urlscan.io logo urlscan.io
SecurityTrails logo

ordu.info Open in urlscan Pro
217.160.0.123  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://austriaunicredit.blogspot.com/2021/01/blog-post.html
Effective URL: https://ordu.info/wp-includes/customize/076e1b1e975746304e7d4f26bd7d96e764d05cd9c33375af6847524e6b9adfc1a7e70d6109...
Submission: On January 25 via manual from AT
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 8 IPs in 2 countries across 8 domains to perform 39 HTTP transactions. The main IP is 217.160.0.123, located in Germany and belongs to IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE. The main domain is ordu.info.
TLS certificate: Issued by Encryption Everywhere DV TLS CA - G1 on December 24th 2020. Valid for: a year.
This is the only time ordu.info was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Unicredit (Banking)

Domain & IP information

IP Address AS Autonomous System
4 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 7 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
1 1 2a00:1450:400... 15169 (GOOGLE)
3 217.160.0.123 8560 (IONOS-AS ...)
20 80.84.98.66 12428 (UNICREDIT...)
39 8
4    2a00:1450:4001:800::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
austriaunicredit.blogspot.com
themes.googleusercontent.com
1    2a00:1450:4001:801::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.gstatic.com
7    2a00:1450:4001:809::2009 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.blogger.com
2    2a00:1450:4001:81c::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
1    2a00:1450:4001:825::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
2.bp.blogspot.com
2    2a00:1450:4001:81e::2009 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
resources.blogblog.com
www.blogblog.com
1    2a00:1450:4001:801::200d (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
accounts.google.com
3    217.160.0.123 (Germany)

ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE)
PTR: 217-160-0-123.elastic-ssl.ui-r.com
ordu.info
20    80.84.98.66 (Milan, Italy)

ASN12428 (UNICREDIT-AS-MI-, IT)
at-assets.ucgstatic.eu
Domain Requested by
20 at-assets.ucgstatic.eu ordu.info
at-assets.ucgstatic.eu
7 www.blogger.com 1 redirects austriaunicredit.blogspot.com
www.blogger.com
3 ordu.info ordu.info
3 austriaunicredit.blogspot.com austriaunicredit.blogspot.com
2 fonts.gstatic.com austriaunicredit.blogspot.com
1 www.blogblog.com austriaunicredit.blogspot.com
1 accounts.google.com 1 redirects
1 resources.blogblog.com austriaunicredit.blogspot.com
1 2.bp.blogspot.com austriaunicredit.blogspot.com
1 themes.googleusercontent.com austriaunicredit.blogspot.com
1 www.gstatic.com austriaunicredit.blogspot.com
39 11

This site contains links to these domains. Also see Links.

Domain
www.bankaustria.at
sicherheit.bankaustria.at
Subject Issuer Validity Valid
misc-sni.blogspot.com
GTS CA 1O1		 2021-01-05 -
2021-03-30		 3 months crt.sh
*.gstatic.com
GTS CA 1O1		 2021-01-05 -
2021-03-30		 3 months crt.sh
*.blogger.com
GTS CA 1O1		 2021-01-05 -
2021-03-30		 3 months crt.sh
*.googleusercontent.com
GTS CA 1O1		 2021-01-05 -
2021-03-30		 3 months crt.sh
*.ordu.info
Encryption Everywhere DV TLS CA - G1		 2020-12-24 -
2022-01-06		 a year crt.sh
at-assets.ucgstatic.eu
Actalis Organization Validated Server CA G3		 2020-10-06 -
2021-10-06		 a year crt.sh

This page contains 2 frames:

Primary Page: https://ordu.info/wp-includes/customize/076e1b1e975746304e7d4f26bd7d96e764d05cd9c33375af6847524e6b9adfc1a7e70d61094982e78510cfe4b232fd91/
Frame ID: B11B90AC9AB826C2E46AD2FEC2686D3F
Requests: 38 HTTP requests in this frame

Frame: https://www.blogger.com/comment-iframe.g?blogID=2842346396646589325&postID=6873918108970339916&skin=contempo&blogspotRpcToken=7029229&bpli=1
Frame ID: 412CAD90EA8EACBE134A6E9CE72CCA1E
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://austriaunicredit.blogspot.com/2021/01/blog-post.html Page URL
  2. https://ordu.info/wp-includes/customize/076e1b1e975746304e7d4f26bd7d96e764d05cd9c33375af684752... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • script /\/etc\/designs\//i
Overall confidence: 100%
Detected patterns
  • url /^https?:\/\/[^/]+\.blogspot\.com/i
Overall confidence: 100%
Detected patterns
  • script /\/etc\/designs\//i
  • headers server /GSE/i
Overall confidence: 100%
Detected patterns
  • url /^https?:\/\/[^/]+\.blogspot\.com/i
Overall confidence: 100%
Detected patterns
  • headers server /GSE/i

Page Statistics

39
Requests

100 %
HTTPS

78 %
IPv6

8
Domains

11
Subdomains

8
IPs

2
Countries

2513 kB
Transfer

4643 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://austriaunicredit.blogspot.com/2021/01/blog-post.html Page URL
  2. https://ordu.info/wp-includes/customize/076e1b1e975746304e7d4f26bd7d96e764d05cd9c33375af6847524e6b9adfc1a7e70d61094982e78510cfe4b232fd91/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 12
  • https://www.blogger.com/comment-iframe.g?blogID=2842346396646589325&postID=6873918108970339916&skin=contempo&blogspotRpcToken=7029229 HTTP 302
  • https://accounts.google.com/ServiceLogin?continue=https://www.blogger.com/comment-iframe.g?blogID%3D2842346396646589325%26postID%3D6873918108970339916%26skin%3Dcontempo%26blogspotRpcToken%3D7029229%26bpli%3D1&followup=https://www.blogger.com/comment-iframe.g?blogID%3D2842346396646589325%26postID%3D6873918108970339916%26skin%3Dcontempo%26blogspotRpcToken%3D7029229%26bpli%3D1&passive=true&go=true HTTP 302
  • https://www.blogger.com/comment-iframe.g?blogID=2842346396646589325&postID=6873918108970339916&skin=contempo&blogspotRpcToken=7029229&bpli=1

39 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
blog-post.html
austriaunicredit.blogspot.com/2021/01/ 		82 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://austriaunicredit.blogspot.com/2021/01/blog-post.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
63ff7e44c7058792fa8dd0f392fc79d9ea06f3002d26121e52259c9e760cee67
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
austriaunicredit.blogspot.com
:scheme
https
:path
/2021/01/blog-post.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-security-policy-report-only
default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; report-uri https://www.blogger.com/cspreport
content-type
text/html; charset=UTF-8
expires
Mon, 25 Jan 2021 11:10:31 GMT
date
Mon, 25 Jan 2021 11:10:31 GMT
cache-control
private, max-age=0
last-modified
Mon, 25 Jan 2021 09:43:43 GMT
etag
W/"4d8b9d36b4b3cae004cd8d47ea09debdb12a7b49a5f5b64c88ed4943050c9370"
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
17173
server
GSE
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
clipboard.min.js
www.gstatic.com/external_hosted/clipboardjs/ 		12 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/external_hosted/clipboardjs/clipboard.min.js
Requested by
Host: austriaunicredit.blogspot.com
URL: https://austriaunicredit.blogspot.com/2021/01/blog-post.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a00d3cabd4a8dbdbd2e992e238d11ec889fb3cc7751d9bc271f063a17ec8bf7d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://austriaunicredit.blogspot.com/2021/01/blog-post.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 25 Jan 2021 11:10:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 03 Oct 2019 10:15:00 GMT
server
sffe
age
0
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=0
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4096
x-xss-protection
0
expires
Mon, 25 Jan 2021 11:10:31 GMT
authorization.css
www.blogger.com/dyn-css/ 		1 B
684 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.blogger.com/dyn-css/authorization.css?targetBlogID=2842346396646589325&zx=8cd0aaec-66f7-4945-9c79-54c362a757a8
Requested by
Host: austriaunicredit.blogspot.com
URL: https://austriaunicredit.blogspot.com/2021/01/blog-post.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2009 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
Security Headers
Name Value
Content-Security-Policy script-src 'self' *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com *.googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com https://www.youtube.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://austriaunicredit.blogspot.com/2021/01/blog-post.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
content-security-policy
script-src 'self' *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com *.googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com https://www.youtube.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 25 Jan 2021 11:10:31 GMT
server
GSE
date
Mon, 25 Jan 2021 11:10:31 GMT
x-frame-options
SAMEORIGIN
p3p
CP="This is not a P3P policy! See https://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-type
text/css; charset=UTF-8
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
21
x-xss-protection
1; mode=block
expires
Mon, 01 Jan 1990 00:00:00 GMT
sprite_v1_6.css.svg
austriaunicredit.blogspot.com/responsive/ 		7 KB
3 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://austriaunicredit.blogspot.com/responsive/sprite_v1_6.css.svg
Requested by
Host: austriaunicredit.blogspot.com
URL: https://austriaunicredit.blogspot.com/2021/01/blog-post.html
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
73d16aca9b019e42dd2de3a10e5049b5606268ce0d8e3a167b05b37acb9b0e9c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://austriaunicredit.blogspot.com/2021/01/blog-post.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 25 Jan 2021 10:20:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 25 Jan 2021 08:07:46 GMT
server
sffe
age
3005
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
public, max-age=604800
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2244
x-xss-protection
0
expires
Mon, 01 Feb 2021 10:20:26 GMT
image
themes.googleusercontent.com/ 		223 KB
224 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://themes.googleusercontent.com/image?id=L1lcAxxz0CLgsDzixEprHJ2F38TyEjCyE3RSAjynQDks0lT1BDc1OxXKaTEdLc89HPvdB11X9FDw&options=w1600
Requested by
Host: austriaunicredit.blogspot.com
URL: https://austriaunicredit.blogspot.com/2021/01/blog-post.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
6a5482e0dc4e77a6be20281b13d7ef4d8b67521e73b66bc633ea4e4242934be9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://austriaunicredit.blogspot.com/2021/01/blog-post.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 25 Jan 2021 11:10:31 GMT
x-content-type-options
nosniff
server
fife
etag
"v1"
vary
Origin
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
content-disposition
inline;filename="unnamed.jpg"
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
228521
x-xss-protection
0
expires
Tue, 26 Jan 2021 11:10:31 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v20/ 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: austriaunicredit.blogspot.com
URL: https://austriaunicredit.blogspot.com/2021/01/blog-post.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
48c3fa6f86c54f1d9bb519220713d4b0a1f8cd1a589a3c03b9fa82e98ecb13e3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://austriaunicredit.blogspot.com
Referer
https://austriaunicredit.blogspot.com/2021/01/blog-post.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 25 Jan 2021 04:59:21 GMT
x-content-type-options
nosniff
last-modified
Wed, 24 Jul 2019 01:18:36 GMT
server
sffe
age
22270
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15736
x-xss-protection
0
expires
Tue, 25 Jan 2022 04:59:21 GMT
KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v20/ 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
Requested by
Host: austriaunicredit.blogspot.com
URL: https://austriaunicredit.blogspot.com/2021/01/blog-post.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b4d07892cde715d50bb69c1982df496385d1dfd8f9d1867c31f19a3c8634cfae
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://austriaunicredit.blogspot.com
Referer
https://austriaunicredit.blogspot.com/2021/01/blog-post.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 19 Jan 2021 21:41:16 GMT
x-content-type-options
nosniff
last-modified
Wed, 24 Jul 2019 01:19:00 GMT
server
sffe
age
480555
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15816
x-xss-protection
0
expires
Wed, 19 Jan 2022 21:41:16 GMT
3858658042-comment_from_post_iframe.js
www.blogger.com/static/v1/jsbin/ 		13 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.blogger.com/static/v1/jsbin/3858658042-comment_from_post_iframe.js
Requested by
Host: austriaunicredit.blogspot.com
URL: https://austriaunicredit.blogspot.com/2021/01/blog-post.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2009 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a09131f2885086eb3dea6a379c43e58c88e683b99fb7cf9cefde399dfd68d0ff
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://austriaunicredit.blogspot.com/2021/01/blog-post.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 23 Jan 2021 07:17:58 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 22 Jan 2021 14:23:59 GMT
server
sffe
age
186753
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5121
x-xss-protection
0
expires
Sun, 23 Jan 2022 07:17:58 GMT
1607077262141.jfif
2.bp.blogspot.com/-_SOFUPoXMjA/YA6SxUNAHgI/AAAAAAAAAAQ/shEEeakDGMEJ_DofrHbBb6kjKEaIg2ZzQCK4BGAYYCw/s120-pf/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://2.bp.blogspot.com/-_SOFUPoXMjA/YA6SxUNAHgI/AAAAAAAAAAQ/shEEeakDGMEJ_DofrHbBb6kjKEaIg2ZzQCK4BGAYYCw/s120-pf/1607077262141.jfif
Requested by
Host: austriaunicredit.blogspot.com
URL: https://austriaunicredit.blogspot.com/2021/01/blog-post.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
2bd1119dcfac52b252e0a667c58e9096cea4693f1b5bc9eff0bb0ceabd971efe
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://austriaunicredit.blogspot.com/2021/01/blog-post.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 25 Jan 2021 10:18:48 GMT
x-content-type-options
nosniff
age
3103
content-disposition
inline;filename="1607077262141.jfif"
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4786
x-xss-protection
0
server
fife
etag
"vb"
vary
Origin
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Tue, 26 Jan 2021 10:18:48 GMT
3845341203-indie_compiled.js
resources.blogblog.com/blogblog/data/res/ 		137 KB
47 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://resources.blogblog.com/blogblog/data/res/3845341203-indie_compiled.js
Requested by
Host: austriaunicredit.blogspot.com
URL: https://austriaunicredit.blogspot.com/2021/01/blog-post.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81e::2009 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3da6e6036c0e8038d39049563bec9d4c35a53905afcffe084241f144a0b8c107
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://austriaunicredit.blogspot.com/2021/01/blog-post.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 22 Jan 2021 19:53:43 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 22 Jan 2021 03:07:41 GMT
server
sffe
age
227808
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=604800
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
47959
x-xss-protection
0
expires
Fri, 29 Jan 2021 19:53:43 GMT
cookienotice.js
austriaunicredit.blogspot.com/js/ 		6 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://austriaunicredit.blogspot.com/js/cookienotice.js
Requested by
Host: austriaunicredit.blogspot.com
URL: https://austriaunicredit.blogspot.com/2021/01/blog-post.html
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
068ffe90977f2b5b2dc2ef18572166e85281bd0ecb31c4902464b23db54d2568
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://austriaunicredit.blogspot.com/2021/01/blog-post.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 25 Jan 2021 10:20:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 25 Jan 2021 09:18:32 GMT
server
sffe
age
3005
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=604800
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2026
x-xss-protection
0
expires
Mon, 01 Feb 2021 10:20:26 GMT
4184423563-widgets.js
www.blogger.com/static/v1/widgets/ 		142 KB
52 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.blogger.com/static/v1/widgets/4184423563-widgets.js
Requested by
Host: austriaunicredit.blogspot.com
URL: https://austriaunicredit.blogspot.com/2021/01/blog-post.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2009 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c5abd9d055ba66552dc1485998e528024dc24215b9e0a1260d4e814382f6da23
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://austriaunicredit.blogspot.com/2021/01/blog-post.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 22 Jan 2021 01:51:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 21 Jan 2021 02:10:26 GMT
server
sffe
age
292721
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
52714
x-xss-protection
0
expires
Sat, 22 Jan 2022 01:51:50 GMT
comment-iframe.g
www.blogger.com/ Frame 412C
Redirect Chain
  • https://www.blogger.com/comment-iframe.g?blogID=2842346396646589325&postID=6873918108970339916&skin=contempo&blogspotRpcToken=7029229
  • https://accounts.google.com/ServiceLogin?continue=https://www.blogger.com/comment-iframe.g?blogID%3D2842346396646589325%26postID%3D6873918108970339916%26skin%3Dcontempo%26blogspotRpcToken%3D7029229...
  • https://www.blogger.com/comment-iframe.g?blogID=2842346396646589325&postID=6873918108970339916&skin=contempo&blogspotRpcToken=7029229&bpli=1
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.blogger.com/comment-iframe.g?blogID=2842346396646589325&postID=6873918108970339916&skin=contempo&blogspotRpcToken=7029229&bpli=1
Requested by
Host: www.blogger.com
URL: https://www.blogger.com/static/v1/jsbin/3858658042-comment_from_post_iframe.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2009 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'self' *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com *.googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com https://www.youtube.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
www.blogger.com
:scheme
https
:path
/comment-iframe.g?blogID=2842346396646589325&postID=6873918108970339916&skin=contempo&blogspotRpcToken=7029229&bpli=1
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://austriaunicredit.blogspot.com/2021/01/blog-post.html
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
about:blank

Response headers

p3p
CP="This is not a P3P policy! See https://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
content-security-policy
script-src 'self' *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com *.googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com https://www.youtube.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
content-type
text/html; charset=UTF-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
expires
Mon, 01 Jan 1990 00:00:00 GMT
date
Mon, 25 Jan 2021 11:10:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
4703
server
GSE
set-cookie
S=blogger=7GkuivihQq79puFPyy8fiE4aLLeG3zaUmF5P98PQER0; Domain=.blogger.com; Path=/; Secure; HttpOnly; Priority=LOW; SameSite=none
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

content-type
text/html; charset=UTF-8
x-frame-options
DENY
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
expires
Mon, 01 Jan 1990 00:00:00 GMT
date
Mon, 25 Jan 2021 11:10:31 GMT
location
https://www.blogger.com/comment-iframe.g?blogID=2842346396646589325&postID=6873918108970339916&skin=contempo&blogspotRpcToken=7029229&bpli=1
strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
script-src 'report-sample' 'nonce-bz4X0yXKWsXvtmJlmu5ILQ' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
269
server
GSE
set-cookie
__Host-GAPS=1:MUkt8cNLOeu2i8JwfJX7O_U1aD0XeA:_NdYAMHEbKYqfQBC;Path=/;Expires=Wed, 25-Jan-2023 11:10:31 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
mspin_black_large.svg
www.blogblog.com/indie/ 		6 KB
995 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.blogblog.com/indie/mspin_black_large.svg
Requested by
Host: austriaunicredit.blogspot.com
URL: https://austriaunicredit.blogspot.com/2021/01/blog-post.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81e::2009 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1e2c209346d02318a063c7ea2513498881c35f1525114c9b969b573384f54baf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://austriaunicredit.blogspot.com/2021/01/blog-post.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 24 Jan 2021 18:13:59 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Sun, 24 Jan 2021 17:15:19 GMT
server
sffe
age
60992
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
public, max-age=604800
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
870
x-xss-protection
0
expires
Sun, 31 Jan 2021 18:13:59 GMT
blogger_logo_round_35.png
www.blogger.com/img/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.blogger.com/img/blogger_logo_round_35.png
Requested by
Host: austriaunicredit.blogspot.com
URL: https://austriaunicredit.blogspot.com/2021/01/blog-post.html
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2009 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
183923f8c8c3960dce8ad9722cf55a30d19b321b721741bd9e2ab6ae1f1ae72a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://austriaunicredit.blogspot.com/2021/01/blog-post.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 23 Jan 2021 06:30:27 GMT
x-content-type-options
nosniff
last-modified
Fri, 22 Jan 2021 15:19:13 GMT
server
sffe
age
189604
content-type
image/png
cache-control
public, max-age=604800
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2531
x-xss-protection
0
expires
Sat, 30 Jan 2021 06:30:27 GMT
authorization.css
www.blogger.com/dyn-css/ 		1 B
515 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.blogger.com/dyn-css/authorization.css?targetBlogID=2842346396646589325&zx=8cd0aaec-66f7-4945-9c79-54c362a757a8
Requested by
Host: austriaunicredit.blogspot.com
URL: https://austriaunicredit.blogspot.com/2021/01/blog-post.html
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2009 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
Security Headers
Name Value
Content-Security-Policy script-src 'self' *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com *.googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com https://www.youtube.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://austriaunicredit.blogspot.com/2021/01/blog-post.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
content-security-policy
script-src 'self' *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com *.googleapis.com uds.googleusercontent.com https://s.ytimg.com https://i18n-cloud.appspot.com https://www.youtube.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 25 Jan 2021 11:10:32 GMT
server
GSE
date
Mon, 25 Jan 2021 11:10:32 GMT
x-frame-options
SAMEORIGIN
p3p
CP="This is not a P3P policy! See https://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-type
text/css; charset=UTF-8
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
21
x-xss-protection
1; mode=block
expires
Mon, 01 Jan 1990 00:00:00 GMT
/
ordu.info/wp-includes/customize/076e1b1e975746304e7d4f26bd7d96e764d05cd9c33375af6847524e6b9adfc1a7e70d61094982e78510cfe4b232fd91/ 		0
333 B 		Document
General
Check archive.org
Download Go to
Full URL
https://ordu.info/wp-includes/customize/076e1b1e975746304e7d4f26bd7d96e764d05cd9c33375af6847524e6b9adfc1a7e70d61094982e78510cfe4b232fd91/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
217.160.0.123 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
217-160-0-123.elastic-ssl.ui-r.com
Software
Apache / PHP/7.4.14
Resource Hash

Request headers

:method
GET
:authority
ordu.info
:scheme
https
:path
/wp-includes/customize/076e1b1e975746304e7d4f26bd7d96e764d05cd9c33375af6847524e6b9adfc1a7e70d61094982e78510cfe4b232fd91/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
document
referer
https://austriaunicredit.blogspot.com/2021/01/blog-post.html
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://austriaunicredit.blogspot.com/2021/01/blog-post.html

Response headers

content-type
text/html; charset=UTF-8
date
Mon, 25 Jan 2021 11:10:32 GMT
server
Apache
x-powered-by
PHP/7.4.14
expires
Thu, 19 Nov 1981 08:52:00 GMT
cache-control
no-store, no-cache, must-revalidate
pragma
no-cache
refresh
0
set-cookie
PHPSESSID=b46647e6b86baeb2b8975c75c63ea311; path=/ visited=yes; expires=Mon, 25-Jan-2021 12:10:32 GMT; Max-Age=3600
content-encoding
gzip
Primary Request /
ordu.info/wp-includes/customize/076e1b1e975746304e7d4f26bd7d96e764d05cd9c33375af6847524e6b9adfc1a7e70d61094982e78510cfe4b232fd91/ 		43 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ordu.info/wp-includes/customize/076e1b1e975746304e7d4f26bd7d96e764d05cd9c33375af6847524e6b9adfc1a7e70d61094982e78510cfe4b232fd91/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
217.160.0.123 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
217-160-0-123.elastic-ssl.ui-r.com
Software
Apache / PHP/7.4.14
Resource Hash
93d5521728f58ee6c0ecfb2b2fc449de94b01d9376c7e9d31adc6d2e3ecc5d6a

Request headers

:method
GET
:authority
ordu.info
:scheme
https
:path
/wp-includes/customize/076e1b1e975746304e7d4f26bd7d96e764d05cd9c33375af6847524e6b9adfc1a7e70d61094982e78510cfe4b232fd91/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
same-origin
sec-fetch-mode
navigate
sec-fetch-dest
document
referer
https://ordu.info/wp-includes/customize/076e1b1e975746304e7d4f26bd7d96e764d05cd9c33375af6847524e6b9adfc1a7e70d61094982e78510cfe4b232fd91/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
visited=yes; PHPSESSID=b46647e6b86baeb2b8975c75c63ea311
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://ordu.info/wp-includes/customize/076e1b1e975746304e7d4f26bd7d96e764d05cd9c33375af6847524e6b9adfc1a7e70d61094982e78510cfe4b232fd91/

Response headers

content-type
text/html; charset=UTF-8
date
Mon, 25 Jan 2021 11:10:32 GMT
server
Apache
x-powered-by
PHP/7.4.14
expires
Thu, 19 Nov 1981 08:52:00 GMT
cache-control
no-store, no-cache, must-revalidate
pragma
no-cache
set-cookie
visited=yes; expires=Mon, 25-Jan-2021 12:10:32 GMT; Max-Age=3600
content-encoding
gzip
head_at_login.js
at-assets.ucgstatic.eu/etc/designs/gimb/clientlibs/ 		1 MB
281 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://at-assets.ucgstatic.eu/etc/designs/gimb/clientlibs/head_at_login.js
Requested by
Host: ordu.info
URL: https://ordu.info/wp-includes/customize/076e1b1e975746304e7d4f26bd7d96e764d05cd9c33375af6847524e6b9adfc1a7e70d61094982e78510cfe4b232fd91/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
80.84.98.66 Milan, Italy, ASN12428 (UNICREDIT-AS-MI-, IT),
Reverse DNS
Software
/
Resource Hash
76640a7e083e1d5ccb55e15341b3f79a9ad6466c4e4c4eab3be0e3ead5ac3f5f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 25 Jan 2021 11:10:32 GMT
Content-Encoding
gzip
Vary
Accept-Encoding
ETag
"123748"
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubdomains; preload
Content-Type
application/x-javascript
VTS-H3
GP RM AS
Cache-Control
max-age=2592000
Transfer-Encoding
chunked
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=89
X-XSS-Protection
1; mode=block
Expires
Wed, 24 Feb 2021 11:10:32 GMT
head_at_login.css
at-assets.ucgstatic.eu/etc/designs/gimb/clientlibs/ 		1 MB
343 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://at-assets.ucgstatic.eu/etc/designs/gimb/clientlibs/head_at_login.css
Requested by
Host: ordu.info
URL: https://ordu.info/wp-includes/customize/076e1b1e975746304e7d4f26bd7d96e764d05cd9c33375af6847524e6b9adfc1a7e70d61094982e78510cfe4b232fd91/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
80.84.98.66 Milan, Italy, ASN12428 (UNICREDIT-AS-MI-, IT),
Reverse DNS
Software
/
Resource Hash
c91d9e35863085bfd55bdf57a8fb44cf6c55dcfbedc259acab6bf1f1bc68a7e4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 25 Jan 2021 11:10:32 GMT
Content-Encoding
gzip
Vary
Accept-Encoding
ETag
"12e346"
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubdomains; preload
Content-Type
text/css
VTS-H3
GP RM AS
Cache-Control
max-age=2592000
Transfer-Encoding
chunked
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=30
X-XSS-Protection
1; mode=block
Expires
Wed, 24 Feb 2021 11:10:32 GMT
BAMofUC-logo-flat.svg
at-assets.ucgstatic.eu/content/dam/gimb/at/Common%20area/ 		9 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://at-assets.ucgstatic.eu/content/dam/gimb/at/Common%20area/BAMofUC-logo-flat.svg
Requested by
Host: ordu.info
URL: https://ordu.info/wp-includes/customize/076e1b1e975746304e7d4f26bd7d96e764d05cd9c33375af6847524e6b9adfc1a7e70d61094982e78510cfe4b232fd91/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
80.84.98.66 Milan, Italy, ASN12428 (UNICREDIT-AS-MI-, IT),
Reverse DNS
Software
/
Resource Hash
208b4feaf8e35d6c6cc15eb83133d392297a0723562bc07d584d17bbea505514
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 25 Jan 2021 11:10:33 GMT
Strict-Transport-Security
max-age=31536000; includeSubdomains; preload
Last-Modified
Thu, 07 Jan 2021 10:19:07 GMT
ETag
"243b-5b84cc514f536"
X-Frame-Options
SAMEORIGIN
Content-Type
image/svg+xml
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=85
Content-Length
9275
X-XSS-Protection
1; mode=block
login-common.min.160120181900.css
at-assets.ucgstatic.eu/etc/designs/gimb/functions/EP5-PSA-LOGIN/at/css/ 		284 B
846 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://at-assets.ucgstatic.eu/etc/designs/gimb/functions/EP5-PSA-LOGIN/at/css/login-common.min.160120181900.css
Requested by
Host: ordu.info
URL: https://ordu.info/wp-includes/customize/076e1b1e975746304e7d4f26bd7d96e764d05cd9c33375af6847524e6b9adfc1a7e70d61094982e78510cfe4b232fd91/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
80.84.98.66 Milan, Italy, ASN12428 (UNICREDIT-AS-MI-, IT),
Reverse DNS
Software
/
Resource Hash
f1f25ad9f8e560d4435186484b1f6a64984cfe527a7edc0ce221539cd08adb50
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 25 Jan 2021 11:10:33 GMT
Content-Encoding
gzip
Vary
Accept-Encoding
ETag
"11c"
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubdomains; preload
Content-Type
text/css
VTS-H3
GP RM AS
Cache-Control
max-age=2592000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Content-Length
226
X-XSS-Protection
1; mode=block
Expires
Wed, 24 Feb 2021 11:10:33 GMT
login.min.160120181900.css
at-assets.ucgstatic.eu/etc/designs/gimb/functions/EP5-PSA-LOGIN/at/css/ 		10 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://at-assets.ucgstatic.eu/etc/designs/gimb/functions/EP5-PSA-LOGIN/at/css/login.min.160120181900.css
Requested by
Host: ordu.info
URL: https://ordu.info/wp-includes/customize/076e1b1e975746304e7d4f26bd7d96e764d05cd9c33375af6847524e6b9adfc1a7e70d61094982e78510cfe4b232fd91/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
80.84.98.66 Milan, Italy, ASN12428 (UNICREDIT-AS-MI-, IT),
Reverse DNS
Software
/
Resource Hash
52233e04b02bc65a0829b831984a21aa78be101de2d33e837435890c6239a952
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 25 Jan 2021 11:10:33 GMT
Content-Encoding
gzip
Vary
Accept-Encoding
ETag
"279d"
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubdomains; preload
Content-Type
text/css
VTS-H3
GP RM AS
Cache-Control
max-age=2592000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Content-Length
2458
X-XSS-Protection
1; mode=block
Expires
Wed, 24 Feb 2021 11:10:33 GMT
dkStep.min.160120181900.css
at-assets.ucgstatic.eu/etc/designs/gimb/functions/EP5-PSA-LOGIN/at/css/dkLibs/ 		2 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://at-assets.ucgstatic.eu/etc/designs/gimb/functions/EP5-PSA-LOGIN/at/css/dkLibs/dkStep.min.160120181900.css
Requested by
Host: ordu.info
URL: https://ordu.info/wp-includes/customize/076e1b1e975746304e7d4f26bd7d96e764d05cd9c33375af6847524e6b9adfc1a7e70d61094982e78510cfe4b232fd91/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
80.84.98.66 Milan, Italy, ASN12428 (UNICREDIT-AS-MI-, IT),
Reverse DNS
Software
/
Resource Hash
1e3ee0e0a80fa4ee97e7dfc365a431d2f83ef471193e7460d76dd27357f9e55b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 25 Jan 2021 11:10:33 GMT
Content-Encoding
gzip
Vary
Accept-Encoding
ETag
"75b"
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubdomains; preload
Content-Type
text/css
VTS-H3
GP RM AS
Cache-Control
max-age=2592000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=83
Content-Length
539
X-XSS-Protection
1; mode=block
Expires
Wed, 24 Feb 2021 11:10:33 GMT
dkBase.min.160120181900.js
at-assets.ucgstatic.eu/etc/designs/gimb/functions/EP5-PSA-LOGIN/at/js/dkLibs/ 		99 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://at-assets.ucgstatic.eu/etc/designs/gimb/functions/EP5-PSA-LOGIN/at/js/dkLibs/dkBase.min.160120181900.js
Requested by
Host: ordu.info
URL: https://ordu.info/wp-includes/customize/076e1b1e975746304e7d4f26bd7d96e764d05cd9c33375af6847524e6b9adfc1a7e70d61094982e78510cfe4b232fd91/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
80.84.98.66 Milan, Italy, ASN12428 (UNICREDIT-AS-MI-, IT),
Reverse DNS
Software
/
Resource Hash
d462f8651ada519cae1b742431ecc965f31b9e09e82f085cd370a5eaad59002b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 25 Jan 2021 11:10:33 GMT
Content-Encoding
gzip
Vary
Accept-Encoding
ETag
"18b21"
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubdomains; preload
Content-Type
application/x-javascript
VTS-H3
GP RM AS
Cache-Control
max-age=2592000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=52
Content-Length
27702
X-XSS-Protection
1; mode=block
Expires
Wed, 24 Feb 2021 11:10:33 GMT
login.js.faces
ordu.info/EP5-PSA-LOGIN/javax.faces.resource/js/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://ordu.info/EP5-PSA-LOGIN/javax.faces.resource/js/login.js.faces?ln=multicountry&v=1.0
Requested by
Host: ordu.info
URL: https://ordu.info/wp-includes/customize/076e1b1e975746304e7d4f26bd7d96e764d05cd9c33375af6847524e6b9adfc1a7e70d61094982e78510cfe4b232fd91/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
217.160.0.123 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE),
Reverse DNS
217-160-0-123.elastic-ssl.ui-r.com
Software
Apache / PHP/7.4.14
Resource Hash

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-tec-api-version
v1
date
Mon, 25 Jan 2021 11:10:33 GMT
x-tec-api-origin
https://ordu.info
x-tec-api-root
https://ordu.info/wp-json/tribe/events/v1/
server
Apache
x-powered-by
PHP/7.4.14
content-type
text/html; charset=UTF-8
cache-control
no-cache, must-revalidate, max-age=0
content-encoding
gzip
link
<https://ordu.info/wp-json/>; rel="https://api.w.org/"
expires
Wed, 11 Jan 1984 05:00:00 GMT
managelanguage.min.160120181900.css
at-assets.ucgstatic.eu/etc/designs/gimb/functions/EP5-PSA-MANAGELANGUAGE/css/ 		3 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://at-assets.ucgstatic.eu/etc/designs/gimb/functions/EP5-PSA-MANAGELANGUAGE/css/managelanguage.min.160120181900.css
Requested by
Host: ordu.info
URL: https://ordu.info/wp-includes/customize/076e1b1e975746304e7d4f26bd7d96e764d05cd9c33375af6847524e6b9adfc1a7e70d61094982e78510cfe4b232fd91/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
80.84.98.66 Milan, Italy, ASN12428 (UNICREDIT-AS-MI-, IT),
Reverse DNS
Software
/
Resource Hash
a3dd9710fe95bc29d47926850d50692442a6843fb9458a4769794c799ef05a57
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 25 Jan 2021 11:10:33 GMT
Content-Encoding
gzip
Vary
Accept-Encoding
ETag
"b68"
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubdomains; preload
Content-Type
text/css
VTS-H3
GP RM AS
Cache-Control
max-age=2592000
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=63
Content-Length
843
X-XSS-Protection
1; mode=block
Expires
Wed, 24 Feb 2021 11:10:33 GMT
1548766786234.png
at-assets.ucgstatic.eu/content/gimb_at/de/login/login/_jcr_content/footer/img1.img.png/ 		642 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://at-assets.ucgstatic.eu/content/gimb_at/de/login/login/_jcr_content/footer/img1.img.png/1548766786234.png
Requested by
Host: ordu.info
URL: https://ordu.info/wp-includes/customize/076e1b1e975746304e7d4f26bd7d96e764d05cd9c33375af6847524e6b9adfc1a7e70d61094982e78510cfe4b232fd91/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
80.84.98.66 Milan, Italy, ASN12428 (UNICREDIT-AS-MI-, IT),
Reverse DNS
Software
/
Resource Hash
f6a7fe1701c494d326f91474b7c2e5fb3df70e06f194fd0259a1ec2d596b3ab3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 25 Jan 2021 11:10:33 GMT
ETag
"282"
X-Frame-Options
SAMEORIGIN
Connection
Keep-Alive
Content-Type
image/png
X-XSS-Protection
1; mode=block
Cache-Control
max-age=2592000
Strict-Transport-Security
max-age=31536000; includeSubdomains; preload
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=20
Content-Length
642
VTS-H2
FP FD FR
Expires
Wed, 24 Feb 2021 11:10:33 GMT
1548766786234.png
at-assets.ucgstatic.eu/content/gimb_at/de/login/login/_jcr_content/footer/img4.img.png/ 		618 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://at-assets.ucgstatic.eu/content/gimb_at/de/login/login/_jcr_content/footer/img4.img.png/1548766786234.png
Requested by
Host: ordu.info
URL: https://ordu.info/wp-includes/customize/076e1b1e975746304e7d4f26bd7d96e764d05cd9c33375af6847524e6b9adfc1a7e70d61094982e78510cfe4b232fd91/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
80.84.98.66 Milan, Italy, ASN12428 (UNICREDIT-AS-MI-, IT),
Reverse DNS
Software
/
Resource Hash
2da0c47f226b01671a0d983f484796dba219e7954f0b6a54131961badf3f5fec
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 25 Jan 2021 11:10:33 GMT
ETag
"26a"
X-Frame-Options
SAMEORIGIN
Connection
Keep-Alive
Content-Type
image/png
X-XSS-Protection
1; mode=block
Cache-Control
max-age=2592000
Strict-Transport-Security
max-age=31536000; includeSubdomains; preload
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=72
Content-Length
618
VTS-H2
FP FD FR
Expires
Wed, 24 Feb 2021 11:10:33 GMT
1548766786234.png
at-assets.ucgstatic.eu/content/gimb_at/de/login/login/_jcr_content/footer/img5.img.png/ 		611 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://at-assets.ucgstatic.eu/content/gimb_at/de/login/login/_jcr_content/footer/img5.img.png/1548766786234.png
Requested by
Host: ordu.info
URL: https://ordu.info/wp-includes/customize/076e1b1e975746304e7d4f26bd7d96e764d05cd9c33375af6847524e6b9adfc1a7e70d61094982e78510cfe4b232fd91/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
80.84.98.66 Milan, Italy, ASN12428 (UNICREDIT-AS-MI-, IT),
Reverse DNS
Software
/
Resource Hash
0199fe56946047083e3626f0cdd15895ffcbbdf8ff1babaaf088ce7059cc8a92
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 25 Jan 2021 11:10:33 GMT
ETag
"263"
X-Frame-Options
SAMEORIGIN
Connection
Keep-Alive
Content-Type
image/png
X-XSS-Protection
1; mode=block
Cache-Control
max-age=2592000
Strict-Transport-Security
max-age=31536000; includeSubdomains; preload
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=97
Content-Length
611
VTS-H2
FP FD FR
Expires
Wed, 24 Feb 2021 11:10:33 GMT
sprite-common.png
at-assets.ucgstatic.eu/etc/designs/gimb/img/ 		22 KB
23 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://at-assets.ucgstatic.eu/etc/designs/gimb/img/sprite-common.png
Requested by
Host: at-assets.ucgstatic.eu
URL: https://at-assets.ucgstatic.eu/etc/designs/gimb/clientlibs/head_at_login.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
80.84.98.66 Milan, Italy, ASN12428 (UNICREDIT-AS-MI-, IT),
Reverse DNS
Software
/
Resource Hash
9ba28c18fb75f3a6fcee96df6421c475570a4161b0c59637b878d7b4520169c3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://at-assets.ucgstatic.eu/etc/designs/gimb/clientlibs/head_at_login.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 25 Jan 2021 11:10:34 GMT
ETag
"58ad"
X-Frame-Options
SAMEORIGIN
Connection
Keep-Alive
Content-Type
image/png
X-XSS-Protection
1; mode=block
Cache-Control
max-age=2592000
Strict-Transport-Security
max-age=31536000; includeSubdomains; preload
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=97
Content-Length
22701
VTS-H2
FP FD FR
Expires
Wed, 24 Feb 2021 11:10:34 GMT
IconWerk2-mono-v05.woff
at-assets.ucgstatic.eu/etc/designs/gimb/fonts/ 		14 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://at-assets.ucgstatic.eu/etc/designs/gimb/fonts/IconWerk2-mono-v05.woff
Requested by
Host: at-assets.ucgstatic.eu
URL: https://at-assets.ucgstatic.eu/etc/designs/gimb/clientlibs/head_at_login.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
80.84.98.66 Milan, Italy, ASN12428 (UNICREDIT-AS-MI-, IT),
Reverse DNS
Software
/
Resource Hash
18b1c0abd01d9dd86722431ca611b9e4aa23025948fa2c9a39efd20de667f2c6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Origin
https://ordu.info
Referer
https://at-assets.ucgstatic.eu/etc/designs/gimb/clientlibs/head_at_login.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 25 Jan 2021 11:10:34 GMT
Strict-Transport-Security
max-age=31536000; includeSubdomains; preload
VTS-H4
GN LM
ETag
"3844"
X-Frame-Options
SAMEORIGIN
Access-Control-Allow-Origin
*
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=58
Content-Length
14404
X-XSS-Protection
1; mode=block
unicredit-regular.otf
at-assets.ucgstatic.eu/etc/designs/gimb/fonts/ 		98 KB
98 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://at-assets.ucgstatic.eu/etc/designs/gimb/fonts/unicredit-regular.otf
Requested by
Host: at-assets.ucgstatic.eu
URL: https://at-assets.ucgstatic.eu/etc/designs/gimb/clientlibs/head_at_login.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
80.84.98.66 Milan, Italy, ASN12428 (UNICREDIT-AS-MI-, IT),
Reverse DNS
Software
/
Resource Hash
fb3eee259238bb8f097a10f92ad30df49fe02fa3889ee4ee64407514840383a5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Origin
https://ordu.info
Referer
https://at-assets.ucgstatic.eu/etc/designs/gimb/clientlibs/head_at_login.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 25 Jan 2021 11:10:34 GMT
Strict-Transport-Security
max-age=31536000; includeSubdomains; preload
VTS-H4
GN LM
ETag
"186c0"
X-Frame-Options
SAMEORIGIN
Access-Control-Allow-Origin
*
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=90
Content-Length
100032
X-XSS-Protection
1; mode=block
unicredit-medium.otf
at-assets.ucgstatic.eu/etc/designs/gimb/fonts/ 		114 KB
115 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://at-assets.ucgstatic.eu/etc/designs/gimb/fonts/unicredit-medium.otf
Requested by
Host: at-assets.ucgstatic.eu
URL: https://at-assets.ucgstatic.eu/etc/designs/gimb/clientlibs/head_at_login.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
80.84.98.66 Milan, Italy, ASN12428 (UNICREDIT-AS-MI-, IT),
Reverse DNS
Software
/
Resource Hash
2ad850adfd4c44eca0fb84badbd18222af65c98d9086d5175b22d3b02f1fe67c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Origin
https://ordu.info
Referer
https://at-assets.ucgstatic.eu/etc/designs/gimb/clientlibs/head_at_login.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 25 Jan 2021 11:10:34 GMT
Strict-Transport-Security
max-age=31536000; includeSubdomains; preload
VTS-H4
GN LM
ETag
"1c9fc"
X-Frame-Options
SAMEORIGIN
Access-Control-Allow-Origin
*
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=69
Content-Length
117244
X-XSS-Protection
1; mode=block
unicredit-light.otf
at-assets.ucgstatic.eu/etc/designs/gimb/fonts/ 		102 KB
103 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://at-assets.ucgstatic.eu/etc/designs/gimb/fonts/unicredit-light.otf
Requested by
Host: at-assets.ucgstatic.eu
URL: https://at-assets.ucgstatic.eu/etc/designs/gimb/clientlibs/head_at_login.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
80.84.98.66 Milan, Italy, ASN12428 (UNICREDIT-AS-MI-, IT),
Reverse DNS
Software
/
Resource Hash
d91ea6df371995153328efe12017133994e9e25881f620ee00942462251cfeaa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Origin
https://ordu.info
Referer
https://at-assets.ucgstatic.eu/etc/designs/gimb/clientlibs/head_at_login.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 25 Jan 2021 11:10:35 GMT
Strict-Transport-Security
max-age=31536000; includeSubdomains; preload
VTS-H4
GN LM
ETag
"19930"
X-Frame-Options
SAMEORIGIN
Access-Control-Allow-Origin
*
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=57
Content-Length
104752
X-XSS-Protection
1; mode=block
ico-infologin.png
at-assets.ucgstatic.eu/etc/designs/gimb/img/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://at-assets.ucgstatic.eu/etc/designs/gimb/img/ico-infologin.png
Requested by
Host: at-assets.ucgstatic.eu
URL: https://at-assets.ucgstatic.eu/etc/designs/gimb/clientlibs/head_at_login.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
80.84.98.66 Milan, Italy, ASN12428 (UNICREDIT-AS-MI-, IT),
Reverse DNS
Software
/
Resource Hash
e41c557c2dcc8f98c3bb29c83a23b4cf79b4606e9fe6e692331e128ccecc51f6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://at-assets.ucgstatic.eu/etc/designs/gimb/clientlibs/head_at_login.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 25 Jan 2021 11:10:35 GMT
ETag
"647"
X-Frame-Options
SAMEORIGIN
Connection
Keep-Alive
Content-Type
image/png
X-XSS-Protection
1; mode=block
Cache-Control
max-age=2592000
Strict-Transport-Security
max-age=31536000; includeSubdomains; preload
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=96
Content-Length
1607
VTS-H2
FP FD FR
Expires
Wed, 24 Feb 2021 11:10:35 GMT
sprite-lang-at.png
at-assets.ucgstatic.eu/etc/designs/gimb/functions/EP5-PSA-MANAGELANGUAGE/css/img/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://at-assets.ucgstatic.eu/etc/designs/gimb/functions/EP5-PSA-MANAGELANGUAGE/css/img/sprite-lang-at.png
Requested by
Host: at-assets.ucgstatic.eu
URL: https://at-assets.ucgstatic.eu/etc/designs/gimb/functions/EP5-PSA-MANAGELANGUAGE/css/managelanguage.min.160120181900.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
80.84.98.66 Milan, Italy, ASN12428 (UNICREDIT-AS-MI-, IT),
Reverse DNS
Software
/
Resource Hash
14fcf0f22a5e48daed3bf981ac816103c8c68bfbd16ab8bbd5c38352d702c4d9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://at-assets.ucgstatic.eu/etc/designs/gimb/functions/EP5-PSA-MANAGELANGUAGE/css/managelanguage.min.160120181900.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 25 Jan 2021 11:10:35 GMT
ETag
"834"
X-Frame-Options
SAMEORIGIN
Connection
Keep-Alive
Content-Type
image/png
X-XSS-Protection
1; mode=block
Cache-Control
max-age=2592000
Strict-Transport-Security
max-age=31536000; includeSubdomains; preload
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=76
Content-Length
2100
VTS-H2
FP FD FR
Expires
Wed, 24 Feb 2021 11:10:35 GMT
sprite-lang-en.png
at-assets.ucgstatic.eu/etc/designs/gimb/functions/EP5-PSA-MANAGELANGUAGE/css/img/ 		5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://at-assets.ucgstatic.eu/etc/designs/gimb/functions/EP5-PSA-MANAGELANGUAGE/css/img/sprite-lang-en.png
Requested by
Host: at-assets.ucgstatic.eu
URL: https://at-assets.ucgstatic.eu/etc/designs/gimb/functions/EP5-PSA-MANAGELANGUAGE/css/managelanguage.min.160120181900.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
80.84.98.66 Milan, Italy, ASN12428 (UNICREDIT-AS-MI-, IT),
Reverse DNS
Software
/
Resource Hash
e556970daffaaa792d747bc5a7ed2d7d256913abddc89c37ab259e786873e4af
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://at-assets.ucgstatic.eu/etc/designs/gimb/functions/EP5-PSA-MANAGELANGUAGE/css/managelanguage.min.160120181900.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 25 Jan 2021 11:10:35 GMT
ETag
"145a"
X-Frame-Options
SAMEORIGIN
Connection
Keep-Alive
Content-Type
image/png
X-XSS-Protection
1; mode=block
Cache-Control
max-age=2592000
Strict-Transport-Security
max-age=31536000; includeSubdomains; preload
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=83
Content-Length
5210
VTS-H2
FP FD FR
Expires
Wed, 24 Feb 2021 11:10:35 GMT
1571928623060.png
at-assets.ucgstatic.eu/content/gimb_at/de/login/login/jcr:content/content_parsys/bordercontainer/wcm/verticalbanner/img.img.png/ 		1 MB
1 MB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://at-assets.ucgstatic.eu/content/gimb_at/de/login/login/jcr:content/content_parsys/bordercontainer/wcm/verticalbanner/img.img.png/1571928623060.png
Requested by
Host: ordu.info
URL: https://ordu.info/wp-includes/customize/076e1b1e975746304e7d4f26bd7d96e764d05cd9c33375af6847524e6b9adfc1a7e70d61094982e78510cfe4b232fd91/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
80.84.98.66 Milan, Italy, ASN12428 (UNICREDIT-AS-MI-, IT),
Reverse DNS
Software
/
Resource Hash
e052b28e2b5776c248dd1ac3c3f5bb757f1e25c6cad5158cd7a3723bea8d36b8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 25 Jan 2021 11:10:35 GMT
ETag
"10c89a"
X-Frame-Options
SAMEORIGIN
Connection
Keep-Alive
Content-Type
image/png
X-XSS-Protection
1; mode=block
Cache-Control
max-age=2592000
Strict-Transport-Security
max-age=31536000; includeSubdomains; preload
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
1099930
VTS-H2
FP FD FR
Expires
Wed, 24 Feb 2021 11:10:35 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Unicredit (Banking)

38 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated function| $ function| jQuery function| PF object| PrimeFaces function| Class object| atmosphere object| jQuery112408612832477636876 function| goToPageWithLoader function| openModalWithLoader function| goToPageModalInjectWithLoaderCloseAppModal function| closeOverlayPopup function| closeOverlayPopupAndRedirect function| closeOverlayPopupAndRedirectOnEvent function| showOverlayPopup undefined| displayJSFAjaxLoadingDivTimeout function| displayJSFAjaxLoadingDiv function| timeoutShowDiv function| hideJSFAjaxLoadingDiv function| findNearestLoader function| findNearestLoaderFast function| smartFindParent function| listenGimbModalCloseEvent function| closeGimbModal function| dynaTraceGIMBSCA object| myfaces object| jsf function| updateLogin function| hidelanguagesportlet function| unhidelanguagesportlet

2 Cookies

Domain/Path Name / Value
ordu.info/ Name: PHPSESSID
Value: b46647e6b86baeb2b8975c75c63ea311
ordu.info/wp-includes/customize/076e1b1e975746304e7d4f26bd7d96e764d05cd9c33375af6847524e6b9adfc1a7e70d61094982e78510cfe4b232fd91 Name: visited
Value: yes

2 Console Messages

Source Level URL
Text
console-api log URL: https://ordu.info/wp-includes/customize/076e1b1e975746304e7d4f26bd7d96e764d05cd9c33375af6847524e6b9adfc1a7e70d61094982e78510cfe4b232fd91/(Line 283)
Message:
#LOGIN Prima di aggangiare evento on click
console-api log URL: https://ordu.info/wp-includes/customize/076e1b1e975746304e7d4f26bd7d96e764d05cd9c33375af6847524e6b9adfc1a7e70d61094982e78510cfe4b232fd91/(Line 287)
Message:
#LOGIN Dopo aver agganciato evento on click

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy upgrade-insecure-requests
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

2.bp.blogspot.com
accounts.google.com
at-assets.ucgstatic.eu
austriaunicredit.blogspot.com
fonts.gstatic.com
ordu.info
resources.blogblog.com
themes.googleusercontent.com
www.blogblog.com
www.blogger.com
www.gstatic.com
217.160.0.123
2a00:1450:4001:800::2001
2a00:1450:4001:801::2003
2a00:1450:4001:801::200d
2a00:1450:4001:809::2009
2a00:1450:4001:81c::2003
2a00:1450:4001:81e::2009
2a00:1450:4001:825::2001
80.84.98.66
0199fe56946047083e3626f0cdd15895ffcbbdf8ff1babaaf088ce7059cc8a92
01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
068ffe90977f2b5b2dc2ef18572166e85281bd0ecb31c4902464b23db54d2568
14fcf0f22a5e48daed3bf981ac816103c8c68bfbd16ab8bbd5c38352d702c4d9
183923f8c8c3960dce8ad9722cf55a30d19b321b721741bd9e2ab6ae1f1ae72a
18b1c0abd01d9dd86722431ca611b9e4aa23025948fa2c9a39efd20de667f2c6
1e2c209346d02318a063c7ea2513498881c35f1525114c9b969b573384f54baf
1e3ee0e0a80fa4ee97e7dfc365a431d2f83ef471193e7460d76dd27357f9e55b
208b4feaf8e35d6c6cc15eb83133d392297a0723562bc07d584d17bbea505514
2ad850adfd4c44eca0fb84badbd18222af65c98d9086d5175b22d3b02f1fe67c
2bd1119dcfac52b252e0a667c58e9096cea4693f1b5bc9eff0bb0ceabd971efe
2da0c47f226b01671a0d983f484796dba219e7954f0b6a54131961badf3f5fec
3da6e6036c0e8038d39049563bec9d4c35a53905afcffe084241f144a0b8c107
48c3fa6f86c54f1d9bb519220713d4b0a1f8cd1a589a3c03b9fa82e98ecb13e3
52233e04b02bc65a0829b831984a21aa78be101de2d33e837435890c6239a952
63ff7e44c7058792fa8dd0f392fc79d9ea06f3002d26121e52259c9e760cee67
6a5482e0dc4e77a6be20281b13d7ef4d8b67521e73b66bc633ea4e4242934be9
73d16aca9b019e42dd2de3a10e5049b5606268ce0d8e3a167b05b37acb9b0e9c
76640a7e083e1d5ccb55e15341b3f79a9ad6466c4e4c4eab3be0e3ead5ac3f5f
93d5521728f58ee6c0ecfb2b2fc449de94b01d9376c7e9d31adc6d2e3ecc5d6a
9ba28c18fb75f3a6fcee96df6421c475570a4161b0c59637b878d7b4520169c3
a00d3cabd4a8dbdbd2e992e238d11ec889fb3cc7751d9bc271f063a17ec8bf7d
a09131f2885086eb3dea6a379c43e58c88e683b99fb7cf9cefde399dfd68d0ff
a3dd9710fe95bc29d47926850d50692442a6843fb9458a4769794c799ef05a57
b4d07892cde715d50bb69c1982df496385d1dfd8f9d1867c31f19a3c8634cfae
c5abd9d055ba66552dc1485998e528024dc24215b9e0a1260d4e814382f6da23
c91d9e35863085bfd55bdf57a8fb44cf6c55dcfbedc259acab6bf1f1bc68a7e4
d462f8651ada519cae1b742431ecc965f31b9e09e82f085cd370a5eaad59002b
d91ea6df371995153328efe12017133994e9e25881f620ee00942462251cfeaa
e052b28e2b5776c248dd1ac3c3f5bb757f1e25c6cad5158cd7a3723bea8d36b8
e41c557c2dcc8f98c3bb29c83a23b4cf79b4606e9fe6e692331e128ccecc51f6
e556970daffaaa792d747bc5a7ed2d7d256913abddc89c37ab259e786873e4af
f1f25ad9f8e560d4435186484b1f6a64984cfe527a7edc0ce221539cd08adb50
f6a7fe1701c494d326f91474b7c2e5fb3df70e06f194fd0259a1ec2d596b3ab3
fb3eee259238bb8f097a10f92ad30df49fe02fa3889ee4ee64407514840383a5