a-lngreso.top Open in urlscan Pro
2a06:98c1:3121::3 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://sis-aqui.top/
Effective URL:
https://a-lngreso.top/enl1nea-enbntrab/login.php
Submission: On April 30 via manual (April 30th 2024, 10:44:30 pm UTC) from GT — Scanned from DE

Summary HTTP 18 Redirects Behaviour Indicators

Similar DOM Content API

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 18 HTTP transactions. The main IP is 2a06:98c1:3121::3, located in United States and belongs to CLOUDFLARENET, US. The main domain is a-lngreso.top.
TLS certificate: Issued by GTS CA 1P5 on April 16th 2024. Valid for: 3 months.

This is the only time a-lngreso.top was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: BANTRAB (Banking)

Domain & IP information

	IP Address		AS Autonomous System
2	2606:4700:303... 2606:4700:3032::ac43:8c0d		13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 17	2a06:98c1:312... 2a06:98c1:3121::3		13335 (CLOUDFLAR...) (CLOUDFLARENET)
18	2

2 2606:4700:3032::ac43:8c0d (United States)

ASN13335 (CLOUDFLARENET, US)

sis-aqui.top	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 2a06:98c1:3121::3 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

a-lngreso.top	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
17	a-lngreso.top 1 redirects a-lngreso.top	232 KB
2	sis-aqui.top sis-aqui.top	1 KB
18	2

	Domain	Requested by
17	a-lngreso.top	1 redirects a-lngreso.top
2	sis-aqui.top
18	2

This site contains no links.

Subject Issuer	Validity	Valid
sis-aqui.top GTS CA 1P5	`2024-04-24` - `2024-07-23`	3 months	crt.sh
a-lngreso.top GTS CA 1P5	`2024-04-16` - `2024-07-15`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://a-lngreso.top/enl1nea-enbntrab/login.php
Frame ID: B78CB38F88280B83EBF2926E842F318A
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

e-Banking

Page URL History Show full URLs

http://sis-aqui.top/ HTTP 307
https://sis-aqui.top/ Page URL
https://a-lngreso.top/enl1nea-enbntrab/ HTTP 302
https://a-lngreso.top/enl1nea-enbntrab/login.php Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

jqPlot (JavaScript Graphics) Expand

Overall confidence: 100%
Detected patterns

jqplot.*\.js

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Less (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

<link[^>]+ rel="stylesheet/less"

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

18
Requests

100 %
HTTPS

100 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

233 kB
Transfer

543 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://sis-aqui.top/ HTTP 307
https://sis-aqui.top/ Page URL
https://a-lngreso.top/enl1nea-enbntrab/ HTTP 302
https://a-lngreso.top/enl1nea-enbntrab/login.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://sis-aqui.top/ HTTP 307
https://sis-aqui.top/

18 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H3	200	/ Show response sis-aqui.top/ Redirect Chain http://sis-aqui.top/ https://sis-aqui.top/	84 B 537 B	163ms 38ms	Document text/html	2606:4700:3032::ac43:8c0d CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://sis-aqui.top/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3032::ac43:8c0d , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `f9381c9f6ea15359bb8504713ce539121432c034c8cdbca1b8d2a3be350e9856` Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Response headers alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 87cb0e702a195c3e-FRA content-encoding br content-type text/html; charset=UTF-8 date Tue, 30 Apr 2024 22:44:26 GMT last-modified Tue, 30 Apr 2024 22:07:09 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SOJCLKPxoxq%2BqdRThj0mJaogMmT7sV2cVV5%2BhviCiO1Dbq9GbLNS9s%2FsOqLahkNa15vMF%2FuxXpDprzcLfI6ttnTA4nPabnSajq3m6fwTQXwfPUYcBfdDdaGW5XmPgg0EioORGm0mCpeilI0%3D"}],"group":"cf-nel","max_age":604800} server cloudflare Redirect headers Location https://sis-aqui.top/ Non-Authoritative-Reason HttpsUpgrades
GET H3	404	favicon.ico sis-aqui.top/	209 B 598 B	36ms 36ms	Other text/html	2606:4700:3032::ac43:8c0d CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://sis-aqui.top/favicon.ico Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3032::ac43:8c0d , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `b6682cab65d3243b5b75efb7279dbf49491957484780f2ba0a87632cc0e25642` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://sis-aqui.top/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 30 Apr 2024 22:44:26 GMT content-encoding br cf-cache-status MISS nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=njD5MXmWxsicHyeQs6sdq56ErcR3RJz2kZ67TMirbKHN%2Bvo4ukbjqETaPTSF21WMV7VzuEvLSsosKJPYgn%2F3bTlY6MXX825G%2BZlkU6eLibdc0z1S%2FfDYtIH2IKdMUr8WAVKVkwtk6g4vRsg%3D"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=iso-8859-1 cache-control max-age=14400 cf-ray 87cb0e707a4a5c3e-FRA alt-svc h3=":443"; ma=86400
GET H2	200	Primary Request login.php Show response a-lngreso.top/enl1nea-enbntrab/ Redirect Chain https://a-lngreso.top/enl1nea-enbntrab/ https://a-lngreso.top/enl1nea-enbntrab/login.php	56 KB 12 KB	308ms 307ms	Document text/html	2a06:98c1:3121::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://a-lngreso.top/enl1nea-enbntrab/login.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/8.1.28 Resource Hash `63dce7b851d801c4c9fa5dae97bd6f0eb66f29ca414307763c2c36e0bdf8fe57` Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer https://sis-aqui.top/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers alt-svc h3=":443"; ma=86400 cache-control no-store, no-cache, must-revalidate cf-cache-status DYNAMIC cf-ray 87cb0e78691b5d86-FRA content-encoding br content-type text/html; charset=UTF-8 date Tue, 30 Apr 2024 22:44:27 GMT expires Thu, 19 Nov 1981 08:52:00 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} pragma no-cache report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=47dituYvevULYXE8aOhGbcEByDmwTfh%2Ffv4Y36K86Rk7wbpq76yrKTQDpX5yeWnLr2fsTSI6rQRQ6E1ByRftBKsKc3VG1JSGfP0EPAk%2Fx12Zic%2FgtZ0om2v2EpAES5A7x25L3ox7ZNo%2FUWIC"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding x-powered-by PHP/8.1.28 Redirect headers alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 87cb0e7828fa5d86-FRA content-type text/html; charset=UTF-8 date Tue, 30 Apr 2024 22:44:27 GMT location login.php nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cKoSy1RV1EHcH7ys4pIXaAJoRxdbkL%2FKnF4ZaVdlcbTGsr6juSn28owUvZUSqOQRUwhN3qUTBYj1FuxETmns7T2ii8fdN%2FLoabd6j%2FIivGdd7FBOe3S0Dl8tUjmHTFr7yqgVke7GSnfKA%2Bx%2F"}],"group":"cf-nel","max_age":604800} server cloudflare x-powered-by PHP/8.1.28
GET H3	200	bootstrap.min.css a-lngreso.top/enl1nea-enbntrab/css/	152 KB 24 KB	57ms 56ms	Stylesheet text/css	2a06:98c1:3121::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://a-lngreso.top/enl1nea-enbntrab/css/bootstrap.min.css Requested by Host: a-lngreso.top URL: https://a-lngreso.top/enl1nea-enbntrab/login.php Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `60b19e5da6a9234ff9220668a5ec1125c157a268513256188ee80f2d2c8d8d36` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://a-lngreso.top/enl1nea-enbntrab/login.php Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 30 Apr 2024 22:44:27 GMT content-encoding br cf-cache-status MISS last-modified Tue, 30 Apr 2024 19:51:33 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"66314bc5-2606e" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=13kXLV4Dv1TYCTN3%2BCl7mxR5DivzQzxxj57xRH3Md807yj3kP%2FSfIi46ERE23N0razd3hF2L8HSjmF45Rkv1XL4607RT7244ILqNi0c27db4BUTKuULbwerLyh4k6IPkSFgh560o5SI088UH"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=315360000 cf-ray 87cb0e7a682e3661-FRA alt-svc h3=":443"; ma=86400 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H3	200	jcustom.css a-lngreso.top/enl1nea-enbntrab/css/	1 KB 858 B	39ms 37ms	Stylesheet text/css	2a06:98c1:3121::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://a-lngreso.top/enl1nea-enbntrab/css/jcustom.css Requested by Host: a-lngreso.top URL: https://a-lngreso.top/enl1nea-enbntrab/login.php Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `2cd997c836288f34a85d7ae6637bcb0c514aba898d6ec69e4b2d74a1694eb7d2` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://a-lngreso.top/enl1nea-enbntrab/login.php Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 30 Apr 2024 22:44:27 GMT content-encoding br cf-cache-status MISS last-modified Tue, 30 Apr 2024 19:51:35 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"66314bc7-4be" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PjoLp9dV5TH7rJZ6JyfplHCVsGyUmeokfrwmzUTidzaB0w1oPm4JjUECqvi4BVnF5MmIWvsNeaUI%2BPba8VPQwLMMM3Ns%2F0uXUxKSv7WSqLbf2AaKWRWB%2Bd3JYrzB7fRE4%2Fr%2B4r489fFYDDJG"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=315360000 cf-ray 87cb0e7a682f3661-FRA alt-svc h3=":443"; ma=86400 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H3	200	jquery-ui-1.9.1.custom.css a-lngreso.top/enl1nea-enbntrab/css/	32 KB 7 KB	42ms 40ms	Stylesheet text/css	2a06:98c1:3121::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://a-lngreso.top/enl1nea-enbntrab/css/jquery-ui-1.9.1.custom.css Requested by Host: a-lngreso.top URL: https://a-lngreso.top/enl1nea-enbntrab/login.php Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `9d7d6567f2cbd98a1d0796416b319b4351bcfda3804355b38d80cdfd480e81ef` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://a-lngreso.top/enl1nea-enbntrab/login.php Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 30 Apr 2024 22:44:27 GMT content-encoding br cf-cache-status MISS last-modified Tue, 30 Apr 2024 19:51:36 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"66314bc8-7e29" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gusDhqLbAOOVIkMcx12hQ0uffEwQY%2BQAturtGWS9sdvTwe2ncbxy9jlZeqorc2dxr%2Bh9xKXyZgRXbVpIOzofyMhiiYtugRQGyo6%2FjY63AJA7loJeWnwOJG3YSCuqVsWiJ7d2L5dwYMvO4r83"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=315360000 cf-ray 87cb0e7a68303661-FRA alt-svc h3=":443"; ma=86400 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H3	200	jquery.jqplot.min.css a-lngreso.top/enl1nea-enbntrab/css/	3 KB 1 KB	40ms 39ms	Stylesheet text/css	2a06:98c1:3121::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://a-lngreso.top/enl1nea-enbntrab/css/jquery.jqplot.min.css Requested by Host: a-lngreso.top URL: https://a-lngreso.top/enl1nea-enbntrab/login.php Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `e1a2e7be293cea0c3d7f787b5d00ef241aad4908b461ef80bf57ab5f88d37870` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://a-lngreso.top/enl1nea-enbntrab/login.php Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 30 Apr 2024 22:44:27 GMT content-encoding br cf-cache-status MISS last-modified Tue, 30 Apr 2024 19:51:36 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"66314bc8-de9" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dJWI9hPbH93me5E3TqG1S1kmzU%2BI%2BBITWJPYjw6rVgFmXtlXfyKlA%2Blv12G9pc9%2FlsDtN9iWPbkB%2FajmdWdkS2TntxDwWq4NiIZt4FEqRc9e%2Fbnm%2FsgsqPk%2Fl53NgWohVYiHNy0kv5J%2FAQax"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=315360000 cf-ray 87cb0e7a68313661-FRA alt-svc h3=":443"; ma=86400 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H3	200	fluid_grid.css a-lngreso.top/enl1nea-enbntrab/css/	5 KB 1 KB	48ms 46ms	Stylesheet text/css	2a06:98c1:3121::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://a-lngreso.top/enl1nea-enbntrab/css/fluid_grid.css Requested by Host: a-lngreso.top URL: https://a-lngreso.top/enl1nea-enbntrab/login.php Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `0a844390939c78560aa66217b713ac1e2dfcc56e0ae8e5e88bc14c5f1bc5ffb3` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://a-lngreso.top/enl1nea-enbntrab/login.php Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 30 Apr 2024 22:44:27 GMT content-encoding br cf-cache-status MISS last-modified Tue, 30 Apr 2024 19:51:34 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"66314bc6-1333" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=szlHzq4syXOZlf2mIIBUiE70LviRJz9O3zbrGPsV%2BM%2BTkU4yswLb3M2366J8MNMl%2B57x%2Bl9Q8KbNd%2BmJv3ED0J0qzsjzg52akbf5uCzigUb6jK44QxyQw2aQNLsAVbtfeyyQ%2FW%2FncgCi%2FbrA"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=315360000 cf-ray 87cb0e7a68323661-FRA alt-svc h3=":443"; ma=86400 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H3	200	jquery.lightbox-0.5.css a-lngreso.top/enl1nea-enbntrab/css/	2 KB 1 KB	51ms 49ms	Stylesheet text/css	2a06:98c1:3121::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://a-lngreso.top/enl1nea-enbntrab/css/jquery.lightbox-0.5.css Requested by Host: a-lngreso.top URL: https://a-lngreso.top/enl1nea-enbntrab/login.php Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `fe151dbc2f48af8ecf6f710163291354aa6f9c37f85a054e0b5de6b281440016` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://a-lngreso.top/enl1nea-enbntrab/login.php Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 30 Apr 2024 22:44:27 GMT content-encoding br cf-cache-status MISS last-modified Tue, 30 Apr 2024 19:51:37 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"66314bc9-8da" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=n4Jf8aIGX%2FNbYcMaGSyCId28g4z0cGZjM6mGnTxSbUlxtpiiHE3U8VjUjp23CZ85dNxovJJhgBH5Lng64FhPD1JoZ1BXdWhYqMqIZJAc%2BfbFvCXoQjM82h%2BUQ4LLR9moYt4uuf1whcmiqH9f"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=315360000 cf-ray 87cb0e7a68333661-FRA alt-svc h3=":443"; ma=86400 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H3	200	jquery-1.8.2.min.js Show response a-lngreso.top/enl1nea-enbntrab/js/	91 KB 34 KB	60ms 59ms	Script application/javascript	2a06:98c1:3121::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://a-lngreso.top/enl1nea-enbntrab/js/jquery-1.8.2.min.js Requested by Host: a-lngreso.top URL: https://a-lngreso.top/enl1nea-enbntrab/login.php Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `f554d2f09272c6f71447ebfe4532d3b1dd1959bce669f9a5ccc99e64ef511729` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://a-lngreso.top/enl1nea-enbntrab/login.php Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 30 Apr 2024 22:44:27 GMT content-encoding br cf-cache-status MISS last-modified Tue, 30 Apr 2024 19:51:28 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"66314bc0-16cfb" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7Saw5S5r5vvNi2hMj1Dy2Hvz4a5CEU9vS8QrH2b4IBUg9XeCxNQu8JwbpMOJk6UbuH6JJau4ZO8zzAJIDaiwXYHHwH4TSL1%2FpZKMLIud%2B9u2Rws9KnaQ269MLUZlc3A1bLbgk%2BNbsepU%2Fh3L"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=315360000 cf-ray 87cb0e7a68353661-FRA alt-svc h3=":443"; ma=86400 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H3	200	Bienv.png a-lngreso.top/enl1nea-enbntrab/images/	9 KB 9 KB	44ms 43ms	Image image/png	2a06:98c1:3121::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://a-lngreso.top/enl1nea-enbntrab/images/Bienv.png Requested by Host: a-lngreso.top URL: https://a-lngreso.top/enl1nea-enbntrab/login.php Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `277b41b67369a50196bd2a5b2e60a02da0e493edd3f9858668856982ac7eaa6f` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://a-lngreso.top/enl1nea-enbntrab/login.php Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 30 Apr 2024 22:44:27 GMT cf-cache-status MISS last-modified Tue, 30 Apr 2024 19:51:09 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "66314bad-22d5" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LQSYPVvju9atqiePe8hnGovYO3HjqKDS4sjvsp9dJWFNm4jaQX%2F%2FpJo0QMPeLfAZBUsbedH8ytl0TxnilNgyIWQo10WGWC%2BgBDPRYtGowEIjOOFfKg%2Fu%2BBaAR%2Fc4ZvvTctHQhRDy6iwpGqvA"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=315360000 accept-ranges bytes cf-ray 87cb0e7a68363661-FRA alt-svc h3=":443"; ma=86400 content-length 8917 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H3	200	ev-ssl-seal.png a-lngreso.top/enl1nea-enbntrab/images/	7 KB 7 KB	48ms 47ms	Image image/png	2a06:98c1:3121::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://a-lngreso.top/enl1nea-enbntrab/images/ev-ssl-seal.png Requested by Host: a-lngreso.top URL: https://a-lngreso.top/enl1nea-enbntrab/login.php Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `dc351ebff253f11c5374379a2dabc3addba86f3c3d13619d2e7b32f887c7e1b4` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://a-lngreso.top/enl1nea-enbntrab/login.php Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 30 Apr 2024 22:44:27 GMT cf-cache-status MISS last-modified Tue, 30 Apr 2024 19:51:11 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "66314baf-1a74" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rFxCJ2T6jBB5oP90R4x5yLCXzq4Uk0ZUdG8bMT4Bj84uUQujlNsYEUnIw0XRlHgThZBLxWVTl0j9bf0CxT0y7eanIoftUwylOIm6fGdVqhr7fPuwxRkNieFM0%2BACq26BibTW7Wu%2B%2Bfo4CPpl"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=315360000 accept-ranges bytes cf-ray 87cb0e7a68373661-FRA alt-svc h3=":443"; ma=86400 content-length 6772 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H3	200	tip_de_seguridad.png a-lngreso.top/enl1nea-enbntrab/images/	3 KB 4 KB	38ms 37ms	Image image/png	2a06:98c1:3121::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://a-lngreso.top/enl1nea-enbntrab/images/tip_de_seguridad.png Requested by Host: a-lngreso.top URL: https://a-lngreso.top/enl1nea-enbntrab/login.php Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `132838686cbe26414206bd3a56391bcf324ef4dfe81caf1c0e1500d011fa02e8` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://a-lngreso.top/enl1nea-enbntrab/login.php Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 30 Apr 2024 22:44:27 GMT cf-cache-status MISS last-modified Tue, 30 Apr 2024 19:51:18 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "66314bb6-c76" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eFf89V9%2F79G3o4RThmwMkqgbIVZlRtNKMAhBX%2Fw%2FRtZYBiDV9bttzgs5AluLmAvGsKen8pFQiTpaPENO%2BRZ9OkCa4D7hUu0nZ7xH1YOTEvxbX6CurnxOEqchrkfdurEy08GNk2Rc5yjvGH1B"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=315360000 accept-ranges bytes cf-ray 87cb0e7ab86b3661-FRA alt-svc h3=":443"; ma=86400 content-length 3190 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H3	200	jquery.min.js Show response a-lngreso.top/enl1nea-enbntrab/js/	85 KB 31 KB	64ms 64ms	Script application/javascript	2a06:98c1:3121::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://a-lngreso.top/enl1nea-enbntrab/js/jquery.min.js Requested by Host: a-lngreso.top URL: https://a-lngreso.top/enl1nea-enbntrab/login.php Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `892fcc249b9b0fd6e8727741d21d5cdd5474238327ba116308b5dfad6ddfd1bd` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://a-lngreso.top/enl1nea-enbntrab/login.php Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 30 Apr 2024 22:44:28 GMT content-encoding br cf-cache-status MISS last-modified Tue, 30 Apr 2024 19:51:30 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"66314bc2-152b4" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6zUSeoCfr1mf2ylZVqVU5QJkkdzSTKblxeVe3ZekagLwsjX57kHHhJ%2BoWl1xZ6s7hkjMSZOQFjKiV10s82e6m6a213ZDMrzqF8TMngW%2BNRb7s8OBPFyh9MFCv8%2BBf3NnOnQl1E2WYu81RYxt"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=315360000 cf-ray 87cb0e7ab86f3661-FRA alt-svc h3=":443"; ma=86400 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H3	200	ajax-loader2.gif a-lngreso.top/enl1nea-enbntrab/images/	7 KB 8 KB	37ms 37ms	Image image/gif	2a06:98c1:3121::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://a-lngreso.top/enl1nea-enbntrab/images/ajax-loader2.gif Requested by Host: a-lngreso.top URL: https://a-lngreso.top/enl1nea-enbntrab/login.php Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `ec80bea1355db7f5c5bf4f88741f7afe90a744f652f9358ba761da2783495ba2` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://a-lngreso.top/enl1nea-enbntrab/login.php Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 30 Apr 2024 22:44:28 GMT cf-cache-status MISS last-modified Tue, 30 Apr 2024 19:51:07 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "66314bab-1cc4" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fv56H1RwNaEYwk%2Fg87s%2F3j8r6yrn650gtbkTnbe8IUluYxmn4cuc7XX5k2Kdml675ILaWlhwkNcTovAX7bEDE3u%2BcFwhTJjnmKN3UgWuvme76HqwcVPkLir3TWVXzbB4J5AdQcSPbC%2FDrhny"}],"group":"cf-nel","max_age":604800} content-type image/gif cache-control max-age=315360000 accept-ranges bytes cf-ray 87cb0e7ad88e3661-FRA alt-svc h3=":443"; ma=86400 content-length 7364 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H3	200	Fondomhs.png a-lngreso.top/enl1nea-enbntrab/images/	7 KB 7 KB	42ms 42ms	Image image/png	2a06:98c1:3121::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://a-lngreso.top/enl1nea-enbntrab/images/Fondomhs.png Requested by Host: a-lngreso.top URL: https://a-lngreso.top/enl1nea-enbntrab/login.php Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `60751b3522b798ab1e0915c5e153c451574f0ab2749ba6ae4a8b2bdd93b44c2f` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://a-lngreso.top/enl1nea-enbntrab/login.php Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 30 Apr 2024 22:44:28 GMT cf-cache-status MISS last-modified Tue, 30 Apr 2024 19:51:11 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "66314baf-1a79" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=f4fBFRPJ1F3yaTXcNmzRjmPY2NorreFtuXWVWUzE6kyvw4X12dq86m1s9eS6oBTMPn8bWcBGyP8coEomN8ZR%2BrcbsQV9cAzguxwwk0%2B6eJxH%2BKCn8ZmdUt6h4IzF7tm6%2BiYHOtBPSdWw%2BEy7"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=315360000 accept-ranges bytes cf-ray 87cb0e7ad8923661-FRA alt-svc h3=":443"; ma=86400 content-length 6777 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H3	200	Avenir-Light-07.ttf a-lngreso.top/enl1nea-enbntrab/fonts/	83 KB 84 KB	52ms 52ms	Font application/octet-stream	2a06:98c1:3121::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://a-lngreso.top/enl1nea-enbntrab/fonts/Avenir-Light-07.ttf Requested by Host: a-lngreso.top URL: https://a-lngreso.top/enl1nea-enbntrab/login.php Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `6f844114969b0166930c9c968a27543106895c33ad5d6f60ee497de1d131f62e` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://a-lngreso.top/enl1nea-enbntrab/login.php Origin https://a-lngreso.top Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 30 Apr 2024 22:44:28 GMT cf-cache-status MISS last-modified Tue, 30 Apr 2024 19:50:58 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "66314ba2-14c6c" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8zpHUkOFD4hXKchaABfnIjqEXOoEN1EwUONos7ob6CvQcF6Dh%2BNceGo8vqBXvi72D0VuJSHTIuBNMsD%2BAAFuYMGz0MGVMvNP5zyrZ%2B4HQZZDlqAzcuogzlz8Ckdl6o7m1gTNJKUPR8m5mWTz"}],"group":"cf-nel","max_age":604800} content-type application/octet-stream cache-control max-age=315360000 accept-ranges bytes cf-ray 87cb0e7ae8953661-FRA alt-svc h3=":443"; ma=86400 content-length 85100 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H3	404	favicon.ico a-lngreso.top/	209 B 603 B	37ms 36ms	Other text/html	2a06:98c1:3121::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://a-lngreso.top/favicon.ico Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `b6682cab65d3243b5b75efb7279dbf49491957484780f2ba0a87632cc0e25642` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://a-lngreso.top/enl1nea-enbntrab/login.php Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Tue, 30 Apr 2024 22:44:28 GMT content-encoding br cf-cache-status MISS nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DV2%2B4HhK%2BAybYnththFYoPVaqaNV3UZ7aW9yChZAkNWiRXvWltamKZ%2BvxqVJfgwsfFpM6o1FtMml70fH36CgErMrvzh8OiAKdeiM%2Bf3ikkMvO388%2FzdnCvSxfCpDN%2B76yIv%2BB%2BHUpLrXUWqr"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=iso-8859-1 cache-control max-age=14400 cf-ray 87cb0e7dcac23661-FRA alt-svc h3=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: BANTRAB (Banking)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery function| refindx

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			a-lngreso.top/	1969-12-31 23:59:59	Name: PHPSESSID Value: jvm3n2dev1pn8rkap3qubmtisr

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://sis-aqui.top/favicon.ico Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://a-lngreso.top/favicon.ico Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a-lngreso.top
sis-aqui.top
2606:4700:3032::ac43:8c0d
2a06:98c1:3121::3
0a844390939c78560aa66217b713ac1e2dfcc56e0ae8e5e88bc14c5f1bc5ffb3
132838686cbe26414206bd3a56391bcf324ef4dfe81caf1c0e1500d011fa02e8
277b41b67369a50196bd2a5b2e60a02da0e493edd3f9858668856982ac7eaa6f
2cd997c836288f34a85d7ae6637bcb0c514aba898d6ec69e4b2d74a1694eb7d2
60751b3522b798ab1e0915c5e153c451574f0ab2749ba6ae4a8b2bdd93b44c2f
60b19e5da6a9234ff9220668a5ec1125c157a268513256188ee80f2d2c8d8d36
63dce7b851d801c4c9fa5dae97bd6f0eb66f29ca414307763c2c36e0bdf8fe57
6f844114969b0166930c9c968a27543106895c33ad5d6f60ee497de1d131f62e
892fcc249b9b0fd6e8727741d21d5cdd5474238327ba116308b5dfad6ddfd1bd
9d7d6567f2cbd98a1d0796416b319b4351bcfda3804355b38d80cdfd480e81ef
b6682cab65d3243b5b75efb7279dbf49491957484780f2ba0a87632cc0e25642
dc351ebff253f11c5374379a2dabc3addba86f3c3d13619d2e7b32f887c7e1b4
e1a2e7be293cea0c3d7f787b5d00ef241aad4908b461ef80bf57ab5f88d37870
ec80bea1355db7f5c5bf4f88741f7afe90a744f652f9358ba761da2783495ba2
f554d2f09272c6f71447ebfe4532d3b1dd1959bce669f9a5ccc99e64ef511729
f9381c9f6ea15359bb8504713ce539121432c034c8cdbca1b8d2a3be350e9856
fe151dbc2f48af8ecf6f710163291354aa6f9c37f85a054e0b5de6b281440016