![](/screenshots/802dd2c7-1d7b-4358-99ee-e0e22637f540.png)
ln.ser-ute.173-211-46-69.cprapid.com
Open in
urlscan Pro
173.211.46.69
Malicious Activity!
Public Scan
Effective URL: https://ln.ser-ute.173-211-46-69.cprapid.com/nu-sed/it/index.php?&sessionid=4d07b3b6dece4d8cc66ee117a56278cd
Submission: On June 25 via api from US — Scanned from IT
Summary
TLS certificate: Issued by R11 on June 24th 2024. Valid for: 3 months.
This is the only time ln.ser-ute.173-211-46-69.cprapid.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Banco Desio (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 2 | 159.100.6.5 159.100.6.5 | 44066 (DE-FIRSTC...) (DE-FIRSTCOLO firstcolo.net) | |
3 17 | 173.211.46.69 173.211.46.69 | 212238 (CDNEXT) (CDNEXT) | |
2 | 184.24.77.47 184.24.77.47 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
1 3 | 34.252.224.238 34.252.224.238 | 16509 (AMAZON-02) (AMAZON-02) | |
2 | 23.212.223.254 23.212.223.254 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
1 | 108.128.43.116 108.128.43.116 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 63.140.62.17 63.140.62.17 | 15224 (OMNITURE) (OMNITURE) | |
1 1 | 54.194.32.70 54.194.32.70 | 16509 (AMAZON-02) (AMAZON-02) | |
22 | 6 |
ASN44066 (DE-FIRSTCOLO firstcolo.net, DE)
PTR: cp5.ultahost.com
verifica-dati-binance.com |
ASN212238 (CDNEXT, GB)
PTR: nokpsdflkonbaorcmf.healthdataco.com
ln.ser-ute.173-211-46-69.cprapid.com |
ASN20940 (AKAMAI-ASN1, NL)
PTR: a184-24-77-47.deploy.static.akamaitechnologies.com
ds-aksb-a.akamaihd.net |
ASN16509 (AMAZON-02, US)
PTR: ec2-34-252-224-238.eu-west-1.compute.amazonaws.com
dpm.demdex.net |
ASN16625 (AKAMAI-AS, US)
PTR: a23-212-223-254.deploy.static.akamaitechnologies.com
dmtags.scotiabank.com |
ASN16509 (AMAZON-02, US)
PTR: ec2-108-128-43-116.eu-west-1.compute.amazonaws.com
scotiabank.demdex.net |
ASN15224 (OMNITURE, US)
PTR: ip-63-140-62-17.data.adobedc.net
somniture.scotiabank.com |
ASN16509 (AMAZON-02, US)
PTR: ec2-54-194-32-70.eu-west-1.compute.amazonaws.com
cm.everesttech.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
17 |
cprapid.com
3 redirects
ln.ser-ute.173-211-46-69.cprapid.com |
7 MB |
4 |
demdex.net
1 redirects
dpm.demdex.net — Cisco Umbrella Rank: 242 scotiabank.demdex.net — Cisco Umbrella Rank: 134021 |
4 KB |
3 |
scotiabank.com
dmtags.scotiabank.com — Cisco Umbrella Rank: 130505 somniture.scotiabank.com — Cisco Umbrella Rank: 119877 |
15 KB |
2 |
akamaihd.net
ds-aksb-a.akamaihd.net — Cisco Umbrella Rank: 8306 |
5 KB |
2 |
verifica-dati-binance.com
2 redirects
verifica-dati-binance.com |
347 B |
1 |
everesttech.net
1 redirects
cm.everesttech.net — Cisco Umbrella Rank: 1336 |
490 B |
22 | 6 |
Domain | Requested by | |
---|---|---|
17 | ln.ser-ute.173-211-46-69.cprapid.com |
3 redirects
ln.ser-ute.173-211-46-69.cprapid.com
|
3 | dpm.demdex.net |
1 redirects
ln.ser-ute.173-211-46-69.cprapid.com
|
2 | dmtags.scotiabank.com |
ln.ser-ute.173-211-46-69.cprapid.com
|
2 | ds-aksb-a.akamaihd.net |
ln.ser-ute.173-211-46-69.cprapid.com
|
2 | verifica-dati-binance.com | 2 redirects |
1 | cm.everesttech.net | 1 redirects |
1 | somniture.scotiabank.com |
ln.ser-ute.173-211-46-69.cprapid.com
|
1 | scotiabank.demdex.net |
ln.ser-ute.173-211-46-69.cprapid.com
|
22 | 8 |
This site contains links to these domains. Also see Links.
Domain |
---|
ihbnext.cedacri.it |
Subject Issuer | Validity | Valid | |
---|---|---|---|
cpcontacts.ln.ser-ute.173-211-46-69.cprapid.com R11 |
2024-06-24 - 2024-09-22 |
3 months | crt.sh |
a248.e.akamai.net DigiCert TLS RSA SHA256 2020 CA1 |
2024-04-18 - 2025-04-19 |
a year | crt.sh |
apps.scotiabank.com Entrust Certification Authority - L1K |
2023-11-21 - 2024-12-21 |
a year | crt.sh |
*.demdex.com DigiCert Global G2 TLS RSA SHA256 2020 CA1 |
2023-09-26 - 2024-10-26 |
a year | crt.sh |
somniture.scotiabank.com Entrust Certification Authority - L1K |
2023-08-21 - 2024-09-21 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
https://ln.ser-ute.173-211-46-69.cprapid.com/nu-sed/it/index.php?&sessionid=4d07b3b6dece4d8cc66ee117a56278cd
Frame ID: AEFBBFE448E3CB76AA6BE2683308F0ED
Requests: 21 HTTP requests in this frame
Frame:
https://scotiabank.demdex.net/dest5.html?d_nsid=0
Frame ID: 9DE2D369D91E2C929F834BB6139333F6
Requests: 1 HTTP requests in this frame
Screenshot
![](/screenshots/802dd2c7-1d7b-4358-99ee-e0e22637f540.png)
Page Title
Account | Banco DesioPage URL History Show full URLs
-
https://verifica-dati-binance.com/wrjnms-loa
HTTP 301
https://verifica-dati-binance.com/wrjnms-loa/ HTTP 302
https://ln.ser-ute.173-211-46-69.cprapid.com/nu-sed HTTP 301
https://ln.ser-ute.173-211-46-69.cprapid.com/nu-sed/ HTTP 302
https://ln.ser-ute.173-211-46-69.cprapid.com/nu-sed/checkclient.php?&sessionid=4d07b3b6dece4d8cc66ee117a56278cd HTTP 302
https://ln.ser-ute.173-211-46-69.cprapid.com/nu-sed/it/index.php?&sessionid=4d07b3b6dece4d8cc66ee117a56278cd Page URL
Detected technologies
Detected patterns
- \.php(?:$|\?)
![](/vendor/wappa/icons/React.png)
Detected patterns
- <[^>]+data-react
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Title: Non ricordi i dati d'accesso?
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://verifica-dati-binance.com/wrjnms-loa
HTTP 301
https://verifica-dati-binance.com/wrjnms-loa/ HTTP 302
https://ln.ser-ute.173-211-46-69.cprapid.com/nu-sed HTTP 301
https://ln.ser-ute.173-211-46-69.cprapid.com/nu-sed/ HTTP 302
https://ln.ser-ute.173-211-46-69.cprapid.com/nu-sed/checkclient.php?&sessionid=4d07b3b6dece4d8cc66ee117a56278cd HTTP 302
https://ln.ser-ute.173-211-46-69.cprapid.com/nu-sed/it/index.php?&sessionid=4d07b3b6dece4d8cc66ee117a56278cd Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 10- https://dpm.demdex.net/id?d_visid_ver=5.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=0AAF22CE52827A080A490D4D%40AdobeOrg&d_nsid=0&ts=1719326515376 HTTP 302
- https://dpm.demdex.net/id/rd?d_visid_ver=5.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=0AAF22CE52827A080A490D4D%40AdobeOrg&d_nsid=0&ts=1719326515376
- https://cm.everesttech.net/cm/dd?d_uuid=82670548084171270440739297106181228773 HTTP 302
- https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZnrXNAAAAK1lagNx
22 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
index.php
ln.ser-ute.173-211-46-69.cprapid.com/nu-sed/it/ Redirect Chain
|
53 KB 53 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
styles.86a72d8001092c40e429.css
ln.ser-ute.173-211-46-69.cprapid.com/nu-sed/it/css/ |
1 MB 1 MB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
094054a424e3-launch-edbf66c903b6.min.js
ln.ser-ute.173-211-46-69.cprapid.com/nu-sed/it/js/ |
238 KB 239 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
aksb.min.js
ds-aksb-a.akamaihd.net/ |
13 KB 5 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
new-dmobile.png
ln.ser-ute.173-211-46-69.cprapid.com/nu-sed/it/images/ |
22 KB 22 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icons8-region-50.png
ln.ser-ute.173-211-46-69.cprapid.com/nu-sed/it/images/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icons8-phone-50.png
ln.ser-ute.173-211-46-69.cprapid.com/nu-sed/it/images/ |
990 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
.-6643-resource-loader.js
ln.ser-ute.173-211-46-69.cprapid.com/nu-sed/it/js/ |
221 B 467 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
.-6607-runtime.eff227375d548a03d4a2.js
ln.ser-ute.173-211-46-69.cprapid.com/nu-sed/it/js/ |
1 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
.-6204-main.b454267499c8d1dd0ee2.chunk.js
ln.ser-ute.173-211-46-69.cprapid.com/nu-sed/it/js/ |
5 MB 5 MB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
dF0
ln.ser-ute.173-211-46-69.cprapid.com/oJ0d/zt7x/3MnMW/33wsw/EcJYmNQk/ORoxZ2Ms/cVo0BWdH/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
rd
dpm.demdex.net/id/ Redirect Chain
|
5 KB 2 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
AppMeasurement.min.js
dmtags.scotiabank.com/launch/novaweb/27c34d6e7144/094054a424e3/b7f9de2492b6/hostedLibFiles/EP171e731c9ba34f1c950c36d26e3efd61/ |
33 KB 13 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
AppMeasurement_Module_ActivityMap.min.js
dmtags.scotiabank.com/launch/novaweb/27c34d6e7144/094054a424e3/b7f9de2492b6/hostedLibFiles/EP171e731c9ba34f1c950c36d26e3efd61/ |
3 KB 2 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
dest5.html
scotiabank.demdex.net/ Frame 9DE2 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
id
somniture.scotiabank.com/ |
48 B 476 B |
XHR
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ibs:dpid=411&dpuuid=ZnrXNAAAAK1lagNx
dpm.demdex.net/ Redirect Chain
|
42 B 715 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mobile-phone.png
ln.ser-ute.173-211-46-69.cprapid.com/nu-sed/it/css/ |
6 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
assets-8fd30bd010d9e2c7677ec339685f958b.woff
ln.ser-ute.173-211-46-69.cprapid.com/nu-sed/it/fonts/ |
30 KB 30 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
assets-00cecde981e3ef7491eba946f4b95fe0.woff
ln.ser-ute.173-211-46-69.cprapid.com/nu-sed/it/fonts/ |
31 KB 31 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
favicon.ico
ln.ser-ute.173-211-46-69.cprapid.com/nu-sed/it/images/ |
1 KB 1 KB |
Other
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
b
ds-aksb-a.akamaihd.net/2/682023/ |
0 269 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Banco Desio (Banking)27 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 undefined| event object| fence object| sharedStorage object| w object| d object| AKSB number| resources object| REDUX_STATE object| webpackJsonp object| _satellite boolean| __satelliteLoaded object| adobe function| Visitor object| s_c_il number| s_c_in object| appEventData number| _dataLayerOverwriteMonitor function| AppMeasurement function| s_gi function| s_pgicq number| s_objectID number| s_giq function| AppMeasurement_Module_ActivityMap object| s object| antiClickjack object| RT19 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
ln.ser-ute.173-211-46-69.cprapid.com/ | Name: PHPSESSID Value: 26cb7484ac0ae8064802f17a55b4b4be |
|
.demdex.net/ | Name: demdex Value: 82670548084171270440739297106181228773 |
|
.ser-ute.173-211-46-69.cprapid.com/ | Name: AMCVS_0AAF22CE52827A080A490D4D%40AdobeOrg Value: 1 |
|
.dpm.demdex.net/ | Name: dpm Value: 82670548084171270440739297106181228773 |
|
.ser-ute.173-211-46-69.cprapid.com/ | Name: AMCV_0AAF22CE52827A080A490D4D%40AdobeOrg Value: 1176715910%7CMCIDTS%7C19900%7CMCMID%7C91987909478335384540527013378069702135%7CMCAAMLH-1719931315%7C6%7CMCAAMB-1719931315%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1719333716s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-19907%7CvVersion%7C5.4.0 |
|
.adnxs.com/ | Name: receive-cookie-deprecation Value: 1 |
|
.doubleclick.net/ | Name: IDE Value: AHWqTUnQes1JcnnwsHOJoDAWv30UaYyGXLqpD6UC5kkc7rkfgg5yeTD0POuK0_B1rhA |
|
.mathtag.com/ | Name: uuid Value: 9877667a-d735-4000-a73d-c768c3a1e9f3 |
|
.twitter.com/ | Name: personalization_id Value: "v1_5tPYkzAIdRIY1uPWudrDVQ==" |
|
.rfihub.com/ | Name: rud Value: H4sIAAAAAAAA_-MSNjU0MjE2MjI2NrIwNjc1MLcwtRTiM9T1CIoqCTTzKs01dXYCAOFUYDMlAAAA |
|
.rfihub.com/ | Name: ruds Value: H4sIAAAAAAAA_-MSNjU0MjE2MjI2NrIwNjc1MLcwtRTiM9T1CIoqCTTzKs01dXYCAOFUYDMlAAAA |
|
.rfihub.com/ | Name: eud Value: H4sIAAAAAAAA_1vFxGtobmhpbGRmamhubGABAN5abuQQAAAA |
|
.eyeota.net/ | Name: SERVERID Value: 20696~DM |
|
.quantserve.com/ | Name: d Value: ENABDAGWLLmvYA |
|
.quantserve.com/ | Name: mc Value: 667ad735-95e5c-9eb38-db495 |
|
.demdex.net/ | Name: dextp Value: 269-1-1719326516333|358-1-1719326516434|601-1-1719326516535|771-1-1719326516635|822-1-1719326516736|1123-1-1719326516837|1121-1-1719326516938|903-1-1719326517038|1175-1-1719326517139|22052-1-1719326517240|30064-1-1719326517340|30646-1-1719326517441|73426-1-1719326517541|121998-1-1719326517642|144230-1-1719326517743|144231-1-1719326517844|144232-1-1719326517944|144233-1-1719326518045|144234-1-1719326518147|144235-1-1719326518248|144236-1-1719326518351|144237-1-1719326518453|161033-1-1719326518557|139200-1-1719326518657 |
|
.onaudience.com/ | Name: cookie Value: e5b63c9d68dde099 |
|
.amazon-adsystem.com/ | Name: ad-id Value: A1fIRgx3WUGIrs-G5rXDkD0 |
|
.amazon-adsystem.com/ | Name: ad-privacy Value: 0 |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cm.everesttech.net
dmtags.scotiabank.com
dpm.demdex.net
ds-aksb-a.akamaihd.net
ln.ser-ute.173-211-46-69.cprapid.com
scotiabank.demdex.net
somniture.scotiabank.com
verifica-dati-binance.com
108.128.43.116
159.100.6.5
173.211.46.69
184.24.77.47
23.212.223.254
34.252.224.238
54.194.32.70
63.140.62.17
03225d14336379353bc306d8a809ea367fd0c30491c43c96918aa68783d1d9b0
0c4aa449c09de4bc7447e0cb5c76bb62c5bc82d3bb806678a2180165ba78a696
0d3fb2e7ae7c73168ae60ea986f26e12d61f78c9632d39b4a2c4654c00250fb8
1005d7e1cdba845abaf190203acd62ca9e994414be24e46ea8878be1374e2438
114ea0b2dfbba7ae939b3b84ce79969942a5eb9a06a84d1315a05cb9b45f7341
15db266fd7466c7e8d763d0afbbe4b4fed1ed4e147682120289064c9f2e9f540
462a66acbf50e933685e7587e9f1441df8225b2bb4d6b7bc5e757eccf4ff6575
4aa0cb13c447cd5d35729bf6bf5cd8a799834df440c838041646ebb8d8488926
5037b298c4193baf7e920bee2999d2ab852db7a3b6b09a38c25a78db92baf69b
5f45b253b0621b40b352b1ec52c4b2066bca8e71c5ac54d922459fc8109d9366
647869f1f836569f0ec4de08c629ffc442525b5ea97913fd90dc009caedd5649
7f06def529e0076b37f65c60085a6b1c65f1bbab0b1f87c72c188018b5094966
8eebca5d5201dfffb388cb15cc50ff2b9b40b46508a557ab4e5b23b40c2f5bd6
9219086b4f2c3bf77854b2e06ccd97ad32b9b7a140e65ff8b974a3bae6c7854c
bdcedcc0085acc0e4d5a4489b2d73c2aae3f918b17f31bafcf4d8e8b1cc772be
ca4198ed60b7345e008af4c10c8ef0799d36bbd1f872d78b7e0956a1459e05b3
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e46cc6bdfd9597f8ebe594cfb61fccbe87e8b768c8abb46ae5e10de56ed67c6b
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
fde6372895f5b115abe65c37ae2a4f4769e43cfb6d826eb3f256477e6bb17fe0