urlscan.io logo urlscan.io
SecurityTrails logo

altayersnrkrbaneve14.click Open in urlscan Pro
188.114.97.3  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://altayersnrkrbaneve14.click/
Submission: On July 20 via api from TR — Scanned from NL
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 3 countries across 4 domains to perform 42 HTTP transactions. The main IP is 188.114.97.3, located in Amsterdam, Netherlands and belongs to CLOUDFLARENET, US. The main domain is altayersnrkrbaneve14.click.
TLS certificate: Issued by WE1 on July 8th 2024. Valid for: 3 months.
This is the only time altayersnrkrbaneve14.click was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Ziraat Bank (Banking) Generic Cloudflare (Online)

Domain & IP information

IP Address AS Autonomous System
1 35 188.114.97.3 13335 (CLOUDFLAR...)
1 2a04:4e42:400... 54113 (FASTLY)
5 195.177.206.129 29549 (ZIRAATBAN...)
2 194.24.224.45 31471 (FINTEK-AS)
42 4
Apex Domain
Subdomains		 Transfer
34 altayersnrkrbaneve14.click
altayersnrkrbaneve14.click
2 MB
7 ziraatbank.com.tr
api.ziraatbank.com.tr
ebulten.ziraatbank.com.tr
17 KB
1 userstat.net
userstat.net — Cisco Umbrella Rank: 232748
655 B
1 jquery.com
code.jquery.com — Cisco Umbrella Rank: 1211
30 KB
42 4
Domain Requested by
34 altayersnrkrbaneve14.click 1 redirects altayersnrkrbaneve14.click
code.jquery.com
5 api.ziraatbank.com.tr altayersnrkrbaneve14.click
code.jquery.com
2 ebulten.ziraatbank.com.tr altayersnrkrbaneve14.click
1 userstat.net altayersnrkrbaneve14.click
1 code.jquery.com altayersnrkrbaneve14.click
42 5
Subject Issuer Validity Valid
altayersnrkrbaneve14.click
WE1		 2024-07-08 -
2024-10-06		 3 months crt.sh
*.jquery.com
Sectigo ECC Domain Validation Secure Server CA		 2024-06-25 -
2025-06-25		 a year crt.sh
*.ziraatbank.com.tr
GeoTrust TLS RSA CA G1		 2023-12-11 -
2024-12-10		 a year crt.sh
userstat.net
WE1		 2024-07-17 -
2024-10-15		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://altayersnrkrbaneve14.click/
Frame ID: 32C3AECB54F5BF77E374A692B4C6EDC6
Requests: 41 HTTP requests in this frame

Frame: https://api.ziraatbank.com.tr/inbound/cbot/core/localstorage?client=ziraatbilge
Frame ID: BDBFA6575E7D61A6E71D43AA283B495C
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Tüketici Kredisi | Bireysel Kredi Başvuruları | Başvurular | Bireysel | Ziraat Bankası

Page URL History Show full URLs

  1. https://altayersnrkrbaneve14.click/ Page URL
  2. https://altayersnrkrbaneve14.click/cdn-cgi/phish-bypass?atok=OFk4mhy3.W0pnuCNfaifWDew2_AfkIWb9KTY2NM3.LY-172146... HTTP 301
    https://altayersnrkrbaneve14.click/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

42
Requests

100 %
HTTPS

25 %
IPv6

4
Domains

5
Subdomains

4
IPs

3
Countries

2298 kB
Transfer

4686 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://altayersnrkrbaneve14.click/ Page URL
  2. https://altayersnrkrbaneve14.click/cdn-cgi/phish-bypass?atok=OFk4mhy3.W0pnuCNfaifWDew2_AfkIWb9KTY2NM3.LY-1721467375-0.0.1.1-%2F HTTP 301
    https://altayersnrkrbaneve14.click/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

42 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
altayersnrkrbaneve14.click/ 		4 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://altayersnrkrbaneve14.click/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c1b5ace82222c31f954cfe08649249dfaa2330dd721aa9a7c192c2c139e70e15
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

cf-ray
8a61e3b8192930ee-FRA
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Sat, 20 Jul 2024 09:22:55 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JeP3UH6G7oOKYUfJ66MzBjC%2Fpmx9uDJEHHy25YF96zN7ahPkKA6r3Z9707d9Cn9LJ%2BfLj8QAhgYbhAInmQYhEt1hXvjOl1TDJOHPhmV4EUNaDvGKJxbUkITaCdoxcaLNP0wgeZad6WKTAKVEIA%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
cf.errors.css
altayersnrkrbaneve14.click/cdn-cgi/styles/ 		23 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://altayersnrkrbaneve14.click/cdn-cgi/styles/cf.errors.css
Requested by
Host: altayersnrkrbaneve14.click
URL: https://altayersnrkrbaneve14.click/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://altayersnrkrbaneve14.click/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Sat, 20 Jul 2024 09:22:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 16 Jul 2024 17:11:36 GMT
server
cloudflare
etag
W/"6696a9c8-5df3"
x-frame-options
DENY
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=7200, public
cf-ray
8a61e3b90a9e30ee-FRA
expires
Sat, 20 Jul 2024 11:22:55 GMT
icon-exclamation.png
altayersnrkrbaneve14.click/cdn-cgi/images/ 		452 B
634 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://altayersnrkrbaneve14.click/cdn-cgi/images/icon-exclamation.png?1376755637
Requested by
Host: altayersnrkrbaneve14.click
URL: https://altayersnrkrbaneve14.click/cdn-cgi/styles/cf.errors.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://altayersnrkrbaneve14.click/cdn-cgi/styles/cf.errors.css
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Sat, 20 Jul 2024 09:22:55 GMT
x-content-type-options
nosniff
last-modified
Tue, 16 Jul 2024 17:11:36 GMT
server
cloudflare
etag
"6696a9c8-1c4"
x-frame-options
DENY
vary
Accept-Encoding
content-type
image/png
cache-control
max-age=7200, public
accept-ranges
bytes
cf-ray
8a61e3b9abae30ee-FRA
content-length
452
expires
Sat, 20 Jul 2024 11:22:55 GMT
favicon.ico
altayersnrkrbaneve14.click/ 		11 KB
3 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://altayersnrkrbaneve14.click/favicon.ico
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
5ce3d318c9fe70d7168012f428488d53833adb649406b01318d80f9a5c0b62f8

Request headers

Referer
https://altayersnrkrbaneve14.click/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Sat, 20 Jul 2024 09:22:55 GMT
content-encoding
br
cf-cache-status
REVALIDATED
last-modified
Thu, 02 May 2024 17:07:28 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"6633c850-2a36"
x-powered-by
PleskLin
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DP%2BJBpOASIjdT%2FgDFhbkqMvFsOETyP%2FNY%2BN3WcVbVv5NEN3t5N2TCy8kFpy5H2ZAox5nXwjZmVBWcx3F3EU2Y6JL3BuEyg29ZGgihywETTIAY29nCknqaxqotqRBVqWYK9ShbJUUZzW5qRRJoQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/vnd.microsoft.icon
cache-control
max-age=14400
cf-ray
8a61e3b9ec1630ee-FRA
alt-svc
h3=":443"; ma=86400
Primary Request /
altayersnrkrbaneve14.click/
Redirect Chain
  • https://altayersnrkrbaneve14.click/cdn-cgi/phish-bypass?atok=OFk4mhy3.W0pnuCNfaifWDew2_AfkIWb9KTY2NM3.LY-1721467375-0.0.1.1-%2F
  • https://altayersnrkrbaneve14.click/
214 KB
23 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://altayersnrkrbaneve14.click/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/8.3.9 PleskLin
Resource Hash
62b3c28dbc541aba6e057c682c7b559dd466236d6f771cc57dcb09684b39d2a0

Request headers

Referer
https://altayersnrkrbaneve14.click/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
8a61e3da0bc030ee-FRA
content-encoding
br
content-type
text/html; charset=UTF-8
date
Sat, 20 Jul 2024 09:23:00 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=e0f6W2RjrE0TFZU%2FgAYcqGdPBUX%2FfdWyrfO%2BoBt6COQ9dwnQ8Xu%2B8bEY3s5G1kk6l9RWS8i%2FwUhwi%2BZDOdciTRRKC46%2FjKAua%2BzLhcrdajJfa0dEhw9x1FfszoA1WAifHiF4fxgib7x2fbUgqw%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-powered-by
PHP/8.3.9 PleskLin

Redirect headers

cache-control
private, no-cache
cf-ray
8a61e3d96af130ee-FRA
content-length
167
content-type
text/html
date
Sat, 20 Jul 2024 09:23:00 GMT
location
https://altayersnrkrbaneve14.click/
server
cloudflare
x-content-type-options
nosniff
x-frame-options
DENY
BotDetectCaptcha_2.ashx
altayersnrkrbaneve14.click/ 		0
0 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://altayersnrkrbaneve14.click/BotDetectCaptcha_2.ashx
Requested by
Host: altayersnrkrbaneve14.click
URL: https://altayersnrkrbaneve14.click/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://altayersnrkrbaneve14.click/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Sat, 20 Jul 2024 09:23:01 GMT
content-encoding
br
cf-cache-status
DYNAMIC
last-modified
Wed, 10 Jul 2024 17:36:15 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BzCDdrukEIe%2FmfuNoYRNaqXvzbrN7nzKPorKvMuSFnRuUl4%2FkQbeBIsqmc0lz5tceSW3EHQaWQBMi9hMYGVPyJ8GVUhZLdpMjYQw2g0kiZeTyLE4qRyxsIgWpUBMiIrOcV1xHi%2F5xLzrkGBZ3w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html
cf-ray
8a61e3dbeebe30ee-FRA
alt-svc
h3=":443"; ma=86400
magiclick.min.css
altayersnrkrbaneve14.click/css/ 		562 KB
76 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://altayersnrkrbaneve14.click/css/magiclick.min.css
Requested by
Host: altayersnrkrbaneve14.click
URL: https://altayersnrkrbaneve14.click/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
22d18db1b598a7ece00b9833d3ebab22a6777072795c2e946840cbefd3c3ee12

Request headers

Referer
https://altayersnrkrbaneve14.click/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Sat, 20 Jul 2024 09:23:01 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Thu, 02 May 2024 17:07:24 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"6633c84c-8c733"
x-powered-by
PleskLin
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AJnOYG2boqnRliNhHg3t8nfaZsqRQLuJKC6YGjsGcUyZBZ6DxEAOJQ7akxxCXDDS9VQpItaENjBiJB9i2P5%2BsxMqON071ZEcjvnCY5OU7M85n3BhAW%2BNJJWOudajGw1xT26GHoBavga0iehTDw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=14400
cf-ray
8a61e3dbeec430ee-FRA
alt-svc
h3=":443"; ma=86400
jquery.min.js
altayersnrkrbaneve14.click/js/ 		85 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://altayersnrkrbaneve14.click/js/jquery.min.js
Requested by
Host: altayersnrkrbaneve14.click
URL: https://altayersnrkrbaneve14.click/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
24489d37a4f37a51da7ca075defba5ea657b967964113199c4f6439f3c02cd5f

Request headers

Referer
https://altayersnrkrbaneve14.click/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Sat, 20 Jul 2024 09:23:01 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Thu, 02 May 2024 17:07:28 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"6633c850-152c6"
x-powered-by
PleskLin
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nKlQ1ika%2B37EvNrWFIuvynpNqS6o0kl8rbIw5uW19Tjyq5of%2ByZXjJiyJtsUJOfXZlDBwGNBlLdP8D87tSX00MSAxmaU92D%2BsinnKZO6qxqxFarZrPlPA1rbqah14uIrhTzLqY0FVxD2qR71lA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
cf-ray
8a61e3dbeec830ee-FRA
alt-svc
h3=":443"; ma=86400
ziraat-ticaret-yolu.png
altayersnrkrbaneve14.click/images/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://altayersnrkrbaneve14.click/images/ziraat-ticaret-yolu.png
Requested by
Host: altayersnrkrbaneve14.click
URL: https://altayersnrkrbaneve14.click/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
56211622389ee4424cb99eb8581d8a3574ebe2e4a4720991a31d8b31a2340678

Request headers

Referer
https://altayersnrkrbaneve14.click/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Sat, 20 Jul 2024 09:23:01 GMT
cf-cache-status
MISS
last-modified
Thu, 02 May 2024 17:07:28 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
"6633c850-86c"
x-powered-by
PleskLin
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Slgej78t62x8TZcyjK0arzNWsMWrNK0m4IbcwBaBd7GKH4NVYPsWMJeEqoSKbII4vs3CGCyJj3KIQAiG3G%2Bwz%2FIDJhEXWuK2vvVF5MT3qr2stDBxa99uDxJI1219MtgEndpoC8Y3LyLgXOuvjg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
8a61e3dbeed430ee-FRA
alt-svc
h3=":443"; ma=86400
content-length
2156
bankkart-logo.png
altayersnrkrbaneve14.click/images/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://altayersnrkrbaneve14.click/images/bankkart-logo.png
Requested by
Host: altayersnrkrbaneve14.click
URL: https://altayersnrkrbaneve14.click/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
873e0b75f2ef93861f146b797ccbe5f0d55ce8198ca63c550aa7c7b956988280

Request headers

Referer
https://altayersnrkrbaneve14.click/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Sat, 20 Jul 2024 09:23:01 GMT
cf-cache-status
MISS
last-modified
Thu, 02 May 2024 17:07:26 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
"6633c84e-f03"
x-powered-by
PleskLin
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FJeYxEmaKKJaLd6S53z%2FyUkpMoD8yANEVUUrv%2ByqBOgNQZwlMeog58NKq4y4gnr6srsj1qrWPGi6D4ay0jVnzIO%2FX0Q6ouf3IKHHvILDC6JuHpj8rQmcLUHBSi4ejQdJMVF8agms1EVg3HloPg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
8a61e3dbfef230ee-FRA
alt-svc
h3=":443"; ma=86400
content-length
3843
super-sube-logosu.png
altayersnrkrbaneve14.click/images/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://altayersnrkrbaneve14.click/images/super-sube-logosu.png
Requested by
Host: altayersnrkrbaneve14.click
URL: https://altayersnrkrbaneve14.click/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
89816ce49c82284d656b71e48f85102c68ade31d485548529b37494cea507d35

Request headers

Referer
https://altayersnrkrbaneve14.click/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Sat, 20 Jul 2024 09:23:01 GMT
cf-cache-status
MISS
last-modified
Thu, 02 May 2024 17:07:28 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
"6633c850-634"
x-powered-by
PleskLin
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pcPrYww13immmY0q7UbPqVvHl584inwO8YZ1A9Cmy3u0Y1wXEsZrm0rZohD88xRqOf8%2BBfdVRMStBlQU34S4YayeufE8y0VRCdWY5mq7U3Bc1mWkCFL777o649EmNY0kLamjNBk%2F%2B7k0dwyLvQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
8a61e3dbfef630ee-FRA
alt-svc
h3=":443"; ma=86400
content-length
1588
logo.png
altayersnrkrbaneve14.click/images/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://altayersnrkrbaneve14.click/images/logo.png
Requested by
Host: altayersnrkrbaneve14.click
URL: https://altayersnrkrbaneve14.click/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
dc6750872782481c50484242a1e4d6dcfa856fae3d932154d384b476a0254638

Request headers

Referer
https://altayersnrkrbaneve14.click/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Sat, 20 Jul 2024 09:23:01 GMT
cf-cache-status
MISS
last-modified
Thu, 02 May 2024 17:07:26 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
"6633c84e-12d7"
x-powered-by
PleskLin
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=g495TNmhNL6sGEiZKVu0OeWC492ICnYPrtMlivoRG%2F8UwIK7wX98BgNuHPHbqcNppinrCwuKhcBLv%2BxBs0sNJ3OMH%2Bjlws7vxRC04V%2F5DPv0md7Afv4BK8V9yjUymoHQeLio%2BLdZER4sG7vl7Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
8a61e3dbfefb30ee-FRA
alt-svc
h3=":443"; ma=86400
content-length
4823
logo.gif
altayersnrkrbaneve14.click/images/ 		694 KB
695 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://altayersnrkrbaneve14.click/images/logo.gif
Requested by
Host: altayersnrkrbaneve14.click
URL: https://altayersnrkrbaneve14.click/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
243267679aee53e8f60f223a2a19706bbac15f8ff5b3d9a64428b4cd91afb483

Request headers

Referer
https://altayersnrkrbaneve14.click/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Sat, 20 Jul 2024 09:23:01 GMT
cf-cache-status
MISS
last-modified
Thu, 02 May 2024 17:07:26 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
"6633c84e-ad9ff"
x-powered-by
PleskLin
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sixlUH1mkDG8vhRXP%2F46jzxlcdb%2Bl5PfW1VB6E%2FdicPR%2BbN633uyHBx5VEui365vEh1yhxCSeRI%2B98ZL9VgkEQlfpJXiQ1bvpLXT5RJIKFNt6DujQyFLs%2F4JX9nZH0ZGLAkXz3Dr5uWc5ASmCQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
8a61e3dbfeff30ee-FRA
alt-svc
h3=":443"; ma=86400
content-length
711167
magiclick.min.js
altayersnrkrbaneve14.click/js/ 		1 MB
351 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://altayersnrkrbaneve14.click/js/magiclick.min.js
Requested by
Host: altayersnrkrbaneve14.click
URL: https://altayersnrkrbaneve14.click/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
d5db7ff8bebe64ae093933af497e87a83e5232e1a0340e62bd96827f2a12d0bf

Request headers

Referer
https://altayersnrkrbaneve14.click/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Sat, 20 Jul 2024 09:23:01 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Thu, 02 May 2024 17:07:28 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"6633c850-153171"
x-powered-by
PleskLin
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gFZqsr7%2B8SON2AAhdnnzwO7wBpccxoCBdTpF3boPs1%2FkBL5XGed8d7wwT2uEKns6c%2FAKKx8T2kOr5%2FVfuQwL6%2B1n%2BhWB6Y9m0jt93AchxXoYbrtwf%2BO5Yhx6%2FQeSuAdhUqT6sP%2FPJS2mDUaZlg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
cf-ray
8a61e3dbff0030ee-FRA
alt-svc
h3=":443"; ma=86400
jquery.smartbanner.js
altayersnrkrbaneve14.click/js/ 		16 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://altayersnrkrbaneve14.click/js/jquery.smartbanner.js
Requested by
Host: altayersnrkrbaneve14.click
URL: https://altayersnrkrbaneve14.click/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
9916b20e0e346a808aa3d33641d98263c4b1b27f67f0b091004021c91652cc72

Request headers

Referer
https://altayersnrkrbaneve14.click/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Sat, 20 Jul 2024 09:23:01 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Thu, 02 May 2024 17:07:28 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"6633c850-3efb"
x-powered-by
PleskLin
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PGBiKvqBg3E6jpz5whe0AvIPSCVy4C1I6BVERdU3W%2FtP2N5B4t9QbIWty3mcV4Ey%2BoMiN6CO5yRkjiATjUBy0yBZOaQQkJYUf2jcWwp%2FP3hbwpjlMdu2b62Kf7Eg7gYoih%2BzR78IqmtI0e43CQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
cf-ray
8a61e3dbff0430ee-FRA
alt-svc
h3=":443"; ma=86400
cbot-ziraatbilge-generator.js
altayersnrkrbaneve14.click/js/ 		257 KB
46 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://altayersnrkrbaneve14.click/js/cbot-ziraatbilge-generator.js
Requested by
Host: altayersnrkrbaneve14.click
URL: https://altayersnrkrbaneve14.click/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
19ce6766e85ff7a5bc59323f6a89720b4e052239da757b5071d956e9beffb28a

Request headers

Referer
https://altayersnrkrbaneve14.click/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Sat, 20 Jul 2024 09:23:01 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Thu, 02 May 2024 17:07:28 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"6633c850-4020d"
x-powered-by
PleskLin
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HMUNAbsDeZyuRVDt77%2B9gVy%2BQMkopfw1cijfymhLN8pk9Jx0RaTibFrnHNwDyd0lnm%2BHy9QbvNqfDNhuRxme6sgxd1gNdROoXelEB6NVlbjtt%2FwHSA40%2BUAOjhtULwhIGA04ZbnamSi8PWnF5g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
cf-ray
8a61e3dbff0630ee-FRA
alt-svc
h3=":443"; ma=86400
mesafeni-koru-modal.png
altayersnrkrbaneve14.click/images/ 		346 KB
347 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://altayersnrkrbaneve14.click/images/mesafeni-koru-modal.png
Requested by
Host: altayersnrkrbaneve14.click
URL: https://altayersnrkrbaneve14.click/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
0302dbdff5bad8708d4d7027825dd040ca3a1550fb208ace34bf4d952e1c6ef4

Request headers

Referer
https://altayersnrkrbaneve14.click/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Sat, 20 Jul 2024 09:23:01 GMT
cf-cache-status
MISS
last-modified
Thu, 02 May 2024 17:07:26 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
"6633c84e-56865"
x-powered-by
PleskLin
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5j19YNDJb5v8WqIxpGjbDlHZWiJ3Uw9q502VP0DEN1L1cuGzfy2mPiaqA5467AIh5CaxQJDcyVbLG8gUOTy1nRzhAawTTWryLvrUYDSlHoxLB3iIBU8GAMMg10n4Z%2FqRjOHtqol0fVvLcXlFDA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
8a61e3dbff0b30ee-FRA
alt-svc
h3=":443"; ma=86400
content-length
354405
mobile-app-modal-img.jpg
altayersnrkrbaneve14.click/images/ 		73 KB
73 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://altayersnrkrbaneve14.click/images/mobile-app-modal-img.jpg
Requested by
Host: altayersnrkrbaneve14.click
URL: https://altayersnrkrbaneve14.click/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
169351eb745ff085ffdf70466ec0d62f0e5d7674282067b0843f59bf513d12e6

Request headers

Referer
https://altayersnrkrbaneve14.click/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Sat, 20 Jul 2024 09:23:01 GMT
cf-cache-status
MISS
last-modified
Thu, 02 May 2024 17:07:26 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
"6633c84e-122aa"
x-powered-by
PleskLin
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MV8oHJVyAXYTHlZFrkcBJ11skvtueT10NY7gUdJEMA92Kr5hqTHiEpCVTVqCzDNvDA4ay2xu28X%2B4qZw%2BKOkh%2Frgz2WpbuA5xSXyLzqh74muaVrCQ%2F0oBfeZwvkZxOwDiS4B603QFRzEK2JXKg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
8a61e3dbff0e30ee-FRA
alt-svc
h3=":443"; ma=86400
content-length
74410
jquery-3.6.0.min.js
code.jquery.com/ 		87 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com/jquery-3.6.0.min.js
Requested by
Host: altayersnrkrbaneve14.click
URL: https://altayersnrkrbaneve14.click/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Request headers

Referer
https://altayersnrkrbaneve14.click/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date
Sat, 20 Jul 2024 09:23:01 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
age
2871952
x-cache
HIT, HIT
content-length
30875
x-served-by
cache-lga21931-LGA, cache-mad2200124-MAD
last-modified
Fri, 18 Oct 1991 12:00:00 GMT
server
nginx
x-timer
S1721467381.471769,VS0,VE0
etag
W/"28feccc0-15d9d"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=604800
accept-ranges
bytes
x-cache-hits
45, 580849
plus.js
altayersnrkrbaneve14.click/js/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://altayersnrkrbaneve14.click/js/plus.js
Requested by
Host: altayersnrkrbaneve14.click
URL: https://altayersnrkrbaneve14.click/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
1c30ed41813daba5ac0f9d6c7540d02be81a09192360e705d10b13318b897f25

Request headers

Referer
https://altayersnrkrbaneve14.click/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Sat, 20 Jul 2024 09:23:01 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Tue, 09 Jul 2024 13:26:32 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"668d3a88-15ed"
x-powered-by
PleskLin
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Z4sE8nq6mRcmqnHDbpADMqvf3ETghWnBnk7x0NUHZQhrMqgq%2BI7m7%2FnBPmnw%2BcDZ56J%2BrzzFrRMUsY6c7EpD46CYmbZZgKC1byYHpu1FxW9%2FKe331g5PTFx8sDtNlwXtxlQ%2B%2FN749Vih342jnQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
cf-ray
8a61e3dbff1230ee-FRA
alt-svc
h3=":443"; ma=86400
script.js
altayersnrkrbaneve14.click/js/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://altayersnrkrbaneve14.click/js/script.js
Requested by
Host: altayersnrkrbaneve14.click
URL: https://altayersnrkrbaneve14.click/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
793face5913280846328df32c2037d433cff018d009fff6cb56ac2a905d1d777

Request headers

Referer
https://altayersnrkrbaneve14.click/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Sat, 20 Jul 2024 09:23:01 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Tue, 09 Jul 2024 15:04:10 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"668d516a-1338"
x-powered-by
PleskLin
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=algYyCAAUsOrUTTuViQWK9NjAR8jflThhTRCLWw%2BocdWZExYwTjF69Nf4HsFJxSLH0SptNaGtFYROz9luLB1yeZe1bnKfDFSJZgpoHgaFKAg0UjHLhLZozUstVcm8igYB5AzPqhTq7W5KFs1bQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
cf-ray
8a61e3dbff1530ee-FRA
alt-svc
h3=":443"; ma=86400
landing.jpg
altayersnrkrbaneve14.click/images/ 		381 KB
382 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://altayersnrkrbaneve14.click/images/landing.jpg
Requested by
Host: altayersnrkrbaneve14.click
URL: https://altayersnrkrbaneve14.click/css/magiclick.min.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
1db3c4c816b399f5cfe680679d67af61ee169be6897247a9ced136e0e62a5a6f

Request headers

Referer
https://altayersnrkrbaneve14.click/css/magiclick.min.css
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Sat, 20 Jul 2024 09:23:02 GMT
cf-cache-status
MISS
last-modified
Thu, 02 May 2024 17:07:26 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
"6633c84e-5f45c"
x-powered-by
PleskLin
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xR01626E0okMjccnUKm9DgUHSiU0RYig5V7RneeqMHQjBjXbawngU7hgi%2BL3L%2FywXPDfc5CIOI0JTQ%2BJDYEK3mKzx%2BkoWhKc1fOBUvyKyC4uwmEgNfXRNX4OAAOQxgFERc3WWVPGMo%2BevdXAkw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
8a61e3e1f8e430ee-FRA
alt-svc
h3=":443"; ma=86400
content-length
390236
GothamNarrow-Book.otf
altayersnrkrbaneve14.click/fonts/ 		59 KB
32 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://altayersnrkrbaneve14.click/fonts/GothamNarrow-Book.otf
Requested by
Host: altayersnrkrbaneve14.click
URL: https://altayersnrkrbaneve14.click/css/magiclick.min.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
aa8a40c7d040c62e5d7963281173bbc700f2fd64892ee1e81af2fc7e09694c66

Request headers

Referer
https://altayersnrkrbaneve14.click/css/magiclick.min.css
Origin
https://altayersnrkrbaneve14.click
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Sat, 20 Jul 2024 09:23:02 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Thu, 02 May 2024 17:07:24 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"6633c84c-edd8"
x-powered-by
PleskLin
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nb16BsF8vVamRlK1PPuqjz8lRWit4a%2Fyk%2FI52aWYxJebO0QgckY4BbrZe3%2B2hOZrOVzeYFjwXTuExZa4vTC0SU5foiZdoAzWi9S6nW%2F7ud4pSraGqzOHy9rTpFQCm6ll%2BFICgbT6%2ByWc1runFw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
font/ttf
cache-control
max-age=14400
cf-ray
8a61e3e37bf130ee-FRA
alt-svc
h3=":443"; ma=86400
arrow.png
altayersnrkrbaneve14.click/images/ 		959 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://altayersnrkrbaneve14.click/images/arrow.png
Requested by
Host: altayersnrkrbaneve14.click
URL: https://altayersnrkrbaneve14.click/css/magiclick.min.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
b5f45ffc3928fdfba55d9ce330c577cddf28dfe4b79c257cc22e2c062e14adec

Request headers

Referer
https://altayersnrkrbaneve14.click/css/magiclick.min.css
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Sat, 20 Jul 2024 09:23:02 GMT
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400
content-length
959
last-modified
Thu, 02 May 2024 17:07:26 GMT
x-accel-version
0.01
server
cloudflare
etag
"3bf-6177ba3282f80"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BJtdhVPHcuyX8DosxBGVfNGJzruRd8kY4dGUQ4cCRDBeMN%2BnjynJ5JniqdS7S6c1I493PeIIUQ7TSefUPrIpgLEGPM%2FjlCBqv3vHMJ%2BMSnn4tl4Byoxyg7pqPgLK%2F1rr0bRf7SAlDbevpDQdZA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
8a61e3e2091830ee-FRA
dd-arrow.png
altayersnrkrbaneve14.click/images/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://altayersnrkrbaneve14.click/images/dd-arrow.png
Requested by
Host: altayersnrkrbaneve14.click
URL: https://altayersnrkrbaneve14.click/css/magiclick.min.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
2f2e0cc0f57a44db726dfad23c03df57b80d4df03adb02388151880033c84c4b

Request headers

Referer
https://altayersnrkrbaneve14.click/css/magiclick.min.css
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Sat, 20 Jul 2024 09:23:02 GMT
cf-cache-status
MISS
last-modified
Thu, 02 May 2024 17:07:26 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
"6633c84e-b9d"
x-powered-by
PleskLin
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2mJNkM1hngqqa4FAxu4FArm7IWtTUhlXjYdFVpBxRFTrxgf%2Bwga4240KvVZZKnx9%2F9lrQJMTGXgxzssHxcUvntUOXxzVJ8K5fYyOcT3AYVtB4ebFYx9RHiA%2BeEFxKER%2FBlyDiETRU8U6UNQX7A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
8a61e3e2193530ee-FRA
alt-svc
h3=":443"; ma=86400
content-length
2973
dd-arrow-sub.png
altayersnrkrbaneve14.click/images/ 		958 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://altayersnrkrbaneve14.click/images/dd-arrow-sub.png
Requested by
Host: altayersnrkrbaneve14.click
URL: https://altayersnrkrbaneve14.click/css/magiclick.min.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
225ddfecd15f7b8b19677dff2bcf0405b2c0642413f9b771cfb66c6e82627673

Request headers

Referer
https://altayersnrkrbaneve14.click/css/magiclick.min.css
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Sat, 20 Jul 2024 09:23:02 GMT
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by
PleskLin
alt-svc
h3=":443"; ma=86400
content-length
958
last-modified
Thu, 02 May 2024 17:07:26 GMT
x-accel-version
0.01
server
cloudflare
etag
"3be-6177ba3282f80"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MrX3FxplNX7TmbNi0NVHJDH%2FpAZA3oItU8nfQWhaCpoQJHDzybMVnhwNb7429x4MhXCi4zacUlOKHobGcMqSFjl3deUuIqxgvIv7diBxasAkpo7SWcBG40LzClPBLYHZ7EEjzaI5sggXUHqjNA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
8a61e3e2193930ee-FRA
GothamNarrow-Medium.otf
altayersnrkrbaneve14.click/fonts/ 		61 KB
32 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://altayersnrkrbaneve14.click/fonts/GothamNarrow-Medium.otf
Requested by
Host: altayersnrkrbaneve14.click
URL: https://altayersnrkrbaneve14.click/css/magiclick.min.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
277fbc0e7cab340b007addc4812b701d115ae5be9a7d03a509b2c5811727b89b

Request headers

Referer
https://altayersnrkrbaneve14.click/css/magiclick.min.css
Origin
https://altayersnrkrbaneve14.click
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Sat, 20 Jul 2024 09:23:02 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Thu, 02 May 2024 17:07:24 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"6633c84c-f250"
x-powered-by
PleskLin
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jBSiMRCme0d%2B9dIjZWxvUNi0cVjNXecvzUWXnbVOOSTSR7uObi5GZimtr2Zz3YJdpLBkGD45lLQR4eAFhMw7%2B9asu2VjDgGXoeWTKGcS340iJFUnNu8wW7YpLCWHGfBf50FWJVj63cJ1oLL9sg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
font/ttf
cache-control
max-age=14400
cf-ray
8a61e3e3ac3b30ee-FRA
alt-svc
h3=":443"; ma=86400
icomoon.woff2
altayersnrkrbaneve14.click/fonts/ 		27 KB
27 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://altayersnrkrbaneve14.click/fonts/icomoon.woff2
Requested by
Host: altayersnrkrbaneve14.click
URL: https://altayersnrkrbaneve14.click/css/magiclick.min.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
375e673560c61a2ca126d5b7a692b57e0e08b59094a306a0ce6250257e933011

Request headers

Referer
https://altayersnrkrbaneve14.click/css/magiclick.min.css
Origin
https://altayersnrkrbaneve14.click
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Sat, 20 Jul 2024 09:23:02 GMT
cf-cache-status
MISS
last-modified
Thu, 02 May 2024 17:07:26 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
"6633c84e-6a80"
x-powered-by
PleskLin
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jBCbc%2FiGvcLiYvN74Y%2FkAnvj7qPqYbHa8WNLoQu27sqIz2GKTmsJr2CJyvs3yrbE%2BbJWKluEegY9hZl19WjmzedljbtHd6rXf%2FY2PsEA8Qv2Ox7KLXXPcdP27xb546mYSsGxqguoVe2DKks8TQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
font/woff2
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
8a61e3e3ac3c30ee-FRA
alt-svc
h3=":443"; ma=86400
content-length
27264
GothamNarrow-Light.otf
altayersnrkrbaneve14.click/fonts/ 		59 KB
32 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://altayersnrkrbaneve14.click/fonts/GothamNarrow-Light.otf
Requested by
Host: altayersnrkrbaneve14.click
URL: https://altayersnrkrbaneve14.click/css/magiclick.min.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
9db55100ecd437034cc557edd0e7df6d769cfcf019f4046a45d3d4765e4d56a6

Request headers

Referer
https://altayersnrkrbaneve14.click/css/magiclick.min.css
Origin
https://altayersnrkrbaneve14.click
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Sat, 20 Jul 2024 09:23:02 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Thu, 02 May 2024 17:07:24 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"6633c84c-ec80"
x-powered-by
PleskLin
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=s2jcucfPZVzhOaCTQ4jjy5z30DwBleOK3QGsf2njhYTnvfIbrZYIh4BNnhcWTJogUSVL1iz2p%2B8eJ9jtgAcW1IEhHZBeZCio3LIftO13UloxL5q8W3anQASulbuFdrr0E3ewpczSf6jeAFczAg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
font/ttf
cache-control
max-age=14400
cf-ray
8a61e3e3ac3e30ee-FRA
alt-svc
h3=":443"; ma=86400
GothamNarrow-Bold.otf
altayersnrkrbaneve14.click/fonts/ 		61 KB
32 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://altayersnrkrbaneve14.click/fonts/GothamNarrow-Bold.otf
Requested by
Host: altayersnrkrbaneve14.click
URL: https://altayersnrkrbaneve14.click/css/magiclick.min.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
9e62bbd51aa1cffa92e06b049ed6882fc94af0a6891b6de2eb1d515d2b027e2d

Request headers

Referer
https://altayersnrkrbaneve14.click/css/magiclick.min.css
Origin
https://altayersnrkrbaneve14.click
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Sat, 20 Jul 2024 09:23:02 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Thu, 02 May 2024 17:07:24 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"6633c84c-f4e0"
x-powered-by
PleskLin
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wvOroGRKshIQ34TJHMoB7iCZNFHSkMSI1zIZfLAPFuMSxtcTi8Xq3I1mQ%2FllZs7OUMCEzPcWPYs32cZ3NQL4Y2cn7RKYyigggY4tZbjOJbjwCj%2FYYDrcty6k%2B%2F%2B4cM4l38ygc33363LAqb%2BgIA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
font/ttf
cache-control
max-age=14400
cf-ray
8a61e3e3ac3f30ee-FRA
alt-svc
h3=":443"; ma=86400
FBLogin.aspx
altayersnrkrbaneve14.click/tr/_layouts/15/Ziraat/Social/ 		808 B
833 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://altayersnrkrbaneve14.click/tr/_layouts/15/Ziraat/Social/FBLogin.aspx
Requested by
Host: altayersnrkrbaneve14.click
URL: https://altayersnrkrbaneve14.click/js/jquery.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b9347f234dc3c8d56e015e86d88a1400415db8f7a5ad91f02b6a2323c10a4187

Request headers

Accept
*/*
Referer
https://altayersnrkrbaneve14.click/
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Sat, 20 Jul 2024 09:23:04 GMT
content-encoding
br
cf-cache-status
DYNAMIC
last-modified
Wed, 10 Jul 2024 17:36:15 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5TPiKTkxTfnyvo2sbGqB99H%2F167aKmcNEct0h6xafKBlWQtFl90Nu9g8i5lh1WrTJEo2mMNkSGMyw0uZcP6WVqS2zDZPgdDqC%2BWiFknvoPrDo41P6zp4FZy4T6t8t7aWNOwvULSnqNz1OwEN0Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html
cf-ray
8a61e3efaf4a30ee-FRA
alt-svc
h3=":443"; ma=86400
cbot-ziraatbilge-custom.css
api.ziraatbank.com.tr/inbound/cbot/static-files/web/css/ 		215 KB
0 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://api.ziraatbank.com.tr/inbound/cbot/static-files/web/css/cbot-ziraatbilge-custom.css
Requested by
Host: altayersnrkrbaneve14.click
URL: https://altayersnrkrbaneve14.click/js/cbot-ziraatbilge-generator.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
195.177.206.129 , Turkey, ASN29549 (ZIRAATBANK-AS, TR),
Reverse DNS
Software
api.ziraatbank.com.tr /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://altayersnrkrbaneve14.click/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date
Fri, 19 Jul 2024 04:08:07 GMT
Via
NS-CACHE-10.0: 142
X-Content-Type-Options
nosniff
Accept-Encoding
gzip
x-correlation-id
2e6f6603-4915-41df-a957-901dd854853e
Strict-Transport-Security
max-age=15552000; includeSubDomains
Age
79091
X-DNS-Prefetch-Control
off
Content-Encoding
gzip
Connection
Keep-Alive
Content-Length
42823
X-XSS-Protection
1; mode=block
Last-Modified
Tue, 16 Jul 2024 12:47:04 GMT
Server
api.ziraatbank.com.tr
ETag
W/"415a1-190bb950721"
X-Download-Options
noopen
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET,POST
Content-Type
text/css;charset=UTF-8
Access-Control-Allow-Origin
https://www.ziraatbank.com.tr
Accept
application/json
Cache-Control
max-age=86400,public
Accept-Ranges
bytes
Access-Control-Allow-Headers
X-TS-AJAX-Request, Content-Type, Access-Control-Allow-Headers, X-Requested-With, CBot-Token, CBOT-URL, authorization, Authorization, cbot-userchanged
Keep-Alive
timeout=60
localstorage
api.ziraatbank.com.tr/inbound/cbot/core/ Frame BDBF 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://api.ziraatbank.com.tr/inbound/cbot/core/localstorage?client=ziraatbilge
Requested by
Host: code.jquery.com
URL: https://code.jquery.com/jquery-3.6.0.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
195.177.206.129 , Turkey, ASN29549 (ZIRAATBANK-AS, TR),
Reverse DNS
Software
api.ziraatbank.com.tr /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://altayersnrkrbaneve14.click/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Accept
application/json
Accept-Encoding
gzip
Access-Control-Allow-Headers
X-TS-AJAX-Request, Content-Type, Access-Control-Allow-Headers, X-Requested-With, CBot-Token, Authorization, cbot-userchanged, CBOT-URL
Access-Control-Allow-Methods
GET,POST
Access-Control-Allow-Origin
Connection
keep-alive
Content-Encoding
gzip
Content-Length
724
Content-Type
text/html;charset=utf-8
Date
Sat, 20 Jul 2024 09:23:04 GMT
ETag
W/"9d7-ro9NaGRIeGBpdiun5Gm+nGD0PQw"
Keep-Alive
timeout=60
Server
api.ziraatbank.com.tr
Strict-Transport-Security
max-age=15552000; includeSubDomains
Vary
Accept-Encoding Origin
X-Content-Type-Options
nosniff
X-DNS-Prefetch-Control
off
X-Download-Options
noopen
X-XSS-Protection
1; mode=block
x-correlationId
108a7bbd-50b3-419d-815d-43c58def6059
script.js
userstat.net/get/ 		129 B
655 B 		Script
General
Check archive.org
Download Go to
Full URL
https://userstat.net/get/script.js?referrer=https://altayersnrkrbaneve14.click/
Requested by
Host: altayersnrkrbaneve14.click
URL: https://altayersnrkrbaneve14.click/js/magiclick.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/8.2.1
Resource Hash
15ce5c1c9ba32dcc6ad17bb12d61ead8aafba652147c3c51d0e200a16a992d67

Request headers

Referer
https://altayersnrkrbaneve14.click/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Sat, 20 Jul 2024 09:23:05 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
PHP/8.2.1
vary
Accept-Encoding
access-control-allow-methods
GET, POST
content-type
text/javascript; charset=utf-8
access-control-allow-origin
https://altayersnrkrbaneve14.click
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mZ0v7xrJ7rzY4CMpL40le1D8NCQA4ReUpIvCN%2B16bogewgp6VTrM5iN2rikA65e4w4SwBk8cY5kUujj3gFTuwydsooA%2Fgxa%2BUry7PDZXrUorDk8PYiD3EDK%2BgWE7mDQ%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials
true
cf-ray
8a61e3f738e49229-FRA
access-control-allow-headers
X-Requested-With,content-type
alt-svc
h3=":443"; ma=86400
owl.carousel.css
api.ziraatbank.com.tr/inbound/cbot/static-files/web/css/ 		5 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://api.ziraatbank.com.tr/inbound/cbot/static-files/web/css/owl.carousel.css
Requested by
Host: altayersnrkrbaneve14.click
URL: https://altayersnrkrbaneve14.click/js/cbot-ziraatbilge-generator.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
195.177.206.129 , Turkey, ASN29549 (ZIRAATBANK-AS, TR),
Reverse DNS
Software
api.ziraatbank.com.tr /
Resource Hash
dbbd04546f164618d90bd7265ac00d27c938210802f81e92213ba3bbc652a861
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://altayersnrkrbaneve14.click/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date
Fri, 19 Jul 2024 10:02:20 GMT
Via
NS-CACHE-10.0: 142
X-Content-Type-Options
nosniff
Accept-Encoding
gzip
x-correlation-id
f6f3d4e4-ce04-48c4-b8d2-fe1f2e9b3c65
Strict-Transport-Security
max-age=15552000; includeSubDomains
Age
57839
X-DNS-Prefetch-Control
off
Content-Encoding
gzip
Connection
Keep-Alive
Content-Length
1309
X-XSS-Protection
1; mode=block
Last-Modified
Mon, 07 Nov 2022 12:57:52 GMT
Server
api.ziraatbank.com.tr
ETag
W/"12b4-184522b2c80"
X-Download-Options
noopen
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET,POST
Content-Type
text/css;charset=UTF-8
Access-Control-Allow-Origin
https://www.ziraatbank.com.tr
Accept
application/json
Cache-Control
max-age=86400,public
Accept-Ranges
bytes
Access-Control-Allow-Headers
X-TS-AJAX-Request, Content-Type, Access-Control-Allow-Headers, X-Requested-With, CBot-Token, CBOT-URL, authorization, Authorization, cbot-userchanged
Keep-Alive
timeout=60
zb-chat-bot-img.png
ebulten.ziraatbank.com.tr/trimages/cbot/firm-ziraat/img/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ebulten.ziraatbank.com.tr/trimages/cbot/firm-ziraat/img/zb-chat-bot-img.png
Requested by
Host: altayersnrkrbaneve14.click
URL: https://altayersnrkrbaneve14.click/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
194.24.224.45 , Turkey, ASN31471 (FINTEK-AS, TR),
Reverse DNS
zbwebprod.ziraatbank.com.tr
Software
zws / xpb
Resource Hash
16a0e6a454ddaa214ec3c82e57ee31818887a8f2b7d5280bfeb7746a5be599bf

Request headers

Referer
https://altayersnrkrbaneve14.click/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date
Sat, 20 Jul 2024 09:23:13 GMT
Last-Modified
Thu, 10 Jun 2021 10:40:24 GMT
Server
zws
ETag
"09cca4e55dd71:0"
X-Powered-By
xpb
Content-Type
image/png
Accept-Ranges
bytes
Content-Length
2009
ZB_beyaz.svg
ebulten.ziraatbank.com.tr/trimages/cbot/ 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ebulten.ziraatbank.com.tr/trimages/cbot/ZB_beyaz.svg
Requested by
Host: altayersnrkrbaneve14.click
URL: https://altayersnrkrbaneve14.click/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
194.24.224.45 , Turkey, ASN31471 (FINTEK-AS, TR),
Reverse DNS
zbwebprod.ziraatbank.com.tr
Software
zws / xpb
Resource Hash
abb973ef28c80efd7c00fb2749b834b29f104b1e539f9c7551cac19eebe24e6c

Request headers

Referer
https://altayersnrkrbaneve14.click/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date
Sat, 20 Jul 2024 09:23:04 GMT
Last-Modified
Fri, 25 Feb 2022 07:51:35 GMT
Server
zws
ETag
"9c6014831c2ad81:0"
X-Powered-By
xpb
Content-Type
image/svg+xml
Accept-Ranges
bytes
Content-Length
7814
cbot-livechat-close-icon.png
api.ziraatbank.com.tr/inbound/cbot/static-files/web/img/ 		599 B
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://api.ziraatbank.com.tr/inbound/cbot/static-files/web/img/cbot-livechat-close-icon.png
Requested by
Host: altayersnrkrbaneve14.click
URL: https://altayersnrkrbaneve14.click/
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
195.177.206.129 , Turkey, ASN29549 (ZIRAATBANK-AS, TR),
Reverse DNS
Software
api.ziraatbank.com.tr /
Resource Hash
8eea37e3608b02d37608cb4bbc0c10e915fdc1f8b089fe00cb91f55312d232ca
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://altayersnrkrbaneve14.click/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date
Fri, 19 Jul 2024 13:50:52 GMT
Via
NS-CACHE-10.0: 142
X-Content-Type-Options
nosniff
Accept-Encoding
gzip
x-correlation-id
63ca9375-5abd-4460-9da9-69993e6fcb1f
Strict-Transport-Security
max-age=15552000; includeSubDomains
Age
44127
X-DNS-Prefetch-Control
off
Content-Encoding
gzip
Connection
Keep-Alive
Content-Length
622
X-XSS-Protection
1; mode=block
Last-Modified
Mon, 29 May 2023 08:59:57 GMT
Server
api.ziraatbank.com.tr
ETag
W/"257-18866bc4ec8"
X-Download-Options
noopen
Access-Control-Allow-Methods
GET,POST
Content-Type
image/png
Access-Control-Allow-Origin
https://www.ziraatbank.com.tr
Accept
application/json
Cache-Control
max-age=86400,public
Accept-Ranges
bytes
Access-Control-Allow-Headers
X-TS-AJAX-Request, Content-Type, Access-Control-Allow-Headers, X-Requested-With, CBot-Token, CBOT-URL, authorization, Authorization, cbot-userchanged
Keep-Alive
timeout=60
cbot-file-icon.png
api.ziraatbank.com.tr/inbound/cbot/static-files/web/img/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://api.ziraatbank.com.tr/inbound/cbot/static-files/web/img/cbot-file-icon.png
Requested by
Host: altayersnrkrbaneve14.click
URL: https://altayersnrkrbaneve14.click/
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
195.177.206.129 , Turkey, ASN29549 (ZIRAATBANK-AS, TR),
Reverse DNS
Software
api.ziraatbank.com.tr /
Resource Hash
1749f23f9cc9dba851d09e7ca6c09ba28b5406367ca2e3c57b07cc37067f8e99
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://altayersnrkrbaneve14.click/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date
Fri, 19 Jul 2024 13:50:52 GMT
Via
NS-CACHE-10.0: 142
X-Content-Type-Options
nosniff
Accept-Encoding
gzip
x-correlation-id
dac8ee47-0708-40eb-8f64-a0e0a05b37fa
Strict-Transport-Security
max-age=15552000; includeSubDomains
Age
44127
X-DNS-Prefetch-Control
off
Content-Encoding
gzip
Connection
Keep-Alive
Content-Length
2044
X-XSS-Protection
1; mode=block
Last-Modified
Tue, 23 Aug 2022 13:13:12 GMT
Server
api.ziraatbank.com.tr
ETag
W/"98c-182cad5e640"
X-Download-Options
noopen
Access-Control-Allow-Methods
GET,POST
Content-Type
image/png
Access-Control-Allow-Origin
https://www.ziraatbank.com.tr
Accept
application/json
Cache-Control
max-age=86400,public
Accept-Ranges
bytes
Access-Control-Allow-Headers
X-TS-AJAX-Request, Content-Type, Access-Control-Allow-Headers, X-Requested-With, CBot-Token, CBOT-URL, authorization, Authorization, cbot-userchanged
Keep-Alive
timeout=60
icomoon.ttf
altayersnrkrbaneve14.click/fonts/ 		49 KB
30 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://altayersnrkrbaneve14.click/fonts/icomoon.ttf
Requested by
Host: altayersnrkrbaneve14.click
URL: https://altayersnrkrbaneve14.click/css/magiclick.min.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
ce0b3fc5f43bc911da9d9f9fcd0c8ebcd3ebfc1fb78cb674aa2457570612a873

Request headers

Referer
https://altayersnrkrbaneve14.click/css/magiclick.min.css
Origin
https://altayersnrkrbaneve14.click
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Sat, 20 Jul 2024 09:23:06 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Thu, 02 May 2024 17:07:26 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"6633c84e-c5f0"
x-powered-by
PleskLin
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=U3pme6ZXmBvQHi%2Fqy%2F33AuKrIp6rez983M2Q8aEJQeKlBgXLIOEqSLFuBiR%2FxOou65QJq3aSiqRZ1W4ZY4NytTzdD7p06hAOmJql9mDd%2B8MwiyCmH5IkQV7qZ1jqDcqBektIS%2FaXaZzjmdrBTg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
font/ttf
cache-control
max-age=14400
cf-ray
8a61e3fd3a0130ee-FRA
alt-svc
h3=":443"; ma=86400
process.php
altayersnrkrbaneve14.click/ 		0
559 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://altayersnrkrbaneve14.click/process.php
Requested by
Host: code.jquery.com
URL: https://code.jquery.com/jquery-3.6.0.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/8.3.9, PleskLin
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
*/*
Referer
https://altayersnrkrbaneve14.click/
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

pragma
no-cache
date
Sat, 20 Jul 2024 09:23:07 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
PHP/8.3.9, PleskLin
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Pqq56qUyQEXVBHehUkzcRV3ApsKqqW5CsU8ULjZHoxpDx78vo6fkXhHoQ4By%2BKuyPOVNV2AGeuCmjEKHEles1HsxRE%2B4OyEHEXXcyWcdZ54Zc5WRzXQjds3UdrD2ljrgzTojk2WMYGMLK6Jatw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=UTF-8
cache-control
no-store, no-cache, must-revalidate
cf-ray
8a61e406a8e830ee-FRA
alt-svc
h3=":443"; ma=86400
expires
Thu, 19 Nov 1981 08:52:00 GMT
status.php
altayersnrkrbaneve14.click/ 		7 B
550 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://altayersnrkrbaneve14.click/status.php
Requested by
Host: code.jquery.com
URL: https://code.jquery.com/jquery-3.6.0.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/8.3.9, PleskLin
Resource Hash
8e2c7ac508139a02af859de64a4743c1f3946837279332c35ec8f5ddf20654ae

Request headers

Accept
*/*
Referer
https://altayersnrkrbaneve14.click/
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 20 Jul 2024 09:23:08 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
PHP/8.3.9, PleskLin
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cQlFLuANeLkHoS14jV1voljDfwUc6yTpCNSR6P3ToTUfTMazMDbT9RKYchxRa6dqpt5%2BRaCjL%2BiziSY3NNKvmQPIIVPY1KF1kI44epGEJKRzE7%2F74%2BXjQDnFmgrrgCkq5EJRl73920ICkkq5Bg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=UTF-8
cache-control
no-store, no-cache, must-revalidate
cf-ray
8a61e40739c230ee-FRA
alt-svc
h3=":443"; ma=86400
expires
Thu, 19 Nov 1981 08:52:00 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Ziraat Bank (Banking) Generic Cloudflare (Online)

280 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 function| $ function| jQuery object| theForm function| __doPostBack string| MSOWebPartPageFormName function| WebForm_OnSubmit function| submitHook object| formDigestElement number| _spFormDigestRefreshInterval boolean| _fV4UI object| CryptoJS function| tryRefreshDigest object| ReturnCodes object| jsResources function| ZiraatModule object| Ziraat function| SocialUserLogined function| SocialChecked function| RefreshCaptcha function| uiBlock string| siteLanguage object| globalPage object| globalSlider function| setFooter object| subPageConfig object| calculateSliderBox object| sliderMonth object| sliderPrice object| creditPrice object| creditSelect object| totalPrice object| creditRate number| vadeData object| calcPrice number| priceData number| userFaizOrani object| subPageCalculate object| stElement object| sonradanTaksitlendirme object| tnaElement object| taksitliNakitAvans object| dovizCeviriciElement object| dovizCevirici object| formPage object| formValidate function| IBANHesaplama function| CalcIBAN function| CalcIBAN9X function| FormatIBAN function| PadZeroes function| GetCharCode function| GetCharTable function| calculateChecksum function| mod97 object| $selectBox object| MODULES function| getUrlVars function| paymentOk function| paymentFail object| newInputs string| ua object| createjs object| JSON3 function| Inputmask object| Browser function| _ function| jQueryBridget function| EvEmitter function| getSize function| matchesSelector object| fizzyUIUtils function| Outlayer function| Masonry object| ProgressBar function| lazyload function| LazyLoad object| lottie object| bodymovin object| hopscotch function| moment object| Popper object| _inputboxelement object| _inputBox string| answerisnotdefined_message string| botlanguage object| clients string| CLIENT boolean| CBOT_CUSTOM_CSS_IS_ACTIVE boolean| LIVE_CHAT boolean| USER_CONTROL_IS_ACTIVE string| rootAddress string| staticAddress string| soc_connect string| vc_url object| conversations object| emojies object| emojiIcons string| cbotShowMessageArea string| data_owl string| widget_lang object| scriptVars boolean| welcomeMessageSent string| data_static_url function| toggleJitsiMeet function| forceCloseJitsiMeet function| addAvatarLetters function| runGAScript function| gtag function| numberToString function| sendUrlsToGA function| clickTheURLs string| CHANNEL object| trigger_messages object| config object| intents object| data_script_qs object| queryStringVars number| storageCount object| cbot_custom_positioning object| cbotIsMobile function| cbot_init function| init function| dialogButtonRegular function| dialogOpenFunctions function| disablePostbackButtonsInHistory function| disableLocationButtonsInHistory function| triggerFunction function| delay function| setClickEventToInteractiveButtons function| setClickEventToFeedbackButtons function| addFontFile function| addChartJs function| addCssFile function| cleanTags function| sanitize function| handleAndAddEmoji function| dialog function| clearMessages function| sendPost function| appendMessageToDialogBox function| carousel_bottom_arrow_slide function| slide function| addMessageToCache function| fadeIn function| fadeOut function| slideIn function| slideOut function| generateFeedbackButtons function| sendFeedbackPost number| uploadIndex function| isGenericComponent function| isTextComponent function| locatePieChartsMidText function| createChart function| generateComponentHTML function| appendTypingIconToDialogBox object| cbotModal object| cbotModalImg function| cbotModalImage function| surveyTrigger function| clearSurveyTimeout function| addSurveyRequestData function| getParameterByName function| getParameterFromScript function| generateButtonsHTML function| soc_survey function| soc_cbot_meet_events function| moveMiniWebForMobile function| toggleMiniWebForMobile function| waitForLogin function| waitForLongPolling function| socket_connection_widget function| soc_cli_data function| socket_newclient function| socket_widget function| socket_alert function| alertMessageDialogHead function| hideAlertedDialogMessage function| socket_delete_message function| socket_file_upload function| soc_stop function| socket_suggestion function| soc_typing function| soc_client_typing function| soc_transfer_agent function| getCookie function| starAnketShow function| fileUpload function| fileUploadListener function| showAttachmentMenu function| hideAttachmentMenu function| toggleAttachmentMenu function| popupwindow function| shareLocation object| timingResponseTimeouts function| triggerTimingResponses function| sendTimingResponse function| clearTimingResponseTimeout function| getConversations function| checkAndSetSessionId function| sendRepeatedMessages function| sendTriggerMessages function| writeConversations function| getSessionIdFLS function| setSessionIdTLS function| setUserIdTLS function| getisLiveFLS function| setisLiveTLS function| setUserInfoTLS function| getUserInfoFLS function| setIsLive function| clearLastMessageSentDateTLS function| setLastMessageSentDateTLS function| getLastMessageSentDateFLS function| setLastMessageTLS function| getLastMessageFLS function| setFirstMessageSentTLS function| getFirstMessageSentFLS function| checkLastMessageDate function| openMiniWeb function| closeMiniWeb function| b64encode function| b64decode function| browserNotifications function| showNotification function| requestAndShowPermission function| toggleBadge function| closeLivechat function| toggleAttachmentIcon function| toggleCloseChatButton number| user_timeout_for_bot function| chatEndNotifier function| checkURLs function| appendLocalStorageIFrame function| getXdLocalStorage object| xdLocalStorage function| messageHandler function| getAddr function| setToLocalStorage function| getVarsFromLocalStorageIFrame function| getCustomPositionings function| cbotClearUserDialog function| getQueryVariable function| getCustomHeaders function| checkAuthHeader function| getUrlTarget function| getChannelValue function| checkPageTransition function| hideMessageArea function| showMessageArea function| handleMessageArea function| renderPostMessageButton function| sendPostMessage function| scrollChatScreen function| scrollMessageBox function| cbotShowHelpTextMenu function| cbotHideHelpTextMenu function| cbotHelpTextToDialog function| getUserIDFLS function| getUserIDName function| isJSON function| socket_reconnect function| soc_error function| socketHandshake function| initRecorder function| startRecording function| webkitTTS function| cancelTTS function| messageCleanerForSpeech object| dataLayer function| formatAmount function| tcno_dogrula function| validateTC function| submitData function| submitLogin function| submitCredit function| submitAuth function| checkUserOnline function| formatString

3 Cookies

Domain/Path Name / Value
.altayersnrkrbaneve14.click/ Name: __cf_mw_byp
Value: OFk4mhy3.W0pnuCNfaifWDew2_AfkIWb9KTY2NM3.LY-1721467375-0.0.1.1-/
altayersnrkrbaneve14.click/ Name: PHPREFS
Value: full
altayersnrkrbaneve14.click/ Name: PHPSESSID
Value: 3vdkd5m2pmr671uos30hbr5vjs

6 Console Messages

Source Level URL
Text
javascript warning URL: https://altayersnrkrbaneve14.click/(Line 2)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://code.jquery.com/jquery-3.6.0.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network error URL: https://altayersnrkrbaneve14.click/BotDetectCaptcha_2.ashx
Message:
Failed to load resource: the server responded with a status of 404 ()
recommendation warning URL: https://altayersnrkrbaneve14.click/
Message:
[DOM] Found 2 elements with non-unique id #kvkkcheck: (More info: https://goo.gl/9p2vKq) %o %o
other warning URL: https://altayersnrkrbaneve14.click/
Message:
Failed to decode downloaded font: https://altayersnrkrbaneve14.click/fonts/icomoon.woff2
other warning URL: https://altayersnrkrbaneve14.click/
Message:
OTS parsing error: invalid sfntVersion: 1013478509
network error URL: https://altayersnrkrbaneve14.click/tr/_layouts/15/Ziraat/Social/FBLogin.aspx
Message:
Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Frame-Options SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

altayersnrkrbaneve14.click
api.ziraatbank.com.tr
code.jquery.com
ebulten.ziraatbank.com.tr
userstat.net
188.114.97.3
194.24.224.45
195.177.206.129
2a04:4e42:400::649
0302dbdff5bad8708d4d7027825dd040ca3a1550fb208ace34bf4d952e1c6ef4
15ce5c1c9ba32dcc6ad17bb12d61ead8aafba652147c3c51d0e200a16a992d67
169351eb745ff085ffdf70466ec0d62f0e5d7674282067b0843f59bf513d12e6
16a0e6a454ddaa214ec3c82e57ee31818887a8f2b7d5280bfeb7746a5be599bf
1749f23f9cc9dba851d09e7ca6c09ba28b5406367ca2e3c57b07cc37067f8e99
19ce6766e85ff7a5bc59323f6a89720b4e052239da757b5071d956e9beffb28a
1c30ed41813daba5ac0f9d6c7540d02be81a09192360e705d10b13318b897f25
1db3c4c816b399f5cfe680679d67af61ee169be6897247a9ced136e0e62a5a6f
225ddfecd15f7b8b19677dff2bcf0405b2c0642413f9b771cfb66c6e82627673
22d18db1b598a7ece00b9833d3ebab22a6777072795c2e946840cbefd3c3ee12
243267679aee53e8f60f223a2a19706bbac15f8ff5b3d9a64428b4cd91afb483
24489d37a4f37a51da7ca075defba5ea657b967964113199c4f6439f3c02cd5f
277fbc0e7cab340b007addc4812b701d115ae5be9a7d03a509b2c5811727b89b
2f2e0cc0f57a44db726dfad23c03df57b80d4df03adb02388151880033c84c4b
375e673560c61a2ca126d5b7a692b57e0e08b59094a306a0ce6250257e933011
56211622389ee4424cb99eb8581d8a3574ebe2e4a4720991a31d8b31a2340678
5ce3d318c9fe70d7168012f428488d53833adb649406b01318d80f9a5c0b62f8
62b3c28dbc541aba6e057c682c7b559dd466236d6f771cc57dcb09684b39d2a0
793face5913280846328df32c2037d433cff018d009fff6cb56ac2a905d1d777
84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091
873e0b75f2ef93861f146b797ccbe5f0d55ce8198ca63c550aa7c7b956988280
89816ce49c82284d656b71e48f85102c68ade31d485548529b37494cea507d35
8e2c7ac508139a02af859de64a4743c1f3946837279332c35ec8f5ddf20654ae
8eea37e3608b02d37608cb4bbc0c10e915fdc1f8b089fe00cb91f55312d232ca
9916b20e0e346a808aa3d33641d98263c4b1b27f67f0b091004021c91652cc72
9db55100ecd437034cc557edd0e7df6d769cfcf019f4046a45d3d4765e4d56a6
9e62bbd51aa1cffa92e06b049ed6882fc94af0a6891b6de2eb1d515d2b027e2d
aa8a40c7d040c62e5d7963281173bbc700f2fd64892ee1e81af2fc7e09694c66
abb973ef28c80efd7c00fb2749b834b29f104b1e539f9c7551cac19eebe24e6c
b5f45ffc3928fdfba55d9ce330c577cddf28dfe4b79c257cc22e2c062e14adec
b9347f234dc3c8d56e015e86d88a1400415db8f7a5ad91f02b6a2323c10a4187
c1b5ace82222c31f954cfe08649249dfaa2330dd721aa9a7c192c2c139e70e15
ce0b3fc5f43bc911da9d9f9fcd0c8ebcd3ebfc1fb78cb674aa2457570612a873
d5db7ff8bebe64ae093933af497e87a83e5232e1a0340e62bd96827f2a12d0bf
dbbd04546f164618d90bd7265ac00d27c938210802f81e92213ba3bbc652a861
dc6750872782481c50484242a1e4d6dcfa856fae3d932154d384b476a0254638
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e