premiumbros.com
Open in
urlscan Pro
2606:4700:3032::ac43:82a2
Public Scan
Submitted URL: http://xn--fdor-vpa.de/
Effective URL: https://premiumbros.com/lp_wp.html?cid=nrkSksDeQgqADfL8bTfr_rKG9kDnl3bQ
Submission: On July 15 via manual from FR
Effective URL: https://premiumbros.com/lp_wp.html?cid=nrkSksDeQgqADfL8bTfr_rKG9kDnl3bQ
Submission: On July 15 via manual from FR
Summary
This website contacted 11 IPs
in 3 countries
across 13 domains to perform 17 HTTP transactions.
The main IP is 2606:4700:3032::ac43:82a2, located in
United States and
belongs to CLOUDFLARENET, US.
The main domain is premiumbros.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on July 14th 2021. Valid for: a year.
This is the only time premiumbros.com was scanned on urlscan.io!
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on July 14th 2021. Valid for: a year.
This is the only time premiumbros.com was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 2 | 45.33.2.79 45.33.2.79 | 63949 (LINODE-AP...) (LINODE-AP Linode) | |
| 1 | 151.101.113.27 151.101.113.27 | 54113 (FASTLY) (FASTLY) | |
| 1 | 162.247.243.146 162.247.243.146 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
| 2 | 167.233.8.197 167.233.8.197 | 24940 (HETZNER-AS) (HETZNER-AS) | |
| 1 1 | 54.174.112.67 54.174.112.67 | 14618 (AMAZON-AES) (AMAZON-AES) | |
| 1 | 100.25.244.201 100.25.244.201 | 14618 (AMAZON-AES) (AMAZON-AES) | |
| 2 | 104.22.64.104 104.22.64.104 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
| 1 1 | 3.208.106.250 3.208.106.250 | 14618 (AMAZON-AES) (AMAZON-AES) | |
| 1 | 2606:4700:303... 2606:4700:3032::ac43:82a2 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
| 1 | 2a00:1450:400... 2a00:1450:4001:803::200a | 15169 (GOOGLE) (GOOGLE) | |
| 1 | 139.45.196.136 139.45.196.136 | 9002 (RETN-AS) (RETN-AS) | |
| 1 | 2a00:1450:400... 2a00:1450:4001:809::2003 | 15169 (GOOGLE) (GOOGLE) | |
| 17 | 11 |
2
45.33.2.79
(Richardson, United States)
ASN63949 (LINODE-AP Linode, LLC, US)
PTR: li956-79.members.linode.com
ASN63949 (LINODE-AP Linode, LLC, US)
PTR: li956-79.members.linode.com
| xn--fdor-vpa.de |
2
167.233.8.197
(Germany)
ASN24940 (HETZNER-AS, DE)
PTR: static.197.8.233.167.clients.your-server.de
ASN24940 (HETZNER-AS, DE)
PTR: static.197.8.233.167.clients.your-server.de
| track.vcdc.com |
1
54.174.112.67
(Ashburn, United States)
ASN14618 (AMAZON-AES, US)
PTR: ec2-54-174-112-67.compute-1.amazonaws.com
ASN14618 (AMAZON-AES, US)
PTR: ec2-54-174-112-67.compute-1.amazonaws.com
| amata-syb.com |
1
100.25.244.201
(Ashburn, United States)
ASN14618 (AMAZON-AES, US)
PTR: ec2-100-25-244-201.compute-1.amazonaws.com
ASN14618 (AMAZON-AES, US)
PTR: ec2-100-25-244-201.compute-1.amazonaws.com
| kaba-zaba.com |
1
3.208.106.250
(Ashburn, United States)
ASN14618 (AMAZON-AES, US)
PTR: ec2-3-208-106-250.compute-1.amazonaws.com
ASN14618 (AMAZON-AES, US)
PTR: ec2-3-208-106-250.compute-1.amazonaws.com
| news-easy.org |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 2 |
r-tb.com
feed.r-tb.com t.r-tb.com |
618 B |
| 2 |
vcdc.com
track.vcdc.com Failed |
2 KB |
| 2 |
xn--fdor-vpa.de
xn--fdor-vpa.de |
12 KB |
| 1 |
gstatic.com
fonts.gstatic.com |
14 KB |
| 1 |
bigrourg.net
bigrourg.net |
28 KB |
| 1 |
googleapis.com
fonts.googleapis.com |
642 B |
| 1 |
premiumbros.com
premiumbros.com |
2 KB |
| 1 |
news-easy.org
1 redirects
news-easy.org |
293 B |
| 1 |
kaba-zaba.com
kaba-zaba.com |
864 KB |
| 1 |
amata-syb.com
1 redirects
amata-syb.com |
816 B |
| 1 |
nr-data.net
bam-cell.nr-data.net |
866 B |
| 1 |
newrelic.com
js-agent.newrelic.com |
12 KB |
| 0 |
aff-track.net
Failed
mix.aff-track.net Failed |
|
| 17 | 13 |
| Domain | Requested by | |
|---|---|---|
| 2 | track.vcdc.com |
xn--fdor-vpa.de
track.vcdc.com |
| 2 | xn--fdor-vpa.de |
xn--fdor-vpa.de
|
| 1 | fonts.gstatic.com |
fonts.googleapis.com
|
| 1 | bigrourg.net |
premiumbros.com
|
| 1 | fonts.googleapis.com |
premiumbros.com
|
| 1 | t.r-tb.com |
kaba-zaba.com
|
| 1 | premiumbros.com |
kaba-zaba.com
|
| 1 | news-easy.org | 1 redirects |
| 1 | feed.r-tb.com |
kaba-zaba.com
|
| 1 | kaba-zaba.com |
track.vcdc.com
|
| 1 | amata-syb.com | 1 redirects |
| 1 | bam-cell.nr-data.net |
js-agent.newrelic.com
|
| 1 | js-agent.newrelic.com |
xn--fdor-vpa.de
|
| 0 | mix.aff-track.net Failed |
kaba-zaba.com
|
| 17 | 14 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| *.newrelic.com GlobalSign Atlas R3 DV TLS CA 2020 |
2021-05-05 - 2022-06-06 |
a year | crt.sh |
| *.nr-data.net DigiCert SHA2 Secure Server CA |
2020-02-05 - 2022-02-08 |
2 years | crt.sh |
| track.vcdc.com GlobeSSL DV CA |
2020-10-28 - 2021-10-28 |
a year | crt.sh |
| kaba-zaba.com R3 |
2021-07-10 - 2021-10-08 |
3 months | crt.sh |
| sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2021-06-11 - 2022-06-10 |
a year | crt.sh |
| upload.video.google.com GTS CA 1O1 |
2021-06-22 - 2021-09-14 |
3 months | crt.sh |
| bigrourg.net R3 |
2021-05-31 - 2021-08-29 |
3 months | crt.sh |
| *.gstatic.com GTS CA 1C3 |
2021-06-22 - 2021-09-14 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://premiumbros.com/lp_wp.html?cid=nrkSksDeQgqADfL8bTfr_rKG9kDnl3bQ
Frame ID: 4FFE1977152E737F6909333C951454AF
Requests: 19 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- http://xn--fdor-vpa.de/ Page URL
- https://track.vcdc.com/proceed.php?domain=xn--fdor-vpa.de&hash=f1044b005a88c808b71d2387e3dba3a7&u=e... Page URL
- https://track.vcdc.com/beam.php?tcid=&target=aHR0cDovL2FtYXRhLXN5Yi5jb20vemN2aXNpdG9yLzUwMGFmZGNlLW... Page URL
-
http://amata-syb.com/zcvisitor/500afdce-e564-11eb-875a-12959dcbe539/6019173b-675e-4852-98f4-d4f47...
HTTP 302
https://kaba-zaba.com/6nClUVM3tTVVpAQKfsZPuMj4VDDhJzSv1CPVAF_32pQ/?cid=zr500afdcee56411eb875a12959... Page URL
-
https://news-easy.org/4DRJzt2u5Z_UUxafBO31UUZPunAiPR99nZ2SFmFJRVA/?cid=JpN6x40gQE6N3KxJox1bI-mXFj_...
HTTP 302
https://premiumbros.com/lp_wp.html?cid=nrkSksDeQgqADfL8bTfr_rKG9kDnl3bQ Page URL
Detected technologies
Lua
(Programming Languages)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- headers server /openresty(?:\/([\d.]+))?/i
Nginx
(Web Servers)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- headers server /openresty(?:\/([\d.]+))?/i
OpenResty
(Web Servers)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- headers server /openresty(?:\/([\d.]+))?/i
Google Font API
(Font Scripts)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://xn--fdor-vpa.de/ Page URL
- https://track.vcdc.com/proceed.php?domain=xn--fdor-vpa.de&hash=f1044b005a88c808b71d2387e3dba3a7&u=eyJkb21haW4iOiJ4bi0tZmRvci12cGEuZGUiLCJkb21haW5faWQiOiIyMjA1NTI0MCIsImZvbGRlcl9pZCI6bnVsbCwibWlkIjoiMjI0IiwiZmlsdGVyX2lkIjpudWxsLCJhZHZlcnRpc2VyX2lkIjoiOCIsInRhcmdldCI6Imh0dHA6XC9cL2FtYXRhLXN5Yi5jb21cL3pjdmlzaXRvclwvNTAwYWZkY2UtZTU2NC0xMWViLTg3NWEtMTI5NTlkY2JlNTM5XC82MDE5MTczYi02NzVlLTQ4NTItOThmNC1kNGY0N2VkYmI5NzI/Y2FtcGFpZ25pZD02MzFjNzZmMC1jYWM1LTExZWItODUzOC0wYWVhOGI4NWE5NGYiLCJpcF9hZGRyZXNzIjoiMTU5LjQ4LjUzLjIzNSIsInR5cGUiOiJqYXZhX3JlZGlyZWN0IiwiYmlkIjoiMC4wMDYzMCJ9 Page URL
- https://track.vcdc.com/beam.php?tcid=&target=aHR0cDovL2FtYXRhLXN5Yi5jb20vemN2aXNpdG9yLzUwMGFmZGNlLWU1NjQtMTFlYi04NzVhLTEyOTU5ZGNiZTUzOS82MDE5MTczYi02NzVlLTQ4NTItOThmNC1kNGY0N2VkYmI5NzI/Y2FtcGFpZ25pZD02MzFjNzZmMC1jYWM1LTExZWItODUzOC0wYWVhOGI4NWE5NGY=&hash=5418927a4ba999b4f6234be130d3590b&m=MjI0 Page URL
-
http://amata-syb.com/zcvisitor/500afdce-e564-11eb-875a-12959dcbe539/6019173b-675e-4852-98f4-d4f47edbb972?campaignid=631c76f0-cac5-11eb-8538-0aea8b85a94f
HTTP 302
https://kaba-zaba.com/6nClUVM3tTVVpAQKfsZPuMj4VDDhJzSv1CPVAF_32pQ/?cid=zr500afdcee56411eb875a12959dcbe5398cbdb4d5dfe3441790690a3fc06260b90573007a7ca2c25291&dom=quebec-nag-9ozyop1hl Page URL
-
https://news-easy.org/4DRJzt2u5Z_UUxafBO31UUZPunAiPR99nZ2SFmFJRVA/?cid=JpN6x40gQE6N3KxJox1bI-mXFj_5Tpb7&sid=roni_w10_1106_de_chrome
HTTP 302
https://premiumbros.com/lp_wp.html?cid=nrkSksDeQgqADfL8bTfr_rKG9kDnl3bQ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 9- http://amata-syb.com/zcvisitor/500afdce-e564-11eb-875a-12959dcbe539/6019173b-675e-4852-98f4-d4f47edbb972?campaignid=631c76f0-cac5-11eb-8538-0aea8b85a94f HTTP 302
- https://kaba-zaba.com/6nClUVM3tTVVpAQKfsZPuMj4VDDhJzSv1CPVAF_32pQ/?cid=zr500afdcee56411eb875a12959dcbe5398cbdb4d5dfe3441790690a3fc06260b90573007a7ca2c25291&dom=quebec-nag-9ozyop1hl
17 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
/
xn--fdor-vpa.de/ |
26 KB 11 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
1
xn--fdor-vpa.de/mtm/async/eyJ1cmkiOiIvIiwiYXJncyI6IiIsInJlZmVyZXIiOiIiLCJob3N0X25hbWUiOiJ4bi0tZmRvci12cGEuZGUifQ:1m402x:8Z462wBuhxkIYSATFrJL-tYs7bc/ |
570 B 779 B |
Fetch
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
nr-1210.min.js
js-agent.newrelic.com/ |
31 KB 12 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
0d385ba8a0
bam-cell.nr-data.net/1/ |
49 B 866 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
proceed.php
track.vcdc.com/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
proceed.php
track.vcdc.com/ |
659 B 852 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST |
0d385ba8a0
bam-cell.nr-data.net/events/1/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST |
0d385ba8a0
bam-cell.nr-data.net/jserrors/1/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
beam.php
track.vcdc.com/ |
991 B 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
 Cookie set
/
kaba-zaba.com/6nClUVM3tTVVpAQKfsZPuMj4VDDhJzSv1CPVAF_32pQ/ Redirect Chain
|
864 KB 864 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
/
mix.aff-track.net/RzBtWh/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
AFU1kAAPatM
feed.r-tb.com/v1/native/ |
650 B 618 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
Primary Request
lp_wp.html
premiumbros.com/ Redirect Chain
|
4 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
imp
t.r-tb.com/ |
0 0 |
Fetch
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
css
fonts.googleapis.com/ |
2 KB 642 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
316 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
micro.tag.min.js
bigrourg.net/pfe/current/ |
77 KB 28 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
mem8YaGs126MiZpBA-UFVZ0b.woff2
fonts.gstatic.com/s/opensans/v20/ |
14 KB 14 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- track.vcdc.com
- URL
- https://track.vcdc.com/proceed.php?domain=xn--fdor-vpa.de&hash=f1044b005a88c808b71d2387e3dba3a7&u=eyJkb21haW4iOiJ4bi0tZmRvci12cGEuZGUiLCJkb21haW5faWQiOiIyMjA1NTI0MCIsImZvbGRlcl9pZCI6bnVsbCwibWlkIjoiMjI0IiwiZmlsdGVyX2lkIjpudWxsLCJhZHZlcnRpc2VyX2lkIjoiOCIsInRhcmdldCI6Imh0dHA6XC9cL2FtYXRhLXN5Yi5jb21cL3pjdmlzaXRvclwvNTAwYWZkY2UtZTU2NC0xMWViLTg3NWEtMTI5NTlkY2JlNTM5XC82MDE5MTczYi02NzVlLTQ4NTItOThmNC1kNGY0N2VkYmI5NzI/Y2FtcGFpZ25pZD02MzFjNzZmMC1jYWM1LTExZWItODUzOC0wYWVhOGI4NWE5NGYiLCJpcF9hZGRyZXNzIjoiMTU5LjQ4LjUzLjIzNSIsInR5cGUiOiJqYXZhX3JlZGlyZWN0IiwiYmlkIjoiMC4wMDYzMCJ9
- Domain
- bam-cell.nr-data.net
- URL
- https://bam-cell.nr-data.net/events/1/0d385ba8a0?a=31561968&v=1210.e2a3f80&to=NlVXNhBWW0IEAEENXQ8fcxcMVEFYCg0aEEAAVlMLAVpaRQoRGwVCEUMbFAtEXEU6EVoRRgRCGxQLUkJCXxNUA1c%3D&rst=1778&ck=0&ref=http://xn--fdor-vpa.de/
- Domain
- bam-cell.nr-data.net
- URL
- https://bam-cell.nr-data.net/jserrors/1/0d385ba8a0?a=31561968&v=1210.e2a3f80&to=NlVXNhBWW0IEAEENXQ8fcxcMVEFYCg0aEEAAVlMLAVpaRQoRGwVCEUMbFAtEXEU6EVoRRgRCGxQLUkJCXxNUA1c%3D&rst=1782&ck=0&ref=http://xn--fdor-vpa.de/
- Domain
- mix.aff-track.net
- URL
- https://mix.aff-track.net/RzBtWh/?utm_source=756&utm_campaign=7590794&cid=[CLICK_ID]&sid=webdriver_roni_w10_1106_de_chrome
Verdicts & Comments Add Verdict or Comment
12 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated object| ntfcSDK0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
amata-syb.com
bam-cell.nr-data.net
bigrourg.net
feed.r-tb.com
fonts.googleapis.com
fonts.gstatic.com
js-agent.newrelic.com
kaba-zaba.com
mix.aff-track.net
news-easy.org
premiumbros.com
t.r-tb.com
track.vcdc.com
xn--fdor-vpa.de
bam-cell.nr-data.net
mix.aff-track.net
track.vcdc.com
100.25.244.201
104.22.64.104
139.45.196.136
151.101.113.27
162.247.243.146
167.233.8.197
2606:4700:3032::ac43:82a2
2a00:1450:4001:803::200a
2a00:1450:4001:809::2003
3.208.106.250
45.33.2.79
54.174.112.67
015d20d81c56069329fd41a48417aeaf0792f27ea729fff95ee273cd48ab9117
3cd4435683f31935fe9fac4db83d9a8c232cfe0849eb2db5c561b839066b0608
4989cd3272fe8a4127d975c6756f68969ba9cd245762c8fbbc0c18cfcc8db608
5b8810ee64bade6fc49a6c0948f933337663c3df9526ed7e21694b728a15818e
604cb7c93bcd2c94f5acdf3126661d961b5016a85dd5309b649520e2b79a54e3
805d8e3864ade4af8b4ede0cd61a5dadf9f1721d273a79494c433405f67e7b52
81fde6b78f61c92837e57635b3d7f2460e153dfb8a24d164cf395d8901d79d83
a42f2ec73409f2753ef17d737714c86303fa45fc3a3d484a9b0c8ed28ef0fd6b
d4f1945e807b1ab78412c1ef75ad6b0324cf3e32dee84bd6fdbe3d5ba17e5db8
dac715f087720dd7ff7067f5d2ec1988851fa93140ae8a9cbfaa15659dd7fd82
e31a94f4638290bdb4a79cc0bc546a327d7c324329efbbda93ce50853b3627a3
ee3df69641a083faeda162fce068aef31075856f15c43c74eada446496b865f2