ir-capitalone.gcs-web.com
Open in
urlscan Pro
2a02:26f0:3500:891::2b39
Malicious Activity!
Public Scan
Effective URL: https://ir-capitalone.gcs-web.com/investor-relations-1?c=70667&p=irol-irhome
Submission: On August 14 via manual from US — Scanned from DE
Summary
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on March 17th 2023. Valid for: a year.
This is the only time ir-capitalone.gcs-web.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: CapitalOne (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 2a02:26f0:350... 2a02:26f0:3500:12::1730:1797 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
1 11 | 2a02:26f0:350... 2a02:26f0:3500:891::2b39 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
2 | 104.126.37.137 104.126.37.137 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
2 | 2a02:26f0:350... 2a02:26f0:3500:587::1e80 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
1 | 52.208.175.244 52.208.175.244 | 16509 (AMAZON-02) (AMAZON-02) | |
8 | 151.101.130.137 151.101.130.137 | 54113 (FASTLY) (FASTLY) | |
1 | 162.247.243.29 162.247.243.29 | 54113 (FASTLY) (FASTLY) | |
1 | 63.140.62.164 63.140.62.164 | 16509 (AMAZON-02) (AMAZON-02) | |
25 | 8 |
ASN20940 (AKAMAI-ASN1, NL)
phx.corporate-ir.net |
ASN20940 (AKAMAI-ASN1, NL)
ir-capitalone.gcs-web.com |
ASN20940 (AKAMAI-ASN1, NL)
PTR: a104-126-37-137.deploy.static.akamaitechnologies.com
ecm.capitalone.com |
ASN20940 (AKAMAI-ASN1, NL)
assets.adobedtm.com |
ASN16509 (AMAZON-02, US)
PTR: ec2-52-208-175-244.eu-west-1.compute.amazonaws.com
dpm.demdex.net |
ASN16509 (AMAZON-02, US)
PTR: ip-63-140-62-164.data.adobedc.net
thomsonreuterscorporategroupweb.sc.omtrdc.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
11 |
gcs-web.com
1 redirects
ir-capitalone.gcs-web.com |
2 MB |
8 |
newrelic.com
js-agent.newrelic.com — Cisco Umbrella Rank: 475 |
26 KB |
2 |
adobedtm.com
assets.adobedtm.com — Cisco Umbrella Rank: 429 |
63 KB |
2 |
capitalone.com
ecm.capitalone.com — Cisco Umbrella Rank: 12593 |
9 KB |
1 |
omtrdc.net
thomsonreuterscorporategroupweb.sc.omtrdc.net — Cisco Umbrella Rank: 35460 |
344 B |
1 |
nr-data.net
bam.nr-data.net — Cisco Umbrella Rank: 295 |
415 B |
1 |
demdex.net
dpm.demdex.net — Cisco Umbrella Rank: 212 |
840 B |
1 |
corporate-ir.net
1 redirects
phx.corporate-ir.net — Cisco Umbrella Rank: 493314 |
360 B |
25 | 8 |
Domain | Requested by | |
---|---|---|
11 | ir-capitalone.gcs-web.com |
1 redirects
ir-capitalone.gcs-web.com
|
8 | js-agent.newrelic.com |
ir-capitalone.gcs-web.com
|
2 | assets.adobedtm.com |
ir-capitalone.gcs-web.com
assets.adobedtm.com |
2 | ecm.capitalone.com |
ir-capitalone.gcs-web.com
|
1 | thomsonreuterscorporategroupweb.sc.omtrdc.net | |
1 | bam.nr-data.net |
js-agent.newrelic.com
|
1 | dpm.demdex.net |
assets.adobedtm.com
|
1 | phx.corporate-ir.net | 1 redirects |
25 | 8 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.capitalone.com |
urldefense.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.gcs-web.com DigiCert TLS RSA SHA256 2020 CA1 |
2023-03-17 - 2024-03-16 |
a year | crt.sh |
ecm.capitalone.com DigiCert EV RSA CA G2 |
2023-06-23 - 2024-06-25 |
a year | crt.sh |
assets.adobedtm.com DigiCert Global G2 TLS RSA SHA256 2020 CA1 |
2023-07-11 - 2024-08-10 |
a year | crt.sh |
*.demdex.com DigiCert TLS RSA SHA256 2020 CA1 |
2022-09-26 - 2023-10-27 |
a year | crt.sh |
js-agent.newrelic.com GlobalSign Atlas R3 DV TLS CA 2023 Q2 |
2023-04-13 - 2024-05-14 |
a year | crt.sh |
*.nr-data.net DigiCert TLS RSA SHA256 2020 CA1 |
2022-11-18 - 2023-12-19 |
a year | crt.sh |
*.sc.omtrdc.net DigiCert TLS RSA SHA256 2020 CA1 |
2023-02-10 - 2024-03-08 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://ir-capitalone.gcs-web.com/investor-relations-1?c=70667&p=irol-irhome
Frame ID: 48BD86CB0F375B9B849D873F0FD8983D
Requests: 28 HTTP requests in this frame
Screenshot
Page Title
Access denied | Capital One Financial Corp.Page URL History Show full URLs
-
http://phx.corporate-ir.net/phoenix.zhtml?c=70667&p=irol-irhome
HTTP 301
https://ir-capitalone.gcs-web.com/phoenix.zhtml?c=70667&p=irol-irhome HTTP 301
https://ir-capitalone.gcs-web.com/investor-relations-1?c=70667&p=irol-irhome Page URL
Detected technologies
Akamai Bot Manager (Security) ExpandDetected patterns
Modernizr (JavaScript Libraries) Expand
Detected patterns
- ([\d.]+)?/modernizr(?:\.([\d.]+))?.*\.js
Page Statistics
7 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Title: FDIC insurance coverage
Search URL Search Domain Scan URL
Title: Privacy
Search URL Search Domain Scan URL
Title: Security
Search URL Search Domain Scan URL
Title: AdChoices
Search URL Search Domain Scan URL
Title: Terms & Conditions
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://phx.corporate-ir.net/phoenix.zhtml?c=70667&p=irol-irhome
HTTP 301
https://ir-capitalone.gcs-web.com/phoenix.zhtml?c=70667&p=irol-irhome HTTP 301
https://ir-capitalone.gcs-web.com/investor-relations-1?c=70667&p=irol-irhome Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
25 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
investor-relations-1
ir-capitalone.gcs-web.com/ Redirect Chain
|
50 KB 52 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
css_0s-siym85TpwQPrieIFdg2tZ9OBnCaXXv3g7Yg5yZDk.css
ir-capitalone.gcs-web.com/sites/g/files/knoqqb59081/files/css/ |
44 KB 8 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
css_Bq7u-cCz8DDA1Jmh1f5qOZ_eW7EK5Wa6iKyfwhfG-Ds.css
ir-capitalone.gcs-web.com/sites/g/files/knoqqb59081/files/css/ |
2 MB 807 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
css_k9eS-KXgLPau33o6prciNJGJqMHVldS8L_MI-oDtX74.css
ir-capitalone.gcs-web.com/sites/g/files/knoqqb59081/files/css/ |
348 B 775 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
js_-obZvqtqO2lRvZEZq_RZhbVtAIAOAnR9t09ZSoFsa-M.js
ir-capitalone.gcs-web.com/sites/g/files/knoqqb59081/files/js/ |
309 B 806 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
modernizr.min.js
ir-capitalone.gcs-web.com/core/assets/vendor/modernizr/ |
7 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
modernizr-additional-tests.js
ir-capitalone.gcs-web.com/core/misc/ |
2 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
capital-one1.png
ir-capitalone.gcs-web.com/sites/g/files/knoqqb59081/themes/site/nir_pid3354/dist/images/ |
8 KB 9 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
equalhousing_desktoptablet_logo.jpg
ecm.capitalone.com/WCM/navigation/assets/ |
1 KB 1 KB |
Image
image/avif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
js_BBJgEqvimnC8dmEfvEfY6THRPuyVb3cops2qL-UMhFU.js
ir-capitalone.gcs-web.com/sites/g/files/knoqqb59081/files/js/ |
1 MB 268 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
launch-5ef258dce664.min.js
assets.adobedtm.com/898335afd880/c52ee8aa1e90/ |
163 KB 50 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main-investor-relations-hero.jpg
ir-capitalone.gcs-web.com/sites/g/files/knoqqb59081/themes/site/nir_pid3354/dist/images/ |
409 KB 410 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
657 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fdic-alt.png
ecm.capitalone.com/WCM/navigation/assets/ |
7 KB 7 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
28 KB 28 KB |
Font
application/x-font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
28 KB 28 KB |
Font
application/x-font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
id
dpm.demdex.net/ |
185 B 840 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
EX9f1ce69e4b404891b885911666e7b92a-libraryCode_source.min.js
assets.adobedtm.com/898335afd880/c52ee8aa1e90/a9a9246fcf93/ |
36 KB 13 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
async-api.e9f77430-1.237.1.min.js
js-agent.newrelic.com/ |
3 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
860.95a91211-1.237.1.min.js
js-agent.newrelic.com/ |
14 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
session-manager.d080e4cc-1.237.1.min.js
js-agent.newrelic.com/ |
1 KB 913 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
lazy-feature-loader.c1052c27-1.237.1.min.js
js-agent.newrelic.com/ |
1 KB 867 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
646.9e7a6b8d-1.237.1.min.js
js-agent.newrelic.com/ |
8 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
page_view_event-aggregate.4988d952-1.237.1.min.js
js-agent.newrelic.com/ |
11 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
page_view_timing-aggregate.7b2a53ee-1.237.1.min.js
js-agent.newrelic.com/ |
15 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
metrics-aggregate.b86cefcf-1.237.1.min.js
js-agent.newrelic.com/ |
9 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
761e715901
bam.nr-data.net/1/ |
40 B 415 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
s89258816144049
thomsonreuterscorporategroupweb.sc.omtrdc.net/b/ss/trcgclientweb1033,trcgclientwebglobal/1/JS-2.22.0-LCXS/ |
43 B 344 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: CapitalOne (Financial)59 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| NREUM object| webpackChunkNRBA object| newrelic object| NRBA object| Modernizr string| s_CCSWebHostingAccount function| once function| _toConsumableArray function| _nonIterableSpread function| _unsupportedIterableToArray function| _iterableToArray function| _arrayWithoutHoles function| _arrayLikeToArray undefined| year undefined| years undefined| $newYearContainer undefined| $stressTestYear undefined| yearsLength undefined| Accordion undefined| chart undefined| options undefined| rawData object| stockChartDataPointsObject object| monthNames function| initChart function| setRawData function| updateChartLabels function| buildStockChart function| drawChart function| handleClick undefined| $ function| jQuery function| ES6Promise function| _ object| Backbone object| drupalSettings object| Drupal object| tabbable function| DataTable function| loadjs function| Cookies object| _satellite boolean| __satelliteLoaded object| adobe function| Visitor object| s_c_il number| s_c_in object| dataLayer number| _dataLayerOverwriteMonitor function| AppMeasurement_Module_ActivityMap function| AppMeasurement function| s_gi function| s_pgicq object| internals boolean| isInternal object| s number| s_objectID number| s_giq object| s_i_trcgclientweb1033_trcgclientwebglobal7 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
ir-capitalone.gcs-web.com/ | Name: DrupalVisitorMobile Value: 0 |
|
.gcs-web.com/ | Name: ak_bmsc Value: 3D1102AE7AC16D33EBDBFC2667D1EFA5~000000000000000000000000000000~YAAQk6EkF+eItfOJAQAAWcxn9BRjDHkoaesZXsN8uXpyTRnGFRqcld847nI7W5eXXCc6MrTszDxLMJvSXAWn/7wjnkuvfsOehLkbw6YB/RszEc7ic5u8LVpkWfhVrHgVTQKJcuqkZzI6lYg03Pbj1s24QB99kQ2twV0MfJqiLJmU0lqN0NXQVtc7eru+eDXRtUFdLQf65XGVjbxlay4GMFd9VKAC+hbwUCB1QxDGgaYw6WUXgEWxDrC/Y5d+J1OUHJvBwsw9w21tiHl4WBF2t+C152NrnnS9zTtxJak6OkLiwve0hS8+dcE70K19YktogDg9q01kPaiJU4LV/4wRJiqmb0HFbsL77069aB1wx5lI0qaE6TI0v7YCpxRM44/tBlo5P5Sh9i8= |
|
.gcs-web.com/ | Name: bm_mi Value: 748B27B419F4F7F7411FE3F85DAE5C97~YAAQk6EkF+uItfOJAQAAcc1n9BQhFwH+00qw52PLrIljNgLR1Rzo0GRnZMxHcq+zOyYT3sOLQbcXEk4vAAYRw07w84g7htggTCpzZXH5Ci6x7Y4EOm0fqHot5aYZC4FxVkDu9rYtidVO3xXY8Kl7g8UaK+rGGoBVEvuMzReShlp7KT0/rgKP5oPgbGUobBDiI9gOWrKQC5jtoqis5zxOXWyW/7WzHn88IdXlatxIznm4DzD8DISH1TVcHVMoS3WWtWIECtPEFnBLqaaByNF+Go/uwIhRWPH2o9jmf58aYGePH91YKt0KgD6g4QBsBJwDQGAOXIihzsmv6s3ulJcp1vK+5Q==~1 |
|
.gcs-web.com/ | Name: bm_sv Value: C41836348F4B57CCF845DD09B363EB8B~YAAQk6EkF+yItfOJAQAAcc1n9BRJ9Ao9WUptf/OT/rn8Q7XqUX4+sYyBpazvJ/+MlDAMlRfikCe13T10d4tIaQShmT19DEh0XxTiffxEXe/AABgRph7eusBspWXS4EkHBQnrWtaBXEbSZvdcyQyzuz33DahZHu48Gd+4k4Dff0PeRY3FpIuryff1pe3j0rpSD8Xl2jwfXgWRhkgarEb2zLt9uIbgPNkT31OvLW++uL/gGTEzTvbcCjTk+qUIQ4+kXg==~1 |
|
.gcs-web.com/ | Name: AMCVS_98CF678254E93B1B0A4C98A5%40AdobeOrg Value: 1 |
|
.gcs-web.com/ | Name: AMCV_98CF678254E93B1B0A4C98A5%40AdobeOrg Value: 179643557%7CMCMID%7C17865981378800592530725688023059001260%7CMCAAMLH-1692627391%7C6%7CMCAAMB-1692627391%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1692029791s%7CNONE%7CvVersion%7C5.5.0 |
|
.gcs-web.com/ | Name: s_cc Value: true |
6 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=31536000 |
X-Content-Type-Options | nosniff |
X-Frame-Options | SAMEORIGIN |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
assets.adobedtm.com
bam.nr-data.net
dpm.demdex.net
ecm.capitalone.com
ir-capitalone.gcs-web.com
js-agent.newrelic.com
phx.corporate-ir.net
thomsonreuterscorporategroupweb.sc.omtrdc.net
104.126.37.137
151.101.130.137
162.247.243.29
2a02:26f0:3500:12::1730:1797
2a02:26f0:3500:587::1e80
2a02:26f0:3500:891::2b39
52.208.175.244
63.140.62.164
04126012abe29a70bc76611fbc47d8e931d13eec956f7728a6cdaa2fe50c8455
06aeeef9c0b3f030c0d499a1d5fe6a399fde5bb10ae566ba88ac9fc217c6f83b
141c410edab90686e098d4a827e8b79d8c8e295694508ddb4e3003f955127b65
1e398d7e1be8e034e06112d41c1ddf1ec9881665fe923c28f7c2037dc35449e1
370a9e517ef0694db38a18b53a46711e1461912f0074f024db5373ff946fc894
3777c25911c0259e059287354a170a0046dabc074b075d6e5ff47045f7a51492
3ef4a115e5fb632b3c1e7dd22ab9796e5e4e90e3b1f5bec60e59a6e4ec36b1b7
47636e1d1dd82231c1d34850dc1b822c5a10d55aa78cc32f8563a5ff7d858a95
755c677f0133eb8a3d333e210e29dd53d9bc78c3393f255bded13ce3bc9287ba
7662a5a8640648c39b824f101e232d34b73499503492d05394988f00ab79f1b4
7ae0febbc5d239f3c885f17e8d5e08be07d99ce0df6bff94618a64ef0cc32232
8f51d7bb4a7314fbd42bd5a2cec23adcfd23441c6539c3437cac22bc10c285a5
939fe220ac3999512e38ecd5397d7334210c1568e7aec55eb6c6f4d1316c8353
93d792f8a5e02cf6aedf7a3aa6b722349189a8c1d595d4bc2ff308fa80ed5fbe
a1c8bf8b428570336332bf63dd4efaf9e41b95dd4d83e324592d87d3042f747e
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
af52a692b16873ad724fd976b4481f16a5751b4802e1aed10269739716bcef22
c0aee72df00de1dcfe4d631dd2a72979cee0e756ef7e243b2799856582c44557
c902ff18c7858648be03999d4022c40d66ad694ae218ea4b1558e74703b854a5
d2cfac8b29bce53a7040fae278815d836b59f4e06709a5d7bf783b620e726439
d5df7d057187eebb8ef5e502c280ab83081df5c0d5b21e4c17e96270f8e54260
de72c7056110de6c12aefd6fedb26a0e323d4cfab62d84c64db52e168af372e5
e0fd2be510f130f4e70f20cadf4cec78f8eec7127985442f64313c507b7b7278
e611be03008b9d9bd3fd194d8373606d265ad4a29bb31ee07767d3b763afc764
ed59ee4d04819c48c1bb60b3ef6928c621cd5cd86d7103957de3eebba9910b0d
f2d45bebe310e6913fb1846dd661fc9fad22185c8b06e499feae67726fc5ab17
fa86d9beab6a3b6951bd9119abf45985b56d00800e02747db74f594a816c6be3
fad844f34c43dc5f1c63b320533cdc58aa39c8c293dc75d0a9129cab340256bd