urlscan.io logo urlscan.io
SecurityTrails logo

quilt-quill-output.glitch.me Open in urlscan Pro
3.212.214.204  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://www.bing.com/ck/a?!&&p=2907d4075f8f7bebJmltdHM9MTcyNzc0MDgwMCZpZ3VpZD0xYzU1ZjFmMi04MTc1LTYxOTktMjk0ZC1lNTlmOD...
Effective URL: https://quilt-quill-output.glitch.me/public/
Submission: On October 02 via api from BE — Scanned from IT
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 8 IPs in 5 countries across 9 domains to perform 28 HTTP transactions. The main IP is 3.212.214.204, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is quilt-quill-output.glitch.me.
TLS certificate: Issued by Amazon RSA 2048 M03 on December 4th 2023. Valid for: a year.
This is the only time quilt-quill-output.glitch.me was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Australian Government (Government)

Domain & IP information

IP Address AS Autonomous System
1 92.123.104.19 20940 (AKAMAI-ASN1)
1 95.216.62.176 24940 (HETZNER-AS)
1 104.17.25.14 13335 (CLOUDFLAR...)
1 216.58.206.42 15169 (GOOGLE)
1 3 3.212.214.204 14618 (AMAZON-AES)
10 185.33.233.234 51557 (TR-ISIMTE...)
3 142.250.185.99 15169 (GOOGLE)
28 8
1    92.123.104.19 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a92-123-104-19.deploy.static.akamaitechnologies.com
www.bing.com
1    95.216.62.176 (Helsinki, Finland)

ASN24940 (HETZNER-AS, DE)
PTR: shpcvm-cff87.serverlet.com
peschieragardaveronese.rotary2060.org
1    104.17.25.14 (None, )

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
1    216.58.206.42 (United States)

ASN15169 (GOOGLE, US)
PTR: lhr35s10-in-f10.1e100.net
fonts.googleapis.com
3    3.212.214.204 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-212-214-204.compute-1.amazonaws.com
quilt-quill-output.glitch.me
10    185.33.233.234 (Turkey)

ASN51557 (TR-ISIMTESCIL-20201202, TR)
cocukistanbul.org
3    142.250.185.99 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f3.1e100.net
fonts.gstatic.com
Apex Domain
Subdomains		 Transfer
10 cocukistanbul.org
cocukistanbul.org
221 KB
3 gstatic.com
fonts.gstatic.com
55 KB
3 glitch.me
quilt-quill-output.glitch.me
18 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 46
1 KB
1 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 257
28 KB
1 rotary2060.org
peschieragardaveronese.rotary2060.org
6 KB
1 bing.com
www.bing.com — Cisco Umbrella Rank: 61
2 KB
0 my.gov.au Failed
login.my.gov.au Failed
0 taspharm.com.au Failed
taspharm.com.au Failed
28 9
Domain Requested by
10 cocukistanbul.org quilt-quill-output.glitch.me
cocukistanbul.org
3 fonts.gstatic.com cocukistanbul.org
3 quilt-quill-output.glitch.me 1 redirects peschieragardaveronese.rotary2060.org
www.bing.com
cocukistanbul.org
1 fonts.googleapis.com peschieragardaveronese.rotary2060.org
1 cdnjs.cloudflare.com peschieragardaveronese.rotary2060.org
1 peschieragardaveronese.rotary2060.org www.bing.com
1 www.bing.com
0 login.my.gov.au Failed
0 taspharm.com.au Failed peschieragardaveronese.rotary2060.org
28 9

This site contains links to these domains. Also see Links.

Domain
my.gov.au
login.my.gov.au
Subject Issuer Validity Valid
r.bing.com
Microsoft Azure ECC TLS Issuing CA 04		 2024-06-24 -
2025-06-19		 a year crt.sh
peschieragardaveronese.rotary2060.org
R11		 2024-08-21 -
2024-11-19		 3 months crt.sh
cdnjs.cloudflare.com
WE1		 2024-09-28 -
2024-12-27		 3 months crt.sh
upload.video.google.com
WR2		 2024-09-16 -
2024-12-09		 3 months crt.sh
glitch.com
Amazon RSA 2048 M03		 2023-12-04 -
2025-01-01		 a year crt.sh
cocukistanbul.org
RapidSSL TLS RSA CA G1		 2024-01-22 -
2025-01-21		 a year crt.sh
*.gstatic.com
WR2		 2024-09-16 -
2024-12-09		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://quilt-quill-output.glitch.me/public/
Frame ID: A680C9927E311123B7F84216ACB2BE3D
Requests: 30 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Sign in with myGov - myGov

Page URL History Show full URLs

  1. https://www.bing.com/ck/a?!&&p=2907d4075f8f7bebJmltdHM9MTcyNzc0MDgwMCZpZ3VpZD0xYzU1ZjFmMi04MTc1LT... Page URL
  2. https://peschieragardaveronese.rotary2060.org/ Page URL
  3. https://quilt-quill-output.glitch.me/public/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

28
Requests

64 %
HTTPS

0 %
IPv6

9
Domains

9
Subdomains

8
IPs

5
Countries

330 kB
Transfer

986 kB
Size

5
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://www.bing.com/ck/a?!&&p=2907d4075f8f7bebJmltdHM9MTcyNzc0MDgwMCZpZ3VpZD0xYzU1ZjFmMi04MTc1LTYxOTktMjk0ZC1lNTlmODBiNTYwNGQmaW5zaWQ9NTI5Nw&ptn=3&ver=2&hsh=3&fclid=1c55f1f2-8175-6199-294d-e59f80b5604d&u=a1aHR0cHM6Ly9wZXNjaGllcmFnYXJkYXZlcm9uZXNlLnJvdGFyeTIwNjAub3JnLw&ntb=1 Page URL
  2. https://peschieragardaveronese.rotary2060.org/ Page URL
  3. https://quilt-quill-output.glitch.me/public/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 24
  • https://quilt-quill-output.glitch.me/mygov/content/mgv2/js/mygov-passkeys.mjs HTTP 302
  • https://quilt-quill-output.glitch.me/

28 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
a
www.bing.com/ck/ 		2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.bing.com/ck/a?!&&p=2907d4075f8f7bebJmltdHM9MTcyNzc0MDgwMCZpZ3VpZD0xYzU1ZjFmMi04MTc1LTYxOTktMjk0ZC1lNTlmODBiNTYwNGQmaW5zaWQ9NTI5Nw&ptn=3&ver=2&hsh=3&fclid=1c55f1f2-8175-6199-294d-e59f80b5604d&u=a1aHR0cHM6Ly9wZXNjaGllcmFnYXJkYXZlcm9uZXNlLnJvdGFyeTIwNjAub3JnLw&ntb=1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
92.123.104.19 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a92-123-104-19.deploy.static.akamaitechnologies.com
Software
/
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-origin
*
alt-svc
h3=":443"; ma=93600
cache-control
no-cache, must-revalidate
content-encoding
gzip
content-length
1216
content-type
text/html; charset=UTF-8
date
Wed, 02 Oct 2024 04:01:35 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
vary
Accept-Encoding
x-cdn-traceid
0.b5a72917.1727841695.12dfe35e
x-msedge-ref
Ref A: 13CA04AE78994E9C87DC6F3ACF6B3100 Ref B: FRA231050414019 Ref C: 2024-10-02T04:01:35Z
/
peschieragardaveronese.rotary2060.org/ 		14 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://peschieragardaveronese.rotary2060.org/
Requested by
Host: www.bing.com
URL: https://www.bing.com/ck/a?!&&p=2907d4075f8f7bebJmltdHM9MTcyNzc0MDgwMCZpZ3VpZD0xYzU1ZjFmMi04MTc1LTYxOTktMjk0ZC1lNTlmODBiNTYwNGQmaW5zaWQ9NTI5Nw&ptn=3&ver=2&hsh=3&fclid=1c55f1f2-8175-6199-294d-e59f80b5604d&u=a1aHR0cHM6Ly9wZXNjaGllcmFnYXJkYXZlcm9uZXNlLnJvdGFyeTIwNjAub3JnLw&ntb=1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.216.62.176 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS
shpcvm-cff87.serverlet.com
Software
nginx / PleskLin
Resource Hash
e88d9b8923d8eac14e1c7fe6bb927da3d9988b6cdd1631b1540d4746a3904d03

Request headers

Referer
https://www.bing.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

content-encoding
br
content-type
text/html; charset=UTF-8
date
Wed, 02 Oct 2024 04:01:35 GMT
etag
W/"66fbdd6e-39e4"
last-modified
Tue, 01 Oct 2024 11:30:54 GMT
server
nginx
x-powered-by
PleskLin
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/ 		87 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js
Requested by
Host: peschieragardaveronese.rotary2060.org
URL: https://peschieragardaveronese.rotary2060.org/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://peschieragardaveronese.rotary2060.org/

Response headers

cf-cdnjs-via
cfworker/kv
content-encoding
br
cf-cache-status
HIT
etag
"603e8adc-15d9d"
age
130527
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Xpx%2BkAbclZ41j3K%2FEhpV1d3gYCHL6aofkCFI5bqybekXlM2MeE5Qc088S3Ul4nqOshhuvjcbNXjdcC%2F8%2FquNVnieAvJpmElgvxwVVomR3UFlfgv0yS6fx6mWKWgDPc7WiNI5eDPO"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
expires
Mon, 22 Sep 2025 04:01:36 GMT
date
Wed, 02 Oct 2024 04:01:36 GMT
content-type
application/javascript; charset=utf-8
last-modified
Tue, 02 Mar 2021 18:58:36 GMT
vary
Accept-Encoding
strict-transport-security
max-age=15780000
cache-control
public, max-age=30672000
timing-allow-origin
*
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy
cross-origin
cf-ray
8cc1cacab8e94c3c-MXP
accept-ranges
bytes
access-control-allow-origin
*
content-length
27938
server
cloudflare
css2
fonts.googleapis.com/ 		21 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Inter:wght@100;200;300;400;500;600;700;800;900&display=swap
Requested by
Host: peschieragardaveronese.rotary2060.org
URL: https://peschieragardaveronese.rotary2060.org/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.206.42 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lhr35s10-in-f10.1e100.net
Software
ESF /
Resource Hash
fb121c45f498cba0f88de6e2235d95cf3307bb9ed5376f6a793b8253a520592f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://peschieragardaveronese.rotary2060.org/

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Wed, 02 Oct 2024 04:01:36 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 02 Oct 2024 04:01:36 GMT
content-type
text/css; charset=utf-8
last-modified
Wed, 02 Oct 2024 03:43:51 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
x-xss-protection
0
server
ESF
favicon-32x32.png
taspharm.com.au/.well-known/https://cocukistanbul.org/wp-admin/images/ 		0
0
truncated
/ 		586 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
fc95732d9ff3b17fcb3e64fd12c0d451c38e64e1a4b420c556a7feb756a0a3fa

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/png
truncated
/ 		187 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
4ddc1e33de02a96249bf85fc7b16e669317a81d8e2fc403ddb1ded6c465dd578

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/png
Primary Request /
quilt-quill-output.glitch.me/public/ 		14 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://quilt-quill-output.glitch.me/public/
Requested by
Host: peschieragardaveronese.rotary2060.org
URL: https://peschieragardaveronese.rotary2060.org/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.212.214.204 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-212-214-204.compute-1.amazonaws.com
Software
AmazonS3 /
Resource Hash
1919956a334e43182a0ff061f2480706c46e2d889fb61a124b39a0f3fe1897b4

Request headers

Referer
https://peschieragardaveronese.rotary2060.org/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
cache-control
no-cache
content-length
13998
content-type
text/html; charset=utf-8
date
Wed, 02 Oct 2024 04:01:37 GMT
etag
"e333f684287b3c48633d26c62c76de29"
last-modified
Wed, 02 Oct 2024 02:06:39 GMT
server
AmazonS3
x-amz-id-2
6IKbmj8vUEfaaQvCMUjkp9w18+gIA+/rUfSjIP9MxjTE/adcZwFPwGzDcRdtDhHXI/A+7EeO0hw=
x-amz-request-id
N2Y5FYXJAWJVPHM7
x-amz-server-side-encryption
AES256
x-amz-version-id
null
ruxitagentjs_ICA2NVfghjqrux_10275230919171419.js
cocukistanbul.org/wp-admin/images/ 		223 KB
82 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cocukistanbul.org/wp-admin/images/ruxitagentjs_ICA2NVfghjqrux_10275230919171419.js
Requested by
Host: quilt-quill-output.glitch.me
URL: https://quilt-quill-output.glitch.me/public/
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
185.33.233.234 , Turkey, ASN51557 (TR-ISIMTESCIL-20201202, TR),
Reverse DNS
Software
LiteSpeed /
Resource Hash
88bd63477020ab30fe58dc22a98295a97447ca329cfc239a62fc3875cfdcdeac

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://quilt-quill-output.glitch.me/

Response headers

cache-control
public, max-age=604800
content-encoding
br
Connection
Keep-Alive
expires
Wed, 09 Oct 2024 04:01:38 GMT
accept-ranges
bytes
Keep-Alive
timeout=5, max=100
content-length
83907
date
Wed, 02 Oct 2024 04:01:38 GMT
content-type
application/javascript
last-modified
Fri, 27 Sep 2024 02:17:51 GMT
vary
Accept-Encoding
server
LiteSpeed
css.css
cocukistanbul.org/wp-admin/images/ 		17 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cocukistanbul.org/wp-admin/images/css.css
Requested by
Host: quilt-quill-output.glitch.me
URL: https://quilt-quill-output.glitch.me/public/
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
185.33.233.234 , Turkey, ASN51557 (TR-ISIMTESCIL-20201202, TR),
Reverse DNS
Software
LiteSpeed /
Resource Hash
21c903be28f11ee531c26c8cd4cb4f0b2b255d761babc44ec03a3218c71dfeae

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://quilt-quill-output.glitch.me/

Response headers

cache-control
public, max-age=604800
content-encoding
br
Connection
Keep-Alive
expires
Wed, 09 Oct 2024 04:01:38 GMT
accept-ranges
bytes
Keep-Alive
timeout=5, max=100
content-length
853
date
Wed, 02 Oct 2024 04:01:38 GMT
content-type
text/css
last-modified
Fri, 27 Sep 2024 02:17:51 GMT
vary
Accept-Encoding
server
LiteSpeed
mgv2-application.css
cocukistanbul.org/wp-admin/images/ 		127 KB
20 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cocukistanbul.org/wp-admin/images/mgv2-application.css
Requested by
Host: quilt-quill-output.glitch.me
URL: https://quilt-quill-output.glitch.me/public/
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
185.33.233.234 , Turkey, ASN51557 (TR-ISIMTESCIL-20201202, TR),
Reverse DNS
Software
LiteSpeed /
Resource Hash
3c0267c7737f97fce8425ca552db300b05214f26173c2ae66ce0d26d987ddc07

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://quilt-quill-output.glitch.me/

Response headers

cache-control
public, max-age=604800
content-encoding
br
Connection
Keep-Alive
expires
Wed, 09 Oct 2024 04:01:38 GMT
accept-ranges
bytes
Keep-Alive
timeout=5, max=100
content-length
20425
date
Wed, 02 Oct 2024 04:01:38 GMT
content-type
text/css
last-modified
Fri, 27 Sep 2024 02:17:51 GMT
vary
Accept-Encoding
server
LiteSpeed
blugov.css
cocukistanbul.org/wp-admin/images/ 		70 KB
10 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cocukistanbul.org/wp-admin/images/blugov.css
Requested by
Host: quilt-quill-output.glitch.me
URL: https://quilt-quill-output.glitch.me/public/
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
185.33.233.234 , Turkey, ASN51557 (TR-ISIMTESCIL-20201202, TR),
Reverse DNS
Software
LiteSpeed /
Resource Hash
ae8abeb389cbce95e7f0a1cd348f66c30af5269565017cd2b9576724ae414e18

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://quilt-quill-output.glitch.me/

Response headers

cache-control
public, max-age=604800
content-encoding
br
Connection
Keep-Alive
expires
Wed, 09 Oct 2024 04:01:38 GMT
accept-ranges
bytes
Keep-Alive
timeout=5, max=100
content-length
9634
date
Wed, 02 Oct 2024 04:01:38 GMT
content-type
text/css
last-modified
Fri, 27 Sep 2024 02:17:51 GMT
vary
Accept-Encoding
server
LiteSpeed
myGov-cobranded-logo-black.svg
cocukistanbul.org/wp-admin/images/ 		63 KB
20 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cocukistanbul.org/wp-admin/images/myGov-cobranded-logo-black.svg
Requested by
Host: quilt-quill-output.glitch.me
URL: https://quilt-quill-output.glitch.me/public/
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
185.33.233.234 , Turkey, ASN51557 (TR-ISIMTESCIL-20201202, TR),
Reverse DNS
Software
LiteSpeed /
Resource Hash
954aa858b3bffb8511bc41bc88b07d2b24597c37faf522550e26c9aa3b0d220d

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://quilt-quill-output.glitch.me/

Response headers

cache-control
public, max-age=604800
content-encoding
br
Connection
Keep-Alive
expires
Wed, 09 Oct 2024 04:01:38 GMT
accept-ranges
bytes
Keep-Alive
timeout=5, max=100
content-length
20323
date
Wed, 02 Oct 2024 04:01:38 GMT
content-type
image/svg+xml
last-modified
Fri, 27 Sep 2024 02:17:51 GMT
vary
Accept-Encoding
server
LiteSpeed
FIDO_Passkey_mark_A_black.svg
cocukistanbul.org/wp-admin/images/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cocukistanbul.org/wp-admin/images/FIDO_Passkey_mark_A_black.svg
Requested by
Host: quilt-quill-output.glitch.me
URL: https://quilt-quill-output.glitch.me/public/
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
185.33.233.234 , Turkey, ASN51557 (TR-ISIMTESCIL-20201202, TR),
Reverse DNS
Software
LiteSpeed /
Resource Hash
525f354955509f0e68d1de9b4a59e83919c7a1624aaf100a4754fa72eb508f49

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://quilt-quill-output.glitch.me/

Response headers

cache-control
public, max-age=604800
content-encoding
br
Connection
Keep-Alive
expires
Wed, 09 Oct 2024 04:01:38 GMT
accept-ranges
bytes
Keep-Alive
timeout=5, max=100
content-length
882
date
Wed, 02 Oct 2024 04:01:38 GMT
content-type
image/svg+xml
last-modified
Fri, 27 Sep 2024 02:17:51 GMT
vary
Accept-Encoding
server
LiteSpeed
myGov-cobranded-logo-white.svg
cocukistanbul.org/wp-admin/images/ 		63 KB
20 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cocukistanbul.org/wp-admin/images/myGov-cobranded-logo-white.svg
Requested by
Host: quilt-quill-output.glitch.me
URL: https://quilt-quill-output.glitch.me/public/
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
185.33.233.234 , Turkey, ASN51557 (TR-ISIMTESCIL-20201202, TR),
Reverse DNS
Software
LiteSpeed /
Resource Hash
10b11a7c97b90bcf7ad520ac94c5769d08540ce1ee3b84d487c587bf128e3388

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://quilt-quill-output.glitch.me/

Response headers

cache-control
public, max-age=604800
content-encoding
br
Connection
Keep-Alive
expires
Wed, 09 Oct 2024 04:01:38 GMT
accept-ranges
bytes
Keep-Alive
timeout=5, max=100
content-length
20325
date
Wed, 02 Oct 2024 04:01:38 GMT
content-type
image/svg+xml
last-modified
Fri, 27 Sep 2024 02:17:51 GMT
vary
Accept-Encoding
server
LiteSpeed
mgv2-vendor.js
cocukistanbul.org/wp-admin/images/ 		148 KB
49 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cocukistanbul.org/wp-admin/images/mgv2-vendor.js
Requested by
Host: quilt-quill-output.glitch.me
URL: https://quilt-quill-output.glitch.me/public/
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
185.33.233.234 , Turkey, ASN51557 (TR-ISIMTESCIL-20201202, TR),
Reverse DNS
Software
LiteSpeed /
Resource Hash
2bedda083bdbe6820e493159f1e3e27146b96ef6840094bd74447925e8c66e26

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://quilt-quill-output.glitch.me/

Response headers

cache-control
public, max-age=604800
content-encoding
br
Connection
Keep-Alive
expires
Wed, 09 Oct 2024 04:01:38 GMT
accept-ranges
bytes
Keep-Alive
timeout=5, max=100
content-length
49521
date
Wed, 02 Oct 2024 04:01:38 GMT
content-type
application/javascript
last-modified
Fri, 27 Sep 2024 02:17:51 GMT
vary
Accept-Encoding
server
LiteSpeed
mgv2-application.js
cocukistanbul.org/wp-admin/images/ 		74 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cocukistanbul.org/wp-admin/images/mgv2-application.js
Requested by
Host: quilt-quill-output.glitch.me
URL: https://quilt-quill-output.glitch.me/public/
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
185.33.233.234 , Turkey, ASN51557 (TR-ISIMTESCIL-20201202, TR),
Reverse DNS
Software
LiteSpeed /
Resource Hash
107af7740499970450ef1475538b290f01f48e863cb6660e272066843582cec8

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://quilt-quill-output.glitch.me/

Response headers

cache-control
public, max-age=604800
content-encoding
br
Connection
Keep-Alive
expires
Wed, 09 Oct 2024 04:01:38 GMT
accept-ranges
bytes
Keep-Alive
timeout=5, max=100
content-length
16146
date
Wed, 02 Oct 2024 04:01:38 GMT
content-type
application/javascript
last-modified
Fri, 27 Sep 2024 02:17:51 GMT
vary
Accept-Encoding
server
LiteSpeed
login.js
cocukistanbul.org/wp-admin/images/ 		2 KB
941 B 		Script
General
Check archive.org
Download Go to
Full URL
https://cocukistanbul.org/wp-admin/images/login.js
Requested by
Host: quilt-quill-output.glitch.me
URL: https://quilt-quill-output.glitch.me/public/
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
185.33.233.234 , Turkey, ASN51557 (TR-ISIMTESCIL-20201202, TR),
Reverse DNS
Software
LiteSpeed /
Resource Hash
3398bdeeb65157116e93bdeef72d320cb5d90700b149a62f60ff1dcb2ac8f9a5

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://quilt-quill-output.glitch.me/

Response headers

cache-control
public, max-age=604800
content-encoding
br
Connection
Keep-Alive
expires
Wed, 09 Oct 2024 04:01:38 GMT
accept-ranges
bytes
Keep-Alive
timeout=5, max=100
content-length
559
date
Wed, 02 Oct 2024 04:01:38 GMT
content-type
application/javascript
last-modified
Fri, 27 Sep 2024 02:17:51 GMT
vary
Accept-Encoding
server
LiteSpeed
mygov-passkeys.mjs
cocukistanbul.org/wp-admin/images/ 		0
0
blugov-left-chevron-dark.svg
cocukistanbul.org/wp-admin/icons/ 		0
0
icon-blugov-info.svg
cocukistanbul.org/wp-admin/icons/ 		0
0
icon-external-link.svg
cocukistanbul.org/wp-admin/icons/ 		0
0
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v32/ 		18 KB
19 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: cocukistanbul.org
URL: https://cocukistanbul.org/wp-admin/images/css.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.99 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s49-in-f3.1e100.net
Software
sffe /
Resource Hash
89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://quilt-quill-output.glitch.me
Referer
https://cocukistanbul.org/

Response headers

age
451915
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options
nosniff
expires
Fri, 26 Sep 2025 22:29:44 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Thu, 26 Sep 2024 22:29:44 GMT
last-modified
Thu, 01 Aug 2024 20:41:24 GMT
content-type
font/woff2
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="apps-themes"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges
bytes
access-control-allow-origin
*
content-length
18536
x-xss-protection
0
server
sffe
KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v32/ 		18 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Requested by
Host: cocukistanbul.org
URL: https://cocukistanbul.org/wp-admin/images/css.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.99 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s49-in-f3.1e100.net
Software
sffe /
Resource Hash
ae0e442895406e9922237108496c2cd60f4947649a826463e2da9860b5c25dd6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://quilt-quill-output.glitch.me
Referer
https://cocukistanbul.org/

Response headers

age
70412
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options
nosniff
expires
Wed, 01 Oct 2025 08:28:07 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Tue, 01 Oct 2024 08:28:07 GMT
last-modified
Thu, 01 Aug 2024 20:41:24 GMT
content-type
font/woff2
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="apps-themes"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges
bytes
access-control-allow-origin
*
content-length
18588
x-xss-protection
0
server
sffe
KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v32/ 		18 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
Requested by
Host: cocukistanbul.org
URL: https://cocukistanbul.org/wp-admin/images/css.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.99 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s49-in-f3.1e100.net
Software
sffe /
Resource Hash
d9bada3a44bb2ffa66dec5cc781cafc9ef17ed876cd9b0c5f7ef18228b63cebb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://quilt-quill-output.glitch.me
Referer
https://cocukistanbul.org/

Response headers

age
71159
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options
nosniff
expires
Wed, 01 Oct 2025 08:15:40 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Tue, 01 Oct 2024 08:15:40 GMT
last-modified
Thu, 01 Aug 2024 20:41:21 GMT
content-type
font/woff2
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="apps-themes"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges
bytes
access-control-allow-origin
*
content-length
18596
x-xss-protection
0
server
sffe
/
quilt-quill-output.glitch.me/
Redirect Chain
  • https://quilt-quill-output.glitch.me/mygov/content/mgv2/js/mygov-passkeys.mjs
  • https://quilt-quill-output.glitch.me/
3 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://quilt-quill-output.glitch.me/
Requested by
Host: www.bing.com
URL: https://www.bing.com/ck/a?!&&p=2907d4075f8f7bebJmltdHM9MTcyNzc0MDgwMCZpZ3VpZD0xYzU1ZjFmMi04MTc1LTYxOTktMjk0ZC1lNTlmODBiNTYwNGQmaW5zaWQ9NTI5Nw&ptn=3&ver=2&hsh=3&fclid=1c55f1f2-8175-6199-294d-e59f80b5604d&u=a1aHR0cHM6Ly9wZXNjaGllcmFnYXJkYXZlcm9uZXNlLnJvdGFyeTIwNjAub3JnLw&ntb=1
Protocol
H2
Server
3.212.214.204 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-212-214-204.compute-1.amazonaws.com
Software
AmazonS3 /
Resource Hash
7eccf07712159a67a0e6f1bbaff840f049014706a8933f0c59d79ff356727e1e

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://quilt-quill-output.glitch.me/public/

Response headers

x-amz-id-2
cWVCkuYMuWBli72OWJnTOHKsORzMjbFU23xVAUMJ9JZawn+cT/UQH2x9G5YUSr2EbVsrWbmKvJQ=
cache-control
no-cache
etag
"10955548a8f34c1e0a4a5f09079ffca5"
x-amz-version-id
null
x-amz-request-id
5Z2Y62GHRE86Z503
accept-ranges
bytes
content-length
3437
date
Wed, 02 Oct 2024 04:01:39 GMT
content-type
text/html; charset=utf-8
last-modified
Wed, 02 Oct 2024 02:06:39 GMT
server
AmazonS3
x-amz-server-side-encryption
AES256

Redirect headers

location
/
content-length
23
date
Wed, 02 Oct 2024 04:01:38 GMT
content-type
text/plain; charset=utf-8
vary
Accept
M-myGov-Coloured%20Line.svg
cocukistanbul.org/wp-admin/blugov/ 		0
0
favicon-32x32.png
login.my.gov.au/mygov/content/mgv2/icons/ 		0
0
favicon-16x16.png
login.my.gov.au/mygov/content/mgv2/icons/ 		0
0
rb_6de8e2e9-6719-45b3-86be-7effcb9f6525
quilt-quill-output.glitch.me/LoginServices/main/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
taspharm.com.au
URL
https://taspharm.com.au/.well-known/https://cocukistanbul.org/wp-admin/images/favicon-32x32.png
Domain
cocukistanbul.org
URL
https://cocukistanbul.org/wp-admin/images/mygov-passkeys.mjs
Domain
cocukistanbul.org
URL
https://cocukistanbul.org/wp-admin/icons/blugov-left-chevron-dark.svg
Domain
cocukistanbul.org
URL
https://cocukistanbul.org/wp-admin/icons/icon-blugov-info.svg
Domain
cocukistanbul.org
URL
https://cocukistanbul.org/wp-admin/icons/icon-external-link.svg
Domain
cocukistanbul.org
URL
https://cocukistanbul.org/wp-admin/blugov/M-myGov-Coloured%20Line.svg
Domain
login.my.gov.au
URL
https://login.my.gov.au/mygov/content/mgv2/icons/favicon-32x32.png
Domain
login.my.gov.au
URL
https://login.my.gov.au/mygov/content/mgv2/icons/favicon-16x16.png
Domain
quilt-quill-output.glitch.me
URL
https://quilt-quill-output.glitch.me/LoginServices/main/rb_6de8e2e9-6719-45b3-86be-7effcb9f6525?type=js3&sn=v_4_srv_-2D26_sn_N534G3M48OPOA8ST7Q0ANUQKLKL5P2M6&svrid=-26&flavor=post&vi=JUASUMKTPFPCCMFNDAJWIQSHHHGPAVHA-0&modifiedSince=1724106904299&rf=https%3A%2F%2Fquilt-quill-output.glitch.me%2Fpublic%2F&bp=3&app=5f15dc81410a75c1&crc=428022437&en=gpalpirq&end=1

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Australian Government (Government)

86 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| dT_ object| dtrum object| dynatrace function| authenticatePasskey function| displayAlert function| displayAlerts object| input function| $ function| jQuery function| moment function| cleanDefaultValues function| setMandatoryValues function| findInfoOrErrorParent function| findSuccessParent function| clearMessageType function| setErrorParent object| formHelper function| getGreetingTime function| initPinToggle function| setPinShow function| setPinHide string| titleBarTitle string| headingTitle function| getMobileHeader function| getDesktopHeader function| getAltText function| setAltText function| calcRightMargin function| insertDiv function| insertIframe function| determineContext function| insertIframeSrc function| setIFrameSrc function| sendGoogleAnalyltics function| addTimer function| disableBGScrolling function| enableBGScrolling function| toggleVAMobile function| addOnClickMobile function| isWindowMobile function| responsiveResize function| toggleVADesktop function| addOnClickDesktop function| addOnResize function| resizeVA function| addOnBackwardsTabbing function| loopFocusBackwardWithError function| addSkipToConversationTabListener function| addOnSkipToConversation function| addSkipToBot function| hideSkipToConversation function| skipToSkipToConversation function| skipToResizeIcon function| postMessageToIframe function| addListenerForIframe function| addDigitalAssistant function| scrollPageToBottom function| isIE function| newShowIdentityModal function| ignoreSubmit function| handleKeyboardInput function| trapFocusPrimary function| removeSelection function| trapFocusSecondary function| keyboardDismiss function| enableProgressButton function| summonSecondModal function| hideSecondaryModal function| harshHideIdentityModal function| fadeOutBackground function| newHideIdentityModal function| getToken function| isValidToken function| parseToken function| checkAuthenticated function| setDAsource function| recordBotInteraction function| initiateNewConversation object| storage function| isWebView object| global function| priorityLookup function| compareDates function| getTopAlert function| getTopBroadcast function| displayBroadcast

5 Cookies

Domain/Path Name / Value
.quilt-quill-output.glitch.me/ Name: dtCookie
Value: v_4_srv_-2D26_sn_N534G3M48OPOA8ST7Q0ANUQKLKL5P2M6
.quilt-quill-output.glitch.me/ Name: rxVisitor
Value: 1727841698782K0SEPP260L87JPVA5SD99QGK2L6DR65P
.quilt-quill-output.glitch.me/ Name: dtSa
Value: -
.quilt-quill-output.glitch.me/ Name: rxvt
Value: 1727843499841|1727841698784
.quilt-quill-output.glitch.me/ Name: dtPC
Value: -26$441698779_863h-vJUASUMKTPFPCCMFNDAJWIQSHHHGPAVHA-0e0

4 Console Messages

Source Level URL
Text
network error URL: https://taspharm.com.au/.well-known/https://cocukistanbul.org/wp-admin/images/favicon-32x32.png
Message:
Failed to load resource: net::ERR_NAME_NOT_RESOLVED
javascript error URL: https://quilt-quill-output.glitch.me/public/(Line 344)
Message:
Access to script at 'https://cocukistanbul.org/wp-admin/images/mygov-passkeys.mjs' from origin 'https://quilt-quill-output.glitch.me' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://cocukistanbul.org/wp-admin/images/mygov-passkeys.mjs
Message:
Failed to load resource: net::ERR_FAILED
javascript error URL: https://quilt-quill-output.glitch.me/
Message:
Failed to load module script: Expected a JavaScript module script but the server responded with a MIME type of "text/html". Strict MIME type checking is enforced for module scripts per HTML spec.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdnjs.cloudflare.com
cocukistanbul.org
fonts.googleapis.com
fonts.gstatic.com
login.my.gov.au
peschieragardaveronese.rotary2060.org
quilt-quill-output.glitch.me
taspharm.com.au
www.bing.com
cocukistanbul.org
login.my.gov.au
quilt-quill-output.glitch.me
taspharm.com.au
104.17.25.14
142.250.185.99
185.33.233.234
216.58.206.42
3.212.214.204
92.123.104.19
95.216.62.176
107af7740499970450ef1475538b290f01f48e863cb6660e272066843582cec8
10b11a7c97b90bcf7ad520ac94c5769d08540ce1ee3b84d487c587bf128e3388
1919956a334e43182a0ff061f2480706c46e2d889fb61a124b39a0f3fe1897b4
21c903be28f11ee531c26c8cd4cb4f0b2b255d761babc44ec03a3218c71dfeae
2bedda083bdbe6820e493159f1e3e27146b96ef6840094bd74447925e8c66e26
3398bdeeb65157116e93bdeef72d320cb5d90700b149a62f60ff1dcb2ac8f9a5
3c0267c7737f97fce8425ca552db300b05214f26173c2ae66ce0d26d987ddc07
4ddc1e33de02a96249bf85fc7b16e669317a81d8e2fc403ddb1ded6c465dd578
525f354955509f0e68d1de9b4a59e83919c7a1624aaf100a4754fa72eb508f49
7eccf07712159a67a0e6f1bbaff840f049014706a8933f0c59d79ff356727e1e
88bd63477020ab30fe58dc22a98295a97447ca329cfc239a62fc3875cfdcdeac
89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571
954aa858b3bffb8511bc41bc88b07d2b24597c37faf522550e26c9aa3b0d220d
ae0e442895406e9922237108496c2cd60f4947649a826463e2da9860b5c25dd6
ae8abeb389cbce95e7f0a1cd348f66c30af5269565017cd2b9576724ae414e18
d9bada3a44bb2ffa66dec5cc781cafc9ef17ed876cd9b0c5f7ef18228b63cebb
e88d9b8923d8eac14e1c7fe6bb927da3d9988b6cdd1631b1540d4746a3904d03
fb121c45f498cba0f88de6e2235d95cf3307bb9ed5376f6a793b8253a520592f
fc95732d9ff3b17fcb3e64fd12c0d451c38e64e1a4b420c556a7feb756a0a3fa
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e