funtoplaygamesforkids.duckdns.org
Open in
urlscan Pro
20.79.155.225
Malicious Activity!
Public Scan
Submission: On October 13 via api from CA — Scanned from CA
Summary
TLS certificate: Issued by (STAGING) Pseudo Plum E5 on October 11th 2024. Valid for: 3 months.
This is the only time funtoplaygamesforkids.duckdns.org was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Scotiabank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
3 | 20.79.155.225 20.79.155.225 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
4 | 2600:1408:10:... 2600:1408:10:280::51e | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
5 | 2600:9000:24d... 2600:9000:24d6:5000:d:e6dd:f300:21 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 184.25.41.104 184.25.41.104 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
1 4 | 107.20.112.51 107.20.112.51 | 14618 (AMAZON-AES) (AMAZON-AES) | |
1 | 63.140.38.236 63.140.38.236 | 14618 (AMAZON-AES) (AMAZON-AES) | |
1 1 | 18.209.125.30 18.209.125.30 | 14618 (AMAZON-AES) (AMAZON-AES) | |
1 | 54.246.140.19 54.246.140.19 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 2600:9000:24d... 2600:9000:24d6:e600:d:e6dd:f300:21 | 16509 (AMAZON-02) (AMAZON-02) | |
20 | 9 |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
funtoplaygamesforkids.duckdns.org |
ASN16509 (AMAZON-02, US)
dlslhpkfqfglo.cloudfront.net |
ASN16625 (AKAMAI-AS, US)
PTR: a184-25-41-104.deploy.static.akamaitechnologies.com
auth.scotiaonline.scotiabank.com |
ASN14618 (AMAZON-AES, US)
PTR: ec2-107-20-112-51.compute-1.amazonaws.com
dpm.demdex.net | |
scotiabank.demdex.net |
ASN14618 (AMAZON-AES, US)
PTR: ip-63-140-38-236.data.adobedc.net
somniture.scotiabank.com |
ASN14618 (AMAZON-AES, US)
PTR: ec2-18-209-125-30.compute-1.amazonaws.com
cm.everesttech.net |
ASN16509 (AMAZON-02, US)
PTR: ec2-54-246-140-19.eu-west-1.compute.amazonaws.com
csf-e58f0d0de3ce9fa5ebc118ad6482af34.memcyco.com |
ASN16509 (AMAZON-02, US)
dlslhpkfqfglo.cloudfront.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
6 |
cloudfront.net
dlslhpkfqfglo.cloudfront.net |
792 KB |
6 |
scotiabank.com
dmtags.scotiabank.com — Cisco Umbrella Rank: 146635 auth.scotiaonline.scotiabank.com — Cisco Umbrella Rank: 191973 somniture.scotiabank.com — Cisco Umbrella Rank: 127704 |
91 KB |
4 |
demdex.net
1 redirects
dpm.demdex.net — Cisco Umbrella Rank: 243 scotiabank.demdex.net — Cisco Umbrella Rank: 112706 |
4 KB |
3 |
duckdns.org
funtoplaygamesforkids.duckdns.org |
19 KB |
1 |
memcyco.com
csf-e58f0d0de3ce9fa5ebc118ad6482af34.memcyco.com — Cisco Umbrella Rank: 440773 |
|
1 |
everesttech.net
1 redirects
cm.everesttech.net — Cisco Umbrella Rank: 1371 |
490 B |
20 | 6 |
Domain | Requested by | |
---|---|---|
6 | dlslhpkfqfglo.cloudfront.net |
funtoplaygamesforkids.duckdns.org
dlslhpkfqfglo.cloudfront.net |
4 | dmtags.scotiabank.com |
funtoplaygamesforkids.duckdns.org
dmtags.scotiabank.com |
3 | dpm.demdex.net |
1 redirects
funtoplaygamesforkids.duckdns.org
|
3 | funtoplaygamesforkids.duckdns.org |
funtoplaygamesforkids.duckdns.org
|
1 | csf-e58f0d0de3ce9fa5ebc118ad6482af34.memcyco.com |
dlslhpkfqfglo.cloudfront.net
|
1 | cm.everesttech.net | 1 redirects |
1 | somniture.scotiabank.com |
dmtags.scotiabank.com
|
1 | scotiabank.demdex.net |
dmtags.scotiabank.com
|
1 | auth.scotiaonline.scotiabank.com |
funtoplaygamesforkids.duckdns.org
|
20 | 9 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.scotiabank.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
funtoplaygamesforkids.duckdns.org (STAGING) Pseudo Plum E5 |
2024-10-11 - 2025-01-09 |
3 months | crt.sh |
apps.scotiabank.com Entrust Certification Authority - L1K |
2023-11-21 - 2024-12-21 |
a year | crt.sh |
*.cloudfront.net Amazon RSA 2048 M01 |
2024-07-30 - 2025-07-03 |
a year | crt.sh |
auth.scotiabank.com Entrust Certification Authority - L1K |
2024-01-31 - 2025-02-28 |
a year | crt.sh |
*.demdex.com DigiCert Global G2 TLS RSA SHA256 2020 CA1 |
2024-09-25 - 2025-10-26 |
a year | crt.sh |
somniture.scotiabank.com Entrust Certification Authority - L1K |
2024-07-23 - 2025-08-23 |
a year | crt.sh |
*.memcyco.com Amazon RSA 2048 M03 |
2024-02-25 - 2025-03-25 |
a year | crt.sh |
This page contains 4 frames:
Primary Page:
https://funtoplaygamesforkids.duckdns.org/UpdateVerifyPrss!/Scotiabank/?key=5050d2156464f8b75b40f3d8cba168a3d4aa145e
Frame ID: 1F751E3E8C1C0CF05D484D1E4935BE3F
Requests: 17 HTTP requests in this frame
Frame:
https://scotiabank.demdex.net/dest5.html?d_nsid=0
Frame ID: A1733905F1865998CAACBBEFA2667DFD
Requests: 1 HTTP requests in this frame
Frame:
https://csf-e58f0d0de3ce9fa5ebc118ad6482af34.memcyco.com/cdn/cd/csframe.html
Frame ID: 8832ABF08FEBFAEA0F26EE0EEEE03278
Requests: 1 HTTP requests in this frame
Frame:
https://dlslhpkfqfglo.cloudfront.net/cdn/ca/lwsa.html
Frame ID: 6EFE615C1E21D2C53BD2CCE392DDF989
Requests: 1 HTTP requests in this frame
Screenshot
Page Title
Sign in | ScotiabankDetected technologies
React (JavaScript Frameworks) ExpandDetected patterns
- <[^>]+data-react
OneTrust (Cookie compliance) Expand
Detected patterns
- otSDKStub\.js
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
6 Outgoing links
These are links going to different origins than the main page.
Title: Scotiabank
Search URL Search Domain Scan URL
Title: Contact Us
Search URL Search Domain Scan URL
Title: Security
Search URL Search Domain Scan URL
Title: Legal
Search URL Search Domain Scan URL
Title: Privacy
Search URL Search Domain Scan URL
Title: Accessibility
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 6- https://dpm.demdex.net/id?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=0AAF22CE52827A080A490D4D%40AdobeOrg&d_nsid=0&ts=1728859290547 HTTP 302
- https://dpm.demdex.net/id/rd?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=0AAF22CE52827A080A490D4D%40AdobeOrg&d_nsid=0&ts=1728859290547
- https://cm.everesttech.net/cm/dd?d_uuid=16185485215976164832968065390809580624 HTTP 302
- https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZwxMmgAAAFqRYwNP
20 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
funtoplaygamesforkids.duckdns.org/UpdateVerifyPrss!/Scotiabank/ |
88 KB 19 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
launch-edbf66c903b6.min.js
dmtags.scotiabank.com/launch/novaweb/27c34d6e7144/094054a424e3/ |
252 KB 66 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
mutha-scotia-wrapper.min.js
dlslhpkfqfglo.cloudfront.net/cdn/ca/ |
5 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
7c428f63a00e5bd025fa159e8c94389f.svg
auth.scotiaonline.scotiabank.com/assets/ |
537 B 767 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
8fd30bd010d9e2c7677ec339685f958b.woff
funtoplaygamesforkids.duckdns.org/UpdateVerifyPrss!/Scotiabank/assets/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.6.1.min.js
dlslhpkfqfglo.cloudfront.net/cdn/ca/ |
2 MB 781 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
50805f331bb1b697aafb6f0c28b09212.woff2
funtoplaygamesforkids.duckdns.org/UpdateVerifyPrss!/Scotiabank/assets/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
rd
dpm.demdex.net/id/ Redirect Chain
|
5 KB 2 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
AppMeasurement.min.js
dmtags.scotiabank.com/launch/novaweb/27c34d6e7144/094054a424e3/47ee6dba49c3/hostedLibFiles/EP8757b503532a44a68eee17773f6f10a0/ |
35 KB 13 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
AppMeasurement_Module_ActivityMap.min.js
dmtags.scotiabank.com/launch/novaweb/27c34d6e7144/094054a424e3/47ee6dba49c3/hostedLibFiles/EP8757b503532a44a68eee17773f6f10a0/ |
3 KB 2 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
otSDKStub.js
dmtags.scotiabank.com/aempublic/Onetrust/scotiabank/oneTrust_production/scripttemplates/ |
21 KB 7 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
4fbad486-5e37-45d2-bcbc-b89a6d33ea60.json
dmtags.scotiabank.com/aempublic/Onetrust/scotiabank/oneTrust_production/consent/4fbad486-5e37-45d2-bcbc-b89a6d33ea60/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
dest5.html
scotiabank.demdex.net/ Frame A173 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
id
somniture.scotiabank.com/ |
48 B 473 B |
XHR
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ibs:dpid=411&dpuuid=ZwxMmgAAAFqRYwNP
dpm.demdex.net/ Redirect Chain
|
42 B 716 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gpk
dlslhpkfqfglo.cloudfront.net/cdn/cd/ |
791 B 1 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
csframe.html
csf-e58f0d0de3ce9fa5ebc118ad6482af34.memcyco.com/cdn/cd/ Frame 8832 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
lwsa.html
dlslhpkfqfglo.cloudfront.net/cdn/ca/ Frame 6EFE |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
gwf
dlslhpkfqfglo.cloudfront.net/cdn/cd/ |
8 KB 6 KB |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
l
dlslhpkfqfglo.cloudfront.net/cdn/cd/ |
104 B 542 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- dmtags.scotiabank.com
- URL
- https://dmtags.scotiabank.com/aempublic/Onetrust/scotiabank/oneTrust_production/consent/4fbad486-5e37-45d2-bcbc-b89a6d33ea60/4fbad486-5e37-45d2-bcbc-b89a6d33ea60.json
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Scotiabank (Banking)28 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 object| 2 object| _satellite boolean| __satelliteLoaded object| adobe function| Visitor object| s_c_il number| s_c_in function| OptanonWrapper object| appEventData number| _dataLayerOverwriteMonitor function| AppMeasurement function| s_gi function| s_pgicq function| AppMeasurement_Module_ActivityMap object| s function| inList number| a object| OneTrustStub function| $ function| jQuery function| lTa object| murmurHash3 function| UAParser object| localforage object| KJUR function| JSEncrypt30 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
funtoplaygamesforkids.duckdns.org/ | Name: PHPSESSID Value: 872voepthr95pm5qhap9nnjmvq |
|
dlslhpkfqfglo.cloudfront.net/ | Name: aphishCookie-1728806564299-SCOTIA Value: 0 |
|
.demdex.net/ | Name: demdex Value: 16185485215976164832968065390809580624 |
|
.funtoplaygamesforkids.duckdns.org/ | Name: AMCVS_0AAF22CE52827A080A490D4D%40AdobeOrg Value: 1 |
|
.dpm.demdex.net/ | Name: dpm Value: 16185485215976164832968065390809580624 |
|
.funtoplaygamesforkids.duckdns.org/ | Name: AMCV_0AAF22CE52827A080A490D4D%40AdobeOrg Value: 179643557%7CMCIDTS%7C20010%7CMCMID%7C19739624466975571052603782701371042114%7CMCAAMLH-1729464090%7C7%7CMCAAMB-1729464090%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1728866490s%7CNONE%7CMCSYNCSOP%7C411-20017%7CMCAID%7CNONE%7CvVersion%7C5.5.0 |
|
.mathtag.com/ | Name: uuid Value: 67cd670c-4c9b-4400-b632-5f1470987a6f |
|
.adnxs.com/ | Name: receive-cookie-deprecation Value: 1 |
|
.33across.com/ | Name: 33x_ps Value: u%3D212835514262705%3As1%3D1728859291212%3Ats%3D1728859291212 |
|
csf-e58f0d0de3ce9fa5ebc118ad6482af34.memcyco.com/ | Name: AWSALBCORS Value: r0MLpSc0D8+a9jiF/tz4VMljsQayoz4uFqAZmW83fIkTbu/2+Teqzb1UPa7rfcctY5eessjU7MZ9SD1O6HhM2OTQre5B7Kma9GIlXCQJWrS8q2h2PEN+eSAA3FBy |
|
.doubleclick.net/ | Name: IDE Value: AHWqTUnDTb3y1q4TifUbcYROYdUTtA6ufGraM6E1BwMtw2TOrd_e2gNmCi22OLLkikc |
|
.rfihub.com/ | Name: rud Value: H4sIAAAAAAAA_-MSNrIwsDQ3NTYzMjc3MzI2szA2NBDiM9TNKw7L1DXJyHbJLUsEANF747QlAAAA |
|
.rfihub.com/ | Name: ruds Value: H4sIAAAAAAAA_-MSNrIwsDQ3NTYzMjc3MzI2szA2NBDiM9TNKw7L1DXJyHbJLUsEANF747QlAAAA |
|
.rfihub.com/ | Name: eud Value: H4sIAAAAAAAA_1vFxGtobmRhYWppZGloZmYBAATxGbQQAAAA |
|
.twitter.com/ | Name: personalization_id Value: "v1_SyCRbIMUka9MwFoHUe0QPg==" |
|
.adsrvr.org/ | Name: TDID Value: e8293dcb-c733-46b1-8fca-b71fcbb5b35a |
|
.adsrvr.org/ | Name: TDCPM Value: CAESEgoDYWFtEgsIvqiR-Mb4tT0QBRgFIAEoAjILCOTX6qTd-LU9EAU4AQ.. |
|
.quantserve.com/ | Name: mc Value: 670c4c9b-ca799-83b6a-5e079 |
|
.quantserve.com/ | Name: sp Value: CgkIjd0BEgMQ0g0= |
|
.ml314.com/ | Name: pi Value: 3647686972696166494 |
|
.eyeota.net/ | Name: mako_uid Value: 192880b4188-11f00000010a4aa6 |
|
.eyeota.net/ | Name: SERVERID Value: 19110~DM |
|
.scorecardresearch.com/ | Name: UID Value: 145f5e7841515c83343df7d1728859292 |
|
.scorecardresearch.com/ | Name: XID Value: 145f5e7841515c83343df7d1728859292 |
|
.crwdcntrl.net/ | Name: _cc_dc Value: 0 |
|
.crwdcntrl.net/ | Name: _cc_id Value: 6babd2dc805c7a70f0d749f70b5f418e |
|
.demdex.net/ | Name: dextp Value: 269-1-1728859290911|358-1-1728859291013|601-1-1728859291113|771-1-1728859291214|822-1-1728859291315|1123-1-1728859291416|1121-1-1728859291517|903-1-1728859291618|1175-1-1728859291719|22052-1-1728859291820|30064-1-1728859291921|30646-1-1728859292022|73426-1-1728859292123|121998-1-1728859292224|144230-1-1728859292325|144231-1-1728859292426|144232-1-1728859292527|144233-1-1728859292628|144234-1-1728859292729|144235-1-1728859292831|144236-1-1728859292932|144237-1-1728859293032|161033-1-1728859293134|139200-1-1728859293235 |
|
.amazon-adsystem.com/ | Name: ad-id Value: A-hzzZKwwk9FpBwBa1hVeRU |
|
.amazon-adsystem.com/ | Name: ad-privacy Value: 0 |
|
.onaudience.com/ | Name: cookie Value: dc13cabcfdffa268 |
5 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
auth.scotiaonline.scotiabank.com
cm.everesttech.net
csf-e58f0d0de3ce9fa5ebc118ad6482af34.memcyco.com
dlslhpkfqfglo.cloudfront.net
dmtags.scotiabank.com
dpm.demdex.net
funtoplaygamesforkids.duckdns.org
scotiabank.demdex.net
somniture.scotiabank.com
dmtags.scotiabank.com
107.20.112.51
18.209.125.30
184.25.41.104
20.79.155.225
2600:1408:10:280::51e
2600:9000:24d6:5000:d:e6dd:f300:21
2600:9000:24d6:e600:d:e6dd:f300:21
54.246.140.19
63.140.38.236
1a03537319bb4731e7d1251f5069d1c139df39f27a2a3f981f1f1a9e24b60683
51bf40e3535dee036bec3df6d4b279b4373fb22cdd40632535932d6999f7e37e
53c522f89bfce4eb46c2c5b53eb8c92874374faacaa22fde81e4ef2bd452ca07
68fa9b61ae61cd5d5c02d9385e6ffffcc2712549fb658012c6c1ddde6225fd1d
6b1fc966c38b12c845f9fd8bdb76027106b776783fd44eeed917663942b5fd16
7005532e5f203588e3311c9577d6ce84124b50e9344bee25199e9c28d6ae676a
764a09d0645d05257fd37913c10d3b76f7adfe430cb63904dff80ee8458feea3
9a54e6b1253d785972ccaab75a888119d13083bfb1f80343aef9454d5cd5bb6d
a12f50d4b2cf23b32e718484f2da0911ceec0ade447cdbfbf2928d53c40e2a78
aacbb4075dbf1cdc7057308d94338bba14434e9a62d662edd8d106eaca821654
b3bce010c0f5a7c24a82ae511194baf67bf8c2cee737a3a118f6b9590d322b15
d35fa1fe46195caf6c30e581d017303c44cf6201283acd06852f460b726d203e
db1238b507a45491709e7e13e45e76245a268bcd1b9bdfb63b6838c8de0fdeed
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629