naucora.cfd
Open in
urlscan Pro
193.233.203.151
Malicious Activity!
Public Scan
Submission: On July 18 via api from US — Scanned from DE
Summary
This is the only time naucora.cfd was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Scotiabank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
8 | 193.233.203.151 193.233.203.151 | 200019 (ALEXHOST) (ALEXHOST) | |
4 | 2a02:26f0:480... 2a02:26f0:480:b9a::51e | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
5 | 2600:9000:238... 2600:9000:238d:1600:d:e6dd:f300:21 | 16509 (AMAZON-02) (AMAZON-02) | |
1 3 | 63.35.110.225 63.35.110.225 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 54.76.5.246 54.76.5.246 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 63.140.62.222 63.140.62.222 | 16509 (AMAZON-02) (AMAZON-02) | |
1 1 | 52.215.27.40 52.215.27.40 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 34.243.0.75 34.243.0.75 | 16509 (AMAZON-02) (AMAZON-02) | |
23 | 8 |
ASN20940 (AKAMAI-ASN1, NL)
dmtags.scotiabank.com |
ASN16509 (AMAZON-02, US)
dlslhpkfqfglo.cloudfront.net |
ASN16509 (AMAZON-02, US)
PTR: ec2-63-35-110-225.eu-west-1.compute.amazonaws.com
dpm.demdex.net |
ASN16509 (AMAZON-02, US)
PTR: ec2-54-76-5-246.eu-west-1.compute.amazonaws.com
scotiabank.demdex.net |
ASN16509 (AMAZON-02, US)
PTR: ip-63-140-62-222.data.adobedc.net
somniture.scotiabank.com |
ASN16509 (AMAZON-02, US)
PTR: ec2-52-215-27-40.eu-west-1.compute.amazonaws.com
cm.everesttech.net |
ASN16509 (AMAZON-02, US)
PTR: ec2-34-243-0-75.eu-west-1.compute.amazonaws.com
csf-e58f0d0de3ce9fa5ebc118ad6482af34.memcyco.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
naucora.cfd
naucora.cfd |
96 KB |
5 |
cloudfront.net
dlslhpkfqfglo.cloudfront.net |
792 KB |
5 |
scotiabank.com
dmtags.scotiabank.com — Cisco Umbrella Rank: 273867 somniture.scotiabank.com — Cisco Umbrella Rank: 196692 |
91 KB |
4 |
demdex.net
1 redirects
dpm.demdex.net — Cisco Umbrella Rank: 319 scotiabank.demdex.net — Cisco Umbrella Rank: 160796 |
4 KB |
1 |
memcyco.com
csf-e58f0d0de3ce9fa5ebc118ad6482af34.memcyco.com — Cisco Umbrella Rank: 672463 |
|
1 |
everesttech.net
1 redirects
cm.everesttech.net — Cisco Umbrella Rank: 2184 |
490 B |
23 | 6 |
Domain | Requested by | |
---|---|---|
8 | naucora.cfd |
naucora.cfd
|
5 | dlslhpkfqfglo.cloudfront.net |
naucora.cfd
dlslhpkfqfglo.cloudfront.net |
4 | dmtags.scotiabank.com |
naucora.cfd
dmtags.scotiabank.com |
3 | dpm.demdex.net | 1 redirects |
1 | csf-e58f0d0de3ce9fa5ebc118ad6482af34.memcyco.com |
dlslhpkfqfglo.cloudfront.net
|
1 | cm.everesttech.net | 1 redirects |
1 | somniture.scotiabank.com |
dmtags.scotiabank.com
|
1 | scotiabank.demdex.net |
dmtags.scotiabank.com
|
23 | 8 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.scotiabank.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
apps.scotiabank.com Entrust Certification Authority - L1K |
2023-11-21 - 2024-12-21 |
a year | crt.sh |
*.cloudfront.net Amazon RSA 2048 M01 |
2023-10-10 - 2024-09-19 |
a year | crt.sh |
*.demdex.com DigiCert Global G2 TLS RSA SHA256 2020 CA1 |
2023-09-26 - 2024-10-26 |
a year | crt.sh |
somniture.scotiabank.com Entrust Certification Authority - L1K |
2023-08-21 - 2024-09-21 |
a year | crt.sh |
*.memcyco.com Amazon RSA 2048 M03 |
2024-02-25 - 2025-03-25 |
a year | crt.sh |
This page contains 3 frames:
Primary Page:
http://naucora.cfd/scotia/personal/details/index.php/assets/assets/main.054ad90d49cb5bf3a1c6.chunk.js
Frame ID: A157D2FE3A6EED448CBBDE5A67A62FC4
Requests: 21 HTTP requests in this frame
Frame:
https://scotiabank.demdex.net/dest5.html?d_nsid=0
Frame ID: 3CF660CD594044B26476761D78DA0D28
Requests: 1 HTTP requests in this frame
Frame:
https://csf-e58f0d0de3ce9fa5ebc118ad6482af34.memcyco.com/cdn/cd/csframe.html
Frame ID: 2A923E644065DD698E1633A3A7BEBAD2
Requests: 1 HTTP requests in this frame
Screenshot
Page Title
Sign in | ScotiabankPage URL History Show full URLs
-
http://naucora.cfd/scotia/personal/details/index.php/assets/assets/main.054ad90d49cb5bf3a1c6.ch...
HTTP 307
https://naucora.cfd/scotia/personal/details/index.php/assets/assets/main.054ad90d49cb5bf3a1c6.ch... HTTP 307
http://naucora.cfd/scotia/personal/details/index.php/assets/assets/main.054ad90d49cb5bf3a1c6.ch... Page URL
Detected technologies
React (JavaScript Frameworks) ExpandDetected patterns
- <[^>]+data-react
OneTrust (Cookie compliance) Expand
Detected patterns
- otSDKStub\.js
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
6 Outgoing links
These are links going to different origins than the main page.
Title: Scotiabank
Search URL Search Domain Scan URL
Title: Contact Us
Search URL Search Domain Scan URL
Title: Security
Search URL Search Domain Scan URL
Title: Legal
Search URL Search Domain Scan URL
Title: Privacy
Search URL Search Domain Scan URL
Title: Accessibility
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://naucora.cfd/scotia/personal/details/index.php/assets/assets/main.054ad90d49cb5bf3a1c6.chunk.js
HTTP 307
https://naucora.cfd/scotia/personal/details/index.php/assets/assets/main.054ad90d49cb5bf3a1c6.chunk.js HTTP 307
http://naucora.cfd/scotia/personal/details/index.php/assets/assets/main.054ad90d49cb5bf3a1c6.chunk.js Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 9- https://dpm.demdex.net/id?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=0AAF22CE52827A080A490D4D%40AdobeOrg&d_nsid=0&ts=1721317708902 HTTP 302
- https://dpm.demdex.net/id/rd?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=0AAF22CE52827A080A490D4D%40AdobeOrg&d_nsid=0&ts=1721317708902
- https://cm.everesttech.net/cm/dd?d_uuid=17894615830935143201855734969584442340 HTTP 302
- https://dpm.demdex.net/ibs:dpid=411&dpuuid=Zpk5TQAAACHlCgO5
23 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
main.054ad90d49cb5bf3a1c6.chunk.js
naucora.cfd/scotia/personal/details/index.php/assets/assets/ Redirect Chain
|
100 KB 17 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
launch-edbf66c903b6.min.js
dmtags.scotiabank.com/launch/novaweb/27c34d6e7144/094054a424e3/ |
256 KB 67 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
mutha-scotia-wrapper.min.js
dlslhpkfqfglo.cloudfront.net/cdn/ca/ |
5 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
7c428f63a00e5bd025fa159e8c94389f.svg
naucora.cfd/scotia/personal/details/index.php/assets/assets/assets/ |
9 KB 9 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main.054ad90d49cb5bf3a1c6.chunk.js
naucora.cfd/scotia/personal/details/index.php/assets/assets/assets/ |
100 KB 17 KB |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
styles.ee1730d27a38e7dfb0d6.css
naucora.cfd/scotia/personal/details/index.php/assets/assets/assets/ |
100 KB 17 KB |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
8fd30bd010d9e2c7677ec339685f958b.woff
naucora.cfd/scotia/personal/details/index.php/assets/assets/assets/ |
100 KB 17 KB |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
1pOmQMP1I
naucora.cfd/GdtB_q_Bp/Tov/M_-Xnw/t1EOXGYmr9Lw7V/TVIrUAROBg/Qg/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
50805f331bb1b697aafb6f0c28b09212.woff2
naucora.cfd/scotia/personal/details/index.php/assets/assets/assets/ |
100 KB 17 KB |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.6.1.min.js
dlslhpkfqfglo.cloudfront.net/cdn/ca/ |
2 MB 781 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
rd
dpm.demdex.net/id/ Redirect Chain
|
5 KB 2 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
AppMeasurement.min.js
dmtags.scotiabank.com/launch/novaweb/27c34d6e7144/094054a424e3/7466ee70b697/hostedLibFiles/EPc7341b33570d4c988798fc9f0093d4b2/ |
35 KB 13 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
AppMeasurement_Module_ActivityMap.min.js
dmtags.scotiabank.com/launch/novaweb/27c34d6e7144/094054a424e3/7466ee70b697/hostedLibFiles/EPc7341b33570d4c988798fc9f0093d4b2/ |
3 KB 2 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
otSDKStub.js
dmtags.scotiabank.com/aempublic/Onetrust/scotiabank/oneTrust_production/scripttemplates/ |
21 KB 7 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
4fbad486-5e37-45d2-bcbc-b89a6d33ea60.json
dmtags.scotiabank.com/aempublic/Onetrust/scotiabank/oneTrust_production/consent/4fbad486-5e37-45d2-bcbc-b89a6d33ea60/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
favicon.ico
naucora.cfd/ |
273 B 489 B |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gpk
dlslhpkfqfglo.cloudfront.net/cdn/cd/ |
767 B 1 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
dest5.html
scotiabank.demdex.net/ Frame 3CF6 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
id
somniture.scotiabank.com/ |
48 B 458 B |
XHR
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ibs:dpid=411&dpuuid=Zpk5TQAAACHlCgO5
dpm.demdex.net/ Redirect Chain
|
42 B 718 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
csframe.html
csf-e58f0d0de3ce9fa5ebc118ad6482af34.memcyco.com/cdn/cd/ Frame 2A92 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
gwf
dlslhpkfqfglo.cloudfront.net/cdn/cd/ |
8 KB 6 KB |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
l
dlslhpkfqfglo.cloudfront.net/cdn/cd/ |
104 B 580 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- dmtags.scotiabank.com
- URL
- https://dmtags.scotiabank.com/aempublic/Onetrust/scotiabank/oneTrust_production/consent/4fbad486-5e37-45d2-bcbc-b89a6d33ea60/4fbad486-5e37-45d2-bcbc-b89a6d33ea60.json
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Scotiabank (Banking)54 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| stylesLink object| process object| LD_CONFIG object| REDUX_STATE object| webpackJsonp function| a0d function| a0ad function| a0ab function| a0ac function| a0c object| a0f function| a0e function| a0af function| a0ai function| a0ah boolean| a0g function| a0F function| a0ag string| a0h function| a0ae string| a0i function| a0E function| a0a9 function| a0j number| a0k function| a0aa function| a0l object| _satellite boolean| __satelliteLoaded object| adobe function| Visitor object| s_c_il number| s_c_in function| OptanonWrapper object| appEventData number| _dataLayerOverwriteMonitor function| AppMeasurement function| s_gi function| s_pgicq function| AppMeasurement_Module_ActivityMap object| s function| inList number| a object| OneTrustStub function| $ function| jQuery function| lTa object| murmurHash3 function| UAParser object| localforage object| KJUR function| JSEncrypt object| CryptoJS20 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
dlslhpkfqfglo.cloudfront.net/ | Name: aphishCookie-1721262948600-SCOTIA Value: 0 |
|
.demdex.net/ | Name: demdex Value: 17894615830935143201855734969584442340 |
|
.naucora.cfd/ | Name: AMCVS_0AAF22CE52827A080A490D4D%40AdobeOrg Value: 1 |
|
.dpm.demdex.net/ | Name: dpm Value: 17894615830935143201855734969584442340 |
|
.naucora.cfd/ | Name: AMCV_0AAF22CE52827A080A490D4D%40AdobeOrg Value: 179643557%7CMCIDTS%7C19923%7CMCMID%7C15693999875040494741500319017259824886%7CMCAAMLH-1721922509%7C6%7CMCAAMB-1721922509%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1721324909s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-19930%7CvVersion%7C5.5.0 |
|
csf-e58f0d0de3ce9fa5ebc118ad6482af34.memcyco.com/ | Name: AWSALBCORS Value: PpvO13eUrGMH+6HknaED0Tx438fOzSxHfxORPuWJbcyoKGOwN5kBnmQTAKQiekZfU89cDLpre9kmwdJ8T7bNqQJIMPOumi5F0JldotPQYUu/qxTRjX6L5uLN69E3 |
|
.adnxs.com/ | Name: receive-cookie-deprecation Value: 1 |
|
.mathtag.com/ | Name: uuid Value: 7c346699-394e-4a00-bf54-c86d24ba0a89 |
|
.doubleclick.net/ | Name: IDE Value: AHWqTUmics7WYbc9eEQLq_8TMeJtKkiMc9ywWy-yoUd_7v-nroORkq5uFoxZI58eBUo |
|
.twitter.com/ | Name: personalization_id Value: "v1_b97aMKUvCkPOuDowRZwo0Q==" |
|
.rfihub.com/ | Name: rud Value: H4sIAAAAAAAA_-MSNjU0MjE2MjI2NjYwN7c0NTGxNBTiM9QNNS3Iife39DTILksEAHhwCTIlAAAA |
|
.rfihub.com/ | Name: ruds Value: H4sIAAAAAAAA_-MSNjU0MjE2MjI2NjYwN7c0NTGxNBTiM9QNNS3Iife39DTILksEAHhwCTIlAAAA |
|
.rfihub.com/ | Name: eud Value: H4sIAAAAAAAA_1vFxGtobmRobGhubmhgbGAAAPxhZ5gQAAAA |
|
.quantserve.com/ | Name: d Value: EOsBDAGtLLmvYA |
|
.quantserve.com/ | Name: mc Value: 6699394e-54cae-c9f3c-786e3 |
|
.eyeota.net/ | Name: SERVERID Value: 17328~DM |
|
.demdex.net/ | Name: dextp Value: 269-1-1721317709405|358-1-1721317709505|601-1-1721317709608|771-1-1721317709708|822-1-1721317709809|1123-1-1721317709910|1121-1-1721317710019|903-1-1721317710119|1175-1-1721317710220|22052-1-1721317710321|30064-1-1721317710425|30646-1-1721317710527|73426-1-1721317710632|121998-1-1721317710733|144230-1-1721317710833|144231-1-1721317710934|144232-1-1721317711035|144233-1-1721317711135|144234-1-1721317711236|144235-1-1721317711337|144236-1-1721317711437|144237-1-1721317711538|161033-1-1721317711638|139200-1-1721317711739 |
|
.onaudience.com/ | Name: cookie Value: 58f7056ea035525e |
|
.amazon-adsystem.com/ | Name: ad-id Value: A9pmqmQdBUYHhLVlU-r7LFA |
|
.amazon-adsystem.com/ | Name: ad-privacy Value: 0 |
8 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cm.everesttech.net
csf-e58f0d0de3ce9fa5ebc118ad6482af34.memcyco.com
dlslhpkfqfglo.cloudfront.net
dmtags.scotiabank.com
dpm.demdex.net
naucora.cfd
scotiabank.demdex.net
somniture.scotiabank.com
dmtags.scotiabank.com
193.233.203.151
2600:9000:238d:1600:d:e6dd:f300:21
2a02:26f0:480:b9a::51e
34.243.0.75
52.215.27.40
54.76.5.246
63.140.62.222
63.35.110.225
134eeeb4a57dc806d01d30253dbe2dbb82a3d8ba32f4a0da687fc3b3c0d410d1
24565b5d66817199cc973ee08dba4f4528e5551358d210633916953e4814e8e5
4deb009906ce216cd7e2932908e7f193814e4384cf9db7faab9e7161bf9284d0
6b1fc966c38b12c845f9fd8bdb76027106b776783fd44eeed917663942b5fd16
949e10ac987de3321d38c17582ca6ccfe9628cc3cdeeffcdab6798a0c4a47f27
a58d8fe0278b952a970f58d42a86ad2506a973d4153cb888a9c33f0992e98c99
b90b775b65c2623322caaa52d7acf6af709ca59bdd475a54043b6308d91828c4
c34c500f08ebe23a81e67e6518dc4737afd96905596c54158d205f6d70afb614
c85e9e190e2b35fc4f3627952ade96e9d163eae291ac1ecedc76fd26205d104d
cc7807249343287cecb6a5d77394c47c1e0962cd76b944824c0b24112571c0eb
d3bb47e33842ca93bb0557685e661f1733947fb4507865aeae0521a8ee476d27
d620b6048232cdc58e603eda62e33796f2959833ca42dcd8e0e5102e80835091
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f012c00d43164a4de843ae80abefe500f8497e1123d11c965cd3b40600fe9720