www.medfusion.net
Open in
urlscan Pro
208.74.47.131
Public Scan
Effective URL: https://www.medfusion.net/ouphysicianstulsa-24188/portal/
Submission Tags: phishing malicious Search All
Submission: On October 08 via api from US
Summary
TLS certificate: Issued by Sectigo RSA Organization Validation S... on March 2nd 2020. Valid for: 2 years.
This is the only time www.medfusion.net was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 185.107.232.244 185.107.232.244 | 200484 (SENDINBLU...) (SENDINBLUE-ASN) | |
29 | 208.74.47.131 208.74.47.131 | 13649 (ASN-VINS) (ASN-VINS) | |
1 | 65.9.187.85 65.9.187.85 | 16509 (AMAZON-02) (AMAZON-02) | |
3 | 2a00:1450:400... 2a00:1450:4001:81e::200e | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:1450:400... 2a00:1450:400c:c00::9d | 15169 (GOOGLE) (GOOGLE) | |
34 | 4 |
ASN13649 (ASN-VINS, US)
PTR: ip3-131.medfusion.net
www.medfusion.net |
ASN15169 (GOOGLE, US)
www.google-analytics.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
30 |
medfusion.net
1 redirects
r.sendinblue1.medfusion.net www.medfusion.net |
917 KB |
3 |
google-analytics.com
www.google-analytics.com |
18 KB |
1 |
doubleclick.net
stats.g.doubleclick.net |
86 B |
1 |
cloudfront.net
disutgh7q0ncc.cloudfront.net |
61 KB |
34 | 4 |
Domain | Requested by | |
---|---|---|
29 | www.medfusion.net |
www.medfusion.net
|
3 | www.google-analytics.com |
www.medfusion.net
|
1 | stats.g.doubleclick.net |
www.google-analytics.com
|
1 | disutgh7q0ncc.cloudfront.net |
www.medfusion.net
|
1 | r.sendinblue1.medfusion.net | 1 redirects |
34 | 5 |
This site contains links to these domains. Also see Links.
Domain |
---|
windows.microsoft.com |
www.mozilla.org |
www.google.com |
www.apple.com |
www.medfusion.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
medfusion.net Sectigo RSA Organization Validation Secure Server CA |
2020-03-02 - 2022-05-31 |
2 years | crt.sh |
*.cloudfront.net DigiCert Global CA G2 |
2020-05-26 - 2021-04-21 |
a year | crt.sh |
*.google-analytics.com GTS CA 1O1 |
2020-09-22 - 2020-12-15 |
3 months | crt.sh |
*.g.doubleclick.net GTS CA 1O1 |
2020-09-03 - 2020-11-26 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.medfusion.net/ouphysicianstulsa-24188/portal/
Frame ID: 30FDEBC4D83BA52BE31B71CC78FE8C88
Requests: 34 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://r.sendinblue1.medfusion.net/tr/cl/K_yqxbhg-bhPCRL3f6-jx_wgHNpe-z2UEd1_-i3KFut5JrbEw8guko43NZkqbFNXtiBp9L...
HTTP 302
https://www.medfusion.net/ouphysicianstulsa-24188/portal/ Page URL
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
BugSnag (Analytics) Expand
Detected patterns
- script /\/bugsnag.*\.js/i
Google Analytics (Analytics) Expand
Detected patterns
- script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i
Page Statistics
5 Outgoing links
These are links going to different origins than the main page.
Title: IE
Search URL Search Domain Scan URL
Title: Firefox
Search URL Search Domain Scan URL
Title: Chrome
Search URL Search Domain Scan URL
Title: Safari
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://r.sendinblue1.medfusion.net/tr/cl/K_yqxbhg-bhPCRL3f6-jx_wgHNpe-z2UEd1_-i3KFut5JrbEw8guko43NZkqbFNXtiBp9LDEoJRB248dfAAbGejNcGLphb0kvUylHql0ml2B7ZRloyfsc1BMs6fBR2r_ADml_6Qdc1JOgoXMUUPbSgmTpEhS7XlOwtUSYlWIfr4mu1SrDPKyZ9MuXmV6BOgFB6SOM48YEDciiDdTI4Eq6ftLCwX9sPT6XYK49t_a4a24D3FhaERVLPJDVh7cP9vGZceOfj5wjZ8IdWFBPKtHlPHgZfeaiUDfV9GwYpwkg57Rz4xC5Abi6D1bIfxXM_QeCFbM6heFvGzjb9_3hXVyLvvx6sQV0TFtQC5FlN89ThJ4onjty5JwupQ533JQzTG_du0p5UZpQDO7qG3eWWQJgY65fyHAcAFYf95Dzu68L_zLZA
HTTP 302
https://www.medfusion.net/ouphysicianstulsa-24188/portal/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
34 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
Cookie set
/
www.medfusion.net/ouphysicianstulsa-24188/portal/ Redirect Chain
|
32 KB 8 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
depends.min.8b312d43cd.css
www.medfusion.net/ouphysicianstulsa-24188/portal/css/ |
203 KB 32 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
patient.min.980226a830.css
www.medfusion.net/ouphysicianstulsa-24188/portal/css/ |
283 KB 48 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bugsnag.d838b0c80b.js
www.medfusion.net/ouphysicianstulsa-24188/portal/js/libs/bugsnag/src/ |
24 KB 10 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
swoosh.png
www.medfusion.net/ouphysicianstulsa-24188/portal/img/ |
17 KB 19 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
header_gradient.png
www.medfusion.net/ouphysicianstulsa-24188/portal/img/ |
2 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
medfusion.png
www.medfusion.net/ouphysicianstulsa-24188/portal/img/ |
3 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
depends.min.e98c32f6ea.js
www.medfusion.net/ouphysicianstulsa-24188/portal/js/ |
2 MB 417 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
patient.min.b4e99cb83f.js
www.medfusion.net/ouphysicianstulsa-24188/portal/js/ |
1 MB 216 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
beacon.js
disutgh7q0ncc.cloudfront.net/ |
229 KB 61 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
analytics.js
www.google-analytics.com/ |
45 KB 18 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
angular-locale_en.js
www.medfusion.net/ouphysicianstulsa-24188/portal/js/libs/angular-i18n/ |
3 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
blinkhealth_translations.en.json
www.medfusion.net/ouphysicianstulsa-24188/portal/app/mf/blinkhealth/ |
1 KB 3 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
dashboard_translations.en.json
www.medfusion.net/ouphysicianstulsa-24188/portal/app/mf/dashboard/ |
2 KB 4 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
common_translations.en.json
www.medfusion.net/ouphysicianstulsa-24188/portal/app/mf/common/ |
10 KB 11 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
security_translations.en.json
www.medfusion.net/ouphysicianstulsa-24188/portal/app/mf/security/ |
37 KB 38 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
template_translations.en.json
www.medfusion.net/ouphysicianstulsa-24188/portal/app/mf/template/ |
1 KB 3 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
messages_translations.en.json
www.medfusion.net/ouphysicianstulsa-24188/portal/app/mf/messages/ |
3 KB 4 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
billpay_translations.en.json
www.medfusion.net/ouphysicianstulsa-24188/portal/app/mf/billpay/ |
11 KB 12 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
appointments_translations.en.json
www.medfusion.net/ouphysicianstulsa-24188/portal/app/mf/appointments/ |
7 KB 9 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
prescriptions_translations.en.json
www.medfusion.net/ouphysicianstulsa-24188/portal/app/mf/prescriptions/ |
1 KB 3 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
medications_translations.en.json
www.medfusion.net/ouphysicianstulsa-24188/portal/app/mf/medications/ |
743 B 2 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
rxRequest_translations.en.json
www.medfusion.net/ouphysicianstulsa-24188/portal/app/mf/rxRequest/ |
6 KB 7 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
myaccount_translations.en.json
www.medfusion.net/ouphysicianstulsa-24188/portal/app/mf/myaccount/ |
17 KB 18 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
aska_translations.en.json
www.medfusion.net/ouphysicianstulsa-24188/portal/app/mf/aska/ |
4 KB 5 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
healthRecord_translations.en.json
www.medfusion.net/ouphysicianstulsa-24188/portal/app/mf/healthRecord/ |
7 KB 8 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ouphysicianstulsa-24188
www.medfusion.net/practice-svcs/v1/practices/ |
8 KB 10 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
securityquestions
www.medfusion.net/user-rest/ |
652 B 2 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
locations
www.medfusion.net/practice-svcs/practices/24188/ |
11 KB 13 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
findBroadcasts
www.medfusion.net/practice/rest/sens/ejb/broker/broadcastBroker/method/ |
942 B 2 KB |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
mypatient_welcome
www.medfusion.net/practice-svcs/textconfig/24188/ |
2 KB 3 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
collect
stats.g.doubleclick.net/j/ |
1 B 86 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
collect
www.google-analytics.com/ |
35 B 90 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
collect
www.google-analytics.com/ |
35 B 95 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
50 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes object| Bugsnag function| saveAs object| ngFileUpload function| ics undefined| returnExports function| $ function| jQuery function| _ object| html5 object| Modernizr object| angular object| BrV function| MessageFormat object| angulartics function| moment object| reTree function| Spinner object| Ladda object| FileAPI function| resizeLowerContents object| config object| dependencies object| iframe object| myPrescriptionModule object| log4javascript object| LightboxManager object| WootricSurvey undefined| staging_settings boolean| wootric_property_warning object| wootric_event_queue boolean| wootric_show_logs boolean| wootric_segment_integration boolean| wootric_survey_running function| wootric string| appversion function| onIframeLoad string| GoogleAnalyticsObject function| ga string| gaProperty object| wootricSettings object| snapEngageSettings object| jQuery111100006325374985014509 object| google_tag_data object| gaplugins object| gaGlobal object| gaData0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Content-Security-Policy | default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://*.medfusion.net https://www.google-analytics.com https://*.googleapis.com https://*.gstatic.com http://chart.apis.google.com https://*.snapengage.com https://stats.g.doubleclick.net https://www.ihealthinterview.com https://forms.greenwaymedical.com https://d2wy8f7a9ursnm.cloudfront.net https://code.highcharts.com https://maxcdn.bootstrapcdn.com https://disutgh7q0ncc.cloudfront.net/ https://wootric-eligibility.herokuapp.com/ https://production.wootric.com/ https://ad.linksynergy.com/fs-bin/show https://www.google.com/recaptcha/ |
Public-Key-Pins | pin-sha256="2u6uXW8PPTAAx1rR1y/cBVwd5ABohqQVnmJ2ymNnULs="; pin-sha256="47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU="; pin-sha256="OCRoo+YwIUq0pcUv7FPimTxPga0DEqooU8lFZu32Aig="; max-age=432000; includeSubDomains |
Strict-Transport-Security | max-age=31536000 |
X-Content-Type-Options | nosniff |
X-Frame-Options | SAMEORIGIN |
X-Xss-Protection | 1 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
disutgh7q0ncc.cloudfront.net
r.sendinblue1.medfusion.net
stats.g.doubleclick.net
www.google-analytics.com
www.medfusion.net
185.107.232.244
208.74.47.131
2a00:1450:4001:81e::200e
2a00:1450:400c:c00::9d
65.9.187.85
03b95a86565d5dc9738fcf9180a06f4b9d8aaa11eeccc0b2520b2392066367fc
0821e8849d06e8e01834bb313ff80ff5b996b9cfc3d4f8d9cb51f1d515d73878
0ca33526ef296c40c5aea257a4507b6280eb52b38b0f4585bc653fd5e867e4ac
19feaca5a62ddde5b6d746e00d514b8b82e3f2581ad465c3e0a9c1947c912546
1a7f00ab54bc6bc02d6f40aba703592a6b70de1be1a7aa5164e17487166509c9
2680ef1dabc2987e7db12730fcb5848f731043858f10ef140e5600b2993c5835
272c83493e5057c4e909959bbbe810a8716f684af85ddb1c586dede3dda2dae5
376d9c85a9e3694fe46f62fcfe11e7dc6c18535170c3375778eaa5c558b8bd4b
384d3be15012785114d10c2913b25d402e3a850afea2272a0139d55cebd581c9
43ff35eb8a93b3ca6475528b57a6e09d3baf1c0e635ac4dca7a26daeced597b3
4477b3f810d82e2f5a6d1dd9bce28847b3628a3f1e567a2b3287da5408829480
447ef1e8275bbfefb8f2472e9121492f1a395f419f31a93480eba79a2c2fe438
46c2c6e9fb53b465eab5697e0e350ec8382af4cf690f13c47254a76352310083
5deb4f1c1bcb737dfb858cbe51c53209b7ed3f1c9d1d27ce7692b3860b51fca2
60863e86aa7743d1ac841da7f473a05cd57fba81d661cef658e385437f80d5ef
63bd5aa08b0576803190ddeffe2e2a71e99092c6c4f87f30ff0594a0917e40cf
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6c76c8eb7692b83003892277447a1d86518eb7a905a8333f9dce2a79bdc2318b
6fd73b214315f73def4c3fc2330332775813eb404554e6359fb53ce5bd6c573d
7458ac7c65c64cb0aea51a22340593b7776d17a700b383eea6781d02e1e4cc66
748063a1e6b6f6d4b9ebe4d559fc4cdf7730fbb75a1f651584dc1734cb3b61a1
796615d3239d325004a7d0901f3a2232265d467f8a3710077bf39eaa50aa2b87
79e310a7e0abafd5ce8d9c7f7e98c956b4219c0c03b868f00cbbf2f5fb650878
7bc0ae273a238e240775873d9c1ba2f7da0acfb7c922f02509b3e079d26c825a
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
9d10ff6634da2489891a051cff3e0601a364823676ea49d5c3ab67959b72e126
a7ee2f093cf77448bff36403c9c1913f4293368c1a519028d599fe8e1cd6d536
ae4478c6c14a77650312f00a2ace1717ccdc8b0c81c5a4a219efcfb66aa7305c
b80a992a4c5611f2dace45c13d587951f28f9aca2ed78a1d456e0756fd1677c0
bb507f5bd41a69b49aae69d586c1e44128c8e1c6fd33598010a8893ac29984ae
c7b7925c582d85e78b764639d0ecd3795172036a329c0120088e5adb4da4152e
da157372b20438faf988094fb960151bd52ced1945467e13ef0d5e9c5511438c
e0d46fe0fb0c62d2f1685360c8a8422f7bb27d24ee80f781eaa50f4db649152d