ci-personal.com
Open in
urlscan Pro
162.0.224.164
Malicious Activity!
Public Scan
Effective URL: https://ci-personal.com/home.php?page=hjeT4AZpORZpWVNN3Tb%2FDNvFRnys%2FrHZ3obA%2B9xyDTl8AALJ4CCHv3Qw0VS0NeZ3GWc7r5Np8A%2...
Submission: On July 27 via manual from IL
Summary
TLS certificate: Issued by cPanel, Inc. Certification Authority on July 21st 2020. Valid for: 3 months.
This is the only time ci-personal.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Sparkasse (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 15 | 162.0.224.164 162.0.224.164 | 22612 (NAMECHEAP...) (NAMECHEAP-NET) | |
4 | 23.111.9.35 23.111.9.35 | 33438 (HIGHWINDS2) (HIGHWINDS2) | |
1 | 2a00:1450:400... 2a00:1450:4001:81a::200e | 15169 (GOOGLE) (GOOGLE) | |
1 | 143.204.202.3 143.204.202.3 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 52.219.62.26 52.219.62.26 | 16509 (AMAZON-02) (AMAZON-02) | |
4 | 2a00:1450:400... 2a00:1450:4001:824::200a | 15169 (GOOGLE) (GOOGLE) | |
3 | 2a00:1450:400... 2a00:1450:4001:819::2003 | 15169 (GOOGLE) (GOOGLE) | |
1 | 143.204.202.44 143.204.202.44 | 16509 (AMAZON-02) (AMAZON-02) | |
2 | 143.204.202.125 143.204.202.125 | 16509 (AMAZON-02) (AMAZON-02) | |
31 | 9 |
ASN16509 (AMAZON-02, US)
PTR: server-143-204-202-3.fra53.r.cloudfront.net
js.driftt.com |
ASN16509 (AMAZON-02, US)
PTR: s3-r-w.ap-south-1.amazonaws.com
mt11-html-images.s3.ap-south-1.amazonaws.com |
ASN15169 (GOOGLE, US)
translate.googleapis.com |
ASN16509 (AMAZON-02, US)
PTR: server-143-204-202-44.fra53.r.cloudfront.net
widget.driftqa.com |
ASN16509 (AMAZON-02, US)
PTR: server-143-204-202-125.fra53.r.cloudfront.net
widget.drift.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
15 |
ci-personal.com
1 redirects
ci-personal.com |
1 MB |
4 |
googleapis.com
translate.googleapis.com |
92 KB |
4 |
fontawesome.com
use.fontawesome.com |
88 KB |
3 |
gstatic.com
www.gstatic.com |
4 KB |
2 |
drift.com
widget.drift.com |
|
1 |
driftqa.com
widget.driftqa.com |
21 KB |
1 |
amazonaws.com
mt11-html-images.s3.ap-south-1.amazonaws.com |
3 KB |
1 |
driftt.com
js.driftt.com |
70 KB |
1 |
google.com
translate.google.com |
1 KB |
31 | 9 |
Domain | Requested by | |
---|---|---|
15 | ci-personal.com |
1 redirects
ci-personal.com
|
4 | translate.googleapis.com |
translate.google.com
translate.googleapis.com srcdoc |
4 | use.fontawesome.com |
ci-personal.com
use.fontawesome.com |
3 | www.gstatic.com |
ci-personal.com
|
2 | widget.drift.com |
js.driftt.com
|
1 | widget.driftqa.com |
ci-personal.com
|
1 | mt11-html-images.s3.ap-south-1.amazonaws.com |
ci-personal.com
|
1 | js.driftt.com |
ci-personal.com
|
1 | translate.google.com |
ci-personal.com
|
31 | 9 |
This site contains links to these domains. Also see Links.
Domain |
---|
digital.ci-personal.com |
translate.google.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
ci-personal.com cPanel, Inc. Certification Authority |
2020-07-21 - 2020-10-19 |
3 months | crt.sh |
*.fontawesome.com DigiCert SHA2 Secure Server CA |
2019-10-28 - 2020-12-23 |
a year | crt.sh |
*.google.com GTS CA 1O1 |
2020-07-07 - 2020-09-29 |
3 months | crt.sh |
drift.com Amazon |
2019-10-03 - 2020-11-03 |
a year | crt.sh |
*.s3.ap-south-1.amazonaws.com DigiCert Baltimore CA-2 G2 |
2020-01-28 - 2021-04-14 |
a year | crt.sh |
upload.video.google.com GTS CA 1O1 |
2020-07-07 - 2020-09-29 |
3 months | crt.sh |
*.gstatic.com GTS CA 1O1 |
2020-07-07 - 2020-09-29 |
3 months | crt.sh |
driftqa.com Amazon |
2020-02-10 - 2021-03-10 |
a year | crt.sh |
This page contains 4 frames:
Primary Page:
https://ci-personal.com/home.php?page=hjeT4AZpORZpWVNN3Tb%2FDNvFRnys%2FrHZ3obA%2B9xyDTl8AALJ4CCHv3Qw0VS0NeZ3GWc7r5Np8A%2BXETDI4QcqLqep77ja52jCWnVHY9yS2C9Kr%2B7qDvpUkTXZ4IbkaqWNnXfPlhCFAnhLpHmj4xZtaQ%3D%3D
Frame ID: 5E82E05FC8856DB329BA0D1B31BC3A24
Requests: 28 HTTP requests in this frame
Frame:
https://translate.googleapis.com/translate_a/l?client=te&alpha=true&hl=en&cb=callback
Frame ID: 34DF1437373C0429A05411EA67F19BB6
Requests: 1 HTTP requests in this frame
Frame:
https://widget.drift.com/core?embedId=5buc88634dsz&forceShow=false&skipCampaigns=false&sessionId=be27d4b8-cb2a-4fbc-b17c-bf6493bc5ea3&sessionStarted=1595885703&campaignRefreshToken=39590edb-7275-412b-86db-7391605d27b3
Frame ID: 66BF5E421F3A249D97D3FE9C3D87D71A
Requests: 1 HTTP requests in this frame
Frame:
https://widget.drift.com/core/chat
Frame ID: 78D68889DA13D64FB5D4F502F7FB8888
Requests: 1 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://ci-personal.com/
HTTP 302
https://ci-personal.com/home.php?page=hjeT4AZpORZpWVNN3Tb%2FDNvFRnys%2FrHZ3obA%2B9xyDTl8AALJ4CCHv3Qw... Page URL
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Page Statistics
21 Outgoing links
These are links going to different origins than the main page.
Title: Online Banking Login
Search URL Search Domain Scan URL
Title: Translate
Search URL Search Domain Scan URL
Title: Financial status
Search URL Search Domain Scan URL
Title: Transactions
Search URL Search Domain Scan URL
Title: Recipient data
Search URL Search Domain Scan URL
Title: Collective order templates
Search URL Search Domain Scan URL
Title: Direct debit
Search URL Search Domain Scan URL
Title: Standing order
Search URL Search Domain Scan URL
Title: Upload files
Search URL Search Domain Scan URL
Title: Outstanding orders
Search URL Search Domain Scan URL
Title: Transfer
Search URL Search Domain Scan URL
Title: Express Euro payment
Search URL Search Domain Scan URL
Title: International payment - Send money abroad
Search URL Search Domain Scan URL
Title: Change PIN
Search URL Search Domain Scan URL
Title: Change Password
Search URL Search Domain Scan URL
Title: Login Details
Search URL Search Domain Scan URL
Title: IBAN & BIC
Search URL Search Domain Scan URL
Title: Your details
Search URL Search Domain Scan URL
Title: Using cards abroad
Search URL Search Domain Scan URL
Title: Multi-banking settings
Search URL Search Domain Scan URL
Title: Mailbox
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://ci-personal.com/
HTTP 302
https://ci-personal.com/home.php?page=hjeT4AZpORZpWVNN3Tb%2FDNvFRnys%2FrHZ3obA%2B9xyDTl8AALJ4CCHv3Qw0VS0NeZ3GWc7r5Np8A%2BXETDI4QcqLqep77ja52jCWnVHY9yS2C9Kr%2B7qDvpUkTXZ4IbkaqWNnXfPlhCFAnhLpHmj4xZtaQ%3D%3D Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
31 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
home.php
ci-personal.com/ Redirect Chain
|
22 KB 23 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
internetfiliale.min.aeec56afd4b7104d19300e893384e93f.css
ci-personal.com/login/harry/ |
507 KB 507 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
internetfiliale.min.98630468a03ed305dde096af0888b296.js
ci-personal.com/login/harry/ |
345 KB 345 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
45af7dd434.js
use.fontawesome.com/ |
9 KB 4 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
desktop.png
ci-personal.com/login/logos/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mobile.png
ci-personal.com/login/logos/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
druck.png
ci-personal.com/login/logos/ |
315 B 315 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
element.js
translate.google.com/translate_a/ |
2 KB 1 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
5buc88634dsz.js
js.driftt.com/include/1595886000000/ |
243 KB 70 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
android_app_btn.png
mt11-html-images.s3.ap-south-1.amazonaws.com/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
img1.jpg
ci-personal.com/images/ |
46 KB 46 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
img2.jpg
ci-personal.com/images/ |
55 KB 55 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
img3.jpg
ci-personal.com/images/ |
79 KB 79 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
45af7dd434.css
use.fontawesome.com/ |
1 KB 686 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
pictos-if.woff
ci-personal.com/login/harry/internetfiliale/fonts/ |
96 KB 96 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Sparkasse_web_Rg.woff
ci-personal.com/login/harry/internetfiliale/fonts/ |
39 KB 39 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
translateelement.css
translate.googleapis.com/translate_static/css/ |
18 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.js
translate.googleapis.com/translate_static/js/element/ |
3 KB 2 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Sparkasse_web_Bd.woff
ci-personal.com/login/harry/internetfiliale/fonts/ |
39 KB 39 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
SparkasseHead_web_Rg.woff
ci-personal.com/login/harry/internetfiliale/fonts/ |
44 KB 44 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
home.jpg
ci-personal.com/images/ |
122 KB 122 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
element_main.js
translate.googleapis.com/element/TE_20200506_00/e/js/element/ |
238 KB 85 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
translate_24dp.png
www.gstatic.com/images/branding/product/1x/ |
825 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
googlelogo_color_42x16dp.png
www.gstatic.com/images/branding/googlelogo/1x/ |
910 B 999 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
translate_24dp.png
www.gstatic.com/images/branding/product/2x/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
l
translate.googleapis.com/translate_a/ Frame 34DF |
3 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
notification.d46d7db1.mp3
widget.driftqa.com/conductor/assets/media/ |
20 KB 21 KB |
Media
audio/mpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
font-awesome-css.min.css
use.fontawesome.com/releases/v4.7.0/css/ |
30 KB 8 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fontawesome-webfont.woff2
use.fontawesome.com/releases/v4.7.0/fonts/ |
75 KB 76 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
core
widget.drift.com/ Frame 66BF |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
chat
widget.drift.com/core/ Frame 78D6 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Sparkasse (Banking)52 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| drift undefined| driftt object| IF6 function| getQueryParamValue string| IF6_lightbox_closeicon_text function| overlayShow function| overlayClose function| setSessionTimeout function| focusBankingFormularElement function| SLURI function| moveBContent function| refreshServerTimeout function| showCountdownLayer function| refreshClientTimeout function| tick function| updateHeaderLoginIfPresent function| countdownShow function| callBreakHtml function| editTeaserRef function| pagenav_statistics_send function| pagenav_statistics function| pagenav_scroll function| pagenav_scroll_window function| $ function| jQuery object| FontAwesomeCdnConfig string| cssUrl object| IF function| googleTranslateElementInit2 object| google function| GTranslateFireEvent function| doGTranslate boolean| bcarouselAttached number| clientTimeoutInMinuten number| serverTimeoutInMinuten number| showLayerInSekunden number| timeoutID number| clientTimeout number| serverTimeout object| closure_lm_247897 object| 3eiXJRXgVuLsYGH9303q object| regeneratorRuntime object| __SENTRY__ object| _driftFrames object| __post_robot_10_0_16__ string| __DRIFT_ENV__ string| __DRIFT_BUILD_ID__ number| drift_page_view_started number| drift_session_started object| drift_event_listeners string| drift_session_id string| drift_campaign_refresh2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
ci-personal.com/ | Name: drift_campaign_refresh Value: 39590edb-7275-412b-86db-7391605d27b3 |
|
ci-personal.com/ | Name: PHPSESSID Value: i8r8jqeu9e9qjua4u66b8ui8n4 |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ci-personal.com
js.driftt.com
mt11-html-images.s3.ap-south-1.amazonaws.com
translate.google.com
translate.googleapis.com
use.fontawesome.com
widget.drift.com
widget.driftqa.com
www.gstatic.com
143.204.202.125
143.204.202.3
143.204.202.44
162.0.224.164
23.111.9.35
2a00:1450:4001:819::2003
2a00:1450:4001:81a::200e
2a00:1450:4001:824::200a
52.219.62.26
13b5eece5a7359f9c0de2b4b3c24eeed42fa547e5811238bc9434dcc975bb101
18b91aa55babf6a41b67ad376266712f9e07172f8ec8c6d06904f622f15527c9
1bb2279aed6bc1438d2b17a5ffcbac9d37864582aedeeec8d301eab162b2c213
20be9fea36163528b54df72eadd90c71dbd2b551565e820180ab2089d28d9c64
260508c63cf26dc77b1de1dda523fb50885c654a6ddfe1c5283fb2b9220cfef0
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2b57420bce3dcfb57e9c5a6572273fc94f5e2f4ceaa84ace19ed1d273612792d
4174af2a69329fd7bfbfb06dd5f2ea7b082b7d47ebb1bd6a36fe9035d2a41e92
4940e8e75d5155f1f2104c2b35028b099833d3377b9b1088fde0baf152a07628
4cad2065d66cb34046e52623efbc56752f2899a29a3362e7072894ff611bb9a2
5b9573e1023da775390e9284ec0eb1c606df9b468a28980055b4a6aa804f4350
5fe03bfd95a2d4e640ed7d04dcb08ef991c327a5ab6f6fdb9eb06e1efc76af30
6149f95c1ebdde5391898e22a79821a810336f6bd74318291b4f49f23fbf0fa8
6318394f737c66f0e2ccfcd88e3935c6667633a1b95fa29fba2b75431d55eef2
6e3c03aba65df1bfadce0b1c0b2abd079d62f9f15b9337f2f211a4839950e11c
88badc0afa60d79304198a1f2b26742b05f54101d19b88bc6d6df9f995956802
89df9172235ef1131c4678f4bf86aab70b42e540affd6e26051bc4f533d4f4e4
a9ad5dac2a400c1fb324e09df57325568e98772618ff818ca5344b171c834aa2
ad80ac33ed04b4e6d78167b4162ecd3d2e8c29d17b43eb3df1f35b216b2ac5c5
aebf0c5f89bbb2c254408908f266e56de01c111ab10cf9e032866f60c9b13b99
b1253baca7c49eed84e4237a2e2c6416272fd666654ad8720413c825c38fba2f
b90265de7130a52ea3ff9eb053a0f4247bfae61ea8f7ed222074f1a0388e449e
bcdbe394c66466641f45015dcadeea937e7ca53f43e92c20317257a99c9d7298
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
dc74b6a88268eba8852a6222e66665cb0032a932c4be01b5fcb9d3f0e0cab604
e3a096177fdb67dc609921050caec415a389d683674be529f2ba91f6e5514638
e4897bb8731b280f3244555a784fbc241c00bfcba73f76347c5f07ca9b851738
e4c969c5ea121274685ad67cdfaf7cbe5d06b648c11ecd12200f2103bec150ef
fdd26d0ff960cda5d9c170f1b0e4e9dd06c5813690b59c0e03ea7d7a9ac3d695