urlscan.io logo urlscan.io
SecurityTrails logo

www.member.nhasaving.com Open in urlscan Pro
119.63.67.101  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://www.member.nhasaving.com/
Effective URL: https://www.member.nhasaving.com/coop/logon.php
Submission: On May 16 via automatic, source certstream-suspicious — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 3 countries across 4 domains to perform 21 HTTP transactions. The main IP is 119.63.67.101, located in Thailand and belongs to UCOM-AS-TH United Communication Industry PCL., TH. The main domain is www.member.nhasaving.com.
TLS certificate: Issued by R3 on May 4th 2024. Valid for: 3 months.
This is the only time www.member.nhasaving.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 14 119.63.67.101 23892 (UCOM-AS-T...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
3 142.250.186.164 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
21 6
14    119.63.67.101 (Thailand)

ASN23892 (UCOM-AS-TH United Communication Industry PCL., TH)
PTR: host3.soat-development.com
www.member.nhasaving.com
1    2a00:1450:4001:800::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    2a00:1450:4001:830::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
ajax.googleapis.com
3    142.250.186.164 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f4.1e100.net
www.google.com
2    2a00:1450:4001:806::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
1    2a00:1450:4001:81d::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.gstatic.com
Apex Domain
Subdomains		 Transfer
14 nhasaving.com
www.member.nhasaving.com
167 KB
3 gstatic.com
fonts.gstatic.com
www.gstatic.com
234 KB
3 google.com
www.google.com — Cisco Umbrella Rank: 2
937 B
2 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 33
ajax.googleapis.com — Cisco Umbrella Rank: 380
32 KB
21 4
Domain Requested by
14 www.member.nhasaving.com 1 redirects www.member.nhasaving.com
3 www.google.com www.member.nhasaving.com
www.gstatic.com
2 fonts.gstatic.com fonts.googleapis.com
1 www.gstatic.com www.google.com
1 ajax.googleapis.com www.member.nhasaving.com
1 fonts.googleapis.com www.member.nhasaving.com
21 6

This site contains no links.

Subject Issuer Validity Valid
host3.soat-development.com
R3		 2024-05-04 -
2024-08-02		 3 months crt.sh
upload.video.google.com
WR2		 2024-05-06 -
2024-07-29		 3 months crt.sh
*.google.com
WR2		 2024-05-06 -
2024-07-29		 3 months crt.sh
*.gstatic.com
WR2		 2024-05-06 -
2024-07-29		 3 months crt.sh

This page contains 3 frames:

Primary Page: https://www.member.nhasaving.com/coop/logon.php
Frame ID: E90B2AC23A11A26BBFA6CC27B0D28B86
Requests: 19 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcyeK4UAAAAAEMh_HjC9SSACfbxBYL8smNPGxZX&co=aHR0cHM6Ly93d3cubWVtYmVyLm5oYXNhdmluZy5jb206NDQz&hl=de&v=vjbW55W42X033PfTdVf6Ft4q&size=normal&cb=1k3is4smy8c4
Frame ID: FA74789BCB56CDBF8B698019287818DB
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/bframe?hl=de&v=vjbW55W42X033PfTdVf6Ft4q&k=6LcyeK4UAAAAAEMh_HjC9SSACfbxBYL8smNPGxZX
Frame ID: B7039A830A5B4500AD60D9F24C905720
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

สหกรณ์ออมทรัพย์การเคหะแห่งชาติ

Page URL History Show full URLs

  1. https://www.member.nhasaving.com/ HTTP 302
    https://www.member.nhasaving.com/coop/logon.php Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • <div[^>]+class="g-recaptcha"
  • /recaptcha/api\.js

Page Statistics

21
Requests

38 %
HTTPS

67 %
IPv6

4
Domains

6
Subdomains

6
IPs

3
Countries

433 kB
Transfer

1048 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://www.member.nhasaving.com/ HTTP 302
    https://www.member.nhasaving.com/coop/logon.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

21 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request logon.php
www.member.nhasaving.com/coop/
Redirect Chain
  • https://www.member.nhasaving.com/
  • https://www.member.nhasaving.com/coop/logon.php
9 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.member.nhasaving.com/coop/logon.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
119.63.67.101 , Thailand, ASN23892 (UCOM-AS-TH United Communication Industry PCL., TH),
Reverse DNS
host3.soat-development.com
Software
nginx / PHP/5.3.29 PleskLin
Resource Hash
499e49b0da2156e0d8e4b36ba7d942e1c7eae1d3829d1ed465c2613d167e7bf0

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-encoding
br
content-type
text/html
date
Thu, 16 May 2024 05:09:15 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
pragma
no-cache
server
nginx
x-powered-by
PHP/5.3.29 PleskLin

Redirect headers

content-length
0
content-type
text/html
date
Thu, 16 May 2024 05:09:15 GMT
location
coop/logon.php
server
nginx
x-powered-by
PHP/5.3.29 PleskLin
css
fonts.googleapis.com/ 		1 KB
879 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Kanit&subset=thai
Requested by
Host: www.member.nhasaving.com
URL: https://www.member.nhasaving.com/coop/logon.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
1bd4412d086403176d94ef0066e0c35d25168d17507d09a38352f4fc2bb6b251
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.member.nhasaving.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000
date
Thu, 16 May 2024 05:11:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Thu, 16 May 2024 05:11:41 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 16 May 2024 05:11:41 GMT
font-awesome.min.css
www.member.nhasaving.com/coop/librarys/font-awesome/css/ 		28 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.member.nhasaving.com/coop/librarys/font-awesome/css/font-awesome.min.css
Requested by
Host: www.member.nhasaving.com
URL: https://www.member.nhasaving.com/coop/logon.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
119.63.67.101 , Thailand, ASN23892 (UCOM-AS-TH United Communication Industry PCL., TH),
Reverse DNS
host3.soat-development.com
Software
nginx / PleskLin
Resource Hash
7bc15c522a05ce0e56b8cb3fff83bc6e770130afdd840d469869db69663d78fe

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.member.nhasaving.com/coop/logon.php
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 16 May 2024 05:09:16 GMT
content-encoding
br
last-modified
Wed, 23 May 2018 03:56:07 GMT
server
nginx
etag
W/"5b04e657-7186"
x-powered-by
PleskLin
content-type
text/css
bootstrap.min.css
www.member.nhasaving.com/coop/librarys/bootstrap/css/ 		119 KB
18 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.member.nhasaving.com/coop/librarys/bootstrap/css/bootstrap.min.css
Requested by
Host: www.member.nhasaving.com
URL: https://www.member.nhasaving.com/coop/logon.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
119.63.67.101 , Thailand, ASN23892 (UCOM-AS-TH United Communication Industry PCL., TH),
Reverse DNS
host3.soat-development.com
Software
nginx / PleskLin
Resource Hash
e79f11f12b11c43a574f4e87b54dabc5316f3719cb325c70df139d72943fe755

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.member.nhasaving.com/coop/logon.php
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 16 May 2024 05:09:16 GMT
content-encoding
br
last-modified
Wed, 23 May 2018 03:56:05 GMT
server
nginx
etag
W/"5b04e655-1db0c"
x-powered-by
PleskLin
content-type
text/css
Template.css
www.member.nhasaving.com/coop/librarys/css/ 		9 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.member.nhasaving.com/coop/librarys/css/Template.css
Requested by
Host: www.member.nhasaving.com
URL: https://www.member.nhasaving.com/coop/logon.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
119.63.67.101 , Thailand, ASN23892 (UCOM-AS-TH United Communication Industry PCL., TH),
Reverse DNS
host3.soat-development.com
Software
nginx / PleskLin
Resource Hash
3bc7aa9bc782908a268d4aa0868f736380ef9ab9110a3516538d1001979ee63a

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.member.nhasaving.com/coop/logon.php
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 16 May 2024 05:09:16 GMT
content-encoding
br
last-modified
Wed, 23 May 2018 03:55:52 GMT
server
nginx
etag
W/"5b04e648-22c1"
x-powered-by
PleskLin
content-type
text/css
bootstrap-theme.min.css
www.member.nhasaving.com/coop/librarys/bootstrap/css/ 		23 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.member.nhasaving.com/coop/librarys/bootstrap/css/bootstrap-theme.min.css
Requested by
Host: www.member.nhasaving.com
URL: https://www.member.nhasaving.com/coop/logon.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
119.63.67.101 , Thailand, ASN23892 (UCOM-AS-TH United Communication Industry PCL., TH),
Reverse DNS
host3.soat-development.com
Software
nginx / PleskLin
Resource Hash
653e073e97423adda5bc3917a241ee8497dd38a48f14bcde0098a4e54fd0fa5e

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.member.nhasaving.com/coop/logon.php
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 16 May 2024 05:09:16 GMT
content-encoding
br
last-modified
Wed, 23 May 2018 03:56:04 GMT
server
nginx
etag
W/"5b04e654-5b71"
x-powered-by
PleskLin
content-type
text/css
jquery.js
www.member.nhasaving.com/coop/librarys/js/ 		94 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.member.nhasaving.com/coop/librarys/js/jquery.js
Requested by
Host: www.member.nhasaving.com
URL: https://www.member.nhasaving.com/coop/logon.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
119.63.67.101 , Thailand, ASN23892 (UCOM-AS-TH United Communication Industry PCL., TH),
Reverse DNS
host3.soat-development.com
Software
nginx / PleskLin
Resource Hash
24262baafef17092927c3dafe764aaa52a2a371b83ed2249cca7e414df99fac1

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.member.nhasaving.com/coop/logon.php
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 16 May 2024 05:09:16 GMT
content-encoding
br
last-modified
Wed, 23 May 2018 03:55:52 GMT
server
nginx
etag
W/"5b04e648-17629"
x-powered-by
PleskLin
content-type
application/javascript
bootstrap.min.js
www.member.nhasaving.com/coop/librarys/bootstrap/js/ 		35 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.member.nhasaving.com/coop/librarys/bootstrap/js/bootstrap.min.js
Requested by
Host: www.member.nhasaving.com
URL: https://www.member.nhasaving.com/coop/logon.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
119.63.67.101 , Thailand, ASN23892 (UCOM-AS-TH United Communication Industry PCL., TH),
Reverse DNS
host3.soat-development.com
Software
nginx / PleskLin
Resource Hash
d5fd173d00d9733900834e0e1083de86b532e048b15c0420ba5c2db0623644b8

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.member.nhasaving.com/coop/logon.php
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 16 May 2024 05:09:16 GMT
content-encoding
br
last-modified
Wed, 23 May 2018 03:56:05 GMT
server
nginx
etag
W/"5b04e655-8c6f"
x-powered-by
PleskLin
content-type
application/javascript
bootstrap-notify.min.js
www.member.nhasaving.com/coop/librarys/bootstrap/js/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.member.nhasaving.com/coop/librarys/bootstrap/js/bootstrap-notify.min.js
Requested by
Host: www.member.nhasaving.com
URL: https://www.member.nhasaving.com/coop/logon.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
119.63.67.101 , Thailand, ASN23892 (UCOM-AS-TH United Communication Industry PCL., TH),
Reverse DNS
host3.soat-development.com
Software
nginx / PleskLin
Resource Hash
2db9de4f5fc27837d4295df39d94c34ccc336c31d02322f7f7cad69ae8e338da

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.member.nhasaving.com/coop/logon.php
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 16 May 2024 05:09:16 GMT
content-encoding
br
last-modified
Wed, 20 Jun 2018 04:07:36 GMT
server
nginx
etag
W/"5b29d308-1fba"
x-powered-by
PleskLin
content-type
application/javascript
bootbox.min.js
www.member.nhasaving.com/coop/librarys/js/ 		10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.member.nhasaving.com/coop/librarys/js/bootbox.min.js
Requested by
Host: www.member.nhasaving.com
URL: https://www.member.nhasaving.com/coop/logon.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
119.63.67.101 , Thailand, ASN23892 (UCOM-AS-TH United Communication Industry PCL., TH),
Reverse DNS
host3.soat-development.com
Software
nginx / PleskLin
Resource Hash
0b6bab63e3aa24b4ab6aab63765a217db5004961bab1ab7d74ffebfa33efb5c4

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.member.nhasaving.com/coop/logon.php
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 16 May 2024 05:09:16 GMT
content-encoding
br
last-modified
Wed, 23 May 2018 03:55:52 GMT
server
nginx
etag
W/"5b04e648-26f4"
x-powered-by
PleskLin
content-type
application/javascript
message_notify.js
www.member.nhasaving.com/coop/librarys/js/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://www.member.nhasaving.com/coop/librarys/js/message_notify.js
Requested by
Host: www.member.nhasaving.com
URL: https://www.member.nhasaving.com/coop/logon.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
119.63.67.101 , Thailand, ASN23892 (UCOM-AS-TH United Communication Industry PCL., TH),
Reverse DNS
host3.soat-development.com
Software
nginx /
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.member.nhasaving.com/coop/logon.php
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 16 May 2024 05:09:16 GMT
content-encoding
br
last-modified
Mon, 26 Feb 2024 13:14:57 GMT
server
nginx
etag
W/"328-61248b2371a6a"
content-type
text/html
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.4.1/ 		86 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js
Requested by
Host: www.member.nhasaving.com
URL: https://www.member.nhasaving.com/coop/logon.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.member.nhasaving.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 14 May 2024 14:07:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
140664
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
30774
x-xss-protection
0
last-modified
Mon, 13 May 2019 14:37:17 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 14 May 2025 14:07:17 GMT
api.js
www.google.com/recaptcha/ 		1 KB
937 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api.js
Requested by
Host: www.member.nhasaving.com
URL: https://www.member.nhasaving.com/coop/logon.php
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.164 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f4.1e100.net
Software
GSE /
Resource Hash
09cb633c3a53b17452721e2a4ba69bcf9256665ecae53f6aca81a1f7c27e9f9f
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.member.nhasaving.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 16 May 2024 05:11:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self'
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=utf-8
cache-control
private, max-age=300
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
1; mode=block
expires
Thu, 16 May 2024 05:11:41 GMT
glyphicons-halflings-regular.woff2
www.member.nhasaving.com/coop/librarys/bootstrap/fonts/ 		18 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.member.nhasaving.com/coop/librarys/bootstrap/fonts/glyphicons-halflings-regular.woff2
Requested by
Host: www.member.nhasaving.com
URL: https://www.member.nhasaving.com/coop/librarys/bootstrap/css/bootstrap.min.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
119.63.67.101 , Thailand, ASN23892 (UCOM-AS-TH United Communication Industry PCL., TH),
Reverse DNS
host3.soat-development.com
Software
nginx / PleskLin
Resource Hash
fe185d11a49676890d47bb783312a0cda5a44c4039214094e7957b4c040ef11c

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.member.nhasaving.com/coop/librarys/bootstrap/css/bootstrap.min.css
Origin
https://www.member.nhasaving.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 16 May 2024 05:09:17 GMT
last-modified
Wed, 23 May 2018 03:56:05 GMT
server
nginx
etag
"5b04e655-466c"
x-powered-by
PleskLin
content-type
font/woff2
accept-ranges
bytes
content-length
18028
nKKZ-Go6G5tXcraVGwA.woff2
fonts.gstatic.com/s/kanit/v15/ 		19 KB
19 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/kanit/v15/nKKZ-Go6G5tXcraVGwA.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Kanit&subset=thai
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ae7b918efe7cd287651e014ed269c923e1a925c8eee1a474ad11184f04659d3e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://fonts.googleapis.com/
Origin
https://www.member.nhasaving.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 13 May 2024 13:28:46 GMT
x-content-type-options
nosniff
age
229376
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
19388
x-xss-protection
0
last-modified
Thu, 20 Jul 2023 20:53:09 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 13 May 2025 13:28:46 GMT
fontawesome-webfont.woff2
www.member.nhasaving.com/coop/librarys/font-awesome/fonts/ 		70 KB
70 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.member.nhasaving.com/coop/librarys/font-awesome/fonts/fontawesome-webfont.woff2?v=4.6.3
Requested by
Host: www.member.nhasaving.com
URL: https://www.member.nhasaving.com/coop/librarys/font-awesome/css/font-awesome.min.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
119.63.67.101 , Thailand, ASN23892 (UCOM-AS-TH United Communication Industry PCL., TH),
Reverse DNS
host3.soat-development.com
Software
nginx / PleskLin
Resource Hash
7dacf83f51179de8d7980a513e67ab3a08f2c6272bb5946df8fd77c0d1763b73

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.member.nhasaving.com/coop/librarys/font-awesome/css/font-awesome.min.css
Origin
https://www.member.nhasaving.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 16 May 2024 05:09:17 GMT
last-modified
Wed, 23 May 2018 03:56:07 GMT
server
nginx
etag
"5b04e657-118d8"
x-powered-by
PleskLin
content-type
font/woff2
accept-ranges
bytes
content-length
71896
nKKZ-Go6G5tXcraBGwCYdA.woff2
fonts.gstatic.com/s/kanit/v15/ 		13 KB
13 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/kanit/v15/nKKZ-Go6G5tXcraBGwCYdA.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Kanit&subset=thai
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d03834de65cdb3ea45008ab88ba319d2fe3b47c26e145a79347043e18e36e7af
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://fonts.googleapis.com/
Origin
https://www.member.nhasaving.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 14 May 2024 02:54:37 GMT
x-content-type-options
nosniff
age
181025
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
13260
x-xss-protection
0
last-modified
Thu, 20 Jul 2023 20:52:56 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 14 May 2025 02:54:37 GMT
recaptcha__de.js
www.gstatic.com/recaptcha/releases/vjbW55W42X033PfTdVf6Ft4q/ 		505 KB
202 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/vjbW55W42X033PfTdVf6Ft4q/recaptcha__de.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4a624368de63b32a27d36d8032e5e1bfe03a5e738338493aa0dfc4938d9cd3c0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.member.nhasaving.com/
Origin
https://www.member.nhasaving.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 16 May 2024 03:43:11 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
5311
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
206091
x-xss-protection
0
last-modified
Sun, 05 May 2024 20:00:16 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Fri, 16 May 2025 03:43:11 GMT
anchor
www.google.com/recaptcha/api2/ Frame FA74 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcyeK4UAAAAAEMh_HjC9SSACfbxBYL8smNPGxZX&co=aHR0cHM6Ly93d3cubWVtYmVyLm5oYXNhdmluZy5jb206NDQz&hl=de&v=vjbW55W42X033PfTdVf6Ft4q&size=normal&cb=1k3is4smy8c4
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/vjbW55W42X033PfTdVf6Ft4q/recaptcha__de.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.164 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f4.1e100.net
Software
GSE /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-0xGH0FKIbIvj1PNiBNQqFQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://www.member.nhasaving.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-0xGH0FKIbIvj1PNiBNQqFQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Thu, 16 May 2024 05:11:43 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
favicon.ico
www.member.nhasaving.com/ 		808 B
500 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www.member.nhasaving.com/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
119.63.67.101 , Thailand, ASN23892 (UCOM-AS-TH United Communication Industry PCL., TH),
Reverse DNS
host3.soat-development.com
Software
nginx /
Resource Hash
b9347f234dc3c8d56e015e86d88a1400415db8f7a5ad91f02b6a2323c10a4187

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.member.nhasaving.com/coop/logon.php
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 16 May 2024 05:09:18 GMT
content-encoding
br
last-modified
Mon, 26 Feb 2024 13:14:57 GMT
server
nginx
etag
W/"328-61248b2371a6a"
content-type
text/html
bframe
www.google.com/recaptcha/api2/ Frame B703 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/bframe?hl=de&v=vjbW55W42X033PfTdVf6Ft4q&k=6LcyeK4UAAAAAEMh_HjC9SSACfbxBYL8smNPGxZX
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/vjbW55W42X033PfTdVf6Ft4q/recaptcha__de.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.164 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f4.1e100.net
Software
GSE /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-_q0vAecc9pCaEC8_VvP7jw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://www.member.nhasaving.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-_q0vAecc9pCaEC8_VvP7jw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Thu, 16 May 2024 05:11:44 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block

Verdicts & Comments Add Verdict or Comment

15 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 function| $ function| jQuery object| jQuery111107541324723377414 object| bootbox function| makeaction function| chk_emtry object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client object| recaptcha object| closure_lm_490729

1 Cookies

Domain/Path Name / Value
www.member.nhasaving.com/ Name: PHPSESSID
Value: urgejdlp53nvjr9qjllsvv6ek5

3 Console Messages

Source Level URL
Text
network error URL: https://www.member.nhasaving.com/coop/librarys/js/message_notify.js
Message:
Failed to load resource: the server responded with a status of 404 ()
recommendation verbose URL: https://www.member.nhasaving.com/coop/logon.php
Message:
[DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o
network error URL: https://www.member.nhasaving.com/favicon.ico
Message:
Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
fonts.googleapis.com
fonts.gstatic.com
www.google.com
www.gstatic.com
www.member.nhasaving.com
119.63.67.101
142.250.186.164
2a00:1450:4001:800::200a
2a00:1450:4001:806::2003
2a00:1450:4001:81d::2003
2a00:1450:4001:830::200a
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
09cb633c3a53b17452721e2a4ba69bcf9256665ecae53f6aca81a1f7c27e9f9f
0b6bab63e3aa24b4ab6aab63765a217db5004961bab1ab7d74ffebfa33efb5c4
1bd4412d086403176d94ef0066e0c35d25168d17507d09a38352f4fc2bb6b251
24262baafef17092927c3dafe764aaa52a2a371b83ed2249cca7e414df99fac1
2db9de4f5fc27837d4295df39d94c34ccc336c31d02322f7f7cad69ae8e338da
3bc7aa9bc782908a268d4aa0868f736380ef9ab9110a3516538d1001979ee63a
499e49b0da2156e0d8e4b36ba7d942e1c7eae1d3829d1ed465c2613d167e7bf0
4a624368de63b32a27d36d8032e5e1bfe03a5e738338493aa0dfc4938d9cd3c0
653e073e97423adda5bc3917a241ee8497dd38a48f14bcde0098a4e54fd0fa5e
7bc15c522a05ce0e56b8cb3fff83bc6e770130afdd840d469869db69663d78fe
7dacf83f51179de8d7980a513e67ab3a08f2c6272bb5946df8fd77c0d1763b73
ae7b918efe7cd287651e014ed269c923e1a925c8eee1a474ad11184f04659d3e
b9347f234dc3c8d56e015e86d88a1400415db8f7a5ad91f02b6a2323c10a4187
d03834de65cdb3ea45008ab88ba319d2fe3b47c26e145a79347043e18e36e7af
d5fd173d00d9733900834e0e1083de86b532e048b15c0420ba5c2db0623644b8
e79f11f12b11c43a574f4e87b54dabc5316f3719cb325c70df139d72943fe755
fe185d11a49676890d47bb783312a0cda5a44c4039214094e7957b4c040ef11c