www.cankayatip.com Open in urlscan Pro
93.187.207.86  Malicious Activity! Public Scan

Submitted URL: https://institutoguemespostitulos.hosted.phplist.com/lists/lt.php?tid=fE0FVAQFUltXVxUDBwAEGgMCV1IUD1IMAUgKBwsJUVUAVAdXAQVLVVRRDwQFUwMaA1RRURQCVgNVSFl...
Effective URL: https://www.cankayatip.com/not/in.php
Submission: On March 05 via manual from SA — Scanned from DE

Summary

This website contacted 2 IPs in 3 countries across 4 domains to perform 24 HTTP transactions. The main IP is 93.187.207.86, located in Turkey and belongs to NETDIREKT-AS, TR. The main domain is www.cankayatip.com.
TLS certificate: Issued by TrustSafe TLS RSA SubCA R1 on January 18th 2024. Valid for: a year.
This is the only time www.cankayatip.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: NatWest (Banking)

Domain & IP information

IP Address AS Autonomous System
1 1 45.33.29.14 63949 (AKAMAI-LI...)
2 2 35.202.21.90 396982 (GOOGLE-CL...)
2 23 93.187.207.86 43391 (NETDIREKT-AS)
24 2
Apex Domain
Subdomains
Transfer
23 cankayatip.com
cankayatip.com
www.cankayatip.com
254 KB
2 lpages.co
josefpabuaya396.lpages.co
255 B
1 phplist.com
institutoguemespostitulos.hosted.phplist.com
523 B
0 natwest.com Failed
www.onlinebanking.natwest.com — Cisco Umbrella Rank: 193027 Failed
24 4
Domain Requested by
22 www.cankayatip.com 1 redirects www.cankayatip.com
2 josefpabuaya396.lpages.co 2 redirects
1 cankayatip.com 1 redirects
1 institutoguemespostitulos.hosted.phplist.com 1 redirects
0 www.onlinebanking.natwest.com Failed www.cankayatip.com
24 5

This site contains links to these domains. Also see Links.

Domain
www.natwest.com
www.onlinebanking.natwest.com
Subject Issuer Validity Valid
www.cankayatip.com
TrustSafe TLS RSA SubCA R1
2024-01-18 -
2025-01-17
a year crt.sh

This page contains 1 frames:

Primary Page: https://www.cankayatip.com/not/in.php
Frame ID: 1123EA7DF7085A6B243AECD5CE421B07
Requests: 24 HTTP requests in this frame

Screenshot

Page Title

LOGIN

Page URL History Show full URLs

  1. https://institutoguemespostitulos.hosted.phplist.com/lists/lt.php?tid=fE0FVAQFUltXVxUDBwAEGgMCV1IUD1IMAUgKBwsJUVUAVAdXAQVLVVRRDwQ... HTTP 303
    https://josefpabuaya396.lpages.co/husa-iojasa HTTP 302
    https://josefpabuaya396.lpages.co/husa-iojasa/ HTTP 302
    https://cankayatip.com/not HTTP 301
    https://www.cankayatip.com/not HTTP 301
    https://www.cankayatip.com/not/ Page URL
  2. https://www.cankayatip.com/not/in.php Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)

Overall confidence: 100%
Detected patterns
  • <input[^>]+name="__VIEWSTATE

Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

24
Requests

88 %
HTTPS

0 %
IPv6

4
Domains

5
Subdomains

2
IPs

3
Countries

254 kB
Transfer

697 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://institutoguemespostitulos.hosted.phplist.com/lists/lt.php?tid=fE0FVAQFUltXVxUDBwAEGgMCV1IUD1IMAUgKBwsJUVUAVAdXAQVLVVRRDwQFUwMaA1RRURQCVgNVSFlZUAoaBVEFVwBSA1NTVlMKSlYFBwJRVlVSFAYNAlpIDFIEARoAVwRRHFUDDwZRUlwCAVMOVA HTTP 303
    https://josefpabuaya396.lpages.co/husa-iojasa HTTP 302
    https://josefpabuaya396.lpages.co/husa-iojasa/ HTTP 302
    https://cankayatip.com/not HTTP 301
    https://www.cankayatip.com/not HTTP 301
    https://www.cankayatip.com/not/ Page URL
  2. https://www.cankayatip.com/not/in.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://institutoguemespostitulos.hosted.phplist.com/lists/lt.php?tid=fE0FVAQFUltXVxUDBwAEGgMCV1IUD1IMAUgKBwsJUVUAVAdXAQVLVVRRDwQFUwMaA1RRURQCVgNVSFlZUAoaBVEFVwBSA1NTVlMKSlYFBwJRVlVSFAYNAlpIDFIEARoAVwRRHFUDDwZRUlwCAVMOVA HTTP 303
  • https://josefpabuaya396.lpages.co/husa-iojasa HTTP 302
  • https://josefpabuaya396.lpages.co/husa-iojasa/ HTTP 302
  • https://cankayatip.com/not HTTP 301
  • https://www.cankayatip.com/not HTTP 301
  • https://www.cankayatip.com/not/
Request Chain 8
  • https://www.onlinebanking.natwest.com/Brands/mm.js HTTP 307
  • https://www.onlinebanking.natwest.com/Brands/mm.js HTTP 307
  • https://www.onlinebanking.natwest.com/Brands/mm.js HTTP 307
  • https://www.onlinebanking.natwest.com/Brands/mm.js HTTP 307
  • https://www.onlinebanking.natwest.com/Brands/mm.js HTTP 307
  • https://www.onlinebanking.natwest.com/Brands/mm.js HTTP 307
  • https://www.onlinebanking.natwest.com/Brands/mm.js HTTP 307
  • https://www.onlinebanking.natwest.com/Brands/mm.js HTTP 307
  • https://www.onlinebanking.natwest.com/Brands/mm.js HTTP 307
  • https://www.onlinebanking.natwest.com/Brands/mm.js HTTP 307
  • https://www.onlinebanking.natwest.com/Brands/mm.js HTTP 307
  • https://www.onlinebanking.natwest.com/Brands/mm.js HTTP 307
  • https://www.onlinebanking.natwest.com/Brands/mm.js HTTP 307
  • https://www.onlinebanking.natwest.com/Brands/mm.js HTTP 307
  • https://www.onlinebanking.natwest.com/Brands/mm.js HTTP 307
  • https://www.onlinebanking.natwest.com/Brands/mm.js HTTP 307
  • https://www.onlinebanking.natwest.com/Brands/mm.js HTTP 307
  • https://www.onlinebanking.natwest.com/Brands/mm.js HTTP 307
  • https://www.onlinebanking.natwest.com/Brands/mm.js HTTP 307
  • https://www.onlinebanking.natwest.com/Brands/mm.js HTTP 307
  • https://www.onlinebanking.natwest.com/Brands/mm.js
Request Chain 11
  • https://www.onlinebanking.natwest.com/Brands/NWB/images/error-marker.png HTTP 307
  • https://www.onlinebanking.natwest.com/Brands/NWB/images/error-marker.png HTTP 307
  • https://www.onlinebanking.natwest.com/Brands/NWB/images/error-marker.png HTTP 307
  • https://www.onlinebanking.natwest.com/Brands/NWB/images/error-marker.png HTTP 307
  • https://www.onlinebanking.natwest.com/Brands/NWB/images/error-marker.png HTTP 307
  • https://www.onlinebanking.natwest.com/Brands/NWB/images/error-marker.png HTTP 307
  • https://www.onlinebanking.natwest.com/Brands/NWB/images/error-marker.png HTTP 307
  • https://www.onlinebanking.natwest.com/Brands/NWB/images/error-marker.png HTTP 307
  • https://www.onlinebanking.natwest.com/Brands/NWB/images/error-marker.png HTTP 307
  • https://www.onlinebanking.natwest.com/Brands/NWB/images/error-marker.png HTTP 307
  • https://www.onlinebanking.natwest.com/Brands/NWB/images/error-marker.png HTTP 307
  • https://www.onlinebanking.natwest.com/Brands/NWB/images/error-marker.png HTTP 307
  • https://www.onlinebanking.natwest.com/Brands/NWB/images/error-marker.png HTTP 307
  • https://www.onlinebanking.natwest.com/Brands/NWB/images/error-marker.png HTTP 307
  • https://www.onlinebanking.natwest.com/Brands/NWB/images/error-marker.png HTTP 307
  • https://www.onlinebanking.natwest.com/Brands/NWB/images/error-marker.png HTTP 307
  • https://www.onlinebanking.natwest.com/Brands/NWB/images/error-marker.png HTTP 307
  • https://www.onlinebanking.natwest.com/Brands/NWB/images/error-marker.png HTTP 307
  • https://www.onlinebanking.natwest.com/Brands/NWB/images/error-marker.png HTTP 307
  • https://www.onlinebanking.natwest.com/Brands/NWB/images/error-marker.png HTTP 307
  • https://www.onlinebanking.natwest.com/Brands/NWB/images/error-marker.png
Request Chain 17
  • https://www.onlinebanking.natwest.com/Brands/NWB/images/error-marker.png HTTP 307
  • https://www.onlinebanking.natwest.com/Brands/NWB/images/error-marker.png HTTP 307
  • https://www.onlinebanking.natwest.com/Brands/NWB/images/error-marker.png HTTP 307
  • https://www.onlinebanking.natwest.com/Brands/NWB/images/error-marker.png HTTP 307
  • https://www.onlinebanking.natwest.com/Brands/NWB/images/error-marker.png HTTP 307
  • https://www.onlinebanking.natwest.com/Brands/NWB/images/error-marker.png HTTP 307
  • https://www.onlinebanking.natwest.com/Brands/NWB/images/error-marker.png HTTP 307
  • https://www.onlinebanking.natwest.com/Brands/NWB/images/error-marker.png HTTP 307
  • https://www.onlinebanking.natwest.com/Brands/NWB/images/error-marker.png HTTP 307
  • https://www.onlinebanking.natwest.com/Brands/NWB/images/error-marker.png HTTP 307
  • https://www.onlinebanking.natwest.com/Brands/NWB/images/error-marker.png HTTP 307
  • https://www.onlinebanking.natwest.com/Brands/NWB/images/error-marker.png HTTP 307
  • https://www.onlinebanking.natwest.com/Brands/NWB/images/error-marker.png HTTP 307
  • https://www.onlinebanking.natwest.com/Brands/NWB/images/error-marker.png HTTP 307
  • https://www.onlinebanking.natwest.com/Brands/NWB/images/error-marker.png HTTP 307
  • https://www.onlinebanking.natwest.com/Brands/NWB/images/error-marker.png HTTP 307
  • https://www.onlinebanking.natwest.com/Brands/NWB/images/error-marker.png HTTP 307
  • https://www.onlinebanking.natwest.com/Brands/NWB/images/error-marker.png HTTP 307
  • https://www.onlinebanking.natwest.com/Brands/NWB/images/error-marker.png HTTP 307
  • https://www.onlinebanking.natwest.com/Brands/NWB/images/error-marker.png HTTP 307
  • https://www.onlinebanking.natwest.com/Brands/NWB/images/error-marker.png

24 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
/
www.cankayatip.com/not/
Redirect Chain
  • https://institutoguemespostitulos.hosted.phplist.com/lists/lt.php?tid=fE0FVAQFUltXVxUDBwAEGgMCV1IUD1IMAUgKBwsJUVUAVAdXAQVLVVRRDwQFUwMaA1RRURQCVgNVSFlZUAoaBVEFVwBSA1NTVlMKSlYFBwJRVlVSFAYNAlpIDFIEARo...
  • https://josefpabuaya396.lpages.co/husa-iojasa
  • https://josefpabuaya396.lpages.co/husa-iojasa/
  • https://cankayatip.com/not
  • https://www.cankayatip.com/not
  • https://www.cankayatip.com/not/
269 B
490 B
Document
General
Full URL
https://www.cankayatip.com/not/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
93.187.207.86 , Turkey, ASN43391 (NETDIREKT-AS, TR),
Reverse DNS
server86.veribirikim.com
Software
nginx / PHP/7.2.14
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate
content-encoding
gzip
content-length
196
content-type
text/html; charset=UTF-8
date
Tue, 05 Mar 2024 09:18:46 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
pragma
no-cache
server
nginx
vary
Accept-Encoding,User-Agent
x-powered-by
PHP/7.2.14

Redirect headers

content-length
239
content-type
text/html; charset=iso-8859-1
date
Tue, 05 Mar 2024 09:18:44 GMT
location
https://www.cankayatip.com/not/
server
nginx
Primary Request in.php
www.cankayatip.com/not/
91 KB
21 KB
Document
General
Full URL
https://www.cankayatip.com/not/in.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
93.187.207.86 , Turkey, ASN43391 (NETDIREKT-AS, TR),
Reverse DNS
server86.veribirikim.com
Software
nginx / PHP/7.2.14
Resource Hash
1b41a20a89a59a3fdc38cce3ee814f237dceb112007fbf772e477218c92374a5

Request headers

Referer
https://www.cankayatip.com/not/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Tue, 05 Mar 2024 09:18:46 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
pragma
no-cache
server
nginx
vary
Accept-Encoding,User-Agent
x-powered-by
PHP/7.2.14
style.css
www.cankayatip.com/not/file/
290 KB
70 KB
Stylesheet
General
Full URL
https://www.cankayatip.com/not/file/style.css
Requested by
Host: www.cankayatip.com
URL: https://www.cankayatip.com/not/in.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
93.187.207.86 , Turkey, ASN43391 (NETDIREKT-AS, TR),
Reverse DNS
server86.veribirikim.com
Software
nginx /
Resource Hash
37a8cef289496939b848ca38cb9d58e62b44464147cec8adce9530bcb7225bb7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.cankayatip.com/not/in.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Tue, 05 Mar 2024 09:18:46 GMT
content-encoding
gzip
last-modified
Mon, 04 Mar 2024 17:12:58 GMT
server
nginx
etag
W/"65e6011a-488a7"
vary
Accept-Encoding
content-type
text/css
styl.css
www.cankayatip.com/not/file/
50 KB
13 KB
Stylesheet
General
Full URL
https://www.cankayatip.com/not/file/styl.css
Requested by
Host: www.cankayatip.com
URL: https://www.cankayatip.com/not/in.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
93.187.207.86 , Turkey, ASN43391 (NETDIREKT-AS, TR),
Reverse DNS
server86.veribirikim.com
Software
nginx /
Resource Hash
e0b37e50ac3b6af1a2458f8c1a795b04f4c001924e7e4fe0143f242a4b4c46d9

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.cankayatip.com/not/in.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Tue, 05 Mar 2024 09:18:46 GMT
content-encoding
gzip
last-modified
Thu, 29 Feb 2024 12:46:52 GMT
server
nginx
etag
W/"65e07cbc-c9af"
vary
Accept-Encoding
content-type
text/css
sty.css
www.cankayatip.com/not/file/
76 B
312 B
Stylesheet
General
Full URL
https://www.cankayatip.com/not/file/sty.css
Requested by
Host: www.cankayatip.com
URL: https://www.cankayatip.com/not/in.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
93.187.207.86 , Turkey, ASN43391 (NETDIREKT-AS, TR),
Reverse DNS
server86.veribirikim.com
Software
nginx /
Resource Hash
ef7db794b4a6b5c42d2535919d91fb11da1e5cd1147f35196db382197b35fdee

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.cankayatip.com/not/in.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Tue, 05 Mar 2024 09:18:46 GMT
content-encoding
gzip
last-modified
Tue, 27 Feb 2024 22:27:08 GMT
server
nginx
x-accel-version
0.01
etag
"4c-6126486cee700-gzip"
vary
Accept-Encoding,User-Agent
content-type
text/css
access-control-allow-origin
*
accept-ranges
bytes
content-length
85
mob.css
www.cankayatip.com/not/file/
61 KB
18 KB
Stylesheet
General
Full URL
https://www.cankayatip.com/not/file/mob.css
Requested by
Host: www.cankayatip.com
URL: https://www.cankayatip.com/not/in.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
93.187.207.86 , Turkey, ASN43391 (NETDIREKT-AS, TR),
Reverse DNS
server86.veribirikim.com
Software
nginx /
Resource Hash
97cb9f36324e93ceb875ef10535ab4093024212f2ab5bc881074b525ca09febe

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.cankayatip.com/not/in.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Tue, 05 Mar 2024 09:18:46 GMT
content-encoding
gzip
last-modified
Thu, 29 Feb 2024 22:47:14 GMT
server
nginx
etag
W/"65e10972-f5b3"
vary
Accept-Encoding
content-type
text/css
pc.css
www.cankayatip.com/not/file/
1 KB
706 B
Stylesheet
General
Full URL
https://www.cankayatip.com/not/file/pc.css
Requested by
Host: www.cankayatip.com
URL: https://www.cankayatip.com/not/in.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
93.187.207.86 , Turkey, ASN43391 (NETDIREKT-AS, TR),
Reverse DNS
server86.veribirikim.com
Software
nginx /
Resource Hash
42e70c32efffee33a1d8bddf152d6b754fa8abb83c6166444b8d41b217d9dae6

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.cankayatip.com/not/in.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Tue, 05 Mar 2024 09:18:46 GMT
content-encoding
gzip
last-modified
Tue, 27 Feb 2024 22:27:30 GMT
server
nginx
etag
W/"65de61d2-562"
vary
Accept-Encoding
content-type
text/css
n-w-logo.svg
www.cankayatip.com/not/file/
9 KB
4 KB
Image
General
Full URL
https://www.cankayatip.com/not/file/n-w-logo.svg
Requested by
Host: www.cankayatip.com
URL: https://www.cankayatip.com/not/in.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
93.187.207.86 , Turkey, ASN43391 (NETDIREKT-AS, TR),
Reverse DNS
server86.veribirikim.com
Software
nginx /
Resource Hash
184ae6f2b612d011f54d2e0886675192f668d923e630484d74b9733f6115e1d3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.cankayatip.com/not/in.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Tue, 05 Mar 2024 09:18:46 GMT
content-encoding
gzip
last-modified
Tue, 27 Feb 2024 14:26:00 GMT
server
nginx
etag
W/"65ddf0f8-24d4"
vary
Accept-Encoding
content-type
image/svg+xml
WebResource.axd
www.cankayatip.com/
0
0
Script
General
Full URL
https://www.cankayatip.com/WebResource.axd?d=Cmj2wdbIzodHqG_1PA37Bk4WoldIkQdlxX4rcW_mpOV71O6rleIcd7IeijpiPN4Ejqcg2hvVGpGrlP2nzZfNZLbDwdc1&t=637788741871659218
Requested by
Host: www.cankayatip.com
URL: https://www.cankayatip.com/not/in.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
93.187.207.86 , Turkey, ASN43391 (NETDIREKT-AS, TR),
Reverse DNS
server86.veribirikim.com
Software
nginx / PHP/7.2.14
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.cankayatip.com/not/in.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 05 Mar 2024 09:18:46 GMT
content-encoding
gzip
server
nginx
x-powered-by
PHP/7.2.14
vary
Accept-Encoding,User-Agent
content-type
text/html; charset=UTF-8
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate
content-length
8683
expires
Thu, 19 Nov 1981 08:52:00 GMT
mm.js
www.onlinebanking.natwest.com/Brands/
Redirect Chain
  • https://www.onlinebanking.natwest.com/Brands/mm.js
  • https://www.onlinebanking.natwest.com/Brands/mm.js
  • https://www.onlinebanking.natwest.com/Brands/mm.js
  • https://www.onlinebanking.natwest.com/Brands/mm.js
  • https://www.onlinebanking.natwest.com/Brands/mm.js
  • https://www.onlinebanking.natwest.com/Brands/mm.js
  • https://www.onlinebanking.natwest.com/Brands/mm.js
  • https://www.onlinebanking.natwest.com/Brands/mm.js
  • https://www.onlinebanking.natwest.com/Brands/mm.js
  • https://www.onlinebanking.natwest.com/Brands/mm.js
  • https://www.onlinebanking.natwest.com/Brands/mm.js
  • https://www.onlinebanking.natwest.com/Brands/mm.js
  • https://www.onlinebanking.natwest.com/Brands/mm.js
  • https://www.onlinebanking.natwest.com/Brands/mm.js
  • https://www.onlinebanking.natwest.com/Brands/mm.js
  • https://www.onlinebanking.natwest.com/Brands/mm.js
  • https://www.onlinebanking.natwest.com/Brands/mm.js
  • https://www.onlinebanking.natwest.com/Brands/mm.js
  • https://www.onlinebanking.natwest.com/Brands/mm.js
  • https://www.onlinebanking.natwest.com/Brands/mm.js
  • https://www.onlinebanking.natwest.com/Brands/mm.js
0
0

WebResource.axd
www.cankayatip.com/
0
0
Script
General
Full URL
https://www.cankayatip.com/WebResource.axd?d=oWDioZzZI0SGEHDrJWGO9A15jtq7fF3l3w2sNCHx0I5zpOlbGQLCi8XT9BjnFR-thkTSvbR-9NqyYbLEWKTh0kVUibs1&t=637788741871659218
Requested by
Host: www.cankayatip.com
URL: https://www.cankayatip.com/not/in.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
93.187.207.86 , Turkey, ASN43391 (NETDIREKT-AS, TR),
Reverse DNS
server86.veribirikim.com
Software
nginx / PHP/7.2.14
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.cankayatip.com/not/in.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 05 Mar 2024 09:18:46 GMT
content-encoding
gzip
server
nginx
x-powered-by
PHP/7.2.14
vary
Accept-Encoding,User-Agent
content-type
text/html; charset=UTF-8
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate
content-length
8683
expires
Thu, 19 Nov 1981 08:52:00 GMT
nw-security-banner-smishing-194x443.gif
www.cankayatip.com/not/file/
14 KB
14 KB
Image
General
Full URL
https://www.cankayatip.com/not/file/nw-security-banner-smishing-194x443.gif
Requested by
Host: www.cankayatip.com
URL: https://www.cankayatip.com/not/in.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
93.187.207.86 , Turkey, ASN43391 (NETDIREKT-AS, TR),
Reverse DNS
server86.veribirikim.com
Software
nginx /
Resource Hash
f2224f1a7fe306446bd53bf7b2a7b16c2d73fbce2f0881693ec09f8b58c1323b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.cankayatip.com/not/in.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Tue, 05 Mar 2024 09:18:46 GMT
last-modified
Thu, 29 Feb 2024 11:53:16 GMT
server
nginx
accept-ranges
bytes
etag
"65e0702c-387c"
content-length
14460
content-type
image/gif
error-marker.png
www.onlinebanking.natwest.com/Brands/NWB/images/
Redirect Chain
  • https://www.onlinebanking.natwest.com/Brands/NWB/images/error-marker.png
  • https://www.onlinebanking.natwest.com/Brands/NWB/images/error-marker.png
  • https://www.onlinebanking.natwest.com/Brands/NWB/images/error-marker.png
  • https://www.onlinebanking.natwest.com/Brands/NWB/images/error-marker.png
  • https://www.onlinebanking.natwest.com/Brands/NWB/images/error-marker.png
  • https://www.onlinebanking.natwest.com/Brands/NWB/images/error-marker.png
  • https://www.onlinebanking.natwest.com/Brands/NWB/images/error-marker.png
  • https://www.onlinebanking.natwest.com/Brands/NWB/images/error-marker.png
  • https://www.onlinebanking.natwest.com/Brands/NWB/images/error-marker.png
  • https://www.onlinebanking.natwest.com/Brands/NWB/images/error-marker.png
  • https://www.onlinebanking.natwest.com/Brands/NWB/images/error-marker.png
  • https://www.onlinebanking.natwest.com/Brands/NWB/images/error-marker.png
  • https://www.onlinebanking.natwest.com/Brands/NWB/images/error-marker.png
  • https://www.onlinebanking.natwest.com/Brands/NWB/images/error-marker.png
  • https://www.onlinebanking.natwest.com/Brands/NWB/images/error-marker.png
  • https://www.onlinebanking.natwest.com/Brands/NWB/images/error-marker.png
  • https://www.onlinebanking.natwest.com/Brands/NWB/images/error-marker.png
  • https://www.onlinebanking.natwest.com/Brands/NWB/images/error-marker.png
  • https://www.onlinebanking.natwest.com/Brands/NWB/images/error-marker.png
  • https://www.onlinebanking.natwest.com/Brands/NWB/images/error-marker.png
  • https://www.onlinebanking.natwest.com/Brands/NWB/images/error-marker.png
0
0

FSCS_Protected_Logo.png
www.cankayatip.com/not/file/
6 KB
6 KB
Image
General
Full URL
https://www.cankayatip.com/not/file/FSCS_Protected_Logo.png
Requested by
Host: www.cankayatip.com
URL: https://www.cankayatip.com/not/in.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
93.187.207.86 , Turkey, ASN43391 (NETDIREKT-AS, TR),
Reverse DNS
server86.veribirikim.com
Software
nginx /
Resource Hash
f2b557317fb851b3ed73c2d8203192e9ed433bd006ca5025ccb3317ef15e1b8d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.cankayatip.com/not/in.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Tue, 05 Mar 2024 09:18:46 GMT
last-modified
Tue, 27 Feb 2024 22:33:40 GMT
server
nginx
accept-ranges
bytes
etag
"65de6344-162f"
content-length
5679
content-type
image/png
jquery-3.5.1.min.js
www.cankayatip.com/not/file/
87 KB
35 KB
Script
General
Full URL
https://www.cankayatip.com/not/file/jquery-3.5.1.min.js
Requested by
Host: www.cankayatip.com
URL: https://www.cankayatip.com/not/in.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
93.187.207.86 , Turkey, ASN43391 (NETDIREKT-AS, TR),
Reverse DNS
server86.veribirikim.com
Software
nginx /
Resource Hash
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.cankayatip.com/not/in.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Tue, 05 Mar 2024 09:18:46 GMT
content-encoding
gzip
last-modified
Fri, 08 Dec 2023 23:21:46 GMT
server
nginx
etag
W/"6573a50a-15d84"
vary
Accept-Encoding
content-type
application/javascript
jquery.mask.js
www.cankayatip.com/not/file/
23 KB
7 KB
Script
General
Full URL
https://www.cankayatip.com/not/file/jquery.mask.js
Requested by
Host: www.cankayatip.com
URL: https://www.cankayatip.com/not/in.php
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
93.187.207.86 , Turkey, ASN43391 (NETDIREKT-AS, TR),
Reverse DNS
server86.veribirikim.com
Software
nginx /
Resource Hash
a199620fe981df00a825f78761d3f7c8870f8117daa4a890e08018dec386dae8

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.cankayatip.com/not/in.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Tue, 05 Mar 2024 09:18:46 GMT
content-encoding
gzip
last-modified
Fri, 08 Dec 2023 23:21:46 GMT
server
nginx
etag
W/"6573a50a-5a88"
vary
Accept-Encoding
content-type
application/javascript
white-lock.png
www.cankayatip.com/not/file/
285 B
468 B
Image
General
Full URL
https://www.cankayatip.com/not/file/white-lock.png
Requested by
Host: www.cankayatip.com
URL: https://www.cankayatip.com/not/file/styl.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
93.187.207.86 , Turkey, ASN43391 (NETDIREKT-AS, TR),
Reverse DNS
server86.veribirikim.com
Software
nginx /
Resource Hash
b465d00b89619e9899ec7d618559157db09f935d318466d67deb036157fadcf2

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.cankayatip.com/not/file/styl.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Tue, 05 Mar 2024 09:18:46 GMT
last-modified
Tue, 27 Feb 2024 14:18:40 GMT
server
nginx
x-accel-version
0.01
etag
"11d-6125db3ea5000"
content-type
image/png
access-control-allow-origin
*
accept-ranges
bytes
content-length
285
RNHouseSansW05-Regular.woff2
www.cankayatip.com/not/file/
21 KB
21 KB
Font
General
Full URL
https://www.cankayatip.com/not/file/RNHouseSansW05-Regular.woff2
Requested by
Host: www.cankayatip.com
URL: https://www.cankayatip.com/not/file/style.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
93.187.207.86 , Turkey, ASN43391 (NETDIREKT-AS, TR),
Reverse DNS
server86.veribirikim.com
Software
nginx /
Resource Hash
9be8b2c42ad2d6f7327f62a7d03995a5a4615770154941d59493473186e5140c

Request headers

Referer
https://www.cankayatip.com/not/file/style.css
Origin
https://www.cankayatip.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Tue, 05 Mar 2024 09:18:46 GMT
last-modified
Thu, 29 Feb 2024 12:42:34 GMT
server
nginx
accept-ranges
bytes
etag
"65e07bba-5444"
content-length
21572
content-type
font/woff2
error-marker.png
www.onlinebanking.natwest.com/Brands/NWB/images/
Redirect Chain
  • https://www.onlinebanking.natwest.com/Brands/NWB/images/error-marker.png
  • https://www.onlinebanking.natwest.com/Brands/NWB/images/error-marker.png
  • https://www.onlinebanking.natwest.com/Brands/NWB/images/error-marker.png
  • https://www.onlinebanking.natwest.com/Brands/NWB/images/error-marker.png
  • https://www.onlinebanking.natwest.com/Brands/NWB/images/error-marker.png
  • https://www.onlinebanking.natwest.com/Brands/NWB/images/error-marker.png
  • https://www.onlinebanking.natwest.com/Brands/NWB/images/error-marker.png
  • https://www.onlinebanking.natwest.com/Brands/NWB/images/error-marker.png
  • https://www.onlinebanking.natwest.com/Brands/NWB/images/error-marker.png
  • https://www.onlinebanking.natwest.com/Brands/NWB/images/error-marker.png
  • https://www.onlinebanking.natwest.com/Brands/NWB/images/error-marker.png
  • https://www.onlinebanking.natwest.com/Brands/NWB/images/error-marker.png
  • https://www.onlinebanking.natwest.com/Brands/NWB/images/error-marker.png
  • https://www.onlinebanking.natwest.com/Brands/NWB/images/error-marker.png
  • https://www.onlinebanking.natwest.com/Brands/NWB/images/error-marker.png
  • https://www.onlinebanking.natwest.com/Brands/NWB/images/error-marker.png
  • https://www.onlinebanking.natwest.com/Brands/NWB/images/error-marker.png
  • https://www.onlinebanking.natwest.com/Brands/NWB/images/error-marker.png
  • https://www.onlinebanking.natwest.com/Brands/NWB/images/error-marker.png
  • https://www.onlinebanking.natwest.com/Brands/NWB/images/error-marker.png
  • https://www.onlinebanking.natwest.com/Brands/NWB/images/error-marker.png
0
0

li5_outer_frame_top_curve.gif
www.cankayatip.com/not/file/
40 KB
40 KB
Image
General
Full URL
https://www.cankayatip.com/not/file/li5_outer_frame_top_curve.gif
Requested by
Host: www.cankayatip.com
URL: https://www.cankayatip.com/not/file/style.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
93.187.207.86 , Turkey, ASN43391 (NETDIREKT-AS, TR),
Reverse DNS
server86.veribirikim.com
Software
nginx / PHP/7.2.14
Resource Hash
c0c5f5559592886940170e66289e641c9250ba57f6cb7c0ca55e08277c34f170

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.cankayatip.com/not/file/style.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 05 Mar 2024 09:18:47 GMT
content-encoding
gzip
server
nginx
x-powered-by
PHP/7.2.14
vary
Accept-Encoding,User-Agent
content-type
text/html; charset=UTF-8
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate
content-length
8683
expires
Thu, 19 Nov 1981 08:52:00 GMT
radio-normal.png
www.cankayatip.com/not/file/
1 KB
1 KB
Image
General
Full URL
https://www.cankayatip.com/not/file/radio-normal.png
Requested by
Host: www.cankayatip.com
URL: https://www.cankayatip.com/not/file/styl.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
93.187.207.86 , Turkey, ASN43391 (NETDIREKT-AS, TR),
Reverse DNS
server86.veribirikim.com
Software
nginx /
Resource Hash
1ec277d20cb0b2b9d72322f3cc32d988435978a6a8f72b28e0f8ac8b1bf17a72

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.cankayatip.com/not/file/styl.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Tue, 05 Mar 2024 09:18:47 GMT
last-modified
Tue, 27 Feb 2024 22:20:26 GMT
server
nginx
accept-ranges
bytes
etag
"65de602a-525"
content-length
1317
content-type
image/png
combined-shape.png
www.cankayatip.com/not/file/
359 B
542 B
Image
General
Full URL
https://www.cankayatip.com/not/file/combined-shape.png
Requested by
Host: www.cankayatip.com
URL: https://www.cankayatip.com/not/file/styl.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
93.187.207.86 , Turkey, ASN43391 (NETDIREKT-AS, TR),
Reverse DNS
server86.veribirikim.com
Software
nginx /
Resource Hash
d1c878b4e69d9da5292c53b1f46708de74c435144895bdfd697208406466a814

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.cankayatip.com/not/file/styl.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Tue, 05 Mar 2024 09:18:47 GMT
last-modified
Tue, 27 Feb 2024 22:20:14 GMT
server
nginx
x-accel-version
0.01
etag
"167-612646e21c380"
content-type
image/png
access-control-allow-origin
*
accept-ranges
bytes
content-length
359
check-box.png
www.cankayatip.com/not/file/
157 B
339 B
Image
General
Full URL
https://www.cankayatip.com/not/file/check-box.png
Requested by
Host: www.cankayatip.com
URL: https://www.cankayatip.com/not/file/styl.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
93.187.207.86 , Turkey, ASN43391 (NETDIREKT-AS, TR),
Reverse DNS
server86.veribirikim.com
Software
nginx /
Resource Hash
d2955b58d801a021737f025d1716a68fd2a143ddac3e0b749fcc053deba6e082

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.cankayatip.com/not/file/styl.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Tue, 05 Mar 2024 09:18:47 GMT
last-modified
Tue, 27 Feb 2024 22:20:02 GMT
server
nginx
x-accel-version
0.01
etag
"9d-612646d6aa880"
content-type
image/png
access-control-allow-origin
*
accept-ranges
bytes
content-length
157
down-chevron.png
www.cankayatip.com/not/file/
295 B
478 B
Image
General
Full URL
https://www.cankayatip.com/not/file/down-chevron.png
Requested by
Host: www.cankayatip.com
URL: https://www.cankayatip.com/not/file/styl.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
93.187.207.86 , Turkey, ASN43391 (NETDIREKT-AS, TR),
Reverse DNS
server86.veribirikim.com
Software
nginx /
Resource Hash
4f5a022467e927b5b385cc335e58434a49bad0520ed018fc059075069d695c79

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.cankayatip.com/not/file/styl.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date
Tue, 05 Mar 2024 09:18:47 GMT
last-modified
Tue, 27 Feb 2024 22:20:20 GMT
server
nginx
x-accel-version
0.01
etag
"127-612646e7d5100"
content-type
image/png
access-control-allow-origin
*
accept-ranges
bytes
content-length
295

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
www.onlinebanking.natwest.com
URL
https://www.onlinebanking.natwest.com/Brands/mm.js
Domain
www.onlinebanking.natwest.com
URL
https://www.onlinebanking.natwest.com/Brands/NWB/images/error-marker.png
Domain
www.onlinebanking.natwest.com
URL
https://www.onlinebanking.natwest.com/Brands/NWB/images/error-marker.png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: NatWest (Banking)

47 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| theForm function| __doPostBack function| ctl00_mainContent_LI1CBAClientValidationFunction object| MasterResx function| addLPVariables function| addCcmVariables object| tmParam object| doc function| WebForm_OnSubmit function| tagerror function| toCustomerNumberView function| toCardNumberView function| validateInput function| handleCardPANEvents function| removeDuplicateValidationMessage function| displayValidationSummary function| setErrorMessage function| displayFEM function| li5stringDivider undefined| eventname undefined| fieldvalue undefined| currentField undefined| errorDescription function| validateDBID function| texterror function| stripHtmlTags function| getFEMCode function| GetFieldEventAndTypeName function| GetTaggingType function| IDCheck function| Getwizardname function| FieldTagging function| ValidateField function| randomString function| BindFieldData function| valuefielddata function| currenttargetlistvalue function| Tagerrormessage object| digitalData function| getCustomEventName function| EbankCustomEvent object| customerNumberRadio object| cardNumberRadio object| customerNumberInput object| cardNumberInput function| $ function| jQuery

3 Cookies

Domain/Path Name / Value
.phplist.com/ Name: WebblerSession
Value: np1ja365e9nqf850ft0igdge10
institutoguemespostitulos.hosted.phplist.com/ Name: SERVERID
Value: pqserver1|Zebjd|Zebjd
www.cankayatip.com/ Name: PHPSESSID
Value: m1n3b7vi5e5hn9sj94nte519ko

6 Console Messages

Source Level URL
Text
network error URL: https://www.cankayatip.com/WebResource.axd?d=Cmj2wdbIzodHqG_1PA37Bk4WoldIkQdlxX4rcW_mpOV71O6rleIcd7IeijpiPN4Ejqcg2hvVGpGrlP2nzZfNZLbDwdc1&t=637788741871659218
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://www.cankayatip.com/WebResource.axd?d=oWDioZzZI0SGEHDrJWGO9A15jtq7fF3l3w2sNCHx0I5zpOlbGQLCi8XT9BjnFR-thkTSvbR-9NqyYbLEWKTh0kVUibs1&t=637788741871659218
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://www.onlinebanking.natwest.com/Brands/NWB/images/error-marker.png
Message:
Failed to load resource: net::ERR_TOO_MANY_REDIRECTS
network error URL: https://www.onlinebanking.natwest.com/Brands/mm.js
Message:
Failed to load resource: net::ERR_TOO_MANY_REDIRECTS
network error URL: https://www.cankayatip.com/not/file/li5_outer_frame_top_curve.gif
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://www.onlinebanking.natwest.com/Brands/NWB/images/error-marker.png
Message:
Failed to load resource: net::ERR_TOO_MANY_REDIRECTS

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cankayatip.com
institutoguemespostitulos.hosted.phplist.com
josefpabuaya396.lpages.co
www.cankayatip.com
www.onlinebanking.natwest.com
www.onlinebanking.natwest.com
35.202.21.90
45.33.29.14
93.187.207.86
184ae6f2b612d011f54d2e0886675192f668d923e630484d74b9733f6115e1d3
1b41a20a89a59a3fdc38cce3ee814f237dceb112007fbf772e477218c92374a5
1ec277d20cb0b2b9d72322f3cc32d988435978a6a8f72b28e0f8ac8b1bf17a72
37a8cef289496939b848ca38cb9d58e62b44464147cec8adce9530bcb7225bb7
42e70c32efffee33a1d8bddf152d6b754fa8abb83c6166444b8d41b217d9dae6
4f5a022467e927b5b385cc335e58434a49bad0520ed018fc059075069d695c79
97cb9f36324e93ceb875ef10535ab4093024212f2ab5bc881074b525ca09febe
9be8b2c42ad2d6f7327f62a7d03995a5a4615770154941d59493473186e5140c
a199620fe981df00a825f78761d3f7c8870f8117daa4a890e08018dec386dae8
b465d00b89619e9899ec7d618559157db09f935d318466d67deb036157fadcf2
c0c5f5559592886940170e66289e641c9250ba57f6cb7c0ca55e08277c34f170
d1c878b4e69d9da5292c53b1f46708de74c435144895bdfd697208406466a814
d2955b58d801a021737f025d1716a68fd2a143ddac3e0b749fcc053deba6e082
e0b37e50ac3b6af1a2458f8c1a795b04f4c001924e7e4fe0143f242a4b4c46d9
ef7db794b4a6b5c42d2535919d91fb11da1e5cd1147f35196db382197b35fdee
f2224f1a7fe306446bd53bf7b2a7b16c2d73fbce2f0881693ec09f8b58c1323b
f2b557317fb851b3ed73c2d8203192e9ed433bd006ca5025ccb3317ef15e1b8d
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d