blog.sensecy.com Open in urlscan Pro
192.0.78.13  Public Scan

11 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

22 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	404	Primary Request %7C Show response blog.sensecy.com/2019/09/15/arabic-speaking-threat-actor-recycles-the-source-code-of-popular-rat-spynote-and-sells-it-in-the-dark-web-as-new/	49 KB 12 KB	338ms 278ms	Document text/html	192.0.78.13 Automattic
General Check archive.org Show headers Download Go to Full URL https://blog.sensecy.com/2019/09/15/arabic-speaking-threat-actor-recycles-the-source-code-of-popular-rat-spynote-and-sells-it-in-the-dark-web-as-new/%7C Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.13 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US), Reverse DNS Software nginx / Resource Hash 0bd4b1d4b3f08be1af3251aff9f9eaaa4efdd6b7fd8393e6156b09e7f909a4ce Security Headers Name Value Strict-Transport-Security max-age=86400 Request headers :method GET :authority blog.sensecy.com :scheme https :path /2019/09/15/arabic-speaking-threat-actor-recycles-the-source-code-of-popular-rat-spynote-and-sells-it-in-the-dark-web-as-new/%7C pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 sec-fetch-mode navigate sec-fetch-user ?1 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3 sec-fetch-site none accept-encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Mode navigate Sec-Fetch-User ?1 Response headers status 404 server nginx date Sun, 15 Sep 2019 20:46:22 GMT content-type text/html; charset=UTF-8 strict-transport-security max-age=86400 vary Accept-Encoding Cookie x-hacker If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header. expires Wed, 11 Jan 1984 05:00:00 GMT cache-control no-cache, must-revalidate, max-age=60 content-encoding gzip x-ac 1.ams _dfw
GET H2	200	/ s2.wp.com/_static/	165 KB 45 KB	37ms 35ms	Stylesheet text/css	192.0.77.32 Automattic
General Check archive.org Show headers Download Go to Full URL https://s2.wp.com/_static/??-eJyNkttuwyAMhl9ohHZTm91MexZIXOoWAsKOor79HGg09RT1JrLN//kYPSXVxYFhYB1GlfzocCA9pS4GRQE9XO68piP60M8xj2cgfQJOpjur4j3IF60bxbWQnbxk0Pvms9loO6LvtfWx4DabfNHEFw9vpCkUacbhDHnxasL1FF28irfN9kua6JG49kBNJUuWl/xh9F4RMijoUcq76z70pml1isQksxDXlmr2++jaUuf1SDwkw7MiSBEDHoLI1rCQ9gs1m0czj7Oir0e2NmUgUvINOAbFRyn0yNWwTqPVzjBM5tWZnggP8iRTERVLmQkohrdIHLpaRpVmV6fB3oGU4ZhUWfaL/p4gFDs0vu5ZoQhvWNRD5BpdjLWkDqKSAxvGONw46uAN5jU0g/waTkxXlvXvztBv+Nnu9m37vWt3n6c/goFqPQ==?cssminify=yes Requested by Host: blog.sensecy.com URL: https://blog.sensecy.com/2019/09/15/arabic-speaking-threat-actor-recycles-the-source-code-of-popular-rat-spynote-and-sells-it-in-the-dark-web-as-new/%7C Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US), Reverse DNS wordpress.com Software nginx / Resource Hash c7a92fc7d354834af3b16c94f5160e66fb60fe24fd9775247faa43315370ec89 Request headers Sec-Fetch-Mode no-cors Referer https://blog.sensecy.com/2019/09/15/arabic-speaking-threat-actor-recycles-the-source-code-of-popular-rat-spynote-and-sells-it-in-the-dark-web-as-new/%7C User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers x-nc HIT ams 1 date Sun, 15 Sep 2019 20:46:22 GMT content-encoding gzip last-modified Fri, 06 Sep 2019 16:03:29 GMT server nginx etag W/"5d728351-29416" vary Accept-Encoding content-type text/css;charset=utf-8 status 200 cache-control max-age=31536000 x-ac 3.ams _dfw expires Tue, 08 Sep 2020 19:25:10 GMT
GET H2	200	/ s1.wp.com/_static/	12 KB 3 KB	31ms 29ms	Stylesheet text/css	192.0.77.32 Automattic
General Check archive.org Show headers Download Go to Full URL https://s1.wp.com/_static/??/wp-content/mu-plugins/actionbar/actionbar.css,/wp-content/themes/h4/global.css?m=1560469195j&cssminify=yes Requested by Host: blog.sensecy.com URL: https://blog.sensecy.com/2019/09/15/arabic-speaking-threat-actor-recycles-the-source-code-of-popular-rat-spynote-and-sells-it-in-the-dark-web-as-new/%7C Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US), Reverse DNS wordpress.com Software nginx / Resource Hash f29f5a257769cd022618264efb868dff5b42f5c9b0ea8d7138158b1131fad0a3 Request headers Sec-Fetch-Mode no-cors Referer https://blog.sensecy.com/2019/09/15/arabic-speaking-threat-actor-recycles-the-source-code-of-popular-rat-spynote-and-sells-it-in-the-dark-web-as-new/%7C User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers x-nc HIT ams 1 date Sun, 15 Sep 2019 20:46:22 GMT content-encoding gzip last-modified Thu, 13 Jun 2019 23:43:26 GMT server nginx etag W/"5d02df9e-2e95" vary Accept-Encoding content-type text/css;charset=utf-8 status 200 cache-control max-age=31536000 x-ac 3.ams _dfw expires Fri, 12 Jun 2020 23:43:31 GMT
GET H2	200	/ Show response s2.wp.com/_static/	155 KB 49 KB	31ms 29ms	Script application/x-javascript	192.0.77.32 Automattic
General Check archive.org Show headers Download Go to Full URL https://s2.wp.com/_static/??-eJyFztEKwjAMBdAfsisyOnwRv6XWOFKXtDbphn69HeiDMBQC9+EeuLFLNshhqhcQG9vdK5THO7ooO/sLGMKxeIWOkD84JFZgXW1OogQifoSNltIZJzBVoDTA2mauacN9v4Q8Iyx/WQTNPtxMAcHnun6i4965Q++GwfXxBTkPW9k= Requested by Host: blog.sensecy.com URL: https://blog.sensecy.com/2019/09/15/arabic-speaking-threat-actor-recycles-the-source-code-of-popular-rat-spynote-and-sells-it-in-the-dark-web-as-new/%7C Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US), Reverse DNS wordpress.com Software nginx / Resource Hash 3f95e6fba905257465a4f7dfedfc6500b80606e1696340a3d1fcec3678c22f74 Request headers Sec-Fetch-Mode no-cors Referer https://blog.sensecy.com/2019/09/15/arabic-speaking-threat-actor-recycles-the-source-code-of-popular-rat-spynote-and-sells-it-in-the-dark-web-as-new/%7C User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers x-nc HIT ams 1 date Sun, 15 Sep 2019 20:46:22 GMT content-encoding gzip last-modified Mon, 20 May 2019 12:51:00 GMT server nginx etag W/"5ce2a2b4-26c21" vary Accept-Encoding content-type application/x-javascript status 200 cache-control max-age=31536000 x-ac 3.ams _dfw expires Tue, 19 May 2020 12:51:03 GMT
GET H2	200	gprofiles.js Show response 0.gravatar.com/js/	20 KB 7 KB	39ms 12ms	Script application/x-javascript	2a04:fa87:fffe::c000:4902 Automattic
General Check archive.org Show headers Download Go to Full URL https://0.gravatar.com/js/gprofiles.js?ver=201937y Requested by Host: blog.sensecy.com URL: https://blog.sensecy.com/2019/09/15/arabic-speaking-threat-actor-recycles-the-source-code-of-popular-rat-spynote-and-sells-it-in-the-dark-web-as-new/%7C Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC - Automattic, Inc, US), Reverse DNS Software nginx / Resource Hash 9c42615b9f87888a452f177c5ea19899fb8a835b8f6d0b458824e6c332a0adce Request headers Sec-Fetch-Mode no-cors Referer https://blog.sensecy.com/2019/09/15/arabic-speaking-threat-actor-recycles-the-source-code-of-popular-rat-spynote-and-sells-it-in-the-dark-web-as-new/%7C User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Sun, 15 Sep 2019 20:46:22 GMT content-encoding gzip last-modified Thu, 23 Aug 2018 15:01:14 GMT server nginx etag W/"5b7ecc3a-50bc" content-type application/x-javascript status 200 cache-control max-age=604800 expires Sun, 22 Sep 2019 20:46:22 GMT
GET H2	200	wpgroho.js Show response s1.wp.com/wp-content/mu-plugins/gravatar-hovercards/	582 B 388 B	46ms 45ms	Script application/x-javascript	192.0.77.32 Automattic
General Check archive.org Show headers Download Go to Full URL https://s1.wp.com/wp-content/mu-plugins/gravatar-hovercards/wpgroho.js?m=1380573781h Requested by Host: blog.sensecy.com URL: https://blog.sensecy.com/2019/09/15/arabic-speaking-threat-actor-recycles-the-source-code-of-popular-rat-spynote-and-sells-it-in-the-dark-web-as-new/%7C Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US), Reverse DNS wordpress.com Software nginx / Resource Hash 21c557180f1bd074974eb41ae4228b6aa9c41234ab1729d780bc8f05761110bb Request headers Sec-Fetch-Mode no-cors Referer https://blog.sensecy.com/2019/09/15/arabic-speaking-threat-actor-recycles-the-source-code-of-popular-rat-spynote-and-sells-it-in-the-dark-web-as-new/%7C User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers x-nc HIT ams 1 date Sun, 15 Sep 2019 20:46:22 GMT content-encoding gzip server nginx etag W/"58674607-2f0" vary Accept-Encoding content-type application/x-javascript status 200 cache-control max-age=31536000 x-ac 4.5am _dfw expires Tue, 04 Feb 2020 04:32:40 GMT
GET H2	200	/ Show response s2.wp.com/_static/	59 KB 16 KB	30ms 29ms	Script application/x-javascript	192.0.77.32 Automattic
General Check archive.org Show headers Download Go to Full URL https://s2.wp.com/_static/??-eJyVj9sOgjAQRH/IWolo9MH4LUu7wNKrvYD+vSUxxPhA8G1258wkwyfPhLMJbeJD5BJHEuif+yHu+JdlMvM6d2Qj16Qw8kfGjD1YqTH8wqlHUxCfG95Bwglec/VHboMtjFROcnYbHxV5pskq1jqRI2tpbQJIQ5Y1ELiBmDAUxdyIIZAs1cvvz4YUQKi4FhLzoDm0qELfza061ddjVZ8vh+ENQ/6VbA== Requested by Host: blog.sensecy.com URL: https://blog.sensecy.com/2019/09/15/arabic-speaking-threat-actor-recycles-the-source-code-of-popular-rat-spynote-and-sells-it-in-the-dark-web-as-new/%7C Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US), Reverse DNS wordpress.com Software nginx / Resource Hash d6a5bc68a4ccf4d05012fd519068d3a35733c4b85074eccb9aa05b57be5222e3 Request headers Sec-Fetch-Mode no-cors Referer https://blog.sensecy.com/2019/09/15/arabic-speaking-threat-actor-recycles-the-source-code-of-popular-rat-spynote-and-sells-it-in-the-dark-web-as-new/%7C User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers x-nc HIT ams 1 date Sun, 15 Sep 2019 20:46:22 GMT content-encoding gzip last-modified Mon, 04 Feb 2019 21:11:26 GMT server nginx etag W/"5c58aa7e-ecfd" vary Accept-Encoding content-type application/x-javascript status 200 cache-control max-age=31536000 x-ac 4.5am _dfw expires Tue, 04 Feb 2020 22:53:28 GMT
GET H2	200	webfont.js Show response s0.wp.com/wp-content/plugins/custom-fonts/js/	12 KB 5 KB	44ms 44ms	Script application/x-javascript	192.0.77.32 Automattic
General Check archive.org Show headers Download Go to Full URL https://s0.wp.com/wp-content/plugins/custom-fonts/js/webfont.js Requested by Host: blog.sensecy.com URL: https://blog.sensecy.com/2019/09/15/arabic-speaking-threat-actor-recycles-the-source-code-of-popular-rat-spynote-and-sells-it-in-the-dark-web-as-new/%7C Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US), Reverse DNS wordpress.com Software nginx / Resource Hash cb8943abdc046f98c2a74cbe013552f1ed2a5746fd76546ed63f60d32dd83615 Request headers Sec-Fetch-Mode no-cors Referer https://blog.sensecy.com/2019/09/15/arabic-speaking-threat-actor-recycles-the-source-code-of-popular-rat-spynote-and-sells-it-in-the-dark-web-as-new/%7C User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers x-nc HIT ams 1 date Sun, 15 Sep 2019 20:46:22 GMT content-encoding gzip server nginx etag W/"5867460b-30cd" vary Accept-Encoding content-type application/x-javascript status 200 cache-control max-age=31536000 x-ac 4.5am _dfw expires Tue, 04 Feb 2020 04:32:47 GMT
GET H2	200	wp-emoji-release.min.js Show response s2.wp.com/wp-includes/js/	14 KB 5 KB	51ms 50ms	Script application/x-javascript	192.0.77.32 Automattic
General Check archive.org Show headers Download Go to Full URL https://s2.wp.com/wp-includes/js/wp-emoji-release.min.js?m=1556893897h&ver=5.2.3 Requested by Host: blog.sensecy.com URL: https://blog.sensecy.com/2019/09/15/arabic-speaking-threat-actor-recycles-the-source-code-of-popular-rat-spynote-and-sells-it-in-the-dark-web-as-new/%7C Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US), Reverse DNS wordpress.com Software nginx / Resource Hash f4799ef2939b8377cf33f07b07b6d90a4a245adbf1c6eaf47ee3b0fcefcc07fe Request headers Sec-Fetch-Mode no-cors Referer https://blog.sensecy.com/2019/09/15/arabic-speaking-threat-actor-recycles-the-source-code-of-popular-rat-spynote-and-sells-it-in-the-dark-web-as-new/%7C User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers x-nc HIT ams 1 date Sun, 15 Sep 2019 20:46:22 GMT content-encoding gzip server nginx etag W/"5ccc50eb-3610" vary Accept-Encoding content-type application/x-javascript status 200 cache-control max-age=31536000 x-ac 3.ams _dfw expires Fri, 04 Sep 2020 14:17:46 GMT
GET H2	200	global-print.css s2.wp.com/wp-content/mu-plugins/global-print/	5 KB 2 KB	15ms 15ms	Stylesheet text/css	192.0.77.32 Automattic
General Check archive.org Show headers Download Go to Full URL https://s2.wp.com/wp-content/mu-plugins/global-print/global-print.css?m=1465851035h&cssminify=yes Requested by Host: blog.sensecy.com URL: https://blog.sensecy.com/2019/09/15/arabic-speaking-threat-actor-recycles-the-source-code-of-popular-rat-spynote-and-sells-it-in-the-dark-web-as-new/%7C Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US), Reverse DNS wordpress.com Software nginx / Resource Hash 7d08e9159f7d2bf0835085cbd1ffb0252b0e11de45ed07db4447f8e63f181dbf Request headers Sec-Fetch-Mode no-cors Referer https://blog.sensecy.com/2019/09/15/arabic-speaking-threat-actor-recycles-the-source-code-of-popular-rat-spynote-and-sells-it-in-the-dark-web-as-new/%7C User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers x-nc HIT ams 1 date Sun, 15 Sep 2019 20:46:22 GMT content-encoding gzip server nginx etag W/"58674300-1f6c" vary Accept-Encoding content-type text/css status 200 cache-control max-age=31536000 x-ac 4.5am _dfw expires Tue, 04 Feb 2020 04:32:40 GMT
GET H2	200	css fonts.googleapis.com/	5 KB 767 B	16ms 16ms	Stylesheet text/css	2a00:1450:4001:81f::200a Google LLC
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Oswald:r%7CKarla:r,i,b,bi&subset=latin,latin-ext,latin,latin-ext Requested by Host: s0.wp.com URL: https://s0.wp.com/wp-content/plugins/custom-fonts/js/webfont.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:81f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software ESF / Resource Hash b99a9168a760215ba4d3a94e2a16d66c536bce515695e718ca2ed848cdfded13 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Sec-Fetch-Mode no-cors Referer https://blog.sensecy.com/2019/09/15/arabic-speaking-threat-actor-recycles-the-source-code-of-popular-rat-spynote-and-sells-it-in-the-dark-web-as-new/%7C User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers strict-transport-security max-age=31536000 content-encoding br last-modified Sun, 15 Sep 2019 20:46:22 GMT server ESF link <https://fonts.gstatic.com>; rel=preconnect; crossorigin status 200 date Sun, 15 Sep 2019 20:46:22 GMT x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * alt-svc quic=":443"; ma=2592000; v="46,43,39" x-xss-protection 0 expires Sun, 15 Sep 2019 20:46:22 GMT
GET H2	200	cropped-blog-header73.png blogdotsensecydotcom.files.wordpress.com/2017/07/	486 KB 487 KB	398ms 340ms	Image image/png	192.0.72.19 Automattic
General Check archive.org Show headers Download Go to Show image Full URL https://blogdotsensecydotcom.files.wordpress.com/2017/07/cropped-blog-header73.png Requested by Host: blog.sensecy.com URL: https://blog.sensecy.com/2019/09/15/arabic-speaking-threat-actor-recycles-the-source-code-of-popular-rat-spynote-and-sells-it-in-the-dark-web-as-new/%7C Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.72.19 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US), Reverse DNS Software nginx / Resource Hash bc328250d6e4526a6b0237b71dfafbcce37604bd0c4111e2b44d16f1d7724ead Request headers Sec-Fetch-Mode no-cors Referer https://blog.sensecy.com/2019/09/15/arabic-speaking-threat-actor-recycles-the-source-code-of-popular-rat-spynote-and-sells-it-in-the-dark-web-as-new/%7C User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers x-nc MISS ams 19 np date Sun, 15 Sep 2019 20:46:23 GMT last-modified Thu, 27 Jul 2017 12:50:37 GMT server nginx x-orig-src 01_mogdir content-type image/png status 200 accept-ranges bytes content-length 497526 expires Sat, 19 Oct 2019 00:53:17 GMT
GET H2	200	fontawesome-webfont.woff s2.wp.com/wp-content/themes/pub/gateway/fonts/fonts/	64 KB 64 KB	51ms 18ms	Font application/font-woff	192.0.77.32 Automattic
General Check archive.org Show headers Download Go to Full URL https://s2.wp.com/wp-content/themes/pub/gateway/fonts/fonts/fontawesome-webfont.woff?v=4.2.0 Requested by Host: blog.sensecy.com URL: https://blog.sensecy.com/2019/09/15/arabic-speaking-threat-actor-recycles-the-source-code-of-popular-rat-spynote-and-sells-it-in-the-dark-web-as-new/%7C Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US), Reverse DNS wordpress.com Software nginx / Resource Hash 199411f659f41aaccb959bacb1b0de30e54f244352a48c6f9894e65ae0f8a9a1 Request headers Sec-Fetch-Mode cors Referer https://s2.wp.com/_static/??-eJyNkttuwyAMhl9ohHZTm91MexZIXOoWAsKOor79HGg09RT1JrLN//kYPSXVxYFhYB1GlfzocCA9pS4GRQE9XO68piP60M8xj2cgfQJOpjur4j3IF60bxbWQnbxk0Pvms9loO6LvtfWx4DabfNHEFw9vpCkUacbhDHnxasL1FF28irfN9kua6JG49kBNJUuWl/xh9F4RMijoUcq76z70pml1isQksxDXlmr2++jaUuf1SDwkw7MiSBEDHoLI1rCQ9gs1m0czj7Oir0e2NmUgUvINOAbFRyn0yNWwTqPVzjBM5tWZnggP8iRTERVLmQkohrdIHLpaRpVmV6fB3oGU4ZhUWfaL/p4gFDs0vu5ZoQhvWNRD5BpdjLWkDqKSAxvGONw46uAN5jU0g/waTkxXlvXvztBv+Nnu9m37vWt3n6c/goFqPQ==?cssminify=yes Origin https://blog.sensecy.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers x-nc HIT ams 1 date Sun, 15 Sep 2019 20:46:22 GMT x-ac 4.5am _dfw last-modified Mon, 16 May 2016 00:20:54 GMT server nginx etag "57391266-ffac" status 200 access-control-allow-methods GET, HEAD content-type application/font-woff access-control-allow-origin * cache-control max-age=31536000 accept-ranges bytes content-length 65452 expires Tue, 04 Feb 2020 05:24:49 GMT
GET H2	200	cropped-blog-header-flipped-for-mobile-31.png blogdotsensecydotcom.files.wordpress.com/2017/02/	2 KB 2 KB	413ms 387ms	Image image/png	192.0.72.19 Automattic
General Check archive.org Show headers Download Go to Show image Full URL https://blogdotsensecydotcom.files.wordpress.com/2017/02/cropped-blog-header-flipped-for-mobile-31.png?w=50 Requested by Host: blog.sensecy.com URL: https://blog.sensecy.com/2019/09/15/arabic-speaking-threat-actor-recycles-the-source-code-of-popular-rat-spynote-and-sells-it-in-the-dark-web-as-new/%7C Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.72.19 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US), Reverse DNS Software nginx / Resource Hash 31fcd180fa29dc7fc7f59b74e77b646d631162edfbfbd994766d6cb7f71ce106 Request headers Sec-Fetch-Mode no-cors Referer https://blog.sensecy.com/2019/09/15/arabic-speaking-threat-actor-recycles-the-source-code-of-popular-rat-spynote-and-sells-it-in-the-dark-web-as-new/%7C User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers x-nc MISS ams 19 np date Sun, 15 Sep 2019 20:46:23 GMT last-modified Mon, 13 Feb 2017 12:06:34 GMT server nginx vary Accept content-type image/png status 200 x-orig-src 0_imageresize accept-ranges bytes content-length 2355 expires Tue, 22 Oct 2019 18:33:55 GMT
GET H2	200	hovercard.min.css 0.gravatar.com/dist/css/	7 KB 2 KB	12ms 12ms	Stylesheet text/css	2a04:fa87:fffe::c000:4902 Automattic
General Check archive.org Show headers Download Go to Full URL https://0.gravatar.com/dist/css/hovercard.min.css?ver=201937y Requested by Host: s2.wp.com URL: https://s2.wp.com/_static/??-eJyFztEKwjAMBdAfsisyOnwRv6XWOFKXtDbphn69HeiDMBQC9+EeuLFLNshhqhcQG9vdK5THO7ooO/sLGMKxeIWOkD84JFZgXW1OogQifoSNltIZJzBVoDTA2mauacN9v4Q8Iyx/WQTNPtxMAcHnun6i4965Q++GwfXxBTkPW9k= Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC - Automattic, Inc, US), Reverse DNS Software nginx / Resource Hash 7b5e32cb325e9aaef357a421cd16ddf6d6ddb70fec74b6c35a73eccc6817664c Request headers Sec-Fetch-Mode no-cors Referer https://blog.sensecy.com/2019/09/15/arabic-speaking-threat-actor-recycles-the-source-code-of-popular-rat-spynote-and-sells-it-in-the-dark-web-as-new/%7C User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Sun, 15 Sep 2019 20:46:22 GMT content-encoding gzip last-modified Thu, 22 Mar 2018 09:46:04 GMT server nginx etag W/"5ab37b5c-1a2e" content-type text/css status 200 cache-control max-age=604800 expires Sun, 22 Sep 2019 20:46:22 GMT
GET H2	200	services.min.css 0.gravatar.com/dist/css/	3 KB 564 B	12ms 12ms	Stylesheet text/css	2a04:fa87:fffe::c000:4902 Automattic
General Check archive.org Show headers Download Go to Full URL https://0.gravatar.com/dist/css/services.min.css?ver=201937y Requested by Host: s2.wp.com URL: https://s2.wp.com/_static/??-eJyFztEKwjAMBdAfsisyOnwRv6XWOFKXtDbphn69HeiDMBQC9+EeuLFLNshhqhcQG9vdK5THO7ooO/sLGMKxeIWOkD84JFZgXW1OogQifoSNltIZJzBVoDTA2mauacN9v4Q8Iyx/WQTNPtxMAcHnun6i4965Q++GwfXxBTkPW9k= Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC - Automattic, Inc, US), Reverse DNS Software nginx / Resource Hash e9fc9b1878db1b13b973252b048d19a17abb34a8da464a552c6d401728ed1e86 Request headers Sec-Fetch-Mode no-cors Referer https://blog.sensecy.com/2019/09/15/arabic-speaking-threat-actor-recycles-the-source-code-of-popular-rat-spynote-and-sells-it-in-the-dark-web-as-new/%7C User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Sun, 15 Sep 2019 20:46:22 GMT content-encoding gzip last-modified Thu, 22 Mar 2018 09:46:04 GMT server nginx etag W/"5ab37b5c-a54" content-type text/css status 200 cache-control max-age=604800 expires Sun, 22 Sep 2019 20:46:22 GMT
GET H2	200	remote-login.php r-login.wordpress.com/ Frame 2F5A	0 0	204ms 159ms	Document text/html	192.0.78.18 Automattic
General Check archive.org Show headers Download Go to Full URL https://r-login.wordpress.com/remote-login.php?wpcom_remote_login=key&origin=aHR0cHM6Ly9ibG9nLnNlbnNlY3kuY29t&wpcomid=62236121&time=1568580382 Requested by Host: blog.sensecy.com URL: https://blog.sensecy.com/2019/09/15/arabic-speaking-threat-actor-recycles-the-source-code-of-popular-rat-spynote-and-sells-it-in-the-dark-web-as-new/%7C Protocol H2 Security TLS 1.3, , AES_128_GCM Server 192.0.78.18 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US), Reverse DNS Software nginx / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=15552000 Request headers :method GET :authority r-login.wordpress.com :scheme https :path /remote-login.php?wpcom_remote_login=key&origin=aHR0cHM6Ly9ibG9nLnNlbnNlY3kuY29t&wpcomid=62236121&time=1568580382 pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 sec-fetch-mode nested-navigate accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3 sec-fetch-site cross-site referer https://blog.sensecy.com/2019/09/15/arabic-speaking-threat-actor-recycles-the-source-code-of-popular-rat-spynote-and-sells-it-in-the-dark-web-as-new/%7C accept-encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Mode nested-navigate Referer https://blog.sensecy.com/2019/09/15/arabic-speaking-threat-actor-recycles-the-source-code-of-popular-rat-spynote-and-sells-it-in-the-dark-web-as-new/%7C Response headers status 200 server nginx date Sun, 15 Sep 2019 20:46:23 GMT content-type text/html; charset=utf-8 vary Accept-Encoding Cookie expires Wed, 11 Jan 1984 05:00:00 GMT cache-control no-cache, must-revalidate, max-age=0 content-encoding gzip x-ac 2.ams _dfw strict-transport-security max-age=15552000
GET H2	200	TK3_WkUHHAIjg75cFRf3bXL8LICs1_FvsUZiYySUhiCXAA.woff fonts.gstatic.com/s/oswald/v24/	12 KB 12 KB	6ms 6ms	Font font/woff	2a00:1450:4001:81d::2003 Google LLC
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/oswald/v24/TK3_WkUHHAIjg75cFRf3bXL8LICs1_FvsUZiYySUhiCXAA.woff Requested by Host: s0.wp.com URL: https://s0.wp.com/wp-content/plugins/custom-fonts/js/webfont.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:81d::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software sffe / Resource Hash d22923ca6b9adcfeadaafe921c36b3355201e32e3cf6d54354e4276ff1e34980 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Sec-Fetch-Mode cors Referer https://fonts.googleapis.com/css?family=Oswald:r%7CKarla:r,i,b,bi&subset=latin,latin-ext,latin,latin-ext Origin https://blog.sensecy.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Mon, 26 Aug 2019 10:06:56 GMT x-content-type-options nosniff last-modified Tue, 23 Jul 2019 03:47:30 GMT server sffe age 1766366 status 200 content-type font/woff access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * alt-svc quic=":443"; ma=2592000; v="46,43,39" content-length 12596 x-xss-protection 0 expires Tue, 25 Aug 2020 10:06:56 GMT
GET H2	200	qkBbXvYC6trAT7RVLtyU5rZP.woff2 fonts.gstatic.com/s/karla/v8/	6 KB 6 KB	6ms 6ms	Font font/woff2	2a00:1450:4001:81d::2003 Google LLC
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/karla/v8/qkBbXvYC6trAT7RVLtyU5rZP.woff2 Requested by Host: s0.wp.com URL: https://s0.wp.com/wp-content/plugins/custom-fonts/js/webfont.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:81d::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software sffe / Resource Hash 0e16c1755f809d290b0c5e746654f10169af40c580767e0765bdd43fc542dfce Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Sec-Fetch-Mode cors Referer https://fonts.googleapis.com/css?family=Oswald:r%7CKarla:r,i,b,bi&subset=latin,latin-ext,latin,latin-ext Origin https://blog.sensecy.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Mon, 26 Aug 2019 12:36:23 GMT x-content-type-options nosniff last-modified Tue, 16 Jul 2019 23:49:09 GMT server sffe age 1757399 status 200 content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * alt-svc quic=":443"; ma=2592000; v="46,43,39" content-length 6332 x-xss-protection 0 expires Tue, 25 Aug 2020 12:36:23 GMT
GET H2	200	qkBVXvYC6trAT7RQHt6e4ZRNkAQ.woff2 fonts.gstatic.com/s/karla/v8/	7 KB 7 KB	6ms 6ms	Font font/woff2	2a00:1450:4001:81d::2003 Google LLC
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/karla/v8/qkBVXvYC6trAT7RQHt6e4ZRNkAQ.woff2 Requested by Host: s0.wp.com URL: https://s0.wp.com/wp-content/plugins/custom-fonts/js/webfont.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:81d::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software sffe / Resource Hash d52a5849bfc48fb568104ae803a020a0c76260c0fdeac95c38200233f101ee5c Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Sec-Fetch-Mode cors Referer https://fonts.googleapis.com/css?family=Oswald:r%7CKarla:r,i,b,bi&subset=latin,latin-ext,latin,latin-ext Origin https://blog.sensecy.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Sun, 25 Aug 2019 01:18:20 GMT x-content-type-options nosniff last-modified Tue, 16 Jul 2019 23:49:22 GMT server sffe age 1884482 status 200 content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * alt-svc quic=":443"; ma=2592000; v="46,43,39" content-length 6940 x-xss-protection 0 expires Mon, 24 Aug 2020 01:18:20 GMT
GET H2	200	qkBWXvYC6trAT7zuC8m5xLtlmgzD.woff2 fonts.gstatic.com/s/karla/v8/	7 KB 7 KB	7ms 7ms	Font font/woff2	2a00:1450:4001:81d::2003 Google LLC
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/karla/v8/qkBWXvYC6trAT7zuC8m5xLtlmgzD.woff2 Requested by Host: s0.wp.com URL: https://s0.wp.com/wp-content/plugins/custom-fonts/js/webfont.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:81d::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software sffe / Resource Hash 44a947b84d612dfbb0031de1b59f60bb6ba538445ae478cf4e0835ae856498c3 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Sec-Fetch-Mode cors Referer https://fonts.googleapis.com/css?family=Oswald:r%7CKarla:r,i,b,bi&subset=latin,latin-ext,latin,latin-ext Origin https://blog.sensecy.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Sun, 25 Aug 2019 08:30:20 GMT x-content-type-options nosniff last-modified Tue, 16 Jul 2019 23:49:25 GMT server sffe age 1858562 status 200 content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * alt-svc quic=":443"; ma=2592000; v="46,43,39" content-length 6796 x-xss-protection 0 expires Mon, 24 Aug 2020 08:30:20 GMT
GET H2	200	qkBQXvYC6trAT7RQFmW79LlvnS7BONk.woff2 fonts.gstatic.com/s/karla/v8/	8 KB 8 KB	8ms 8ms	Font font/woff2	2a00:1450:4001:81d::2003 Google LLC
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/karla/v8/qkBQXvYC6trAT7RQFmW79LlvnS7BONk.woff2 Requested by Host: s0.wp.com URL: https://s0.wp.com/wp-content/plugins/custom-fonts/js/webfont.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:81d::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software sffe / Resource Hash 7b0a53b1fe04db021417440fe94c013b830a3e2ef823792bcfbb249ec99789d2 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Sec-Fetch-Mode cors Referer https://fonts.googleapis.com/css?family=Oswald:r%7CKarla:r,i,b,bi&subset=latin,latin-ext,latin,latin-ext Origin https://blog.sensecy.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Sat, 24 Aug 2019 14:50:10 GMT x-content-type-options nosniff last-modified Tue, 16 Jul 2019 23:50:10 GMT server sffe age 1922172 status 200 content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * alt-svc quic=":443"; ma=2592000; v="46,43,39" content-length 7816 x-xss-protection 0 expires Sun, 23 Aug 2020 14:50:10 GMT

57 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| WebFontConfig string| wpcom_remote_login_extra_auth function| wpcom_remote_login_remove_dom_node_id function| wpcom_remote_login_remove_dom_node_classes function| wpcom_remote_login_final_cleanup function| addLoadEvent object| _wpemojiSettings object| NO_JQUERY object| wpcom_mobile_user_agent_info undefined| $ function| jQuery function| pm object| jQuery112406269470377196935 object| Jetpack object| WebFont object| twemoji object| wp function| hex_md5 function| b64_md5 function| str_md5 function| hex_hmac_md5 function| b64_hmac_md5 function| str_hmac_md5 function| md5_vm_test function| core_md5 function| md5_cmn function| md5_ff function| md5_gg function| md5_hh function| md5_ii function| core_hmac_md5 function| safe_add function| bit_rol function| str2binl function| binl2str function| binl2hex function| binl2b64 object| Gravatar object| GProfile number| hexcase string| b64pad number| chrsz object| WPGroHo object| gatewayadminbar object| actionbardata object| wpcom_img_zoomer object| jetpackLikesWidgetQueue object| jetpackLikesWidgetBatch boolean| jetpackLikesMasterReady function| JetpackLikespostMessage function| JetpackLikesBatchHandler function| JetpackLikesMessageListener function| JetpackLikesWidgetQueueHandler object| wpcom object| detectZoom string| mobileStatsQueryString string| new_css

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://s2.wp.com/_static/??-eJyFztEKwjAMBdAfsisyOnwRv6XWOFKXtDbphn69HeiDMBQC9+EeuLFLNshhqhcQG9vdK5THO7ooO/sLGMKxeIWOkD84JFZgXW1OogQifoSNltIZJzBVoDTA2mauacN9v4Q8Iyx/WQTNPtxMAcHnun6i4965Q++GwfXxBTkPW9k=(Line 8) Message: JQMIGRATE: Migrate is installed, version 1.4.1

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=86400

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

0.gravatar.com
blog.sensecy.com
blogdotsensecydotcom.files.wordpress.com
fonts.googleapis.com
fonts.gstatic.com
r-login.wordpress.com
s0.wp.com
s1.wp.com
s2.wp.com
192.0.72.19
192.0.77.32
192.0.78.13
192.0.78.18
2a00:1450:4001:81d::2003
2a00:1450:4001:81f::200a
2a04:fa87:fffe::c000:4902
0bd4b1d4b3f08be1af3251aff9f9eaaa4efdd6b7fd8393e6156b09e7f909a4ce
0e16c1755f809d290b0c5e746654f10169af40c580767e0765bdd43fc542dfce
199411f659f41aaccb959bacb1b0de30e54f244352a48c6f9894e65ae0f8a9a1
21c557180f1bd074974eb41ae4228b6aa9c41234ab1729d780bc8f05761110bb
31fcd180fa29dc7fc7f59b74e77b646d631162edfbfbd994766d6cb7f71ce106
3f95e6fba905257465a4f7dfedfc6500b80606e1696340a3d1fcec3678c22f74
44a947b84d612dfbb0031de1b59f60bb6ba538445ae478cf4e0835ae856498c3
7b0a53b1fe04db021417440fe94c013b830a3e2ef823792bcfbb249ec99789d2
7b5e32cb325e9aaef357a421cd16ddf6d6ddb70fec74b6c35a73eccc6817664c
7d08e9159f7d2bf0835085cbd1ffb0252b0e11de45ed07db4447f8e63f181dbf
9c42615b9f87888a452f177c5ea19899fb8a835b8f6d0b458824e6c332a0adce
b99a9168a760215ba4d3a94e2a16d66c536bce515695e718ca2ed848cdfded13
bc328250d6e4526a6b0237b71dfafbcce37604bd0c4111e2b44d16f1d7724ead
c7a92fc7d354834af3b16c94f5160e66fb60fe24fd9775247faa43315370ec89
cb8943abdc046f98c2a74cbe013552f1ed2a5746fd76546ed63f60d32dd83615
d22923ca6b9adcfeadaafe921c36b3355201e32e3cf6d54354e4276ff1e34980
d52a5849bfc48fb568104ae803a020a0c76260c0fdeac95c38200233f101ee5c
d6a5bc68a4ccf4d05012fd519068d3a35733c4b85074eccb9aa05b57be5222e3
e9fc9b1878db1b13b973252b048d19a17abb34a8da464a552c6d401728ed1e86
f29f5a257769cd022618264efb868dff5b42f5c9b0ea8d7138158b1131fad0a3
f4799ef2939b8377cf33f07b07b6d90a4a245adbf1c6eaf47ee3b0fcefcc07fe