sanntafeapdovs.gygbbwqtxzhaltd.workers.dev
Open in
urlscan Pro
2606:4700:3037::ac43:9113
Malicious Activity!
Public Scan
Effective URL: https://sanntafeapdovs.gygbbwqtxzhaltd.workers.dev/66defc8fa2fad3a71308b4ef/om/d29ya3BsYWNlfGRHRnVhWFZ0TG1OdmJRPT18VU9wcWpTakZZZkxzVHF1Rk1qUGN0bWtS...
Submission: On September 26 via manual from US — Scanned from US
Summary
TLS certificate: Issued by WE1 on September 24th 2024. Valid for: 3 months.
This is the only time sanntafeapdovs.gygbbwqtxzhaltd.workers.dev was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 103.235.46.96 103.235.46.96 | 55967 (BAIDU Bei...) (BAIDU Beijing Baidu Netcom Science and Technology Co.) | |
2 | 162.241.156.147 162.241.156.147 | 19871 (NETWORK-S...) (NETWORK-SOLUTIONS-HOSTING) | |
4 | 2606:4700:303... 2606:4700:3037::ac43:9113 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
14 | 2620:1ec:bdf::38 2620:1ec:bdf::38 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
1 | 2603:1036:302... 2603:1036:302:4832::2 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
1 | 2603:1037:1:1... 2603:1037:1:128::8 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
23 | 6 |
ASN55967 (BAIDU Beijing Baidu Netcom Science and Technology Co., Ltd., CN)
www.baidu.com |
ASN19871 (NETWORK-SOLUTIONS-HOSTING, US)
PTR: annterry.com
damondavis.com |
ASN13335 (CLOUDFLARENET, US)
sanntafeapdovs.gygbbwqtxzhaltd.workers.dev |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
outlook.office365.com |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
autologon.microsoftazuread-sso.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
14 |
msauth.net
aadcdn.msauth.net — Cisco Umbrella Rank: 1016 |
364 KB |
4 |
workers.dev
sanntafeapdovs.gygbbwqtxzhaltd.workers.dev |
24 KB |
2 |
damondavis.com
damondavis.com |
1 KB |
1 |
microsoftazuread-sso.com
autologon.microsoftazuread-sso.com — Cisco Umbrella Rank: 1135 |
1 KB |
1 |
office365.com
outlook.office365.com — Cisco Umbrella Rank: 37 |
|
1 |
baidu.com
www.baidu.com — Cisco Umbrella Rank: 3756 |
903 B |
23 | 6 |
Domain | Requested by | |
---|---|---|
14 | aadcdn.msauth.net |
sanntafeapdovs.gygbbwqtxzhaltd.workers.dev
aadcdn.msauth.net |
4 | sanntafeapdovs.gygbbwqtxzhaltd.workers.dev |
damondavis.com
sanntafeapdovs.gygbbwqtxzhaltd.workers.dev aadcdn.msauth.net |
2 | damondavis.com |
www.baidu.com
|
1 | autologon.microsoftazuread-sso.com | |
1 | outlook.office365.com |
aadcdn.msauth.net
|
1 | www.baidu.com | |
23 | 6 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.microsoft.com |
privacy.microsoft.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
baidu.com GlobalSign RSA OV SSL CA 2018 |
2024-07-08 - 2025-08-09 |
a year | crt.sh |
www.damondavis.com R11 |
2024-08-04 - 2024-11-02 |
3 months | crt.sh |
gygbbwqtxzhaltd.workers.dev WE1 |
2024-09-24 - 2024-12-23 |
3 months | crt.sh |
aadcdn.msauth.net DigiCert SHA2 Secure Server CA |
2024-07-30 - 2025-07-30 |
a year | crt.sh |
outlook.com DigiCert Cloud Services CA-1 |
2024-06-27 - 2025-06-26 |
a year | crt.sh |
autologon.microsoftazuread-sso.com DigiCert SHA2 Secure Server CA |
2024-08-26 - 2025-02-26 |
6 months | crt.sh |
This page contains 2 frames:
Primary Page:
https://sanntafeapdovs.gygbbwqtxzhaltd.workers.dev/66defc8fa2fad3a71308b4ef/om/d29ya3BsYWNlfGRHRnVhWFZ0TG1OdmJRPT18VU9wcWpTakZZZkxzVHF1Rk1qUGN0bWtSVVhuc21lcU5LdnZvdVFXcEh3b1p1elBWbnRQdHU%3D
Frame ID: CF13E2CE4DB9CCC89FC177C3C958D611
Requests: 22 HTTP requests in this frame
Frame:
https://outlook.office365.com/owa/prefetch.aspx
Frame ID: 7A48BB4DEF649AEF48A5BD03EB0E9DBD
Requests: 1 HTTP requests in this frame
Screenshot
Page Title
Sign in to OutlookPage URL History Show full URLs
- https://www.baidu.com/link?url=fZ87OZB8VqE0deFZIMu3U4vM3rM2mVLJkfW9ed35Qciatp0lEfUBgW8Ip7xBMtkd&wd... Page URL
- https://damondavis.com/ Page URL
- https://sanntafeapdovs.gygbbwqtxzhaltd.workers.dev/66defc8fa2fad3a71308b4ef/om/d29ya3BsYWNlfGRHRnVhWFZ0TG1OdmJRPT18VU9wcWpTakZZ... Page URL
Page Statistics
2 Outgoing links
These are links going to different origins than the main page.
Title: Terms of use
Search URL Search Domain Scan URL
Title: Privacy & cookies
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://www.baidu.com/link?url=fZ87OZB8VqE0deFZIMu3U4vM3rM2mVLJkfW9ed35Qciatp0lEfUBgW8Ip7xBMtkd&wd=d29ya3BsYWNlfGRHRnVhWFZ0TG1OdmJRPT18VU9wcWpTakZZZkxzVHF1Rk1qUGN0bWtSVVhuc21lcU5LdnZvdVFXcEh3b1p1elBWbnRQdHU= Page URL
- https://damondavis.com/ Page URL
- https://sanntafeapdovs.gygbbwqtxzhaltd.workers.dev/66defc8fa2fad3a71308b4ef/om/d29ya3BsYWNlfGRHRnVhWFZ0TG1OdmJRPT18VU9wcWpTakZZZkxzVHF1Rk1qUGN0bWtSVVhuc21lcU5LdnZvdVFXcEh3b1p1elBWbnRQdHU%3D Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
23 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
link
www.baidu.com/ |
615 B 903 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
damondavis.com/ |
963 B 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Primary Request
d29ya3BsYWNlfGRHRnVhWFZ0TG1OdmJRPT18VU9wcWpTakZZZkxzVHF1Rk1qUGN0bWtSVVhuc21lcU5LdnZvdVFXcEh3b1p1elBWbnRQdHU%3D
sanntafeapdovs.gygbbwqtxzhaltd.workers.dev/66defc8fa2fad3a71308b4ef/om/ |
42 KB 21 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
favicon.ico
damondavis.com/ |
4 B 26 B |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
speculation
sanntafeapdovs.gygbbwqtxzhaltd.workers.dev/cdn-cgi/ |
128 B 605 B |
Other
application/speculationrules+json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Me.htm
sanntafeapdovs.gygbbwqtxzhaltd.workers.dev/66defc8fa2fad3a71308b4ef/o/aHR0cHM6Ly9sb2dpbi5saXZlLmNvbQ==-lg/ |
0 2 KB |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
converged.v2.login.min_qzvqnltrxpy99ajspyxbgq2.css
aadcdn.msauth.net/ests/2.1/content/cdnbundles/ |
111 KB 20 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ConvergedLogin_PCore_NXCGegEOpKB5nrI5GnSS3g2.js
aadcdn.msauth.net/shared/1.0/content/js/ |
439 KB 120 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ux.converged.login.strings-en.min_1yb3e7oii5t28dgo4xrtow2.js
aadcdn.msauth.net/ests/2.1/content/cdnbundles/ |
56 KB 16 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
convergedlogin_pcustomizationloader_117b650bccea354984d8.js
aadcdn.msauth.net/shared/1.0/content/js/asyncchunk/ |
397 KB 114 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
prefetch.aspx
outlook.office365.com/owa/ Frame 7A48 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
convergedlogin_pfetchsessionsprogress_d0a803279e7397bef834.js
aadcdn.msauth.net/shared/1.0/content/js/asyncchunk/ |
15 KB 6 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif
aadcdn.msauth.net/shared/1.0/content/images/ |
3 KB 3 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif
aadcdn.msauth.net/shared/1.0/content/images/ |
4 KB 4 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
49-small_2055002f2daae2ed8f69f03944c0e5d9.jpg
aadcdn.msauth.net/shared/1.0/content/images/appbackgrounds/ |
987 B 1 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
49_6ffe0a92d779c878835b40171ffc2e13.jpg
aadcdn.msauth.net/shared/1.0/content/images/appbackgrounds/ |
17 KB 18 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
53_7a3c80bf9694448bac31a9589d2e9e92.png
aadcdn.msauth.net/shared/1.0/content/images/applogos/ |
5 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
microsoft_logo_564db913a7fa0ca42727161c6d031bef.svg
aadcdn.msauth.net/shared/1.0/content/images/ |
4 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ssoprobe
autologon.microsoftazuread-sso.com/tanium.com/winauth/ |
12 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
favicon_a_eupayfgghqiai7k9sol6lg2.ico
aadcdn.msauth.net/shared/1.0/content/images/ |
17 KB 17 KB |
Other
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
dssostatus
sanntafeapdovs.gygbbwqtxzhaltd.workers.dev/66defc8fa2fad3a71308b4ef/o/common/instrumentation/ |
265 B 1 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
convergedlogin_pstringcustomizationhelper_4285088f1dbaf52a876d.js
aadcdn.msauth.net/shared/1.0/content/js/asyncchunk/ |
111 KB 35 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg
aadcdn.msauth.net/shared/1.0/content/images/ |
2 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)22 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| $Config object| $Debug object| $Do function| $Loader object| $WebWatson function| GetString function| GetErrorString function| GetUrl object| $B object| ServerData object| webpackJsonp object| ko object| PROOF object| StringRepository object| Telemetry object| telemetry_webpackJsonp boolean| __ConvergedLogin_PCore boolean| __ boolean| __convergedlogin_pcustomizationloader_117b650bccea354984d8 boolean| __convergedlogin_pfetchsessionsprogress_d0a803279e7397bef834 boolean| __convergedlogin_pstringcustomizationhelper_4285088f1dbaf52a876d25 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.baidu.com/ | Name: BAIDUID Value: C3D6846B17A2FA27685541987099F655:FG=1 |
|
www.baidu.com/ | Name: BDSVRTM Value: 0 |
|
sanntafeapdovs.gygbbwqtxzhaltd.workers.dev/ | Name: 0 Value: ClientId=EAF5795D7CFF4F2382656BC0C86FEA4A |
|
sanntafeapdovs.gygbbwqtxzhaltd.workers.dev/ | Name: 1 Value: ClientId=EAF5795D7CFF4F2382656BC0C86FEA4A |
|
sanntafeapdovs.gygbbwqtxzhaltd.workers.dev/ | Name: 2 Value: OIDC=1 |
|
sanntafeapdovs.gygbbwqtxzhaltd.workers.dev/ | Name: 16 Value: OpenIdConnect.nonce.v3.Ykz_irYMka7xBzi-I72qRCGuADy4WRU_IjBVAvLQDt4=638629710234197413.d0bf77c1-e823-4376-80e9-b5668779438c |
|
sanntafeapdovs.gygbbwqtxzhaltd.workers.dev/ | Name: 20 Value: ClientId=EAF5795D7CFF4F2382656BC0C86FEA4A |
|
sanntafeapdovs.gygbbwqtxzhaltd.workers.dev/ | Name: 21 Value: OIDC=1 |
|
sanntafeapdovs.gygbbwqtxzhaltd.workers.dev/ | Name: 35 Value: OpenIdConnect.nonce.v3.Ykz_irYMka7xBzi-I72qRCGuADy4WRU_IjBVAvLQDt4=638629710234197413.d0bf77c1-e823-4376-80e9-b5668779438c |
|
sanntafeapdovs.gygbbwqtxzhaltd.workers.dev/ | Name: 39 Value: X-OWA-RedirectHistory=ArLym14BpR2FfVbe3Ag |
|
sanntafeapdovs.gygbbwqtxzhaltd.workers.dev/ | Name: buid Value: 0.AQMAMe_N-B6jSkuT5F9XHpElWgIAAAAAAPEPzgAAAAAAAAABAAA.AQABGgEAAAApTwJmzXqdR4BN2miheQMYbgXig4V67JlEpKzJ3p28mR4JwvyzjsGBlN2a7hsKrEBUt4_KIFbfa91enz4q2Ff1kl2zXN9FJIJm57nWCfEpjiy5d9oT3hZ3J8alXcd7SDwgAA |
|
sanntafeapdovs.gygbbwqtxzhaltd.workers.dev/ | Name: esctx Value: PAQABBwEAAAApTwJmzXqdR4BN2miheQMYOm3-Yf0E5jIXf8drGnqSA3mA_2uceb6mOZt0y2Stg101lODNjaXfqjaCvhiO48xgDdX8M5JiaAfdM-BPJkWtG2-gvuxHIc_iC1AQz8wROuzxltDPTACKO-q798C0B3SY6MkKHNAJ7CZrtweNhZEbPmEBBTMSJ4Hf1S5woESg20sgAA |
|
sanntafeapdovs.gygbbwqtxzhaltd.workers.dev/ | Name: esctx-kdgGzY40ODI Value: AQABCQEAAAApTwJmzXqdR4BN2miheQMYOlTZpyO54Vki-0zlQqG3GhOYyBPt4gbeJ9tiB6Mq-bHYcVPh5Je2Dhs9uO1H4tOVOq4IdrpGvxvNR4WMOG6KzCGIWFevz5-G60E0coiAdPx166eReKHaSmkUIrjVsLGHw041IVFI7ZDWThG0fpi3ByAA |
|
sanntafeapdovs.gygbbwqtxzhaltd.workers.dev/ | Name: fpc Value: AkZ7smsb_05MuboRcpOZ3UCerOTJAQAAAI-ah94OAAAA |
|
sanntafeapdovs.gygbbwqtxzhaltd.workers.dev/ | Name: x-ms-gateway-slice Value: estsfd |
|
sanntafeapdovs.gygbbwqtxzhaltd.workers.dev/ | Name: stsservicecookie Value: estsfd |
|
sanntafeapdovs.gygbbwqtxzhaltd.workers.dev/ | Name: appdfmd5naosiz309213 Value: d29ya3BsYWNlQHRhbml1bS5jb20= |
|
sanntafeapdovs.gygbbwqtxzhaltd.workers.dev/ | Name: uaid Value: 0a53572c505f45ba8f1b20c361fee2f7 |
|
sanntafeapdovs.gygbbwqtxzhaltd.workers.dev/ | Name: MSPRequ Value: id=N<=1727374224&co=1 |
|
.sanntafeapdovs.gygbbwqtxzhaltd.workers.dev/ | Name: brcap Value: 0 |
|
outlook.office365.com/ | Name: ClientId Value: F4C339BB8AD14259AF829545E406ADF5 |
|
outlook.office365.com/ | Name: OIDC Value: 1 |
|
autologon.microsoftazuread-sso.com/ | Name: fpc Value: ApFfubuYvA9LvXPBM-qhRBs |
|
autologon.microsoftazuread-sso.com/ | Name: x-ms-gateway-slice Value: estsfd |
|
autologon.microsoftazuread-sso.com/ | Name: stsservicecookie Value: estsfd |
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Xss-Protection | 1;mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
aadcdn.msauth.net
autologon.microsoftazuread-sso.com
damondavis.com
outlook.office365.com
sanntafeapdovs.gygbbwqtxzhaltd.workers.dev
www.baidu.com
103.235.46.96
162.241.156.147
2603:1036:302:4832::2
2603:1037:1:128::8
2606:4700:3037::ac43:9113
2620:1ec:bdf::38
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
06441f14802cc6f59462c0bffde05e28352d93cc9f2f2dde6bac98fd8709cb22
11a2142988720cd49ff000e5d488493947b3d34821301c5a706b3495b8381f7d
1f8ceb44fe7cfcf7e71dbd5122210335ca3821d697a851d2900b95af7d92d69d
729b9bf98f3edbbbe47c947a08b87b8f434a2e9277230b12129889787fe3c507
81188e8a76162c79db4a5c10ac933c9e874c5b9eae10e47956ad9df704e01b28
8737d721808655f37b333f08a90185699e7e8b9bdaaa15cdb63c8448b426f95d
8b34a475187302935336bf43a2bf2a4e0adb9a1e87953ea51f6fcf0ef52a4a1d
8e6db1634f1812d42516778fc890010aa57f3e39914fb4803df2c38abbf56d93
90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21
a46201581a7c7c667fd42787cd1e9adf2f6bf809efb7596e61a03e8dba9ada13
bc6804d058d5bd5b24fc04e479fc8973bef5d3efeafaa9c19c60a009bf0fac0b
c3ace94f0fb4e03509df7fc557a51de3f258c86fd6fcd39392b10cc19002a1c1
d089c8a9fc28e4e50223eb38c9409e362521be9380a37341304fbac7a4cd9e5f
d8f5ab3e00202fd3b45be1acd95d677b137064001e171bc79b06826d98f1e1d3
da4a8df0c326292b5bee9c732b3c962fd67aaf2f99d850f1bf65068d573c5619
ddd0bb1c19b3d2d045bfcde85d2020bba57854c887a6691b66dba3da1bb3afbe
de173797dc0406d35110861ad99f2e7804696a037d6cf88a3db3d063ea53a595
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4e1e65871749d18aea150643c07e0aab2057da057c6c57ec1c3c43580e1c898
f7869c42919304263247835251d858ef6dc28a6c5b0af6331a1f4b1f78b4e26f