![](/screenshots/3577bb93-e65f-436c-a22e-82de8d94bba8.png)
ln.ser-ute.173-211-46-69.cprapid.com
Open in
urlscan Pro
173.211.46.69
Malicious Activity!
Public Scan
Effective URL: https://ln.ser-ute.173-211-46-69.cprapid.com/nu-sed/it/index.php?&sessionid=1d6242b0233d055a45309fc9dafd512e
Submission: On June 25 via api from US — Scanned from IT
Summary
TLS certificate: Issued by R11 on June 24th 2024. Valid for: 3 months.
This is the only time ln.ser-ute.173-211-46-69.cprapid.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Banco Desio (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 104.21.79.229 104.21.79.229 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 2 | 159.100.6.5 159.100.6.5 | 44066 (DE-FIRSTC...) (DE-FIRSTCOLO firstcolo.net) | |
3 17 | 173.211.46.69 173.211.46.69 | 21769 (AS-COLOAM) (AS-COLOAM) | |
2 | 184.24.77.49 184.24.77.49 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
1 3 | 79.125.35.115 79.125.35.115 | 16509 (AMAZON-02) (AMAZON-02) | |
2 | 104.102.18.167 104.102.18.167 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
1 | 34.250.64.99 34.250.64.99 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 63.140.62.27 63.140.62.27 | 15224 (OMNITURE) (OMNITURE) | |
1 1 | 52.211.131.117 52.211.131.117 | 16509 (AMAZON-02) (AMAZON-02) | |
22 | 6 |
ASN44066 (DE-FIRSTCOLO firstcolo.net, DE)
PTR: cp5.ultahost.com
verifica-dati-binance.com |
ASN21769 (AS-COLOAM, US)
PTR: nokpsdflkonbaorcmf.healthdataco.com
ln.ser-ute.173-211-46-69.cprapid.com |
ASN20940 (AKAMAI-ASN1, NL)
PTR: a184-24-77-49.deploy.static.akamaitechnologies.com
ds-aksb-a.akamaihd.net |
ASN16509 (AMAZON-02, US)
PTR: ec2-79-125-35-115.eu-west-1.compute.amazonaws.com
dpm.demdex.net |
ASN16625 (AKAMAI-AS, US)
PTR: a104-102-18-167.deploy.static.akamaitechnologies.com
dmtags.scotiabank.com |
ASN16509 (AMAZON-02, US)
PTR: ec2-34-250-64-99.eu-west-1.compute.amazonaws.com
scotiabank.demdex.net |
ASN15224 (OMNITURE, US)
PTR: ip-63-140-62-27.data.adobedc.net
somniture.scotiabank.com |
ASN16509 (AMAZON-02, US)
PTR: ec2-52-211-131-117.eu-west-1.compute.amazonaws.com
cm.everesttech.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
17 |
cprapid.com
3 redirects
ln.ser-ute.173-211-46-69.cprapid.com |
7 MB |
4 |
demdex.net
1 redirects
dpm.demdex.net — Cisco Umbrella Rank: 242 scotiabank.demdex.net — Cisco Umbrella Rank: 134021 |
4 KB |
3 |
scotiabank.com
dmtags.scotiabank.com — Cisco Umbrella Rank: 130505 somniture.scotiabank.com — Cisco Umbrella Rank: 119877 |
15 KB |
2 |
akamaihd.net
ds-aksb-a.akamaihd.net — Cisco Umbrella Rank: 8306 |
5 KB |
2 |
verifica-dati-binance.com
2 redirects
verifica-dati-binance.com |
347 B |
1 |
everesttech.net
1 redirects
cm.everesttech.net — Cisco Umbrella Rank: 1336 |
490 B |
1 |
2no.co
1 redirects
2no.co |
793 B |
22 | 7 |
Domain | Requested by | |
---|---|---|
17 | ln.ser-ute.173-211-46-69.cprapid.com |
3 redirects
ln.ser-ute.173-211-46-69.cprapid.com
|
3 | dpm.demdex.net |
1 redirects
ln.ser-ute.173-211-46-69.cprapid.com
|
2 | dmtags.scotiabank.com |
ln.ser-ute.173-211-46-69.cprapid.com
|
2 | ds-aksb-a.akamaihd.net |
ln.ser-ute.173-211-46-69.cprapid.com
|
2 | verifica-dati-binance.com | 2 redirects |
1 | cm.everesttech.net | 1 redirects |
1 | somniture.scotiabank.com |
ln.ser-ute.173-211-46-69.cprapid.com
|
1 | scotiabank.demdex.net |
ln.ser-ute.173-211-46-69.cprapid.com
|
1 | 2no.co | 1 redirects |
22 | 9 |
This site contains links to these domains. Also see Links.
Domain |
---|
ihbnext.cedacri.it |
Subject Issuer | Validity | Valid | |
---|---|---|---|
cpcontacts.ln.ser-ute.173-211-46-69.cprapid.com R11 |
2024-06-24 - 2024-09-22 |
3 months | crt.sh |
a248.e.akamai.net DigiCert TLS RSA SHA256 2020 CA1 |
2024-04-18 - 2025-04-19 |
a year | crt.sh |
apps.scotiabank.com Entrust Certification Authority - L1K |
2023-11-21 - 2024-12-21 |
a year | crt.sh |
*.demdex.com DigiCert Global G2 TLS RSA SHA256 2020 CA1 |
2023-09-26 - 2024-10-26 |
a year | crt.sh |
somniture.scotiabank.com Entrust Certification Authority - L1K |
2023-08-21 - 2024-09-21 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
https://ln.ser-ute.173-211-46-69.cprapid.com/nu-sed/it/index.php?&sessionid=1d6242b0233d055a45309fc9dafd512e
Frame ID: 8DD488489EF7B65C3EAA8CE0CE820DD9
Requests: 21 HTTP requests in this frame
Frame:
https://scotiabank.demdex.net/dest5.html?d_nsid=0
Frame ID: 599A588456DFC5A83F6AAC7D6F8029D7
Requests: 1 HTTP requests in this frame
Screenshot
![](/screenshots/3577bb93-e65f-436c-a22e-82de8d94bba8.png)
Page Title
Account | Banco DesioPage URL History Show full URLs
-
https://2no.co/mDESlO-lD
HTTP 302
https://verifica-dati-binance.com/wrjnms-loa HTTP 301
https://verifica-dati-binance.com/wrjnms-loa/ HTTP 302
https://ln.ser-ute.173-211-46-69.cprapid.com/nu-sed HTTP 301
https://ln.ser-ute.173-211-46-69.cprapid.com/nu-sed/ HTTP 302
https://ln.ser-ute.173-211-46-69.cprapid.com/nu-sed/checkclient.php?&sessionid=1d6242b0233d055a45309fc9dafd512e HTTP 302
https://ln.ser-ute.173-211-46-69.cprapid.com/nu-sed/it/index.php?&sessionid=1d6242b0233d055a45309fc9dafd512e Page URL
Detected technologies
Detected patterns
- \.php(?:$|\?)
![](/vendor/wappa/icons/React.png)
Detected patterns
- <[^>]+data-react
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Title: Non ricordi i dati d'accesso?
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://2no.co/mDESlO-lD
HTTP 302
https://verifica-dati-binance.com/wrjnms-loa HTTP 301
https://verifica-dati-binance.com/wrjnms-loa/ HTTP 302
https://ln.ser-ute.173-211-46-69.cprapid.com/nu-sed HTTP 301
https://ln.ser-ute.173-211-46-69.cprapid.com/nu-sed/ HTTP 302
https://ln.ser-ute.173-211-46-69.cprapid.com/nu-sed/checkclient.php?&sessionid=1d6242b0233d055a45309fc9dafd512e HTTP 302
https://ln.ser-ute.173-211-46-69.cprapid.com/nu-sed/it/index.php?&sessionid=1d6242b0233d055a45309fc9dafd512e Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 10- https://dpm.demdex.net/id?d_visid_ver=5.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=0AAF22CE52827A080A490D4D%40AdobeOrg&d_nsid=0&ts=1719326581922 HTTP 302
- https://dpm.demdex.net/id/rd?d_visid_ver=5.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=0AAF22CE52827A080A490D4D%40AdobeOrg&d_nsid=0&ts=1719326581922
- https://cm.everesttech.net/cm/dd?d_uuid=47043416779560917150300379823779667996 HTTP 302
- https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZnrXdgAAAFDhTAN6
22 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
index.php
ln.ser-ute.173-211-46-69.cprapid.com/nu-sed/it/ Redirect Chain
|
53 KB 53 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
styles.86a72d8001092c40e429.css
ln.ser-ute.173-211-46-69.cprapid.com/nu-sed/it/css/ |
1 MB 1 MB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
094054a424e3-launch-edbf66c903b6.min.js
ln.ser-ute.173-211-46-69.cprapid.com/nu-sed/it/js/ |
238 KB 239 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
aksb.min.js
ds-aksb-a.akamaihd.net/ |
13 KB 5 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
new-dmobile.png
ln.ser-ute.173-211-46-69.cprapid.com/nu-sed/it/images/ |
22 KB 22 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icons8-region-50.png
ln.ser-ute.173-211-46-69.cprapid.com/nu-sed/it/images/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icons8-phone-50.png
ln.ser-ute.173-211-46-69.cprapid.com/nu-sed/it/images/ |
990 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
.-6643-resource-loader.js
ln.ser-ute.173-211-46-69.cprapid.com/nu-sed/it/js/ |
221 B 467 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
.-6607-runtime.eff227375d548a03d4a2.js
ln.ser-ute.173-211-46-69.cprapid.com/nu-sed/it/js/ |
1 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
.-6204-main.b454267499c8d1dd0ee2.chunk.js
ln.ser-ute.173-211-46-69.cprapid.com/nu-sed/it/js/ |
5 MB 5 MB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
dF0
ln.ser-ute.173-211-46-69.cprapid.com/oJ0d/zt7x/3MnMW/33wsw/EcJYmNQk/ORoxZ2Ms/cVo0BWdH/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
rd
dpm.demdex.net/id/ Redirect Chain
|
5 KB 2 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
AppMeasurement.min.js
dmtags.scotiabank.com/launch/novaweb/27c34d6e7144/094054a424e3/b7f9de2492b6/hostedLibFiles/EP171e731c9ba34f1c950c36d26e3efd61/ |
33 KB 13 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
AppMeasurement_Module_ActivityMap.min.js
dmtags.scotiabank.com/launch/novaweb/27c34d6e7144/094054a424e3/b7f9de2492b6/hostedLibFiles/EP171e731c9ba34f1c950c36d26e3efd61/ |
3 KB 2 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
dest5.html
scotiabank.demdex.net/ Frame 599A |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
id
somniture.scotiabank.com/ |
48 B 476 B |
XHR
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ibs:dpid=411&dpuuid=ZnrXdgAAAFDhTAN6
dpm.demdex.net/ Redirect Chain
|
42 B 717 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mobile-phone.png
ln.ser-ute.173-211-46-69.cprapid.com/nu-sed/it/css/ |
6 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
assets-8fd30bd010d9e2c7677ec339685f958b.woff
ln.ser-ute.173-211-46-69.cprapid.com/nu-sed/it/fonts/ |
30 KB 30 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
assets-00cecde981e3ef7491eba946f4b95fe0.woff
ln.ser-ute.173-211-46-69.cprapid.com/nu-sed/it/fonts/ |
31 KB 31 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
favicon.ico
ln.ser-ute.173-211-46-69.cprapid.com/nu-sed/it/images/ |
1 KB 1 KB |
Other
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
b
ds-aksb-a.akamaihd.net/2/682023/ |
0 269 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Banco Desio (Banking)27 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 undefined| event object| fence object| sharedStorage object| w object| d object| AKSB number| resources object| REDUX_STATE object| _satellite boolean| __satelliteLoaded object| adobe function| Visitor object| s_c_il number| s_c_in object| appEventData number| _dataLayerOverwriteMonitor object| webpackJsonp function| AppMeasurement_Module_ActivityMap function| AppMeasurement function| s_gi function| s_pgicq number| s_objectID number| s_giq object| s object| antiClickjack object| RT21 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
2no.co/ | Name: 545057141360099763 Value: 3 |
|
2no.co/ | Name: clhf03028ja Value: 81.17.121.179 |
|
ln.ser-ute.173-211-46-69.cprapid.com/ | Name: PHPSESSID Value: be93c89515d3f2aed2798f160f919db3 |
|
.demdex.net/ | Name: demdex Value: 47043416779560917150300379823779667996 |
|
.ser-ute.173-211-46-69.cprapid.com/ | Name: AMCVS_0AAF22CE52827A080A490D4D%40AdobeOrg Value: 1 |
|
.dpm.demdex.net/ | Name: dpm Value: 47043416779560917150300379823779667996 |
|
.ser-ute.173-211-46-69.cprapid.com/ | Name: AMCV_0AAF22CE52827A080A490D4D%40AdobeOrg Value: 1176715910%7CMCIDTS%7C19900%7CMCMID%7C55022695195367429930664836158223928590%7CMCAAMLH-1719931382%7C6%7CMCAAMB-1719931382%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1719333782s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-19907%7CvVersion%7C5.4.0 |
|
.adnxs.com/ | Name: receive-cookie-deprecation Value: 1 |
|
.mathtag.com/ | Name: uuid Value: 46ae667a-d777-4400-9bc6-17be8966f930 |
|
.doubleclick.net/ | Name: IDE Value: AHWqTUkyb5kQC09IRQIbMy-yTBkiY16DSNZo5euY6Gu4q5LYKW1g0g1MsFVOlXzWy0w |
|
.twitter.com/ | Name: personalization_id Value: "v1_xjs36OUJ6segFsxkHDcnSQ==" |
|
.rfihub.com/ | Name: rud Value: H4sIAAAAAAAA_-MSNjU0sDA1tTQ3NjE0NTWwMLI0MxLiM9QNzQp3rXSNjDJKjHQEAAOyFVglAAAA |
|
.rfihub.com/ | Name: ruds Value: H4sIAAAAAAAA_-MSNjU0sDA1tTQ3NjE0NTWwMLI0MxLiM9QNzQp3rXSNjDJKjHQEAAOyFVglAAAA |
|
.rfihub.com/ | Name: eud Value: H4sIAAAAAAAA_1vFxGtobmhpbGRmamFsYmoKAIUxlWAQAAAA |
|
.quantserve.com/ | Name: d Value: ENABDAGWLLmvYA |
|
.quantserve.com/ | Name: mc Value: 667ad777-8c009-76c0a-4297f |
|
.eyeota.net/ | Name: SERVERID Value: 21559~DM |
|
.demdex.net/ | Name: dextp Value: 269-1-1719326582600|358-1-1719326582703|601-1-1719326582803|771-1-1719326582904|822-1-1719326583004|1123-1-1719326583105|1121-1-1719326583205|903-1-1719326583306|1175-1-1719326583406|22052-1-1719326583507|30064-1-1719326583608|30646-1-1719326583708|73426-1-1719326583809|121998-1-1719326583909|144230-1-1719326584010|144231-1-1719326584110|144232-1-1719326584211|144233-1-1719326584311|144234-1-1719326584412|144235-1-1719326584513|144236-1-1719326584613|144237-1-1719326584713|161033-1-1719326584814|139200-1-1719326584915 |
|
.onaudience.com/ | Name: cookie Value: 8c3bfb7aef3ed7ed |
|
.amazon-adsystem.com/ | Name: ad-id Value: Az-fQl4960oyuK7RVRH9QMY |
|
.amazon-adsystem.com/ | Name: ad-privacy Value: 0 |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
2no.co
cm.everesttech.net
dmtags.scotiabank.com
dpm.demdex.net
ds-aksb-a.akamaihd.net
ln.ser-ute.173-211-46-69.cprapid.com
scotiabank.demdex.net
somniture.scotiabank.com
verifica-dati-binance.com
104.102.18.167
104.21.79.229
159.100.6.5
173.211.46.69
184.24.77.49
34.250.64.99
52.211.131.117
63.140.62.27
79.125.35.115
03225d14336379353bc306d8a809ea367fd0c30491c43c96918aa68783d1d9b0
0c4aa449c09de4bc7447e0cb5c76bb62c5bc82d3bb806678a2180165ba78a696
0d3fb2e7ae7c73168ae60ea986f26e12d61f78c9632d39b4a2c4654c00250fb8
1005d7e1cdba845abaf190203acd62ca9e994414be24e46ea8878be1374e2438
114ea0b2dfbba7ae939b3b84ce79969942a5eb9a06a84d1315a05cb9b45f7341
15db266fd7466c7e8d763d0afbbe4b4fed1ed4e147682120289064c9f2e9f540
2a1ddda1c364402c6f6c97cf6571c3c8a5f4cf55deeb899bb7b40cfc929a94bb
462a66acbf50e933685e7587e9f1441df8225b2bb4d6b7bc5e757eccf4ff6575
4aa0cb13c447cd5d35729bf6bf5cd8a799834df440c838041646ebb8d8488926
5037b298c4193baf7e920bee2999d2ab852db7a3b6b09a38c25a78db92baf69b
5f45b253b0621b40b352b1ec52c4b2066bca8e71c5ac54d922459fc8109d9366
647869f1f836569f0ec4de08c629ffc442525b5ea97913fd90dc009caedd5649
6dcb5a6e85d0d711d7d56ea70e0710b4aacfc1172083491459d9c5116e63950d
7f06def529e0076b37f65c60085a6b1c65f1bbab0b1f87c72c188018b5094966
9219086b4f2c3bf77854b2e06ccd97ad32b9b7a140e65ff8b974a3bae6c7854c
bdcedcc0085acc0e4d5a4489b2d73c2aae3f918b17f31bafcf4d8e8b1cc772be
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e46cc6bdfd9597f8ebe594cfb61fccbe87e8b768c8abb46ae5e10de56ed67c6b
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
fde6372895f5b115abe65c37ae2a4f4769e43cfb6d826eb3f256477e6bb17fe0