www.hamrahannoorshabakeh.com
Open in
urlscan Pro
164.138.19.1
Malicious Activity!
Public Scan
Submission: On March 11 via api from US
Summary
This is the only time www.hamrahannoorshabakeh.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
33 | 164.138.19.1 164.138.19.1 | 59431 (RAV-NET-01) (RAV-NET-01) | |
3 | 2a02:26f0:710... 2a02:26f0:7100:482::35c1 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
1 | 151.101.112.193 151.101.112.193 | 54113 (FASTLY) (FASTLY) | |
1 | 2620:1ec:29::19 2620:1ec:29::19 | 8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
1 | 2001:4de0:ac1... 2001:4de0:ac18::1:a:1a | 20446 (HIGHWINDS3) (HIGHWINDS3) | |
39 | 6 |
ASN59431 (RAV-NET-01, IR)
PTR: linux20.sgnetway.net
www.hamrahannoorshabakeh.com |
ASN20940 (AKAMAI-ASN1, NL)
secure.aadcdn.microsoftonline-p.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
33 |
hamrahannoorshabakeh.com
www.hamrahannoorshabakeh.com |
2 MB |
3 |
microsoftonline-p.com
secure.aadcdn.microsoftonline-p.com |
6 KB |
1 |
jquery.com
code.jquery.com |
30 KB |
1 |
msauth.net
aadcdn.msauth.net |
1 KB |
1 |
imgur.com
i.imgur.com |
15 KB |
39 | 5 |
Domain | Requested by | |
---|---|---|
33 | www.hamrahannoorshabakeh.com |
www.hamrahannoorshabakeh.com
|
3 | secure.aadcdn.microsoftonline-p.com |
www.hamrahannoorshabakeh.com
|
1 | code.jquery.com |
www.hamrahannoorshabakeh.com
|
1 | aadcdn.msauth.net |
www.hamrahannoorshabakeh.com
|
1 | i.imgur.com |
www.hamrahannoorshabakeh.com
|
39 | 5 |
This site contains links to these domains. Also see Links.
Domain |
---|
login.microsoftonline.com |
login.live.com |
www.microsoft.com |
privacy.microsoft.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
secure.aadcdn.microsoftonline-p.com Microsoft RSA TLS CA 01 |
2020-12-22 - 2021-12-22 |
a year | crt.sh |
*.imgur.com DigiCert SHA2 Secure Server CA |
2020-01-15 - 2022-03-16 |
2 years | crt.sh |
aadcdn.msauth.net DigiCert SHA2 Secure Server CA |
2021-01-07 - 2022-01-06 |
a year | crt.sh |
jquery.org Sectigo RSA Domain Validation Secure Server CA |
2020-10-06 - 2021-10-16 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
http://www.hamrahannoorshabakeh.com/Office%20%20Documents/truelogin/
Frame ID: 15F794BE43BDD05FECBAB6267A4A7382
Requests: 8 HTTP requests in this frame
Frame:
http://www.hamrahannoorshabakeh.com/Office%20%20Documents/truelogin/Sign%20in%20to%20your%20account_files/prefetch(1).html
Frame ID: 1CFF0C560B280285FA5C7BEA482111AE
Requests: 33 HTTP requests in this frame
4 Outgoing links
These are links going to different origins than the main page.
Title: Can’t access your account?
Search URL Search Domain Scan URL
Title: Create one!
Search URL Search Domain Scan URL
Title: Terms of use
Search URL Search Domain Scan URL
Title: Privacy & cookies
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
39 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
www.hamrahannoorshabakeh.com/Office%20%20Documents/truelogin/ |
206 KB 207 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
microsoft_logo.svg
secure.aadcdn.microsoftonline-p.com/ests/2.1.8148.16/content/images/ |
4 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
0-small.jpg
secure.aadcdn.microsoftonline-p.com/ests/2.1.8148.16/content/images/backgrounds/ |
3 KB 3 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
9IK0AIy.jpg
i.imgur.com/ |
14 KB 15 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
signin-options_4e48046ce74f4b89d45037c90576bfac.svg
aadcdn.msauth.net/shared/1.0/content/images/ |
2 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ellipsis_white.svg
secure.aadcdn.microsoftonline-p.com/ests/2.1.8148.16/content/images/ |
915 B 641 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ellipsis_grey.svg
www.hamrahannoorshabakeh.com/Office%20%20Documents/truelogin/Sign%20in%20to%20your%20account_files/ |
2 KB 2 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.3.1.min.js
code.jquery.com/ |
85 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
prefetch(1).html
www.hamrahannoorshabakeh.com/Office%20%20Documents/truelogin/Sign%20in%20to%20your%20account_files/ Frame 1CFF |
66 KB 66 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
style-rtl.min.css
www.hamrahannoorshabakeh.com/wp-includes/css/dist/block-library/ Frame 1CFF |
50 KB 50 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
theme-rtl.min.css
www.hamrahannoorshabakeh.com/wp-includes/css/dist/block-library/ Frame 1CFF |
2 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
v4-shims.min.css
www.hamrahannoorshabakeh.com/wp-content/plugins/js_composer/assets/lib/bower/font-awesome/css/ Frame 1CFF |
34 KB 34 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
all.min.css
www.hamrahannoorshabakeh.com/wp-content/plugins/js_composer/assets/lib/bower/font-awesome/css/ Frame 1CFF |
55 KB 55 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
czicons.css
www.hamrahannoorshabakeh.com/wp-content/plugins/codevz-plus/admin/fields/codevz_fields/icons/ Frame 1CFF |
25 KB 25 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
styles.css
www.hamrahannoorshabakeh.com/wp-content/plugins/contact-form-7/includes/css/ Frame 1CFF |
3 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
styles-rtl.css
www.hamrahannoorshabakeh.com/wp-content/plugins/contact-form-7/includes/css/ Frame 1CFF |
152 B 392 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
rs6.css
www.hamrahannoorshabakeh.com/wp-content/plugins/revslider/public/assets/css/ Frame 1CFF |
59 KB 59 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
rtl-xtra-front.css
www.hamrahannoorshabakeh.com/wp-content/plugins/rtl-xtra/css/ Frame 1CFF |
35 KB 35 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
style.css
www.hamrahannoorshabakeh.com/wp-content/themes/xtra/ Frame 1CFF |
480 B 720 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
style.css
www.hamrahannoorshabakeh.com/wp-content/themes/xtra-child/ Frame 1CFF |
248 B 488 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
core.css
www.hamrahannoorshabakeh.com/wp-content/themes/xtra/ Frame 1CFF |
117 KB 117 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
codevzplus.css
www.hamrahannoorshabakeh.com/wp-content/plugins/codevz-plus/assets/css/ Frame 1CFF |
191 KB 191 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.min.js
www.hamrahannoorshabakeh.com/wp-includes/js/jquery/ Frame 1CFF |
87 KB 88 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-migrate.min.js
www.hamrahannoorshabakeh.com/wp-includes/js/jquery/ Frame 1CFF |
11 KB 11 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
rbtools.min.js
www.hamrahannoorshabakeh.com/wp-content/plugins/revslider/public/assets/js/ Frame 1CFF |
119 KB 119 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
rs6.min.js
www.hamrahannoorshabakeh.com/wp-content/plugins/revslider/public/assets/js/ Frame 1CFF |
327 KB 327 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo-hns.png
www.hamrahannoorshabakeh.com/wp-content/uploads/2020/12/ Frame 1CFF |
251 KB 251 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
js_composer.min.css
www.hamrahannoorshabakeh.com/wp-content/plugins/js_composer/assets/css/ Frame 1CFF |
474 KB 475 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
wp-polyfill.min.js
www.hamrahannoorshabakeh.com/wp-includes/js/dist/vendor/ Frame 1CFF |
97 KB 97 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
i18n.min.js
www.hamrahannoorshabakeh.com/wp-includes/js/dist/ Frame 1CFF |
9 KB 10 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
lodash.min.js
www.hamrahannoorshabakeh.com/wp-includes/js/dist/vendor/ Frame 1CFF |
71 KB 71 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
url.min.js
www.hamrahannoorshabakeh.com/wp-includes/js/dist/ Frame 1CFF |
13 KB 14 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
hooks.min.js
www.hamrahannoorshabakeh.com/wp-includes/js/dist/ Frame 1CFF |
6 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
api-fetch.min.js
www.hamrahannoorshabakeh.com/wp-includes/js/dist/ Frame 1CFF |
12 KB 12 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
index.js
www.hamrahannoorshabakeh.com/wp-content/plugins/contact-form-7/includes/js/ Frame 1CFF |
11 KB 11 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
custom.js
www.hamrahannoorshabakeh.com/wp-content/themes/xtra/assets/js/ Frame 1CFF |
41 KB 41 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
codevzplus.js
www.hamrahannoorshabakeh.com/wp-content/plugins/codevz-plus/assets/js/ Frame 1CFF |
104 KB 104 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
wp-embed.min.js
www.hamrahannoorshabakeh.com/wp-includes/js/ Frame 1CFF |
1 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
js_composer_front.min.js
www.hamrahannoorshabakeh.com/wp-content/plugins/js_composer/assets/js/dist/ Frame 1CFF |
20 KB 20 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame 1CFF |
92 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame 1CFF |
82 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)13 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| trustedTypes boolean| crossOriginIsolated function| $ function| jQuery function| goNext function| closeBox function| checkSubmit function| isEmail function| iserror0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
aadcdn.msauth.net
code.jquery.com
i.imgur.com
secure.aadcdn.microsoftonline-p.com
www.hamrahannoorshabakeh.com
151.101.112.193
164.138.19.1
2001:4de0:ac18::1:a:1a
2620:1ec:29::19
2a02:26f0:7100:482::35c1
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
04950e48cd4097fb4a540c3abcf445cd92d59bdf9ba40f49cfb180cc94387a2f
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
076956289c202e94f3657469ef81a4d47dc69d2441d088de292918d6b07d30c9
08820b5c751dfc5b2967546a14affcefc7848c0136881b20be75f04fb669ef3a
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
222473f6dc32ffe75f7a22dc70f25a8909d3c8e3e7f2d0fb7605f60dbd8c8841
26f87df80e0735b6d6b169750f0ee403336c537cbc7a51888cb9d449434cb4b8
2eae52ab43800af3c7696f38ae3ab6eec44c89d0698803d576cf80a2e04b29b4
314ce6baaa3218eb171fa2c278d7fdf1b9872305dfa667e9cbf2df77c83a9a88
41d764db49ec1705c84b60b85bc505a0997616846bf4a8b52849bfcaf8d21909
464ac2f7b4dc3494a9b1243612a66fc3ec086c90e04567dd3252741a79abda79
52a1b5e5a7ee58144049d1f273131a56f18d0aba2072fa0eb17951a7087390a0
5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991
60240d5a27ede94fd35fea44bd110b88c7d8cfc08127f032d13b0c622b8be827
6075736ea9c281d69c4a3d78ff97bb61b9416a5809919babe5a0c5596f99aaea
6612f7633a812315b76f5e7aa08e04c4afe914f0aee08cf2c3ae1a9eddbf8bc9
67428255da0829609542ead147366760d1030711dbfa9338f8f54a6dda972bdc
6de35f4c8b849422cb62589d05c50cd572d9a2d0f8810f0f88f88d20e98a17fa
76028dd6cfef36f1bcd126edaf9abeb75972f1b28e3383268082cda1da9ffd09
7f618063d56febc293240fa3a3d8281433f248faa4045a4e076fe45b8d69e9ec
8df99a4a3bfeaa52145605656fec3e44096aca5868f65d81d51abec33e79acd2
8e6db1634f1812d42516778fc890010aa57f3e39914fb4803df2c38abbf56d93
8f34333791301ad1de338f288a596e8cc3f581fd571b037ca450ef53db8adfda
901640c8d3e8ab1178f574cb9b027343a135b08c19283e183adfed11dbb012b9
a8a48aa8b7e425b2ed4ba39c3984a77d8a5b488692d5eac028052e258bbe9bed
ab2474764734948ff14338185cbed33f55a5702f67c6d485cd674c737a75755a
b2dfec4e2b8ae9dc102f1979a737f447a19d3c9406f8fb7f918c6d6553b0712e
b97eaaaabe95455ce9f748fcdb17f991db60bbf87da075b6e37fcd46b23cf1c5
c2adb147e028d09b083c1b7e691cadf5c43980e69a1718764b5cc7db2fee9bb3
c52c11cc9338b3eab968a005a5a0d6cbb9f80da1016d4f755078a8ecfd089bcb
ca642c1d9a4a38928722e0e2e4f3f29bcb284a1aa89cdb21d1638313a763a1c5
ccff49c86ee1937dd371734a05307e1abc057b3c255587ed918e47b1cf728d93
cd02716aefd411689e481090941748a4bf0f6d8335ca99166f6cc5873f8d4899
cdfdf586f38cfb19c6264343cc6a64adce7ff0961834e96a2f912f01dc29e3f0
d36e5d7328268d21c6941039a7b6a15c7ed7414f60dbee72d2231d11ac9bdaf3
d59bf6f772c44e0fb74fae16abb757bddf2600adc89641262accbe06d68b7de1
d87aaa11549edb8037c429c32d083c7004d4fb26db52c09ce84dc4c09cc476b9
f5d1de019f464e8279bd2003b66defb192aee756b3675dacf468a9d39e7a7240
f89e908280791803bbf1f33b596ff4a2179b355a8e15ad02ebaa2b1da11127ea
f918adfae4672ad3160e57cc94881753f1c4ee02c9f7e3f569c17b4c8109594a