms 60ms	Script application/javascript	2606:4700:3037::ac43:bb46 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://hosting.miarroba.info/?__muid=631dace94e3a31a854b68800191ed26367003f97&h=2076366&t=1631736723&k=c1ea521904223ce67a8afe3aa494c1bc Requested by Host: seguridad89822.webcindario.com URL: https://seguridad89822.webcindario.com/bnac/adfs/ls19c5.html?B Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3037::ac43:bb46 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 24711aceea4125ae9fd020197a05f873e19c40b952be70d36add9bafc7add9f3 Request headers Accept-Language de-DE,de;q=0.9 Referer https://seguridad89822.webcindario.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers date Wed, 15 Sep 2021 20:12:09 GMT content-encoding br cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} p3p CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 pragma no-cache last-modified Wed, 15 Sep 2021 20:12:09 GMT server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yyVmHmyubJrhYkpxRF87LvMq9C8S4nza8Nn%2FETz34hKK%2BVqBnQ%2FlZaCti2SpWuPltE94p6yPuJE%2FHS%2Bu%2BRzObAC5wiLPcIMAt5z%2BmYDGmF3O%2BjeVp2f%2BcByq4%2BU3KOcA64sJajIWiQM3O6DkiVEPdajtqi0%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=iso-8859-1 cache-control no-cache cf-ray 68f4821c2cbadfd3-FRA expires Mon, 26 Jul 1997 05:00:00 GMT
GET H2	204	choice.js Show response quantcast.mgr.consensu.org/choice/d5x2uDVHd7ALE/seguridad89822.webcindario.com/	0 324 B	5494ms 190ms	Script text/plain	2600:9000:2171:d400:9:46dc:4700:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://quantcast.mgr.consensu.org/choice/d5x2uDVHd7ALE/seguridad89822.webcindario.com/choice.js Requested by Host: seguridad89822.webcindario.com URL: https://seguridad89822.webcindario.com/bnac/adfs/ls19c5.html?B Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2171:d400:9:46dc:4700:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept-Language de-DE,de;q=0.9 Referer https://seguridad89822.webcindario.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers date Wed, 15 Sep 2021 20:12:08 GMT via 1.1 e9e1ae0211eb8060a9bf55183ccf8789.cloudfront.net (CloudFront) server AmazonS3 x-amz-cf-pop CDG53-C1 vary Access-Control-Request-Headers,Access-Control-Request-Method,Origin,Accept-Encoding x-cache Miss from cloudfront cache-control max-age=900 cross-origin-resource-policy cross-origin x-amz-cf-id L-PjcShnR-xB4CAZv6qVP6bDREcoMSqDYBXKSGZ0p6QjlrCAUkoOxQ==
GET H2	200	gtm.js Show response www.googletagmanager.com/	127 KB 48 KB	5339ms 34ms	Script application/javascript	2a00:1450:4007:813::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtm.js?id=GTM-T2VG59 Requested by Host: seguridad89822.webcindario.com URL: https://seguridad89822.webcindario.com/bnac/adfs/ls19c5.html?B Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4007:813::2008 , Ireland, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash bc501286631a885c8337fb0ee9ed06e17af7dd70a8a409721232d8e0f12b1e73 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://seguridad89822.webcindario.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers date Wed, 15 Sep 2021 20:12:08 GMT content-encoding br vary Accept-Encoding cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 48327 x-xss-protection 0 last-modified Wed, 15 Sep 2021 19:42:44 GMT server Google Tag Manager strict-transport-security max-age=31536000; includeSubDomains content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Wed, 15 Sep 2021 20:12:08 GMT
GET H2	200	css fonts.googleapis.com/	2 KB 1 KB	5277ms 29ms	Stylesheet text/css	2a00:1450:4007:815::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Open+Sans Requested by Host: seguridad89822.webcindario.com URL: https://seguridad89822.webcindario.com/bnac/adfs/ls19c5.html?B Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4007:815::200a , Ireland, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 3a57826dd4437403ec9dffe3d8a907466926d7123e4a765ec724d79ae24e1d54 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://seguridad89822.webcindario.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers strict-transport-security max-age=31536000 content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" x-xss-protection 0 last-modified Wed, 15 Sep 2021 18:15:49 GMT server ESF date Wed, 15 Sep 2021 20:12:08 GMT x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Wed, 15 Sep 2021 20:12:08 GMT
GET H2	200	css fonts.googleapis.com/	664 B 427 B	5282ms 35ms	Stylesheet text/css	2a00:1450:4007:815::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Lato Requested by Host: seguridad89822.webcindario.com URL: https://seguridad89822.webcindario.com/bnac/adfs/ls19c5.html?B Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4007:815::200a , Ireland, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash f8f5705ee03667d1a28565f6dc84b7748bb9d7c4ded30c270354edd054b86b32 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://seguridad89822.webcindario.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers strict-transport-security max-age=31536000 content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" x-xss-protection 0 last-modified Wed, 15 Sep 2021 20:11:15 GMT server ESF date Wed, 15 Sep 2021 20:12:08 GMT x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Wed, 15 Sep 2021 20:12:08 GMT
GET H2	200	css fonts.googleapis.com/	5 KB 730 B	5278ms 31ms	Stylesheet text/css	2a00:1450:4007:815::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400&display=swap Requested by Host: seguridad89822.webcindario.com URL: https://seguridad89822.webcindario.com/bnac/adfs/ls19c5.html?B Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4007:815::200a , Ireland, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash ab7baab728cf4fa117cbdd177d0d2f148a69f6ae40859bd3ee5624b5387ca70b Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://seguridad89822.webcindario.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers strict-transport-security max-age=31536000 content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" x-xss-protection 0 last-modified Wed, 15 Sep 2021 20:12:08 GMT server ESF date Wed, 15 Sep 2021 20:12:08 GMT x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Wed, 15 Sep 2021 20:12:08 GMT
GET H2	200	analytics.js Show response www.google-analytics.com/	48 KB 20 KB	5101ms 22ms	Script text/javascript	2a00:1450:4007:817::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/analytics.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-T2VG59 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4007:817::200e , Ireland, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62 Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9 Referer https://seguridad89822.webcindario.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers strict-transport-security max-age=10886400; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff last-modified Wed, 11 Aug 2021 00:32:57 GMT server Golfe2 age 6880 date Wed, 15 Sep 2021 18:17:33 GMT vary Accept-Encoding content-type text/javascript cache-control public, max-age=7200 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 19747 expires Wed, 15 Sep 2021 20:17:33 GMT
GET H2	200	quant.js Show response secure.quantserve.com/	24 KB 9 KB	5060ms 10ms	Script application/javascript	2620:116:800d:21:8c6e:cf2c:8d6:9fb5 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://secure.quantserve.com/quant.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-T2VG59 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2620:116:800d:21:8c6e:cf2c:8d6:9fb5 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software / Resource Hash 95b17ad661699c049d42195b8ccd1d855045a1fcfbd20d8609a6d87fa5703810 Request headers Accept-Language de-DE,de;q=0.9 Referer https://seguridad89822.webcindario.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers date Wed, 15 Sep 2021 20:12:13 GMT content-encoding gzip etag "lp772EpWKwf8Kq7YKMhbuw==" vary Accept-Encoding content-type application/javascript cache-control private, max-age=604800 cross-origin-resource-policy cross-origin accept-ranges bytes expires Wed, 22 Sep 2021 20:12:13 GMT
GET H2	200	ads Show response des.smartclip.net/	20 B 353 B	5058ms 10ms	Script application/javascript	35.186.194.101 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://des.smartclip.net/ads?type=dyn&plc=75133&elementId=631dace94e3a31a854b68800191ed26367003f97&sz=400x320&rnd=16703857 Requested by Host: seguridad89822.webcindario.com URL: https://seguridad89822.webcindario.com/bnac/adfs/ls19c5.html?B Protocol H2 Security TLS 1.3, , AES_128_GCM Server 35.186.194.101 Kansas City, United States, ASN15169 (GOOGLE, US), Reverse DNS 101.194.186.35.bc.googleusercontent.com Software nginx/1.17.6 / Resource Hash 7285303c6f1bd19a091fb8046d1c43704c3f846461b957fe4198c3e051fce7eb Request headers Accept-Language de-DE,de;q=0.9 Referer https://seguridad89822.webcindario.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers date Wed, 15 Sep 2021 20:12:14 GMT content-encoding gzip sc-supply-network 999999 vary Accept-Encoding p3p CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" via 1.1 google sc-uuid a744c7ee-9482-401b-8e6e-2e3ecbd12f2f access-control-allow-credentials true sc-device-type PC content-type application/javascript; charset=utf-8 alt-svc clear server nginx/1.17.6
GET H2	200	lz_loader.js Show response img.sunmediaads.com/ads/	112 KB 113 KB	5219ms 13ms	Script text/javascript	205.185.216.10 HIGHWINDS3
General Check archive.org Show headers Download Go to Full URL https://img.sunmediaads.com/ads/lz_loader.js?ver=1.4 Requested by Host: seguridad89822.webcindario.com URL: https://seguridad89822.webcindario.com/bnac/adfs/ls19c5.html?B Protocol H2 Security TLS 1.3, , AES_128_GCM Server 205.185.216.10 , United States, ASN20446 (HIGHWINDS3, US), Reverse DNS map2.hwcdn.net Software / Resource Hash 7c074d5639b08b7eee3923842b52d5333c37eceb96baf14ee213584981066fe5 Request headers Accept-Language de-DE,de;q=0.9 Referer https://seguridad89822.webcindario.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers date Wed, 15 Sep 2021 20:12:14 GMT last-modified Sun, 05 Apr 2020 16:15:53 GMT etag "1586103353" x-hw 1631736734.dop226.fr8.t,1631736734.cds260.fr8.hn,1631736734.cds208.fr8.c content-type text/javascript cache-control max-age=0 accept-ranges bytes content-length 115125
POST H2	200	607f6b0b381bbc1f64fa027d62891072_cookie.php Show response hosting.miarroba.info/ Frame 66F6	46 B 443 B	58ms 58ms	Document text/html	2606:4700:3037::ac43:bb46 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://hosting.miarroba.info/607f6b0b381bbc1f64fa027d62891072_cookie.php Requested by Host: seguridad89822.webcindario.com URL: https://seguridad89822.webcindario.com/bnac/adfs/ls19c5.html?B Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3037::ac43:bb46 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 19603242f3bfa5b6cf922d65bc2353813d1b4c3a4b970638f3fa1c5b6dd39a88 Request headers :method POST :authority hosting.miarroba.info :scheme https :path /607f6b0b381bbc1f64fa027d62891072_cookie.php content-length 162 pragma no-cache cache-control no-cache upgrade-insecure-requests 1 origin https://seguridad89822.webcindario.com content-type application/x-www-form-urlencoded user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 accept-language de-DE,de;q=0.9 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site cross-site sec-fetch-mode navigate sec-fetch-dest iframe referer https://seguridad89822.webcindario.com/ accept-encoding gzip, deflate, br Upgrade-Insecure-Requests 1 Origin https://seguridad89822.webcindario.com Content-Type application/x-www-form-urlencoded User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://seguridad89822.webcindario.com/ Response headers date Wed, 15 Sep 2021 20:12:09 GMT content-type text/html; charset=iso-8859-1 vary Accept-Encoding set-cookie __weslvu=1631736729; expires=Wed, 15-Sep-2021 21:12:09 GMT; Max-Age=3600; path=/; domain=hosting.miarroba.info cf-cache-status DYNAMIC expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tUnwNVSF4LuyHwbk2xiScVxazIiu%2F0IorTuG9lgmP40ehqlV2mKY3PPXtuI7O2F4%2FML8l2wYOonexFH1gesqkl9CtLh41SnEhvDJlZtfzOWeVEGkc%2FzHSGZkhqtLxaZDZc0jXpYTQKZ2k0FC%2BM4DessGWqo%3D"}],"group":"cf-nel","max_age":604800} nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare cf-ray 68f4821c9d63dfd3-FRA content-encoding br alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
GET H2	200	rules-p-d5x2uDVHd7ALE.js Show response rules.quantcount.com/	3 B 428 B	5089ms 18ms	Script application/javascript	2600:9000:218d:9600:6:44e3:f8c0:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://rules.quantcount.com/rules-p-d5x2uDVHd7ALE.js Requested by Host: secure.quantserve.com URL: https://secure.quantserve.com/quant.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:218d:9600:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356 Request headers Accept-Language de-DE,de;q=0.9 Referer https://seguridad89822.webcindario.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers date Wed, 15 Sep 2021 04:29:24 GMT via 1.1 e01ab9056cc78875229a55be936f41ee.cloudfront.net (CloudFront) age 56576 x-cache Hit from cloudfront cross-origin-resource-policy cross-origin content-length 3 last-modified Sat, 04 Mar 2017 20:57:48 GMT server AmazonS3 etag "8a80554c91d9fca8acb82f023de02f11" access-control-allow-methods GET content-type application/javascript access-control-allow-origin * cache-control max-age=86400 x-amz-cf-pop CDG50-P2 accept-ranges bytes x-amz-cf-id 7m1X-ZBUuDVdJWrstDK5fYSjB5rsfYWLA1-b9erBP_gh4fD3Hs9Dig==
POST H2	200	collect Show response www.google-analytics.com/j/	2 B 217 B	26ms 26ms	XHR text/plain	2a00:1450:4007:817::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/j/collect?v=1&_v=j93&a=1728249834&t=pageview&_s=1&dl=https%3A%2F%2Fseguridad89822.webcindario.com%2Fbnac%2Fadfs%2Fls19c5.html%3FB&ul=en-us&de=UTF-8&dt=Banco%20Nacional%20de%20Costa%20Rica.%20Inicio%20de%20Sesion&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAAABCAAAAC~&jid=1475935966&gjid=1355916224&cid=1225691133.1631736734&tid=UA-597118-7&_gid=1531643429.1631736734&_r=1&gtm=2wg9d0T2VG59&z=860245033 Requested by Host: www.google-analytics.com URL: https://www.google-analytics.com/analytics.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4007:817::200e , Ireland, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://seguridad89822.webcindario.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Content-Type text/plain Response headers pragma no-cache date Wed, 15 Sep 2021 20:12:14 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 content-type text/plain access-control-allow-origin https://seguridad89822.webcindario.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 2 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H2	200	collect Show response www.google-analytics.com/j/	2 B 67 B	25ms 25ms	XHR text/plain	2a00:1450:4007:817::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/j/collect?v=1&_v=j93&a=1728249834&t=pageview&_s=1&dl=https%3A%2F%2Fseguridad89822.webcindario.com%2Fbnac%2Fadfs%2Fls19c5.html%3FB&ul=en-us&de=UTF-8&dt=Banco%20Nacional%20de%20Costa%20Rica.%20Inicio%20de%20Sesion&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEDAAAABCAAAAC~&jid=12034137&gjid=1822866969&cid=1225691133.1631736734&tid=UA-597118-1&_gid=1531643429.1631736734&_r=1&gtm=2wg9d0T2VG59&z=1426374646 Requested by Host: www.google-analytics.com URL: https://www.google-analytics.com/analytics.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4007:817::200e , Ireland, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://seguridad89822.webcindario.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Content-Type text/plain Response headers pragma no-cache date Wed, 15 Sep 2021 20:12:14 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 content-type text/plain access-control-allow-origin https://seguridad89822.webcindario.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 2 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H2	200	collect Show response stats.g.doubleclick.net/j/	4 B 473 B	5088ms 21ms	XHR text/plain	2a00:1450:400c:c08::9a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j93&tid=UA-597118-7&cid=1225691133.1631736734&jid=1475935966&gjid=1355916224&_gid=1531643429.1631736734&_u=YEBAAAAACAAAAC~&z=1275280022 Requested by Host: www.google-analytics.com URL: https://www.google-analytics.com/analytics.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:400c:c08::9a Brussels, Belgium, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80 Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://seguridad89822.webcindario.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Content-Type text/plain Response headers pragma no-cache strict-transport-security max-age=10886400; includeSubDomains; preload x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 date Wed, 15 Sep 2021 20:12:19 GMT content-type text/plain access-control-allow-origin https://seguridad89822.webcindario.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 4 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H2	200	collect Show response stats.g.doubleclick.net/j/	4 B 70 B	5086ms 22ms	XHR text/plain	2a00:1450:400c:c08::9a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j93&tid=UA-597118-1&cid=1225691133.1631736734&jid=12034137&gjid=1822866969&_gid=1531643429.1631736734&_u=YEDAAAABCAAAAC~&z=484723170 Requested by Host: www.google-analytics.com URL: https://www.google-analytics.com/analytics.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:400c:c08::9a Brussels, Belgium, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80 Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://seguridad89822.webcindario.com/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Content-Type text/plain Response headers pragma no-cache strict-transport-security max-age=10886400; includeSubDomains; preload x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 date Wed, 15 Sep 2021 20:12:19 GMT content-type text/plain access-control-allow-origin https://seguridad89822.webcindario.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 4 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H/1.1	200 OK	zone.php Show response play.sunmediaads.com/red/	1005 B 2 KB	5310ms 34ms	Script text/html	212.92.55.8 NEXICA-AS
General Check archive.org Show headers Download Go to Full URL https://play.sunmediaads.com/red/zone.php?code=HEZRL65RXYI2&a=&pubid=&lgid=17966454670.4588015052093013 Requested by Host: img.sunmediaads.com URL: https://img.sunmediaads.com/ads/lz_loader.js?ver=1.4 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 212.92.55.8 Vilanova de la Roca, Spain, ASN24592 (NEXICA-AS, ES), Reverse DNS unamed.nexica.net Software Apache / Resource Hash be5eeb099a1cf713146da66dd7c33e478e64d3c021a1a08fc21ba103064951a9 Request headers Accept-Language de-DE,de;q=0.9 Referer https://seguridad89822.webcindario.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers Date Wed, 15 Sep 2021 19:56:50 GMT Server Apache Connection close Content-Length 1005 Content-Type text/html; charset=UTF-8
GET H2	200	illustrationba1b.png seguridad89822.webcindario.com/bnac/adfs/portal/illustration/	114 KB 114 KB	41ms 40ms	Image image/png	5.57.226.202 SERVIHOSTING-AS A...
General Check archive.org Show headers Download Go to Show image Full URL https://seguridad89822.webcindario.com/bnac/adfs/portal/illustration/illustrationba1b.png?id=183128A3C941EDE3D9199FA37D6AA90E0A7DFE101B37D10B4FEDA0CF35E11AFD&amp;rp=37d0e840-bdc3-e911-90f3-005056b6cfbb Protocol H2 Security TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305 Server 5.57.226.202 Madrid, Spain, ASN29119 (SERVIHOSTING-AS AireNetworks, ES), Reverse DNS Software nginx / Webcindario Hosting Service Resource Hash 183128a3c941ede3d9199fa37d6aa90e0a7dfe101b37d10b4feda0cf35e11afd Request headers :path /bnac/adfs/portal/illustration/illustrationba1b.png?id=183128A3C941EDE3D9199FA37D6AA90E0A7DFE101B37D10B4FEDA0CF35E11AFD&amp;rp=37d0e840-bdc3-e911-90f3-005056b6cfbb pragma no-cache cookie _dlt=1; __muid=631dace94e3a31a854b68800191ed26367003f97; _ga=GA1.3.1225691133.1631736734; _gid=GA1.3.1531643429.1631736734; _gat_UA-597118-7=1; _gat_UA-597118-1=1 accept-encoding gzip, deflate, br accept-language de-DE,de;q=0.9 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 sec-fetch-mode no-cors accept image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8 cache-control no-cache sec-fetch-dest image :authority seguridad89822.webcindario.com referer https://seguridad89822.webcindario.com/bnac/adfs/ls19c5.html?B :scheme https sec-fetch-site same-origin :method GET Accept-Language de-DE,de;q=0.9 Referer https://seguridad89822.webcindario.com/bnac/adfs/ls19c5.html?B User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers date Wed, 15 Sep 2021 20:12:19 GMT last-modified Sat, 11 Sep 2021 20:15:31 GMT server nginx x-powered-by Webcindario Hosting Service etag "613d0e63-1c7db" content-type image/png accept-ranges bytes content-length 116699
GET H2	200	fondo.jpg seguridad89822.webcindario.com/bnac/adfs/portal/images/bncr/	83 KB 84 KB	41ms 41ms	Image image/jpeg	5.57.226.202 SERVIHOSTING-AS A...
General Check archive.org Show headers Download Go to Show image Full URL https://seguridad89822.webcindario.com/bnac/adfs/portal/images/bncr/fondo.jpg Requested by Host: seguridad89822.webcindario.com URL: https://seguridad89822.webcindario.com/bnac/adfs/portal/css/style8f57.css?id=0F9A4AAB2FC50B0189F436642AAAA301641D0685424D403AAAB8DD4459949820&rp=37d0e840-bdc3-e911-90f3-005056b6cfbb Protocol H2 Security TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305 Server 5.57.226.202 Madrid, Spain, ASN29119 (SERVIHOSTING-AS AireNetworks, ES), Reverse DNS Software nginx / Webcindario Hosting Service Resource Hash a25ba1b157ec936592d10b603b83173744a279f8be236e4dc3f25aab9fbbd452 Request headers :path /bnac/adfs/portal/images/bncr/fondo.jpg pragma no-cache cookie _dlt=1; __muid=631dace94e3a31a854b68800191ed26367003f97; _ga=GA1.3.1225691133.1631736734; _gid=GA1.3.1531643429.1631736734; _gat_UA-597118-7=1; _gat_UA-597118-1=1 accept-encoding gzip, deflate, br accept-language de-DE,de;q=0.9 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 sec-fetch-mode no-cors accept image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8 cache-control no-cache sec-fetch-dest image :authority seguridad89822.webcindario.com referer https://seguridad89822.webcindario.com/bnac/adfs/portal/css/style8f57.css?id=0F9A4AAB2FC50B0189F436642AAAA301641D0685424D403AAAB8DD4459949820&rp=37d0e840-bdc3-e911-90f3-005056b6cfbb :scheme https sec-fetch-site same-origin :method GET Accept-Language de-DE,de;q=0.9 Referer https://seguridad89822.webcindario.com/bnac/adfs/portal/css/style8f57.css?id=0F9A4AAB2FC50B0189F436642AAAA301641D0685424D403AAAB8DD4459949820&rp=37d0e840-bdc3-e911-90f3-005056b6cfbb User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers date Wed, 15 Sep 2021 20:12:19 GMT last-modified Sat, 11 Sep 2021 20:15:34 GMT server nginx x-powered-by Webcindario Hosting Service etag "613d0e66-14d8f" content-type image/jpeg accept-ranges bytes content-length 85391
GET H2	200	firma.png seguridad89822.webcindario.com/bnac/adfs/portal/images/bncr/	3 KB 3 KB	75ms 74ms	Image image/png	5.57.226.202 SERVIHOSTING-AS A...
General Check archive.org Show headers Download Go to Show image Full URL https://seguridad89822.webcindario.com/bnac/adfs/portal/images/bncr/firma.png Requested by Host: seguridad89822.webcindario.com URL: https://seguridad89822.webcindario.com/bnac/adfs/portal/css/style8f57.css?id=0F9A4AAB2FC50B0189F436642AAAA301641D0685424D403AAAB8DD4459949820&rp=37d0e840-bdc3-e911-90f3-005056b6cfbb Protocol H2 Security TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305 Server 5.57.226.202 Madrid, Spain, ASN29119 (SERVIHOSTING-AS AireNetworks, ES), Reverse DNS Software nginx / Webcindario Hosting Service Resource Hash 52691c4f90034c90a93cb95cf2c62e8bfee3f2da454e5ad4195b89db97dfe446 Request headers :path /bnac/adfs/portal/images/bncr/firma.png pragma no-cache cookie _dlt=1; __muid=631dace94e3a31a854b68800191ed26367003f97; _ga=GA1.3.1225691133.1631736734; _gid=GA1.3.1531643429.1631736734; _gat_UA-597118-7=1; _gat_UA-597118-1=1 accept-encoding gzip, deflate, br accept-language de-DE,de;q=0.9 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 sec-fetch-mode no-cors accept image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8 cache-control no-cache sec-fetch-dest image :authority seguridad89822.webcindario.com referer https://seguridad89822.webcindario.com/bnac/adfs/portal/css/style8f57.css?id=0F9A4AAB2FC50B0189F436642AAAA301641D0685424D403AAAB8DD4459949820&rp=37d0e840-bdc3-e911-90f3-005056b6cfbb :scheme https sec-fetch-site same-origin :method GET Accept-Language de-DE,de;q=0.9 Referer https://seguridad89822.webcindario.com/bnac/adfs/portal/css/style8f57.css?id=0F9A4AAB2FC50B0189F436642AAAA301641D0685424D403AAAB8DD4459949820&rp=37d0e840-bdc3-e911-90f3-005056b6cfbb User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers date Wed, 15 Sep 2021 20:12:19 GMT last-modified Sat, 11 Sep 2021 20:15:34 GMT server nginx x-powered-by Webcindario Hosting Service etag "613d0e66-a10" content-type image/png accept-ranges bytes content-length 2576
GET H2	200	JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 fonts.gstatic.com/s/montserrat/v12/	18 KB 19 KB	5120ms 41ms	Font font/woff2	2a00:1450:4007:80f::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/montserrat/v12/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 Requested by Host: seguridad89822.webcindario.com URL: https://seguridad89822.webcindario.com/bnac/adfs/portal/css/style8f57.css?id=0F9A4AAB2FC50B0189F436642AAAA301641D0685424D403AAAB8DD4459949820&rp=37d0e840-bdc3-e911-90f3-005056b6cfbb Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4007:80f::2003 , Ireland, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 4ab7918478793ceb022d3f5449e401b44b78d87bc4429058ebb8b64163640da2 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://seguridad89822.webcindario.com/ Origin https://seguridad89822.webcindario.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers date Wed, 15 Sep 2021 09:26:39 GMT x-content-type-options nosniff age 38745 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 18684 x-xss-protection 0 last-modified Tue, 07 Nov 2017 15:24:32 GMT server sffe report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="apps-themes" expires Thu, 15 Sep 2022 09:26:39 GMT
GET H2	200	mem8YaGs126MiZpBA-UFVZ0b.woff2 fonts.gstatic.com/s/opensans/v23/	14 KB 15 KB	5103ms 25ms	Font font/woff2	2a00:1450:4007:80f::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/opensans/v23/mem8YaGs126MiZpBA-UFVZ0b.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Open+Sans Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4007:80f::2003 , Ireland, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash a42f2ec73409f2753ef17d737714c86303fa45fc3a3d484a9b0c8ed28ef0fd6b Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://seguridad89822.webcindario.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers date Wed, 08 Sep 2021 23:51:41 GMT x-content-type-options nosniff age 591643 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 14440 x-xss-protection 0 last-modified Tue, 10 Aug 2021 00:23:25 GMT server sffe content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Thu, 08 Sep 2022 23:51:41 GMT
GET H2	200	logo.png seguridad89822.webcindario.com/bnac/adfs/portal/images/bncr/	2 KB 2 KB	175ms 175ms	Image image/png	5.57.226.202 SERVIHOSTING-AS A...
General Check archive.org Show headers Download Go to Show image Full URL https://seguridad89822.webcindario.com/bnac/adfs/portal/images/bncr/logo.png Protocol H2 Security TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305 Server 5.57.226.202 Madrid, Spain, ASN29119 (SERVIHOSTING-AS AireNetworks, ES), Reverse DNS Software nginx / Webcindario Hosting Service Resource Hash a11306b40a20c1d8d40e2746d1ee259b7556c00bcbc719e5e1065f02b7cc427c Request headers :path /bnac/adfs/portal/images/bncr/logo.png pragma no-cache cookie _dlt=1; __muid=631dace94e3a31a854b68800191ed26367003f97; _ga=GA1.3.1225691133.1631736734; _gid=GA1.3.1531643429.1631736734; _gat_UA-597118-7=1; _gat_UA-597118-1=1 accept-encoding gzip, deflate, br accept-language de-DE,de;q=0.9 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 sec-fetch-mode no-cors accept image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8 cache-control no-cache sec-fetch-dest image :authority seguridad89822.webcindario.com referer https://seguridad89822.webcindario.com/bnac/adfs/ls19c5.html?B :scheme https sec-fetch-site same-origin :method GET Accept-Language de-DE,de;q=0.9 Referer https://seguridad89822.webcindario.com/bnac/adfs/ls19c5.html?B User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers date Wed, 15 Sep 2021 20:12:19 GMT last-modified Sat, 11 Sep 2021 20:15:35 GMT server nginx x-powered-by Webcindario Hosting Service etag "613d0e67-8ea" content-type image/png accept-ranges bytes content-length 2282
GET H2	200	BNChat.png seguridad89822.webcindario.com/bnac/adfs/portal/images/bncr/	5 KB 6 KB	176ms 176ms	Image image/png	5.57.226.202 SERVIHOSTING-AS A...
General Check archive.org Show headers Download Go to Show image Full URL https://seguridad89822.webcindario.com/bnac/adfs/portal/images/bncr/BNChat.png Protocol H2 Security TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305 Server 5.57.226.202 Madrid, Spain, ASN29119 (SERVIHOSTING-AS AireNetworks, ES), Reverse DNS Software nginx / Webcindario Hosting Service Resource Hash 2e4ecfa7866203cf7f8f705c2c9fffa8cdeb3b11bea0cae4399f6bc974b07b6f Request headers :path /bnac/adfs/portal/images/bncr/BNChat.png pragma no-cache cookie _dlt=1; __muid=631dace94e3a31a854b68800191ed26367003f97; _ga=GA1.3.1225691133.1631736734; _gid=GA1.3.1531643429.1631736734; _gat_UA-597118-7=1; _gat_UA-597118-1=1 accept-encoding gzip, deflate, br accept-language de-DE,de;q=0.9 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 sec-fetch-mode no-cors accept image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8 cache-control no-cache sec-fetch-dest image :authority seguridad89822.webcindario.com referer https://seguridad89822.webcindario.com/bnac/adfs/ls19c5.html?B :scheme https sec-fetch-site same-origin :method GET Accept-Language de-DE,de;q=0.9 Referer https://seguridad89822.webcindario.com/bnac/adfs/ls19c5.html?B User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers date Wed, 15 Sep 2021 20:12:19 GMT last-modified Sat, 11 Sep 2021 20:15:33 GMT server nginx x-powered-by Webcindario Hosting Service etag "613d0e65-15c3" content-type image/png accept-ranges bytes content-length 5571
GET H2	200	ga-audiences www.google.com/ads/	42 B 107 B	5112ms 44ms	Image image/gif	2a00:1450:4007:80e::2004 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j93&tid=UA-597118-7&cid=1225691133.1631736734&jid=1475935966&_u=YEBAAAAACAAAAC~&z=1624688119 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4007:80e::2004 , Ireland, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://seguridad89822.webcindario.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers pragma no-cache date Wed, 15 Sep 2021 20:12:24 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	ga-audiences www.google.de/ads/	42 B 107 B	5133ms 43ms	Image image/gif	2a00:1450:4007:818::2003 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j93&tid=UA-597118-7&cid=1225691133.1631736734&jid=1475935966&_u=YEBAAAAACAAAAC~&z=1624688119 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4007:818::2003 , Ireland, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://seguridad89822.webcindario.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers pragma no-cache date Wed, 15 Sep 2021 20:12:24 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	ga-audiences www.google.com/ads/	42 B 522 B	5110ms 43ms	Image image/gif	2a00:1450:4007:80e::2004 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j93&tid=UA-597118-1&cid=1225691133.1631736734&jid=12034137&_u=YEDAAAABCAAAAC~&z=1532025685 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4007:80e::2004 , Ireland, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://seguridad89822.webcindario.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers pragma no-cache date Wed, 15 Sep 2021 20:12:24 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	ga-audiences www.google.de/ads/	42 B 522 B	5132ms 43ms	Image image/gif	2a00:1450:4007:818::2003 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j93&tid=UA-597118-1&cid=1225691133.1631736734&jid=12034137&_u=YEDAAAABCAAAAC~&z=1532025685 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4007:818::2003 , Ireland, ASN15169 (GOOGLE, US), Reverse DNS Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language de-DE,de;q=0.9 Referer https://seguridad89822.webcindario.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Response headers pragma no-cache date Wed, 15 Sep 2021 20:12:24 GMT x-content-type-options nosniff server cafe timing-allow-origin * p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin content-type image/gif alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET		8c4105a4-90ec-434c-bf14-82b194e3019f.js static.sunmedia.tv/integrations/8c4105a4-90ec-434c-bf14-82b194e3019f/	0 0
GET		/ servingcdn.net/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

static.sunmedia.tv

URL

https://static.sunmedia.tv/integrations/8c4105a4-90ec-434c-bf14-82b194e3019f/8c4105a4-90ec-434c-bf14-82b194e3019f.js

Domain

servingcdn.net

URL

https://servingcdn.net/?uid=5e18adb5b6e69a5d886e2702&w=320&h=50&click=

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Banco Nacional (Banking)

143 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| onbeforexrselect boolean| originAgentCluster function| __tcfapi function| __uspapi object| dataLayer function| LoginErrors number| maxPasswordLength function| InputUtil function| SelectOption function| Login string| Title string| LoginTitle string| urlBnMovilDefault string| urlIBDefault string| urlBNSDefault string| urlLostPassword string| urlLostPasswordBnMovil string| urlAffiliate string| urlAffiliateBnMovil string| urlApiToken string| urlCambioClave string| urlCambioClaveBNM string| indiceAuth string| indiceBNM string| indiceIB string| indiceBNS string| urlIBCDescarga string| rutabase string| urlLogo string| urlChatImg string| urlChat string| FooterSeccionLeftLogin string| FooterSeccionCenterLogin string| FooterSeccionRightLogin string| FooterSeccionLeftKeyBoard string| FooterSeccionCenterKeyBoard string| FooterSeccionRightKeyBoard string| FooterSeccionLeftOTP string| FooterSeccionCenterOTP string| FooterSeccionRightOTP string| Terms string| TermsUrl string| Privacy string| PrivacyUrl string| chatLink string| helpModal object| contentHtml undefined| emails undefined| msViewportStyle undefined| viewport function| getStyle function| LoadTheme function| IsIB function| IsIBMovil function| IsBNS function| Signout function| ClearDomain function| CambioContrasena function| HideShowControl function| ElementExist function| WindowsRedirect function| ExistMFA function| DrawMFA function| ApplyCSSInput function| SetValueInput function| ControlFooter function| GetReturnUri function| GetParamts function| GetUsrName function| AppendLostPassword function| AppendCertificate function| AppendUserName function| InitControls function| LettersAndNumbers function| CertificateClick function| HelpClick function| ValidarErrorCert function| RestringirMoviles function| Close object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| mia_ga object| _qevents object| s string| t object| lz_elem function| quantserve function| __qc object| ezt object| _qoptions function| qtrack object| gaplugins object| gaGlobal object| gaData object| parser object| lz_ua function| _lz_console object| lz_console function| _lz_utils object| lz_utils object| dfcheck object| df_orientation_data object| df_motion_data object| pool undefined| current number| default_lz_max_time_fallback object| lz_fallback object| lz_ads number| lz_time_listener object| pila_ban function| fixtweakboxapp function| lz_loadads function| lz_loadscripts function| lz_loadfill function| lz_loadscr function| lz_callfallback function| lz_script_item function| lz_listener_dummy function| lz_listener_banner function| lz_fallback_banner function| lz_listener_sunmedia function| lz_fallback_sunmedia function| IW_carga function| UAParser boolean| scoreForce function| lz_touchend function| lz_touchstart function| lz_deviceorientation function| lz_MozOrientation function| lz_devicemotion number| lz_max_time_fallback function| htmlParser function| oldwrite function| oldwriteln function| IW_load string| lz_zone string| pubcidCookie object| target function| a object| n

8 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.webcindario.com/bnac/adfs	1969-12-31 23:59:59	Name: _dlt Value: 1
			.webcindario.com/	1970-01-25 20:31:23	Name: __muid Value: 631dace94e3a31a854b68800191ed26367003f97
			.seguridad89822.webcindario.com/	1970-01-20 14:46:48	Name: _ga Value: GA1.3.1225691133.1631736734
			.seguridad89822.webcindario.com/	1970-01-19 21:17:03	Name: _gid Value: GA1.3.1531643429.1631736734
			.seguridad89822.webcindario.com/	1970-01-19 21:15:36	Name: _gat_UA-597118-7 Value: 1
			.seguridad89822.webcindario.com/	1970-01-19 21:15:36	Name: _gat_UA-597118-1 Value: 1
			.sunmediaads.com/	1970-01-20 06:01:12	Name: lz_frecy Value: %7B%22HEZRL65RXYI2%22%3A%7B%22times%22%3A1%2C%22time%22%3A1631743200%7D%7D
			.sunmediaads.com/	1970-01-20 06:01:12	Name: lz_frecy_crea Value: %7B%22HEZRL65RXYI2%22%3A%7B%221%22%3A%7B%22visto%22%3A1%2C%22time%22%3A1631743200%7D%7D%7D

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

des.smartclip.net
fonts.googleapis.com
fonts.gstatic.com
hosting.miarroba.info
img.sunmediaads.com
play.sunmediaads.com
quantcast.mgr.consensu.org
rules.quantcount.com
secure.quantserve.com
seguridad89822.webcindario.com
servingcdn.net
static.sunmedia.tv
stats.g.doubleclick.net
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
servingcdn.net
static.sunmedia.tv
205.185.216.10
212.92.55.8
2600:9000:2171:d400:9:46dc:4700:93a1
2600:9000:218d:9600:6:44e3:f8c0:93a1
2606:4700:3037::ac43:bb46
2620:116:800d:21:8c6e:cf2c:8d6:9fb5
2a00:1450:4007:80e::2004
2a00:1450:4007:80f::2003
2a00:1450:4007:813::2008
2a00:1450:4007:815::200a
2a00:1450:4007:817::200e
2a00:1450:4007:818::2003
2a00:1450:400c:c08::9a
35.186.194.101
5.57.226.202
183128a3c941ede3d9199fa37d6aa90e0a7dfe101b37d10b4feda0cf35e11afd
19603242f3bfa5b6cf922d65bc2353813d1b4c3a4b970638f3fa1c5b6dd39a88
24711aceea4125ae9fd020197a05f873e19c40b952be70d36add9bafc7add9f3
2b937ebea2fe5cdab645abf63777fc0d57b2dd6f3efc16e0ba1f8346eeba3248
2e4ecfa7866203cf7f8f705c2c9fffa8cdeb3b11bea0cae4399f6bc974b07b6f
3a57826dd4437403ec9dffe3d8a907466926d7123e4a765ec724d79ae24e1d54
4ab7918478793ceb022d3f5449e401b44b78d87bc4429058ebb8b64163640da2
52691c4f90034c90a93cb95cf2c62e8bfee3f2da454e5ad4195b89db97dfe446
7285303c6f1bd19a091fb8046d1c43704c3f846461b957fe4198c3e051fce7eb
7c074d5639b08b7eee3923842b52d5333c37eceb96baf14ee213584981066fe5
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
95b17ad661699c049d42195b8ccd1d855045a1fcfbd20d8609a6d87fa5703810
a11306b40a20c1d8d40e2746d1ee259b7556c00bcbc719e5e1065f02b7cc427c
a25ba1b157ec936592d10b603b83173744a279f8be236e4dc3f25aab9fbbd452
a42f2ec73409f2753ef17d737714c86303fa45fc3a3d484a9b0c8ed28ef0fd6b
ab7baab728cf4fa117cbdd177d0d2f148a69f6ae40859bd3ee5624b5387ca70b
bc501286631a885c8337fb0ee9ed06e17af7dd70a8a409721232d8e0f12b1e73
be5eeb099a1cf713146da66dd7c33e478e64d3c021a1a08fc21ba103064951a9
be73cab6c4c09afb515cd2c2b637cbfbd5d3ed3af0a8f6e153c6288684d5cdd3
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f8f5705ee03667d1a28565f6dc84b7748bb9d7c4ded30c270354edd054b86b32
fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62