marcopaschacafe.com
Open in
urlscan Pro
5.105.5.200
Malicious Activity!
Public Scan
Effective URL: http://marcopaschacafe.com/public/93kA28u840PJSkZUjMWOaJho6u8QBcvq
Submission: On November 16 via automatic, source openphish — Scanned from DE
Summary
This is the only time marcopaschacafe.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: DHL (Transportation)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
3 19 | 5.105.5.200 5.105.5.200 | 207633 (NOSSPEED) (NOSSPEED) | |
2 | 2606:4700::68... 2606:4700::6810:5614 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 2606:4700:303... 2606:4700:3037::ac43:a669 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2606:4700::68... 2606:4700::6812:1634 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 2606:4700::68... 2606:4700::6811:180e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2606:4700:303... 2606:4700:3030::6815:328f | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
6 | 2606:4700:e6:... 2606:4700:e6::ac40:cb1c | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 13.32.27.16 13.32.27.16 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 104.198.23.205 104.198.23.205 | 15169 (GOOGLE) (GOOGLE) | |
34 | 10 |
ASN207633 (NOSSPEED, TR)
PTR: rdns.webhostingdunyasi.com.tr
marcopaschacafe.com |
ASN16509 (AMAZON-02, US)
PTR: server-13-32-27-16.fra56.r.cloudfront.net
static.hotjar.com |
ASN15169 (GOOGLE, US)
PTR: 205.23.198.104.bc.googleusercontent.com
r.lr-in.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
19 |
marcopaschacafe.com
3 redirects
marcopaschacafe.com |
310 KB |
7 |
fontawesome.com
kit.fontawesome.com — Cisco Umbrella Rank: 1540 ka-f.fontawesome.com — Cisco Umbrella Rank: 2985 |
288 KB |
2 |
lr-in.com
cdn.lr-in.com — Cisco Umbrella Rank: 13615 r.lr-in.com — Cisco Umbrella Rank: 14086 |
159 KB |
2 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 201 |
82 KB |
2 |
killbot.org
killbot.org |
2 KB |
2 |
jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 374 |
3 KB |
1 |
hotjar.com
static.hotjar.com — Cisco Umbrella Rank: 625 |
3 KB |
0 |
Failed
function sub() { [native code] }. Failed |
|
34 | 8 |
Domain | Requested by | |
---|---|---|
19 | marcopaschacafe.com |
3 redirects
marcopaschacafe.com
|
6 | ka-f.fontawesome.com |
kit.fontawesome.com
marcopaschacafe.com |
2 | cdnjs.cloudflare.com |
marcopaschacafe.com
cdnjs.cloudflare.com |
2 | killbot.org |
cdn.jsdelivr.net
|
2 | cdn.jsdelivr.net |
marcopaschacafe.com
|
1 | r.lr-in.com |
cdn.lr-in.com
|
1 | static.hotjar.com |
marcopaschacafe.com
|
1 | cdn.lr-in.com |
marcopaschacafe.com
|
1 | kit.fontawesome.com |
marcopaschacafe.com
|
0 | eofcbnmajmjmplflapaojjnihcjkigck Failed |
marcopaschacafe.com
|
34 | 10 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-06-02 - 2023-06-01 |
a year | crt.sh |
*.fontawesome.com DigiCert TLS RSA SHA256 2020 CA1 |
2021-12-01 - 2023-01-01 |
a year | crt.sh |
*.hotjar.com Amazon |
2022-10-25 - 2023-11-23 |
a year | crt.sh |
api.logrocket.com R3 |
2022-10-24 - 2023-01-22 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
http://marcopaschacafe.com/public/93kA28u840PJSkZUjMWOaJho6u8QBcvq
Frame ID: 7BB6B1E35F794325EC7E488FE08B2018
Requests: 34 HTTP requests in this frame
Screenshot
Page Title
DHLPage URL History Show full URLs
-
http://marcopaschacafe.com/public/tr7yzn2pw29xfyki3befllyerbxsuv8u
HTTP 302
http://marcopaschacafe.com/public HTTP 301
http://marcopaschacafe.com/public/ Page URL
-
http://marcopaschacafe.com/93kA28u840PJSkZUjMWOaJho6u8QBcvq/
HTTP 301
http://marcopaschacafe.com/public/93kA28u840PJSkZUjMWOaJho6u8QBcvq Page URL
Detected technologies
Laravel (Web Frameworks) ExpandDetected patterns
Font Awesome (Font Scripts) Expand
Detected patterns
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- kit\.fontawesome\.com/([0-9a-z]+).js
Hotjar (Analytics) Expand
Detected patterns
- //static\.hotjar\.com/
jsDelivr (CDN) Expand
Detected patterns
- //cdn\.jsdelivr\.net/
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://marcopaschacafe.com/public/tr7yzn2pw29xfyki3befllyerbxsuv8u
HTTP 302
http://marcopaschacafe.com/public HTTP 301
http://marcopaschacafe.com/public/ Page URL
-
http://marcopaschacafe.com/93kA28u840PJSkZUjMWOaJho6u8QBcvq/
HTTP 301
http://marcopaschacafe.com/public/93kA28u840PJSkZUjMWOaJho6u8QBcvq Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://marcopaschacafe.com/public/tr7yzn2pw29xfyki3befllyerbxsuv8u HTTP 302
- http://marcopaschacafe.com/public HTTP 301
- http://marcopaschacafe.com/public/
34 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
/
marcopaschacafe.com/public/ Redirect Chain
|
558 B 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.min.js
cdn.jsdelivr.net/gh/killbot-org/Killbot-JS@latest/dist/ |
3 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
whois
killbot.org/api/v2/ |
107 B 832 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
93kA28u840PJSkZUjMWOaJho6u8QBcvq
marcopaschacafe.com/public/ Redirect Chain
|
59 KB 17 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
f7165dd215.js
kit.fontawesome.com/ |
11 KB 4 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.min.js
cdn.jsdelivr.net/gh/killbot-org/Killbot-JS@latest/dist/ |
3 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
app.css
marcopaschacafe.com/public/css/ |
429 KB 56 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
font-awesome.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/ |
30 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logger-1.min.js
cdn.lr-in.com/ |
782 KB 159 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
free.min.css
ka-f.fontawesome.com/releases/v6.2.1/css/ |
100 KB 23 KB |
Fetch
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
free-v4-shims.min.css
ka-f.fontawesome.com/releases/v6.2.1/css/ |
27 KB 5 KB |
Fetch
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
free-v5-font-face.min.css
ka-f.fontawesome.com/releases/v6.2.1/css/ |
823 B 1 KB |
Fetch
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
free-v4-font-face.min.css
ka-f.fontawesome.com/releases/v6.2.1/css/ |
2 KB 1 KB |
Fetch
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
whois
killbot.org/api/v2/ |
107 B 803 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
fonts.css
eofcbnmajmjmplflapaojjnihcjkigck/common/ui/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo.png
marcopaschacafe.com/images/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
all.png
marcopaschacafe.com/images/ |
12 KB 13 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
foo.png
marcopaschacafe.com/images/ |
6 KB 6 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
app.js
marcopaschacafe.com/public/js/ |
2 MB 201 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
session-recorder.js
marcopaschacafe.com/public/js/ |
44 KB 11 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
roboto-latin-400-normal.woff2
marcopaschacafe.com/fonts/vendor/@fontsource/roboto/files/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
hotjar-2895475.js
static.hotjar.com/c/ |
5 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
webfa-solid-900.woff2
marcopaschacafe.com/fonts/vendor/@fortawesome/fontawesome-free/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
fontawesome-webfont.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/ |
75 KB 76 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
webfa-brands-400.woff2
marcopaschacafe.com/public/css/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
roboto-all-400-normal.woff
marcopaschacafe.com/fonts/vendor/@fontsource/roboto/files/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET BLOB |
3925dcaa-4bf1-497c-a54b-56ef61e06e97
http://marcopaschacafe.com/ |
427 KB 0 |
Other
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
webfa-solid-900.woff
marcopaschacafe.com/fonts/vendor/@fortawesome/fontawesome-free/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
webfa-brands-400.woff
marcopaschacafe.com/fonts/vendor/@fortawesome/fontawesome-free/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
webfa-brands-400.ttf
marcopaschacafe.com/fonts/vendor/@fortawesome/fontawesome-free/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
webfa-solid-900.ttf
marcopaschacafe.com/fonts/vendor/@fortawesome/fontawesome-free/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
free-fa-brands-400.woff2
ka-f.fontawesome.com/releases/v6.2.1/webfonts/ |
105 KB 106 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
free-fa-solid-900.woff2
ka-f.fontawesome.com/releases/v6.2.1/webfonts/ |
147 KB 148 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
i
r.lr-in.com/ |
104 B 633 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- eofcbnmajmjmplflapaojjnihcjkigck
- URL
- chrome-extension://eofcbnmajmjmplflapaojjnihcjkigck/common/ui/fonts/fonts.css
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: DHL (Transportation)37 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| FontAwesomeKitConfig object| _0x3185 function| _0x501f function| _0x34aede function| redirect string| sessionHash function| hj object| _hjSettings object| regeneratorRuntime object| __SDKCONFIG__ function| _LRLogger object| hjSiteSettings function| hjBootstrap object| hjLazyModules object| webpackChunk function| jQuery function| $ object| ParsleyExtend object| ParsleyConfig object| psly object| Parsley object| ParsleyUtils object| ParsleyValidator object| ParsleyUI string| inputEventPatched object| intlTelInputUtils function| _lrMutationObserver function| _lrXMLHttpRequest boolean| _lr_loaded boolean| errorInB boolean| errorInC object| authTimeout boolean| hasBLogin boolean| isInBLogin object| bLogin function| Pusher object| Echo5 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
marcopaschacafe.com/ | Name: XSRF-TOKEN Value: eyJpdiI6ImYxeEJVT3NLM1A2K0tpSXhqLzVnUHc9PSIsInZhbHVlIjoibFphQXZYdTV2cEZDVDdCdlg2eUNsZ00zQzBuSFJrRVdZQkM4eVlQLzNRcUhvVDFVN3hLTnI4dkVlb3QzeTR2TVNiVzdva1ZrYTFsYXJRN29BNXk3SFVFZ0xnMGp2VXVhWHBUSWNJeGJJM2ZGNnlPYjNtdnJ2STkraTI0dkcxV3EiLCJtYWMiOiIyNTkwZTIyNDRhNzg3M2QwYzZlNzE0ZTU4YTljNGRhZDlhNzIzYjZiZjJhNzhhYzEzMzhjYjk4OTliZGQxMjI5IiwidGFnIjoiIn0%3D |
|
marcopaschacafe.com/ | Name: laravel_session Value: eyJpdiI6InJmVzJWZ2lkSnREZjV5VHNUMzRib3c9PSIsInZhbHVlIjoiVVg0b0tHVk9ZcUZRRzk4NkRZbjVzWW8yYWlWYjc1bW9SY1F2NUs5aWJqSkJNQUVEYVFGWUc0by9ZdXI3RjBEYkdDUDlCa3FYckVhNk5tb0d1VFAzL1JMOU42SVgvRzEwQVlHUWczMG1mb3FxL2N2Yit3bDd4NXVQVnhkKzBMMjgiLCJtYWMiOiJjNTVkYjM1ZmYyZDc2YjVjMzJkMGE3YWExYWVmMDg0ZjYwYTQyYTAwMDFiM2FlNmQ5Mjg4N2VmZDRiMDhkZjdmIiwidGFnIjoiIn0%3D |
|
marcopaschacafe.com/ | Name: _lr_tabs_-mnnzup%2Fdus Value: {%22sessionID%22:0%2C%22recordingID%22:%225-16af2f8d-a0c6-4040-a29f-d65ab237ab67%22%2C%22lastActivity%22:1668560735660} |
|
marcopaschacafe.com/ | Name: _lr_hb_-mnnzup%2Fdus Value: {%22heartbeat%22:1668560735660} |
|
marcopaschacafe.com/ | Name: _lr_uf_-mnnzup Value: 0961963d-91ad-4b71-9b7c-19d1287f8b11 |
12 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdn.jsdelivr.net
cdn.lr-in.com
cdnjs.cloudflare.com
eofcbnmajmjmplflapaojjnihcjkigck
ka-f.fontawesome.com
killbot.org
kit.fontawesome.com
marcopaschacafe.com
r.lr-in.com
static.hotjar.com
eofcbnmajmjmplflapaojjnihcjkigck
104.198.23.205
13.32.27.16
2606:4700:3030::6815:328f
2606:4700:3037::ac43:a669
2606:4700::6810:5614
2606:4700::6811:180e
2606:4700::6812:1634
2606:4700:e6::ac40:cb1c
5.105.5.200
04994be7db4693bad5bc011cd1aa7a3cdd72c55dd72f478b772de9a795e82210
1494e2691e1c13a3f35cbc3e1b56c5187c10ffe220d1fdc58d99494a666244d4
36839348d4cd3d5ffcb15317bc5e8f32b77c644d0c6c0f8f19bdf216caf49293
399e233cea4e5468820e5c5f98ddbb156de729983710cf576a6508f076326c68
3f0c62b5ccdcdbf3b3ae3885f1e6959e2d937eba9b29dea9a6bdb98788041756
4f04c94b287d7dfdfad36e60915eefbef7127a073546e6c21512b5052c6ac48d
56c57ddb04140a37df2f0b9ae80dbdd58368da58e2705746420039eeb6a60b90
67ad94e12a745b1b09c6cd616e20a2ad283ed68f8060bd1dd0d9a2b6ad9dc7ee
788283b9392704ad36e4767d8e14790895e3a504214d4553da9b4992fd9f2af2
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
8437bd0ef46a19c9a7c294c53e0429b40e76ebbd5fe9fd73a9025752495ddb1c
a6a7cd298cb48eef9fc5d0d80b09c7d19514971a3d604342a6d4e3529d6653c7
a7a1c90b9112cf91bb959686992ea7e77fa160d5255e6ea21c8014486b40d980
a8831773f69697c641e349c519d162ad5afe58cc583703d96f98a79d29087ef1
ae8c305c3414ff60a662da648445c2296de1260d9c6c87ed3efb907d1bcd92ed
b856bad6a7ffe16d3ba0ea0d6c6fe0526385ebd11e589a2efbcbf97386e9ea40
c1bc3d95ad1a3f6e30b41ba27b4addbfa6cb7d53f1c1a52880f9701bf65416b0
c1d5409eecb402a99f10718b06c266ba314d9e25f0b56c6fd063699334b8be6d
d792afdac7f7ae5de7c6964950c6c61dc6e3f3813180a59e141c7cb4ac4364dc
da3060b6585615d3c5886f83d756e8c61eb6de3520b8868bd986261b800f9314
e20c1cb300afae8e79e08659d9775f963f31abe0f692450d37aa775c1ef4ec26
e7a9f485d6f2e1dabd73d8b9ebba2930177e6d77565963ed32707837ed9bba33
faee48bc8c191e415a0e4470dc15be9dab9c410bd8790a798a8e699a48ee1a8b