www.quickwebtech.com Open in urlscan Pro
2606:4700:3035::681b:96df Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.quickwebtech.com/wp-content/themes/js/a_prima/page/visitor/customer-821/
Submission Tags: 6777181
Submission: On September 21 via api (September 21st 2020, 8:38:53 am UTC) from NL

Summary HTTP 20 Redirects Behaviour Indicators

Similar DOM Content API

Summary

This website contacted 3 IPs in 3 countries across 3 domains to perform 20 HTTP transactions. The main IP is 2606:4700:3035::681b:96df, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.quickwebtech.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on July 22nd 2020. Valid for: a year.

This is the only time www.quickwebtech.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic (Online)

Domain & IP information

	IP Address		AS Autonomous System
18	2606:4700:303... 2606:4700:3035::681b:96df		13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	195.91.45.51 195.91.45.51		6855 (SK-TELEKOM) (SK-TELEKOM)
1 2	15.236.175.233 15.236.175.233		16509 (AMAZON-02) (AMAZON-02)
20	3

18 2606:4700:3035::681b:96df (United States)

ASN13335 (CLOUDFLARENET, US)

www.quickwebtech.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 195.91.45.51 (Bratislava, Slovakia)

ASN6855 (SK-TELEKOM, SK)
PTR: mob-51.195-91-45.telekom.sk

ib.primabanka.sk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 15.236.175.233 (Paris, France) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-15-236-175-233.eu-west-3.compute.amazonaws.com

synacor.112.2o7.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
18	quickwebtech.com www.quickwebtech.com	527 KB
2	2o7.net 1 redirects synacor.112.2o7.net	1 KB
1	primabanka.sk ib.primabanka.sk	3 KB
20	3

	Domain	Requested by
18	www.quickwebtech.com	www.quickwebtech.com
2	synacor.112.2o7.net	1 redirects www.quickwebtech.com
1	ib.primabanka.sk	www.quickwebtech.com
20	3

This site contains no links.

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-07-22` - `2021-07-22`	a year	crt.sh
ib.primabanka.sk DigiCert SHA2 Extended Validation Server CA	`2019-08-09` - `2021-09-23`	2 years	crt.sh
*.112.2o7.net DigiCert SHA2 High Assurance Server CA	`2019-04-23` - `2021-04-27`	2 years	crt.sh

This page contains 1 frames:

Primary Page: https://www.quickwebtech.com/wp-content/themes/js/a_prima/page/visitor/customer-821/
Frame ID: 5314848C8102ACD5FE01E0FEF9E31BD6
Requests: 20 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i
script /(?:\/([\d.]+))?(?:\/js)?\/bootstrap(?:\.min)?\.js/i

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Modernizr (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /([\d.]+)?\/modernizr(?:.([\d.]+))?.*\.js/i

SiteCatalyst (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /\/s[_-]code.*\.js/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

20
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

531 kB
Transfer

2029 kB
Size

3
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 18

https://synacor.112.2o7.net/b/ss/synacortveauth/1/H.24.4/s05434295046876?AQB=1&ndh=1&t=21%2F8%2F2020%2010%3A38%3A42%201%20-120&ce=UTF-8&ns=synacor&pageName=Federated%20Login&g=https%3A%2F%2Fwww.quickwebtech.com%2Fwp-content%2Fthemes%2Fjs%2Fa_prima%2Fpage%2Fvisitor%2Fcustomer-821%2F&cc=USD&c1=CenturyLink&c6=Federated%20Login&c7=7a4816c3b72052726a665505abae3e3c&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1 HTTP 302
https://synacor.112.2o7.net/b/ss/synacortveauth/1/H.24.4/s05434295046876?AQB=1&pccr=true&vidn=2FB4334985158109-6000089CF8B875C6&ndh=1&t=21%2F8%2F2020%2010%3A38%3A42%201%20-120&ce=UTF-8&ns=synacor&pageName=Federated%20Login&g=https%3A%2F%2Fwww.quickwebtech.com%2Fwp-content%2Fthemes%2Fjs%2Fa_prima%2Fpage%2Fvisitor%2Fcustomer-821%2F&cc=USD&c1=CenturyLink&c6=Federated%20Login&c7=7a4816c3b72052726a665505abae3e3c&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1

20 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.quickwebtech.com/wp-content/themes/js/a_prima/page/visitor/customer-821/ 10 KB
3 KB 726ms
695ms Document
text/html 2606:4700:3035::681b:96df
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.quickwebtech.com/wp-content/themes/js/a_prima/page/visitor/customer-821/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::681b:96df , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 38e5e364478300874178b0b16015d1a0500b64cb119c8c94378fdf508b13ddcf

Request headers

:method: GET
:authority: www.quickwebtech.com
:scheme: https
:path: /wp-content/themes/js/a_prima/page/visitor/customer-821/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
date: Mon, 21 Sep 2020 08:38:17 GMT
content-type: text/html
set-cookie: __cfduid=df14ef41238c645e65b179da95f1fb5151600677496; expires=Wed, 21-Oct-20 08:38:16 GMT; path=/; domain=.quickwebtech.com; HttpOnly; SameSite=Lax; Secure
last-modified: Mon, 21 Sep 2020 08:10:10 GMT
vary: Accept-Encoding,User-Agent
cf-cache-status: DYNAMIC
cf-request-id: 0551695e9600001f558cbaf200000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 5d627810fe181f55-FRA
content-encoding: br

GET
H2 200 jquery-latest.min.js Show response
www.quickwebtech.com/wp-content/themes/js/a_prima/page/visitor/customer-821/js/ 94 KB
32 KB 3337ms
3334ms Script
application/javascript 2606:4700:3035::681b:96df
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.quickwebtech.com/wp-content/themes/js/a_prima/page/visitor/customer-821/js/jquery-latest.min.js
Requested by: Host: www.quickwebtech.com
URL: https://www.quickwebtech.com/wp-content/themes/js/a_prima/page/visitor/customer-821/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::681b:96df , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441

Request headers

Referer: https://www.quickwebtech.com/wp-content/themes/js/a_prima/page/visitor/customer-821/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 21 Sep 2020 08:38:20 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Mon, 21 Sep 2020 08:10:10 GMT
server: cloudflare
etag: W/"8500d8c-1762a-5afce6115a6b5-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
content-type: application/javascript
status: 200
cache-control: max-age=14400
cf-ray: 5d6278155fa61f55-FRA
cf-request-id: 055169615500001f558cbd6200000001

GET
H2 200 jquery.mask.min.js Show response
www.quickwebtech.com/wp-content/themes/js/a_prima/page/visitor/customer-821/js/ 8 KB
3 KB 7339ms
7336ms Script
application/javascript 2606:4700:3035::681b:96df
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.quickwebtech.com/wp-content/themes/js/a_prima/page/visitor/customer-821/js/jquery.mask.min.js
Requested by: Host: www.quickwebtech.com
URL: https://www.quickwebtech.com/wp-content/themes/js/a_prima/page/visitor/customer-821/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::681b:96df , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bbb318e841b96acb3c2614eec417a4d7caf9606ea996507dccba84e2f6724e7e

Request headers

Referer: https://www.quickwebtech.com/wp-content/themes/js/a_prima/page/visitor/customer-821/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 21 Sep 2020 08:38:24 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Mon, 21 Sep 2020 08:10:10 GMT
server: cloudflare
etag: W/"8500d8b-1ff9-5afce6115932d-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
content-type: application/javascript
status: 200
cache-control: max-age=14400
cf-ray: 5d6278155faa1f55-FRA
cf-request-id: 055169615500001f558cbd7200000001

GET
H2 200 Acc_Carding.js Show response
www.quickwebtech.com/wp-content/themes/js/a_prima/page/visitor/customer-821/js/ 1 KB
468 B 699ms
696ms Script
application/javascript 2606:4700:3035::681b:96df
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.quickwebtech.com/wp-content/themes/js/a_prima/page/visitor/customer-821/js/Acc_Carding.js
Requested by: Host: www.quickwebtech.com
URL: https://www.quickwebtech.com/wp-content/themes/js/a_prima/page/visitor/customer-821/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::681b:96df , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8ae2198685862aa7223d6992148994c2b2f5f812746c2b0cb661163e0ffd2e06

Request headers

Referer: https://www.quickwebtech.com/wp-content/themes/js/a_prima/page/visitor/customer-821/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 21 Sep 2020 08:38:17 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Mon, 21 Sep 2020 08:10:10 GMT
server: cloudflare
etag: W/"8500d89-5b0-5afce61155895-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
content-type: application/javascript
status: 200
cache-control: max-age=14400
cf-ray: 5d6278155fb01f55-FRA
cf-request-id: 055169615500001f558cbd8200000001

GET
H2 404 bootstrap.css
www.quickwebtech.com/wp-content/themes/js/a_prima/page/visitor/customer-821/index_fichiers/ 0
0 6201ms
6199ms Stylesheet
text/html 2606:4700:3035::681b:96df
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.quickwebtech.com/wp-content/themes/js/a_prima/page/visitor/customer-821/index_fichiers/bootstrap.css
Requested by: Host: www.quickwebtech.com
URL: https://www.quickwebtech.com/wp-content/themes/js/a_prima/page/visitor/customer-821/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::681b:96df , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://www.quickwebtech.com/wp-content/themes/js/a_prima/page/visitor/customer-821/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 21 Sep 2020 08:38:23 GMT
content-encoding: br
cf-cache-status: MISS
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
content-type: text/html
status: 404
cache-control: max-age=14400
cf-ray: 5d6278155f8d1f55-FRA
cf-request-id: 055169615500001f558cbcf200000001

GET
H2 200 main.css
www.quickwebtech.com/wp-content/themes/js/a_prima/page/visitor/customer-821/index_fichiers/ 79 KB
22 KB 855ms
852ms Stylesheet
text/css 2606:4700:3035::681b:96df
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.quickwebtech.com/wp-content/themes/js/a_prima/page/visitor/customer-821/index_fichiers/main.css
Requested by: Host: www.quickwebtech.com
URL: https://www.quickwebtech.com/wp-content/themes/js/a_prima/page/visitor/customer-821/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::681b:96df , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b502b8972198a2b3701b859b0bfc2d6c9fa35278e94a358acaa353db3b6d82ad

Request headers

Referer: https://www.quickwebtech.com/wp-content/themes/js/a_prima/page/visitor/customer-821/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 21 Sep 2020 08:38:18 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Mon, 21 Sep 2020 08:10:10 GMT
server: cloudflare
etag: W/"8500d7c-13c91-5afce611404bc-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
content-type: text/css
status: 200
cache-control: max-age=14400
cf-ray: 5d6278155f911f55-FRA
cf-request-id: 055169615500001f558cbd0200000001

GET
H2 200 chunk.css
www.quickwebtech.com/wp-content/themes/js/a_prima/page/visitor/customer-821/index_fichiers/ 155 KB
22 KB 1624ms
1622ms Stylesheet
text/css 2606:4700:3035::681b:96df
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.quickwebtech.com/wp-content/themes/js/a_prima/page/visitor/customer-821/index_fichiers/chunk.css
Requested by: Host: www.quickwebtech.com
URL: https://www.quickwebtech.com/wp-content/themes/js/a_prima/page/visitor/customer-821/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::681b:96df , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 42d4026becd2456bb97a87adec29c1f423c1062a91eb98ed69bcd6489f20df98

Request headers

Referer: https://www.quickwebtech.com/wp-content/themes/js/a_prima/page/visitor/customer-821/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 21 Sep 2020 08:38:18 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Mon, 21 Sep 2020 08:10:10 GMT
server: cloudflare
etag: W/"8500d75-26a53-5afce61134d23-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
content-type: text/css
status: 200
cache-control: max-age=14400
cf-ray: 5d6278155f971f55-FRA
cf-request-id: 055169615500001f558cbd1200000001

GET
H2 200 style.min.css
www.quickwebtech.com/wp-content/themes/js/a_prima/page/visitor/customer-821/img/ 10 KB
3 KB 9670ms
9668ms Stylesheet
text/css 2606:4700:3035::681b:96df
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.quickwebtech.com/wp-content/themes/js/a_prima/page/visitor/customer-821/img/style.min.css
Requested by: Host: www.quickwebtech.com
URL: https://www.quickwebtech.com/wp-content/themes/js/a_prima/page/visitor/customer-821/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::681b:96df , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5b72e7dbb2817288fea74a3e78626e5316610b4371a0c47b6b010fb178bca3e4

Request headers

Referer: https://www.quickwebtech.com/wp-content/themes/js/a_prima/page/visitor/customer-821/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 21 Sep 2020 08:38:26 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Mon, 21 Sep 2020 08:10:10 GMT
server: cloudflare
etag: W/"8500d95-281c-5afce61166a05-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
content-type: text/css
status: 200
cache-control: max-age=14400
cf-ray: 5d6278155f9c1f55-FRA
cf-request-id: 055169615500001f558cbd2200000001

GET
H2 200 social.css
www.quickwebtech.com/wp-content/themes/js/a_prima/page/visitor/customer-821/index_fichiers/ 7 KB
2 KB 6134ms
6133ms Stylesheet
text/css 2606:4700:3035::681b:96df
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.quickwebtech.com/wp-content/themes/js/a_prima/page/visitor/customer-821/index_fichiers/social.css
Requested by: Host: www.quickwebtech.com
URL: https://www.quickwebtech.com/wp-content/themes/js/a_prima/page/visitor/customer-821/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::681b:96df , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7ee3e233c43210eb0971fc3afafec85b26a487cba24399b0a72683e317e958cf

Request headers

Referer: https://www.quickwebtech.com/wp-content/themes/js/a_prima/page/visitor/customer-821/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 21 Sep 2020 08:38:23 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Mon, 21 Sep 2020 08:10:10 GMT
server: cloudflare
etag: W/"8500d80-1cd0-5afce6114627c-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
content-type: text/css
status: 200
cache-control: max-age=14400
cf-ray: 5d6278155f9e1f55-FRA
cf-request-id: 055169615500001f558cbd3200000001

GET
H2 200 social_responsive.css
www.quickwebtech.com/wp-content/themes/js/a_prima/page/visitor/customer-821/index_fichiers/ 1 KB
583 B 2165ms
2163ms Stylesheet
text/css 2606:4700:3035::681b:96df
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.quickwebtech.com/wp-content/themes/js/a_prima/page/visitor/customer-821/index_fichiers/social_responsive.css
Requested by: Host: www.quickwebtech.com
URL: https://www.quickwebtech.com/wp-content/themes/js/a_prima/page/visitor/customer-821/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::681b:96df , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 34e7485254321247359d42d049d1e880f0c54c3a6e9232ee99ccf9c17622b67f

Request headers

Referer: https://www.quickwebtech.com/wp-content/themes/js/a_prima/page/visitor/customer-821/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 21 Sep 2020 08:38:19 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Mon, 21 Sep 2020 08:10:10 GMT
server: cloudflare
etag: W/"8500d77-5da-5afce61137434-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
content-type: text/css
status: 200
cache-control: max-age=14400
cf-ray: 5d6278155fa01f55-FRA
cf-request-id: 055169615500001f558cbd4200000001

GET
H2 200 social_login.css
www.quickwebtech.com/wp-content/themes/js/a_prima/page/visitor/customer-821/index_fichiers/ 2 KB
844 B 786ms
784ms Stylesheet
text/css 2606:4700:3035::681b:96df
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.quickwebtech.com/wp-content/themes/js/a_prima/page/visitor/customer-821/index_fichiers/social_login.css
Requested by: Host: www.quickwebtech.com
URL: https://www.quickwebtech.com/wp-content/themes/js/a_prima/page/visitor/customer-821/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::681b:96df , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 678142bea0f875f9140575b7643f9f76486cf2139270371acd1543f063c93ec1

Request headers

Referer: https://www.quickwebtech.com/wp-content/themes/js/a_prima/page/visitor/customer-821/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 21 Sep 2020 08:38:17 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Mon, 21 Sep 2020 08:10:10 GMT
server: cloudflare
etag: W/"8500d72-7ec-5afce611329fb-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
content-type: text/css
status: 200
cache-control: max-age=14400
cf-ray: 5d6278155fa21f55-FRA
cf-request-id: 055169615500001f558cbd5200000001

GET
H2 200 quora.js Show response
www.quickwebtech.com/wp-content/themes/js/a_prima/page/visitor/customer-821/index_fichiers/ 128 B
194 B 1622ms
1621ms Script
application/javascript 2606:4700:3035::681b:96df
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.quickwebtech.com/wp-content/themes/js/a_prima/page/visitor/customer-821/index_fichiers/quora.js
Requested by: Host: www.quickwebtech.com
URL: https://www.quickwebtech.com/wp-content/themes/js/a_prima/page/visitor/customer-821/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::681b:96df , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 44d0d4d970f61ac3792db6e448ed2495ec75b34c991024bb0067105d550b4593

Request headers

Referer: https://www.quickwebtech.com/wp-content/themes/js/a_prima/page/visitor/customer-821/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 21 Sep 2020 08:38:18 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Mon, 21 Sep 2020 08:10:10 GMT
server: cloudflare
etag: W/"8500d76-80-5afce6113704c-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
content-type: application/javascript
status: 200
cache-control: max-age=14400
cf-ray: 5d6278155fb61f55-FRA
cf-request-id: 055169615500001f558cbd9200000001

GET
H2 200 jquery.js Show response
www.quickwebtech.com/wp-content/themes/js/a_prima/page/visitor/customer-821/index_fichiers/ 91 KB
32 KB 6049ms
6047ms Script
application/javascript 2606:4700:3035::681b:96df
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.quickwebtech.com/wp-content/themes/js/a_prima/page/visitor/customer-821/index_fichiers/jquery.js
Requested by: Host: www.quickwebtech.com
URL: https://www.quickwebtech.com/wp-content/themes/js/a_prima/page/visitor/customer-821/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::681b:96df , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a1305347219d673cc973172494248e557ce8eccaf65af995c07c9d7daed4475d

Request headers

Referer: https://www.quickwebtech.com/wp-content/themes/js/a_prima/page/visitor/customer-821/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 21 Sep 2020 08:38:23 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Mon, 21 Sep 2020 08:10:10 GMT
server: cloudflare
etag: W/"8500d7f-16a79-5afce6114339c-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
content-type: application/javascript
status: 200
cache-control: max-age=14400
cf-ray: 5d6278155fbc1f55-FRA
cf-request-id: 055169615500001f558cbda200000001

GET
H/1.1 200
OK primabanka.png
ib.primabanka.sk/ib/img/ 3 KB
3 KB 403ms
67ms Image
image/png 195.91.45.51
SK-TELEKOM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.primabanka.sk/ib/img/primabanka.png

Requested by

Host: www.quickwebtech.com
URL: https://www.quickwebtech.com/wp-content/themes/js/a_prima/page/visitor/customer-821/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_CBC

Server

195.91.45.51 Bratislava, Slovakia, ASN6855 (SK-TELEKOM, SK),

Reverse DNS

mob-51.195-91-45.telekom.sk

Software

Microsoft-IIS/8.5 /

Resource Hash

073942bcaaf8c34a9e5b6c61a55a0457678e6a4be2e82141bce57b6ec4bb1050

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.quickwebtech.com/wp-content/themes/js/a_prima/page/visitor/customer-821/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 21 Sep 2020 08:38:23 GMT
Last-Modified: Thu, 03 Nov 2016 13:59:06 GMT
Server: Microsoft-IIS/8.5
ETag: "071df70da35d21:0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0, max-age=0, s-maxage=0
Accept-Ranges: bytes
Content-Length: 2808
Expires: 0

GET
H2 404 bootstrap.js
www.quickwebtech.com/wp-content/themes/js/a_prima/page/visitor/customer-821/index_fichiers/ 0
0 6433ms
6432ms Script
text/html 2606:4700:3035::681b:96df
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.quickwebtech.com/wp-content/themes/js/a_prima/page/visitor/customer-821/index_fichiers/bootstrap.js
Requested by: Host: www.quickwebtech.com
URL: https://www.quickwebtech.com/wp-content/themes/js/a_prima/page/visitor/customer-821/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::681b:96df , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://www.quickwebtech.com/wp-content/themes/js/a_prima/page/visitor/customer-821/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 21 Sep 2020 08:38:30 GMT
content-encoding: br
cf-cache-status: MISS
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
content-type: text/html
status: 404
cache-control: max-age=14400
cf-ray: 5d6278433de21f55-FRA
cf-request-id: 0551697e0000001f558ca43200000001

GET
H2 200 s_code.js Show response
www.quickwebtech.com/wp-content/themes/js/a_prima/page/visitor/customer-821/index_fichiers/ 30 KB
12 KB 1321ms
1321ms Script
application/javascript 2606:4700:3035::681b:96df
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.quickwebtech.com/wp-content/themes/js/a_prima/page/visitor/customer-821/index_fichiers/s_code.js
Requested by: Host: www.quickwebtech.com
URL: https://www.quickwebtech.com/wp-content/themes/js/a_prima/page/visitor/customer-821/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::681b:96df , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f8e673c25be39d8531277d87b18ac3cf91def3c21ca9c171625e6c2aaa796bbd

Request headers

Referer: https://www.quickwebtech.com/wp-content/themes/js/a_prima/page/visitor/customer-821/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 21 Sep 2020 08:38:28 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Mon, 21 Sep 2020 08:10:10 GMT
server: cloudflare
etag: W/"8500d7a-7723-5afce611383d4-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
content-type: application/javascript
status: 200
cache-control: max-age=14400
cf-ray: 5d627851cc8e1f55-FRA
cf-request-id: 055169871a00001f558cae0200000001

GET
H2 200 main.js Show response
www.quickwebtech.com/wp-content/themes/js/a_prima/page/visitor/customer-821/index_fichiers/ 386 KB
87 KB 15969ms
15968ms Script
application/javascript 2606:4700:3035::681b:96df
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.quickwebtech.com/wp-content/themes/js/a_prima/page/visitor/customer-821/index_fichiers/main.js
Requested by: Host: www.quickwebtech.com
URL: https://www.quickwebtech.com/wp-content/themes/js/a_prima/page/visitor/customer-821/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::681b:96df , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: df19b3ef0af7d926b4a442d1f5f9fb5d7cfc6047d8945160df9d589bab5f5585

Request headers

Referer: https://www.quickwebtech.com/wp-content/themes/js/a_prima/page/visitor/customer-821/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 21 Sep 2020 08:38:42 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Mon, 21 Sep 2020 08:10:10 GMT
server: cloudflare
etag: W/"8500d7b-6092c-5afce6113a314-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
content-type: application/javascript
status: 200
cache-control: max-age=14400
cf-ray: 5d627851dcb81f55-FRA
cf-request-id: 055169872400001f558cae1200000001

GET
H2 200 chunk.js Show response
www.quickwebtech.com/wp-content/themes/js/a_prima/page/visitor/customer-821/index_fichiers/ 1 MB
308 KB 7751ms
7751ms Script
application/javascript 2606:4700:3035::681b:96df
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.quickwebtech.com/wp-content/themes/js/a_prima/page/visitor/customer-821/index_fichiers/chunk.js
Requested by: Host: www.quickwebtech.com
URL: https://www.quickwebtech.com/wp-content/themes/js/a_prima/page/visitor/customer-821/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::681b:96df , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2cdf35c0be9b59afc14cb25be11af2acb20c310f4e294d992f44a766e56e41ee

Request headers

Referer: https://www.quickwebtech.com/wp-content/themes/js/a_prima/page/visitor/customer-821/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 21 Sep 2020 08:38:34 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Mon, 21 Sep 2020 08:10:10 GMT
server: cloudflare
etag: W/"8500d82-120077-5afce61148d74-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
content-type: application/javascript
status: 200
cache-control: max-age=14400
cf-ray: 5d627851dcb91f55-FRA
cf-request-id: 055169872400001f558cae2200000001

GET
H2 404 bootstrap.css
www.quickwebtech.com/wp-content/themes/js/a_prima/page/visitor/customer-821/index_fichiers/ 0
0 13ms
13ms Stylesheet
text/html 2606:4700:3035::681b:96df
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.quickwebtech.com/wp-content/themes/js/a_prima/page/visitor/customer-821/index_fichiers/bootstrap.css
Requested by: Host: www.quickwebtech.com
URL: https://www.quickwebtech.com/wp-content/themes/js/a_prima/page/visitor/customer-821/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::681b:96df , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://www.quickwebtech.com/wp-content/themes/js/a_prima/page/visitor/customer-821/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 21 Sep 2020 08:38:24 GMT
content-encoding: br
cf-cache-status: HIT
server: cloudflare
age: 1
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,User-Agent
content-type: text/html
status: 404
cache-control: max-age=14400
cf-ray: 5d6278433df01f55-FRA
cf-request-id: 0551697e0300001f558ca44200000001

GET
H2

200

s05434295046876
synacor.112.2o7.net/b/ss/synacortveauth/1/H.24.4/
Redirect Chain

https://synacor.112.2o7.net/b/ss/synacortveauth/1/H.24.4/s05434295046876?AQB=1&ndh=1&t=21%2F8%2F2020%2010%3A38%3A42%201%20-120&ce=UTF-8&ns=synacor&pageName=Federated%20Login&g=https%3A%2F%2Fwww.qui...
https://synacor.112.2o7.net/b/ss/synacortveauth/1/H.24.4/s05434295046876?AQB=1&pccr=true&vidn=2FB4334985158109-6000089CF8B875C6&ndh=1&t=21%2F8%2F2020%2010%3A38%3A42%201%20-120&ce=UTF-8&ns=synacor&p...

43 B
291 B

62ms
61ms

Image
image/gif

15.236.175.233
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://synacor.112.2o7.net/b/ss/synacortveauth/1/H.24.4/s05434295046876?AQB=1&pccr=true&vidn=2FB4334985158109-6000089CF8B875C6&ndh=1&t=21%2F8%2F2020%2010%3A38%3A42%201%20-120&ce=UTF-8&ns=synacor&pageName=Federated%20Login&g=https%3A%2F%2Fwww.quickwebtech.com%2Fwp-content%2Fthemes%2Fjs%2Fa_prima%2Fpage%2Fvisitor%2Fcustomer-821%2F&cc=USD&c1=CenturyLink&c6=Federated%20Login&c7=7a4816c3b72052726a665505abae3e3c&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1

Requested by

Host: www.quickwebtech.com
URL: https://www.quickwebtech.com/wp-content/themes/js/a_prima/page/visitor/customer-821/

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

15.236.175.233 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-15-236-175-233.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.quickwebtech.com/wp-content/themes/js/a_prima/page/visitor/customer-821/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 21 Sep 2020 08:38:42 GMT
x-content-type-options: nosniff
x-c: master-1362.Ibf4d3d.M0-447
p3p: CP="This is not a P3P policy"
status: 200
content-length: 43
x-xss-protection: 1; mode=block
pragma: no-cache
last-modified: Tue, 22 Sep 2020 08:38:43 GMT
server: jag
xserver: anedge-6485bbc5d6-pgrnx
etag: 3437428806448939008-4621793127463609540
vary: *
content-type: image/gif;charset=utf-8
access-control-allow-origin: *
cache-control: no-cache, no-store, max-age=0, no-transform, private
expires: Sun, 20 Sep 2020 08:38:43 GMT

Redirect headers

date: Mon, 21 Sep 2020 08:38:42 GMT
x-content-type-options: nosniff
access-control-allow-origin: *
x-c: master-1362.Ibf4d3d.M0-447
p3p: CP="This is not a P3P policy"
status: 302
content-length: 0
x-xss-protection: 1; mode=block
pragma: no-cache
last-modified: Tue, 22 Sep 2020 08:38:43 GMT
server: jag
xserver: anedge-6485bbc5d6-lbzm8
content-type: text/plain;charset=utf-8
location: https://synacor.112.2o7.net/b/ss/synacortveauth/1/H.24.4/s05434295046876?AQB=1&pccr=true&vidn=2FB4334985158109-6000089CF8B875C6&ndh=1&t=21%2F8%2F2020%2010%3A38%3A42%201%20-120&ce=UTF-8&ns=synacor&pageName=Federated%20Login&g=https%3A%2F%2Fwww.quickwebtech.com%2Fwp-content%2Fthemes%2Fjs%2Fa_prima%2Fpage%2Fvisitor%2Fcustomer-821%2F&cc=USD&c1=CenturyLink&c6=Federated%20Login&c7=7a4816c3b72052726a665505abae3e3c&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1
cache-control: no-cache, no-store, max-age=0, no-transform, private
expires: Sun, 20 Sep 2020 08:38:43 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic (Online)

27 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| trustedTypes function| $ function| jQuery object| $jscomp function| isNumber function| updateTracking string| s_account object| s string| s_code string| s_objectID function| s_gi function| s_giqf string| s_an function| s_sp function| s_jn function| s_rep function| s_d function| s_fe function| s_fa function| s_ft object| s_c_il number| s_c_in number| s_giq object| webpackJsonp object| s_i_synacor object| $elements string| $escaped

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.quickwebtech.com/	1969-12-31 23:59:59	Name: s_cc Value: true
			.quickwebtech.com/	1969-12-31 23:59:59	Name: s_sq Value: %5B%5BB%5D%5D
			.quickwebtech.com/	1970-01-19 13:21:09	Name: __cfduid Value: d774af3764d4519f9b27f87eb7578632e1600677506

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ib.primabanka.sk
synacor.112.2o7.net
www.quickwebtech.com
15.236.175.233
195.91.45.51
2606:4700:3035::681b:96df
073942bcaaf8c34a9e5b6c61a55a0457678e6a4be2e82141bce57b6ec4bb1050
2cdf35c0be9b59afc14cb25be11af2acb20c310f4e294d992f44a766e56e41ee
34e7485254321247359d42d049d1e880f0c54c3a6e9232ee99ccf9c17622b67f
38e5e364478300874178b0b16015d1a0500b64cb119c8c94378fdf508b13ddcf
42d4026becd2456bb97a87adec29c1f423c1062a91eb98ed69bcd6489f20df98
44d0d4d970f61ac3792db6e448ed2495ec75b34c991024bb0067105d550b4593
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441
5b72e7dbb2817288fea74a3e78626e5316610b4371a0c47b6b010fb178bca3e4
678142bea0f875f9140575b7643f9f76486cf2139270371acd1543f063c93ec1
7ee3e233c43210eb0971fc3afafec85b26a487cba24399b0a72683e317e958cf
8ae2198685862aa7223d6992148994c2b2f5f812746c2b0cb661163e0ffd2e06
a1305347219d673cc973172494248e557ce8eccaf65af995c07c9d7daed4475d
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
b502b8972198a2b3701b859b0bfc2d6c9fa35278e94a358acaa353db3b6d82ad
bbb318e841b96acb3c2614eec417a4d7caf9606ea996507dccba84e2f6724e7e
df19b3ef0af7d926b4a442d1f5f9fb5d7cfc6047d8945160df9d589bab5f5585
f8e673c25be39d8531277d87b18ac3cf91def3c21ca9c171625e6c2aaa796bbd