5.twizer.co
Open in
urlscan Pro
2606:4700:30::681b:8547
Malicious Activity!
Public Scan
Submission: On April 16 via manual from US
Summary
TLS certificate: Issued by CloudFlare Inc ECC CA-2 on February 18th 2019. Valid for: a year.
This is the only time 5.twizer.co was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Banking (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
3 | 2606:4700:30:... 2606:4700:30::681b:8547 | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
2 | 209.197.3.15 209.197.3.15 | 20446 (HIGHWINDS3) (HIGHWINDS3 - Highwinds Network Group) | |
1 | 193.105.145.148 193.105.145.148 | 56778 (PURETELEC...) (PURETELECOM-IE-NET) | |
2 | 95.100.68.182 95.100.68.182 | 16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies) | |
3 | 2a00:1450:400... 2a00:1450:4001:81a::2016 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
1 | 45.60.13.91 45.60.13.91 | 19551 (INCAPSULA) (INCAPSULA - Incapsula Inc) | |
1 | 104.111.226.20 104.111.226.20 | 16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies) | |
1 | 13.35.253.126 13.35.253.126 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
1 | 2a00:1450:400... 2a00:1450:4001:819::2001 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
1 | 2a02:fe80:101... 2a02:fe80:1010::4:7 | 30148 (SUCURI-SEC) (SUCURI-SEC - Sucuri) | |
1 2 | 172.227.85.94 172.227.85.94 | 16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies) | |
1 1 | 2606:4700:30:... 2606:4700:30::681c:1e32 | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
1 | 2606:4700:30:... 2606:4700:30::681c:1f32 | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
1 | 2606:4700:30:... 2606:4700:30::681b:bc49 | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
1 | 2606:4700:20:... 2606:4700:20::681a:9b8 | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
1 | 144.168.39.233 144.168.39.233 | 54540 (INCERO-HVVC) (INCERO-HVVC - HIVELOCITY) | |
1 | 192.0.77.2 192.0.77.2 | 2635 (AUTOMATTIC) (AUTOMATTIC - Automattic) | |
1 | 2a00:1450:400... 2a00:1450:4001:821::200e | () () | |
1 | 205.185.208.52 205.185.208.52 | 20446 (HIGHWINDS3) (HIGHWINDS3 - Highwinds Network Group) | |
1 | 2606:4700::68... 2606:4700::6813:c597 | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
25 | 19 |
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
5.twizer.co |
ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US)
PTR: vip0x00f.map2.ssl.hwcdn.net
stackpath.bootstrapcdn.com |
ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a95-100-68-182.deploy.static.akamaitechnologies.com
www.usbank.com |
ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a104-111-226-20.deploy.static.akamaitechnologies.com
usa.visa.com |
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-13-35-253-126.fra6.r.cloudfront.net
www.nerdwallet.com |
ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a172-227-85-94.deploy.static.akamaitechnologies.com
www.ocbc.com |
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
www.bhatt.id.au |
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
www.bhatt.id.au |
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
www.weusecoins.com |
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
www.affordablecebu.com |
ASN54540 (INCERO-HVVC - HIVELOCITY, Inc., US)
PTR: 144-168-39-233-customer-incero.com
www.knowzy.com |
ASN2635 (AUTOMATTIC - Automattic, Inc, US)
PTR: i1.wp.com
i2.wp.com |
ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US)
PTR: vip052.ssl.hwcdn.net
code.jquery.com |
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
cdnjs.cloudflare.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
3 |
ytimg.com
i.ytimg.com |
290 KB |
3 |
twizer.co
5.twizer.co |
25 KB |
2 |
bhatt.id.au
1 redirects
www.bhatt.id.au |
41 KB |
2 |
ocbc.com
1 redirects
www.ocbc.com |
68 KB |
2 |
usbank.com
www.usbank.com |
319 KB |
2 |
bootstrapcdn.com
stackpath.bootstrapcdn.com |
35 KB |
1 |
cloudflare.com
cdnjs.cloudflare.com |
7 KB |
1 |
jquery.com
code.jquery.com |
24 KB |
1 |
gstatic.com
encrypted-tbn0.gstatic.com |
6 KB |
1 |
wp.com
i2.wp.com |
8 KB |
1 |
knowzy.com
www.knowzy.com |
88 KB |
1 |
affordablecebu.com
www.affordablecebu.com |
70 KB |
1 |
weusecoins.com
www.weusecoins.com |
111 KB |
1 |
uquid.com
uquid.com |
49 KB |
1 |
blogspot.com
1.bp.blogspot.com |
31 KB |
1 |
nerdwallet.com
www.nerdwallet.com |
19 KB |
1 |
visa.com
usa.visa.com |
39 KB |
1 |
serve.com
www.serve.com |
41 KB |
1 |
ssl443.net
taxback-usa-atm-card-1.ssl443.net |
22 KB |
25 | 19 |
Domain | Requested by | |
---|---|---|
3 | i.ytimg.com |
5.twizer.co
|
3 | 5.twizer.co |
5.twizer.co
|
2 | www.bhatt.id.au |
1 redirects
5.twizer.co
|
2 | www.ocbc.com |
1 redirects
5.twizer.co
|
2 | www.usbank.com |
5.twizer.co
|
2 | stackpath.bootstrapcdn.com |
5.twizer.co
|
1 | cdnjs.cloudflare.com |
5.twizer.co
|
1 | code.jquery.com |
5.twizer.co
|
1 | encrypted-tbn0.gstatic.com |
5.twizer.co
|
1 | i2.wp.com |
5.twizer.co
|
1 | www.knowzy.com |
5.twizer.co
|
1 | www.affordablecebu.com |
5.twizer.co
|
1 | www.weusecoins.com |
5.twizer.co
|
1 | uquid.com |
5.twizer.co
|
1 | 1.bp.blogspot.com |
5.twizer.co
|
1 | www.nerdwallet.com |
5.twizer.co
|
1 | usa.visa.com |
5.twizer.co
|
1 | www.serve.com |
5.twizer.co
|
1 | taxback-usa-atm-card-1.ssl443.net |
5.twizer.co
|
25 | 19 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni.cloudflaressl.com CloudFlare Inc ECC CA-2 |
2019-02-18 - 2020-02-18 |
a year | crt.sh |
*.bootstrapcdn.com COMODO RSA Domain Validation Secure Server CA |
2018-10-03 - 2019-10-12 |
a year | crt.sh |
*.ssl443.net RapidSSL RSA CA 2018 |
2018-06-06 - 2019-06-20 |
a year | crt.sh |
www.usbank.com Entrust Certification Authority - L1M |
2017-08-01 - 2019-08-01 |
2 years | crt.sh |
edgestatic.com Google Internet Authority G3 |
2019-03-01 - 2019-05-24 |
3 months | crt.sh |
secure.serve.com Entrust Certification Authority - L1M |
2018-09-10 - 2020-09-10 |
2 years | crt.sh |
www.visa.com GeoTrust RSA CA 2018 |
2018-11-01 - 2020-01-31 |
a year | crt.sh |
*.nerdwallet.com Amazon |
2019-04-01 - 2020-05-01 |
a year | crt.sh |
*.googleusercontent.com Google Internet Authority G3 |
2019-03-01 - 2019-05-24 |
3 months | crt.sh |
*.uquid.com COMODO RSA Domain Validation Secure Server CA |
2018-01-05 - 2021-01-04 |
3 years | crt.sh |
www.ocbc.com DigiCert SHA2 Secure Server CA |
2019-01-09 - 2020-01-31 |
a year | crt.sh |
sni103599.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2 |
2019-04-03 - 2019-10-10 |
6 months | crt.sh |
affordablecebu.com CloudFlare Inc ECC CA-2 |
2019-03-30 - 2020-03-30 |
a year | crt.sh |
*.wp.com Go Daddy Secure Certificate Authority - G2 |
2018-04-10 - 2020-05-11 |
2 years | crt.sh |
*.google.com Google Internet Authority G3 |
2019-03-01 - 2019-05-24 |
3 months | crt.sh |
jquery.org COMODO RSA Domain Validation Secure Server CA |
2018-10-17 - 2020-10-16 |
2 years | crt.sh |
ssl412106.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2 |
2019-03-02 - 2019-09-08 |
6 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://5.twizer.co/no-atm-card.html
Frame ID: A585D71E002CAC7207859AC8EB276D72
Requests: 25 HTTP requests in this frame
Screenshot
Detected technologies
CloudFlare (CDN) ExpandDetected patterns
- headers server /cloudflare/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- env /^jQuery$/i
Twitter Bootstrap () Expand
Detected patterns
- html /<link[^>]+?href="[^"]+bootstrap(?:\.min)?\.css/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 10- https://www.ocbc.com/assets/images/uploads/Help%20and%20Support/card-replacement/old-atm-card.png HTTP 301
- https://www.ocbc.com/assets/images/uploads/help%20and%20support/card-replacement/old-atm-card.png
- http://www.bhatt.id.au/blogimg/citibank-visa-plus-debit-card.jpg HTTP 301
- https://www.bhatt.id.au/blogimg/citibank-visa-plus-debit-card.jpg
25 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
no-atm-card.html
5.twizer.co/ |
31 KB 7 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.css
stackpath.bootstrapcdn.com/bootstrap/4.1.3/css/ |
138 KB 21 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style.css
5.twizer.co/templates/3/ |
203 B 275 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
debit_card.jpg
taxback-usa-atm-card-1.ssl443.net/images/ssl443/ |
22 KB 22 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
debit-800x514-2px-outline.jpg
www.usbank.com/dam/images/pid7937/ |
89 KB 89 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
maxresdefault.jpg
i.ytimg.com/vi/T7-dcS9vTNU/ |
67 KB 67 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
SKU-3_Update_phones.jpg
www.serve.com/assets/img/customer/ |
40 KB 41 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
new-kroger-rewards-800x450.png
usa.visa.com/content/dam/VCOM/vca/revised_card_images/ |
38 KB 39 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Test-GettingCashATMWithoutACard_Final-770x336.png
www.nerdwallet.com/assets/blog/wp-content/uploads/2017/08/ |
18 KB 19 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
perfect%2Bmoney%2Batm%2Bcard1.jpg
1.bp.blogspot.com/-UGIBG0vTTtE/VWMRPmjYqBI/AAAAAAAAADE/iEJrQoYi6iY/s400/ |
31 KB 31 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
8.png
uquid.com/addons/shared_addons/themes/uquid/img/2016/bitcoin-debit-card/ |
49 KB 49 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
old-atm-card.png
www.ocbc.com/assets/images/uploads/help%20and%20support/card-replacement/ Redirect Chain
|
67 KB 67 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
citibank-visa-plus-debit-card.jpg
www.bhatt.id.au/blogimg/ Redirect Chain
|
40 KB 40 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
spectrocoin-debit-card.png
www.weusecoins.com/images/ |
110 KB 111 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
New_BDO_ATM_back.jpg
www.affordablecebu.com/pictures/articles/banking_4/ |
69 KB 70 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
maxresdefault.jpg
i.ytimg.com/vi/f0CEeGjROQ4/ |
185 KB 185 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ARCO_Debit_MasterCard-Receipt_Showing_Unactivated_Purchase-Activation_Confirmation_EMail-Orig.jpg
www.knowzy.com/Images/ |
88 KB 88 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
maxresdefault.jpg
i.ytimg.com/vi/-6UaB4lMD4w/ |
38 KB 38 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
1496360428187.png
www.usbank.com/bank-accounts/checking-accounts/debit-cards/_jcr_content/leftPar/containercomp/containercomp/textimage_1974858654_1320309054/image.img.png/ |
229 KB 230 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
schwab-e1435077460536.jpg
i2.wp.com/www.uscreditcardguide.com/wp-content/uploads/2014/10/ |
8 KB 8 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
images
encrypted-tbn0.gstatic.com/ |
6 KB 6 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
lock.png
5.twizer.co/assets/images/ |
18 KB 18 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-3.3.1.slim.min.js
code.jquery.com/ |
68 KB 24 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
popper.min.js
cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.3/umd/ |
20 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.js
stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/ |
50 KB 14 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Banking (Banking)7 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask function| $ function| jQuery function| Popper object| bootstrap1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.twizer.co/ | Name: __cfduid Value: d392185fddbe342d95b14631cc0960b201555449686 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
1.bp.blogspot.com
5.twizer.co
cdnjs.cloudflare.com
code.jquery.com
encrypted-tbn0.gstatic.com
i.ytimg.com
i2.wp.com
stackpath.bootstrapcdn.com
taxback-usa-atm-card-1.ssl443.net
uquid.com
usa.visa.com
www.affordablecebu.com
www.bhatt.id.au
www.knowzy.com
www.nerdwallet.com
www.ocbc.com
www.serve.com
www.usbank.com
www.weusecoins.com
104.111.226.20
13.35.253.126
144.168.39.233
172.227.85.94
192.0.77.2
193.105.145.148
205.185.208.52
209.197.3.15
2606:4700:20::681a:9b8
2606:4700:30::681b:8547
2606:4700:30::681b:bc49
2606:4700:30::681c:1e32
2606:4700:30::681c:1f32
2606:4700::6813:c597
2a00:1450:4001:819::2001
2a00:1450:4001:81a::2016
2a00:1450:4001:821::200e
2a02:fe80:1010::4:7
45.60.13.91
95.100.68.182
087f50849fdafacc4e07a040c91504c80bc259572ccf18b5aa295e0b4aa387aa
111ab2118eeac10488fc7571a2aca2242f088edc3de2e78b5d62d83fdea374bd
2c673053c5d632573d9ec21ec84537ab9b4686d816aa72336c4f37a4cfc06631
39f6e5beb679cde86f9be769cc17bea0f5c3cf49a41198bab1611855e9680e65
4b0224633817932e09f6502b2a45653be92f3fd925686ac2caeb13dbb149291e
525b919b55b89e589483ee1f375ed9f441fd122c7484dbc142548e1932f96135
5300550742c5850fcb90ac3fdcf39ffbffa31516b613ad8c25622256b685e1ee
56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4
590f387b0eb98f9507c0697fc62872b8f4047201e2daa1c4dd3169fdc5614d43
617f32fa644c530329738d4c17f64ca7deb827251ce9ca2b529a476d42a6aaad
64231c6f6bfca422503957bfbe192e109e1bd4224f6473fd1e59cc999cc510b8
6ad89c745186c7b235cbf25f833016066b5b78e49678506d5d03a5844af1f33a
6c744ee44735399281e20d6dbbe82d5664104d48a47aac1016792eb9f2118897
6e8aaee14e6817dbeb2d9de124830edf94b864cf6a80fd4fb07456526f4a8ba0
7425d5e516d348f364079c56b6757ebadc21a511fba89d94baf0207656063fbc
7928b5ab63c6e89ee0ee26f5ef201a58c72baf91abb688580a1aa26eb57b3c11
8f465da2b482953a1448b5e6b49ee1230b0c2b29495fae842c01c1f841bb8b6f
991f3bd0199d558e2f7b3ecc961ef0589d64ce9b141c753e5bc80e4514917ca7
9b9373b30576e4d9e813436eb154709a3597050dbe5c4014b553ce7b5c8e81be
9cc1868c9dc4dd4ba7e65a2705ee6eb417e93812031fe54157760934fdf7fbdc
a805ec40fbdc7d338e64b1d1863a332c09b20e297ccdd36f9b923405e5cd773a
cf0f2d89807fe9d478c5d9399fa3a5e9928d3b42eb7cfba831746f74289a0cbc
dde76b9b2b90d30eb97fc81f06caa8c338c97b688cea7d2729c88f529f32fbb1
e7eac0834ee5e4858a627d323927478261826ab2e96ece57e65ffeaa6703fb37
f7cbc01a310318defd4e31e4616543e2cf3baef5a47562c73ece4c0b716f157e