www.formecentromedico.it
Open in
urlscan Pro
109.168.124.23
Malicious Activity!
Public Scan
Submitted URL: https://www.upai.it/I/
Effective URL: https://www.formecentromedico.it/wp-content/upgrade/cache/GnKcMFBhbRxnZBnejAXvCrKEeeKaDX5MNV4K8TFQX5dm4L4sE3npuj4Lkp4KHJG22eVya8d...
Submission Tags: 7068220
Submission: On April 13 via api from NL
Effective URL: https://www.formecentromedico.it/wp-content/upgrade/cache/GnKcMFBhbRxnZBnejAXvCrKEeeKaDX5MNV4K8TFQX5dm4L4sE3npuj4Lkp4KHJG22eVya8d...
Submission Tags: 7068220
Submission: On April 13 via api from NL
Summary
This website contacted 4 IPs
in 1 countries
across 4 domains to perform 25 HTTP transactions.
The main IP is 109.168.124.23, located in
Italy and
belongs to AS-IRIDEOS-KP, IT.
The main domain is www.formecentromedico.it.
TLS certificate: Issued by RapidSSL TLS DV RSA Mixed SHA256 2020... on March 16th 2021. Valid for: a year.
This is the only time www.formecentromedico.it was scanned on urlscan.io!
TLS certificate: Issued by RapidSSL TLS DV RSA Mixed SHA256 2020... on March 16th 2021. Valid for: a year.
This is the only time www.formecentromedico.it was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Unicredit (Banking)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 1 2 | 151.11.48.30 151.11.48.30 | 24994 (GENESYS-AS) (GENESYS-AS) | |
| 1 2 | 188.219.192.218 188.219.192.218 | 30722 (VODAFONE-...) (VODAFONE-IT-ASN) | |
| 3 | 109.168.124.23 109.168.124.23 | 5602 (AS-IRIDEO...) (AS-IRIDEOS-KP) | |
| 20 | 213.134.66.112 213.134.66.112 | 15515 (UNICREDIT...) (UNICREDIT-AS-VR-IT Via Alessandro Specchi 16) | |
| 25 | 4 |
2
188.219.192.218
(Genoa, Italy)
ASN30722 (VODAFONE-IT-ASN, IT)
PTR: net-188-219-192-218.cust.vodafonedsl.it
ASN30722 (VODAFONE-IT-ASN, IT)
PTR: net-188-219-192-218.cust.vodafonedsl.it
| www.beelab.to |
3
109.168.124.23
(Italy)
ASN5602 (AS-IRIDEOS-KP, IT)
PTR: 23.124.168.109.host.static.ip.kpnqwest.it
ASN5602 (AS-IRIDEOS-KP, IT)
PTR: 23.124.168.109.host.static.ip.kpnqwest.it
| www.formecentromedico.it |
20
213.134.66.112
(Milan, Italy)
ASN15515 (UNICREDIT-AS-VR-IT Via Alessandro Specchi 16, IT)
ASN15515 (UNICREDIT-AS-VR-IT Via Alessandro Specchi 16, IT)
| at-assets.ucgstatic.eu |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 20 |
ucgstatic.eu
at-assets.ucgstatic.eu |
1 MB |
| 3 |
formecentromedico.it
www.formecentromedico.it |
11 KB |
| 2 |
beelab.to
1 redirects
www.beelab.to |
744 B |
| 2 |
upai.it
1 redirects
www.upai.it |
214 B |
| 25 | 4 |
| Domain | Requested by | |
|---|---|---|
| 20 | at-assets.ucgstatic.eu |
www.formecentromedico.it
at-assets.ucgstatic.eu |
| 3 | www.formecentromedico.it |
www.beelab.to
www.formecentromedico.it |
| 2 | www.beelab.to |
1 redirects
www.upai.it
|
| 2 | www.upai.it | 1 redirects |
| 25 | 4 |
This site contains links to these domains. Also see Links.
| Domain |
|---|
| www.bankaustria.at |
| sicherheit.bankaustria.at |
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| upai.it R3 |
2021-02-19 - 2021-05-20 |
3 months | crt.sh |
| beelab.to R3 |
2021-03-01 - 2021-05-30 |
3 months | crt.sh |
| www.formecentromedico.it RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1 |
2021-03-16 - 2022-03-16 |
a year | crt.sh |
| at-assets.ucgstatic.eu Actalis Organization Validated Server CA G3 |
2020-10-06 - 2021-10-06 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.formecentromedico.it/wp-content/upgrade/cache/GnKcMFBhbRxnZBnejAXvCrKEeeKaDX5MNV4K8TFQX5dm4L4sE3npuj4Lkp4KHJG22eVya8drHMmagpQVRPS4ZyxQgHhQVy6PTS38efvEV6duyNhMWUAdt9Z5Yja7Fbf3/info/
Frame ID: 5F8D1A29627A6F1A480753DEC24B1658
Requests: 25 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- https://www.upai.it/I/ Page URL
-
https://www.upai.it/I/
HTTP 302
https://www.beelab.to/I/ Page URL
-
https://www.beelab.to/I/
HTTP 302
https://www.formecentromedico.it/wp-content/upgrade/cache/GnKcMFBhbRxnZBnejAXvCrKEeeKaDX5MNV4K8TFQX5dm4L4sE3n... Page URL
- https://www.formecentromedico.it/wp-content/upgrade/cache/GnKcMFBhbRxnZBnejAXvCrKEeeKaDX5MNV4K8TFQX5dm4L4sE3n... Page URL
Detected technologies
Adobe Experience Manager
(CMS)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- script /\/etc\/designs\//i
Java
(Programming Languages)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- script /\/etc\/designs\//i
Apache
(Web Servers)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Page Statistics
14 Outgoing links
These are links going to different origins than the main page.
URL: https://www.bankaustria.at/
Search URL Search Domain Scan URL
URL: http://www.bankaustria.at/privatkunden.jsp
Title: Privatkunden
Title: Privatkunden
Search URL Search Domain Scan URL
URL: http://www.bankaustria.at/firmenkunden-und-freie-berufe.jsp
Title: Firmenkunden
Title: Firmenkunden
Search URL Search Domain Scan URL
URL: http://www.bankaustria.at/private-banking.jsp
Title: Private Banking
Title: Private Banking
Search URL Search Domain Scan URL
URL: http://www.bankaustria.at/ueber-uns.jsp
Title: Über uns
Title: Über uns
Search URL Search Domain Scan URL
URL: https://www.bankaustria.at/psd2.jsp#tab41770
Title: hier
Title: hier
Search URL Search Domain Scan URL
URL: http://www.bankaustria.at/privatkunden-online-services-online-banking.jsp#pin
Title: PIN vergessen oder Verfügernummer gesperrt?
Title: PIN vergessen oder Verfügernummer gesperrt?
Search URL Search Domain Scan URL
URL: https://www.bankaustria.at/megatrend-fonds.jsp?ucid=INT-8309-Megatrends-OLB
Title: Mehr erfahren
Title: Mehr erfahren
Search URL Search Domain Scan URL
URL: http://sicherheit.bankaustria.at/
Title: Sicherheitsinformationen
Title: Sicherheitsinformationen
Search URL Search Domain Scan URL
URL: https://www.bankaustria.at/24h-service.jsp
Title: FAQ
Title: FAQ
Search URL Search Domain Scan URL
URL: http://www.bankaustria.at/
Title: UniCredit Bank Austria AG
Title: UniCredit Bank Austria AG
Search URL Search Domain Scan URL
URL: http://www.bankaustria.at/rechtliches-impressum.jsp
Title: Impressum
Title: Impressum
Search URL Search Domain Scan URL
URL: http://www.bankaustria.at/rechtliches-agb.jsp
Title: AGB
Title: AGB
Search URL Search Domain Scan URL
URL: http://www.bankaustria.at/rechtliches-datenschutz.jsp
Title: Datenschutzerklärung
Title: Datenschutzerklärung
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://www.upai.it/I/ Page URL
-
https://www.upai.it/I/
HTTP 302
https://www.beelab.to/I/ Page URL
-
https://www.beelab.to/I/
HTTP 302
https://www.formecentromedico.it/wp-content/upgrade/cache/GnKcMFBhbRxnZBnejAXvCrKEeeKaDX5MNV4K8TFQX5dm4L4sE3npuj4Lkp4KHJG22eVya8drHMmagpQVRPS4ZyxQgHhQVy6PTS38efvEV6duyNhMWUAdt9Z5Yja7Fbf3/info/ Page URL
- https://www.formecentromedico.it/wp-content/upgrade/cache/GnKcMFBhbRxnZBnejAXvCrKEeeKaDX5MNV4K8TFQX5dm4L4sE3npuj4Lkp4KHJG22eVya8drHMmagpQVRPS4ZyxQgHhQVy6PTS38efvEV6duyNhMWUAdt9Z5Yja7Fbf3/info/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 1- https://www.upai.it/I/ HTTP 302
- https://www.beelab.to/I/
- https://www.beelab.to/I/ HTTP 302
- https://www.formecentromedico.it/wp-content/upgrade/cache/GnKcMFBhbRxnZBnejAXvCrKEeeKaDX5MNV4K8TFQX5dm4L4sE3npuj4Lkp4KHJG22eVya8drHMmagpQVRPS4ZyxQgHhQVy6PTS38efvEV6duyNhMWUAdt9Z5Yja7Fbf3/info/
25 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
/
www.upai.it/I/ |
69 B 173 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
/
www.beelab.to/I/ Redirect Chain
|
69 B 342 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
/
www.formecentromedico.it/wp-content/upgrade/cache/GnKcMFBhbRxnZBnejAXvCrKEeeKaDX5MNV4K8TFQX5dm4L4sE3npuj4Lkp4KHJG22eVya8drHMmagpQVRPS4ZyxQgHhQVy6PTS38efvEV6duyNhMWUAdt9Z5Yja7Fbf3/info/ Redirect Chain
|
69 B 411 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
Primary Request
 Cookie set
/
www.formecentromedico.it/wp-content/upgrade/cache/GnKcMFBhbRxnZBnejAXvCrKEeeKaDX5MNV4K8TFQX5dm4L4sE3npuj4Lkp4KHJG22eVya8drHMmagpQVRPS4ZyxQgHhQVy6PTS38efvEV6duyNhMWUAdt9Z5Yja7Fbf3/info/ |
43 KB 10 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
head_at_login.js
at-assets.ucgstatic.eu/etc/designs/gimb/clientlibs/ |
1 MB 281 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
head_at_login.css
at-assets.ucgstatic.eu/etc/designs/gimb/clientlibs/ |
1 MB 343 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
BAMofUC-logo-flat.svg
at-assets.ucgstatic.eu/content/dam/gimb/at/Common%20area/ |
9 KB 10 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
login-common.min.160120181900.css
at-assets.ucgstatic.eu/etc/designs/gimb/functions/EP5-PSA-LOGIN/at/css/ |
284 B 846 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
login.min.160120181900.css
at-assets.ucgstatic.eu/etc/designs/gimb/functions/EP5-PSA-LOGIN/at/css/ |
10 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
dkStep.min.160120181900.css
at-assets.ucgstatic.eu/etc/designs/gimb/functions/EP5-PSA-LOGIN/at/css/dkLibs/ |
2 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
dkBase.min.160120181900.js
at-assets.ucgstatic.eu/etc/designs/gimb/functions/EP5-PSA-LOGIN/at/js/dkLibs/ |
99 KB 28 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
login.js.faces
www.formecentromedico.it/EP5-PSA-LOGIN/javax.faces.resource/js/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
managelanguage.min.160120181900.css
at-assets.ucgstatic.eu/etc/designs/gimb/functions/EP5-PSA-MANAGELANGUAGE/css/ |
3 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
1548766786234.png
at-assets.ucgstatic.eu/content/gimb_at/de/login/login/_jcr_content/footer/img1.img.png/ |
642 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
1548766786234.png
at-assets.ucgstatic.eu/content/gimb_at/de/login/login/_jcr_content/footer/img4.img.png/ |
618 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
1548766786234.png
at-assets.ucgstatic.eu/content/gimb_at/de/login/login/_jcr_content/footer/img5.img.png/ |
611 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
sprite-common.png
at-assets.ucgstatic.eu/etc/designs/gimb/img/ |
22 KB 23 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
IconWerk2-mono-v05.woff
at-assets.ucgstatic.eu/etc/designs/gimb/fonts/ |
14 KB 15 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
unicredit-regular.otf
at-assets.ucgstatic.eu/etc/designs/gimb/fonts/ |
98 KB 98 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
unicredit-medium.otf
at-assets.ucgstatic.eu/etc/designs/gimb/fonts/ |
114 KB 115 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
unicredit-light.otf
at-assets.ucgstatic.eu/etc/designs/gimb/fonts/ |
102 KB 103 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
ico-infologin.png
at-assets.ucgstatic.eu/etc/designs/gimb/img/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
sprite-lang-at.png
at-assets.ucgstatic.eu/etc/designs/gimb/functions/EP5-PSA-MANAGELANGUAGE/css/img/ |
2 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
sprite-lang-en.png
at-assets.ucgstatic.eu/etc/designs/gimb/functions/EP5-PSA-MANAGELANGUAGE/css/img/ |
5 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
1571928623060.png
at-assets.ucgstatic.eu/content/gimb_at/de/login/login/jcr:content/content_parsys/bordercontainer/wcm/verticalbanner/img.img.png/ |
361 KB 361 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Unicredit (Banking)38 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated function| $ function| jQuery function| PF object| PrimeFaces function| Class object| atmosphere object| jQuery112408539820830906293 function| goToPageWithLoader function| openModalWithLoader function| goToPageModalInjectWithLoaderCloseAppModal function| closeOverlayPopup function| closeOverlayPopupAndRedirect function| closeOverlayPopupAndRedirectOnEvent function| showOverlayPopup undefined| displayJSFAjaxLoadingDivTimeout function| displayJSFAjaxLoadingDiv function| timeoutShowDiv function| hideJSFAjaxLoadingDiv function| findNearestLoader function| findNearestLoaderFast function| smartFindParent function| listenGimbModalCloseEvent function| closeGimbModal function| dynaTraceGIMBSCA object| myfaces object| jsf function| updateLogin function| hidelanguagesportlet function| unhidelanguagesportlet2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| www.formecentromedico.it/ | Name: PHPSESSID Value: 6eltfs8qv2a9rfql7ulvaab9db |
|
| www.formecentromedico.it/wp-content/upgrade/cache/GnKcMFBhbRxnZBnejAXvCrKEeeKaDX5MNV4K8TFQX5dm4L4sE3npuj4Lkp4KHJG22eVya8drHMmagpQVRPS4ZyxQgHhQVy6PTS38efvEV6duyNhMWUAdt9Z5Yja7Fbf3/info | Name: ready Value: gogo |
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
| Source | Level | URL Text |
|---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
at-assets.ucgstatic.eu
www.beelab.to
www.formecentromedico.it
www.upai.it
109.168.124.23
151.11.48.30
188.219.192.218
213.134.66.112
0199fe56946047083e3626f0cdd15895ffcbbdf8ff1babaaf088ce7059cc8a92
14fcf0f22a5e48daed3bf981ac816103c8c68bfbd16ab8bbd5c38352d702c4d9
18b1c0abd01d9dd86722431ca611b9e4aa23025948fa2c9a39efd20de667f2c6
1bca2d1b036fa99c59c3134b389d2500f680b9b0ff5d1ec91dfbeefeaf5d7416
1e3ee0e0a80fa4ee97e7dfc365a431d2f83ef471193e7460d76dd27357f9e55b
208b4feaf8e35d6c6cc15eb83133d392297a0723562bc07d584d17bbea505514
2ad850adfd4c44eca0fb84badbd18222af65c98d9086d5175b22d3b02f1fe67c
2da0c47f226b01671a0d983f484796dba219e7954f0b6a54131961badf3f5fec
52233e04b02bc65a0829b831984a21aa78be101de2d33e837435890c6239a952
66a9a04c8d01ae04c5f2ecb1ade87945cef58ba1fba3920a6489c3197839ee03
76640a7e083e1d5ccb55e15341b3f79a9ad6466c4e4c4eab3be0e3ead5ac3f5f
8766f53477388370b7819a2d48b34367fe729966b41f0d297f8c1254672ddf6a
9ba28c18fb75f3a6fcee96df6421c475570a4161b0c59637b878d7b4520169c3
a3dd9710fe95bc29d47926850d50692442a6843fb9458a4769794c799ef05a57
c91d9e35863085bfd55bdf57a8fb44cf6c55dcfbedc259acab6bf1f1bc68a7e4
d462f8651ada519cae1b742431ecc965f31b9e09e82f085cd370a5eaad59002b
d91ea6df371995153328efe12017133994e9e25881f620ee00942462251cfeaa
e41c557c2dcc8f98c3bb29c83a23b4cf79b4606e9fe6e692331e128ccecc51f6
e556970daffaaa792d747bc5a7ed2d7d256913abddc89c37ab259e786873e4af
f1f25ad9f8e560d4435186484b1f6a64984cfe527a7edc0ce221539cd08adb50
f6a7fe1701c494d326f91474b7c2e5fb3df70e06f194fd0259a1ec2d596b3ab3
fb3eee259238bb8f097a10f92ad30df49fe02fa3889ee4ee64407514840383a5