vitrofusionart.com.ar
Open in
urlscan Pro
69.12.91.67
Malicious Activity!
Public Scan
Effective URL: https://vitrofusionart.com.ar/.gf3/login/3/cox.full/Zo/stepCoxMail/log/sycho/?cmd=login_submit&id=ca00310671b3b6c0227994f49010...
Submission: On February 24 via manual from US
Summary
TLS certificate: Issued by cPanel, Inc. Certification Authority on January 20th 2019. Valid for: 3 months.
This is the only time vitrofusionart.com.ar was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Cox (Telecommunication)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 195.216.243.155 195.216.243.155 | 29226 (MASTERTEL...) (MASTERTEL-AS Moscow) | |
1 5 | 2a02:6b8::1:119 2a02:6b8::1:119 | 13238 (YANDEX) (YANDEX) | |
1 2 | 88.212.196.66 88.212.196.66 | 39134 (UNITEDNET) (UNITEDNET) | |
1 | 198.1.122.41 198.1.122.41 | 46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1 - Unified Layer) | |
1 | 138.201.50.137 138.201.50.137 | 24940 (HETZNER-AS) (HETZNER-AS) | |
1 | 151.101.122.2 151.101.122.2 | 54113 (FASTLY) (FASTLY - Fastly) | |
3 4 | 69.12.91.67 69.12.91.67 | 8100 (ASN-QUADR...) (ASN-QUADRANET-GLOBAL - QuadraNet Enterprises LLC) | |
13 | 54.230.202.180 54.230.202.180 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
2 | 54.230.202.112 54.230.202.112 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
1 | 65.98.66.50 65.98.66.50 | 25653 (FORTRESSITX) (FORTRESSITX - FortressITX) | |
1 | 66.117.23.121 66.117.23.121 | 15224 (OMNITURE) (OMNITURE - Adobe Systems Inc.) | |
27 | 11 |
ASN29226 (MASTERTEL-AS Moscow, Russia, RU)
PTR: s5.unet.com
u.to |
ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US)
PTR: mail.mpsinfotec.com
simranpandey.com |
ASN24940 (HETZNER-AS, DE)
PTR: static.137.50.201.138.clients.your-server.de
www13.0zz0.com |
ASN8100 (ASN-QUADRANET-GLOBAL - QuadraNet Enterprises LLC, US)
PTR: server108.verygoodserver.com
vitrofusionart.com.ar |
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-54-230-202-180.fra50.r.cloudfront.net
webcdn2.cox.com | |
webcdn3.cox.com |
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-54-230-202-112.fra50.r.cloudfront.net
webcdn.cox.com |
ASN25653 (FORTRESSITX - FortressITX, US)
static-segments.beringmedia.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
16 |
cox.com
webcdn2.cox.com webcdn3.cox.com webcdn.cox.com target.cox.com |
507 KB |
5 |
yandex.ru
1 redirects
mc.yandex.ru |
85 KB |
4 |
vitrofusionart.com.ar
3 redirects
vitrofusionart.com.ar |
3 KB |
2 |
yadro.ru
1 redirects
counter.yadro.ru |
918 B |
1 |
beringmedia.com
static-segments.beringmedia.com |
1 KB |
1 |
giphy.com
media.giphy.com |
37 KB |
1 |
0zz0.com
www13.0zz0.com |
6 KB |
1 |
simranpandey.com
simranpandey.com |
836 B |
1 |
u.to
u.to |
1016 B |
27 | 9 |
Domain | Requested by | |
---|---|---|
12 | webcdn2.cox.com |
vitrofusionart.com.ar
|
5 | mc.yandex.ru |
1 redirects
u.to
|
4 | vitrofusionart.com.ar | 3 redirects |
2 | webcdn.cox.com |
vitrofusionart.com.ar
|
2 | counter.yadro.ru | 1 redirects |
1 | target.cox.com |
webcdn.cox.com
|
1 | static-segments.beringmedia.com |
vitrofusionart.com.ar
|
1 | webcdn3.cox.com |
vitrofusionart.com.ar
|
1 | media.giphy.com |
simranpandey.com
|
1 | www13.0zz0.com |
simranpandey.com
|
1 | simranpandey.com |
u.to
|
1 | u.to | |
27 | 12 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.cox.com |
webmail.cox.net |
idm.east.cox.net |
Subject Issuer | Validity | Valid | |
---|---|---|---|
u.to COMODO RSA Domain Validation Secure Server CA |
2018-09-18 - 2019-09-18 |
a year | crt.sh |
bs.yandex.ru Yandex CA |
2018-10-03 - 2019-10-03 |
a year | crt.sh |
counter.yadro.ru COMODO ECC Domain Validation Secure Server CA |
2018-04-09 - 2020-04-08 |
2 years | crt.sh |
simranpandey.com cPanel, Inc. Certification Authority |
2018-12-18 - 2019-03-18 |
3 months | crt.sh |
f2.shared.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3 |
2019-02-20 - 2019-09-07 |
7 months | crt.sh |
vitrofusionart.com.ar cPanel, Inc. Certification Authority |
2019-01-20 - 2019-04-20 |
3 months | crt.sh |
webcdn.cox.com Entrust Certification Authority - L1K |
2019-01-10 - 2021-04-09 |
2 years | crt.sh |
*.beringmedia.com RapidSSL RSA CA 2018 |
2018-08-07 - 2019-10-06 |
a year | crt.sh |
target.cox.com Entrust Certification Authority - L1K |
2018-07-27 - 2020-10-26 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
https://vitrofusionart.com.ar/.gf3/login/3/cox.full/Zo/stepCoxMail/log/sycho/?cmd=login_submit&id=ca00310671b3b6c0227994f49010b1bbca00310671b3b6c0227994f49010b1bbca00310671b3b6c0227994f49010b1bbca00310671b3b6c0227994f49010b1bbca00310671b3b6c0227994f49010b1bb
Frame ID: A8FB8DD232F792881D953AB8B9F774E9
Requests: 27 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- https://u.to/wqfDFA Page URL
- https://simranpandey.com/.info/.ld/1/RD_COX.html Page URL
-
https://vitrofusionart.com.ar/.gf3/login/3/cox.full/Zo/stepCoxMail/
HTTP 302
https://vitrofusionart.com.ar/.gf3/login/3/cox.full/Zo/stepCoxMail/log/index.php HTTP 302
https://vitrofusionart.com.ar/.gf3/login/3/cox.full/Zo/stepCoxMail/log/sycho/index.php?cmd=login_submit&id... HTTP 301
https://vitrofusionart.com.ar/.gf3/login/3/cox.full/Zo/stepCoxMail/log/sycho/?cmd=login_submit&id=ca003106... Page URL
Detected technologies
Nginx (Web Servers) ExpandDetected patterns
- headers server /nginx(?:\/([\d.]+))?/i
Mustache (JavaScript Frameworks) Expand
Detected patterns
- env /^Mustache$/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery.*\.js/i
- env /^jQuery$/i
Page Statistics
10 Outgoing links
These are links going to different origins than the main page.
Title: Contact Us
Search URL Search Domain Scan URL
Title: Residential Homepage
Search URL Search Domain Scan URL
Title: Shop
Search URL Search Domain Scan URL
Title: My Account
Search URL Search Domain Scan URL
Title: Cox Email
Search URL Search Domain Scan URL
Title: Support
Search URL Search Domain Scan URL
Title: Forgot User ID?
Search URL Search Domain Scan URL
Title: Forgot Password?
Search URL Search Domain Scan URL
Title: No Account? Register Now!
Search URL Search Domain Scan URL
Title: Need Help Signing In?
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://u.to/wqfDFA Page URL
- https://simranpandey.com/.info/.ld/1/RD_COX.html Page URL
-
https://vitrofusionart.com.ar/.gf3/login/3/cox.full/Zo/stepCoxMail/
HTTP 302
https://vitrofusionart.com.ar/.gf3/login/3/cox.full/Zo/stepCoxMail/log/index.php HTTP 302
https://vitrofusionart.com.ar/.gf3/login/3/cox.full/Zo/stepCoxMail/log/sycho/index.php?cmd=login_submit&id=ca00310671b3b6c0227994f49010b1bbca00310671b3b6c0227994f49010b1bbca00310671b3b6c0227994f49010b1bbca00310671b3b6c0227994f49010b1bbca00310671b3b6c0227994f49010b1bb HTTP 301
https://vitrofusionart.com.ar/.gf3/login/3/cox.full/Zo/stepCoxMail/log/sycho/?cmd=login_submit&id=ca00310671b3b6c0227994f49010b1bbca00310671b3b6c0227994f49010b1bbca00310671b3b6c0227994f49010b1bbca00310671b3b6c0227994f49010b1bbca00310671b3b6c0227994f49010b1bb Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 2- https://counter.yadro.ru/hit;utostat?r;s1600*1200*24;uhttps%3A//u.to/wqfDFA;1551046107897 HTTP 302
- https://counter.yadro.ru/hit;utostat?q;r;s1600*1200*24;uhttps%3A//u.to/wqfDFA;1551046107897
- https://mc.yandex.ru/watch/51604940?wmode=7&page-url=https%3A%2F%2Fu.to%2FwqfDFA&charset=utf-8&browser-info=ti%3A10%3Ans%3A1551046107442%3As%3A1600x1200x24%3Ask%3A1%3Afpr%3A216613626101%3Acn%3A1%3Aw%3A1600x1200%3Ai%3A20190224220828%3Aet%3A1551046108%3Aen%3Autf-8%3Ac%3A1%3Ala%3Aen-us%3Apv%3A1%3Arn%3A510944770%3Ahid%3A617779153%3Ads%3A14%2C245%2C190%2C1%2C0%2C0%2C0%2C4%2C0%2C457%2C%2C%2C456%3Agdpr%3A14%3Av%3A1429%3Awv%3A2%3Ast%3A1551046108%3Au%3A1551046108815799602%3At%3ARedirecting HTTP 302
- https://mc.yandex.ru/watch/51604940/1?wmode=7&page-url=https%3A%2F%2Fu.to%2FwqfDFA&charset=utf-8&browser-info=ti%3A10%3Ans%3A1551046107442%3As%3A1600x1200x24%3Ask%3A1%3Afpr%3A216613626101%3Acn%3A1%3Aw%3A1600x1200%3Ai%3A20190224220828%3Aet%3A1551046108%3Aen%3Autf-8%3Ac%3A1%3Ala%3Aen-us%3Apv%3A1%3Arn%3A510944770%3Ahid%3A617779153%3Ads%3A14%2C245%2C190%2C1%2C0%2C0%2C0%2C4%2C0%2C457%2C%2C%2C456%3Agdpr%3A14%3Av%3A1429%3Awv%3A2%3Ast%3A1551046108%3Au%3A1551046108815799602%3At%3ARedirecting
27 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Cookie set
wqfDFA
u.to/ |
995 B 1016 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
tag.js
mc.yandex.ru/metrika/ |
318 KB 82 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
hit;utostat
counter.yadro.ru/ Redirect Chain
|
43 B 421 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
RD_COX.html
simranpandey.com/.info/.ld/1/ |
1008 B 836 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
1
mc.yandex.ru/watch/51604940/ Redirect Chain
|
0 -1 B |
XHR
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
advert.gif
mc.yandex.ru/metrika/ |
43 B 445 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
1
mc.yandex.ru/watch/51604940/ |
152 B 692 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
760280307.png
www13.0zz0.com/2019/02/22/05/ |
5 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
giphy.gif
media.giphy.com/media/xUPGciQ9ZEKWnEUXYI/ |
37 KB 37 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
/
vitrofusionart.com.ar/.gf3/login/3/cox.full/Zo/stepCoxMail/log/sycho/ Redirect Chain
|
10 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
presentation.css.jgz
webcdn2.cox.com/ui/presentation/tsw/css/ |
81 KB 19 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
all.css.jgz
webcdn2.cox.com/ui/5_0/tsw/css/ |
151 KB 34 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
residential.css.jgz
webcdn2.cox.com/ui/5_0/tsw/css/ |
20 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
rebrand.css.jgz
webcdn3.cox.com/ui/presentation/tsw/css/ |
0 584 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.js.jgz
webcdn2.cox.com/ui/5_0/tsw/js/ |
235 KB 85 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
lib.js.jgz
webcdn2.cox.com/ui/5_0/tsw/js/ |
369 KB 124 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cox.js.jgz
webcdn2.cox.com/ui/5_0/tsw/js/ |
211 KB 61 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
adobestack.js
webcdn.cox.com/content/dam/cox/apps/common/scripts/prod/ |
130 KB 44 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bmi.segments.js
static-segments.beringmedia.com/dfp/1/ |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
json
target.cox.com/m2/coxcommunications/mbox/ |
538 B 802 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cox_logo.png
webcdn2.cox.com/ui/presentation/tsw/img/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
general_login_hero.jpg
webcdn.cox.com/content/dam/cox/residential/images/general/ |
41 KB 42 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
OpenSans-Regular-webfont.woff
webcdn2.cox.com/ui/presentation/tsw/css/fonts/ |
22 KB 23 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
form-fields.png
webcdn2.cox.com/ui/5_0/tsw/img/global/ |
36 KB 37 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
loading-bluebg.gif
webcdn2.cox.com/ui/5_0/tsw/img/global/ |
3 KB 4 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
lock.png
webcdn2.cox.com/ui/5_0/tsw/img/global/icons/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
OpenSans-Semibold-webfont.woff
webcdn2.cox.com/ui/presentation/tsw/css/fonts/ |
24 KB 25 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Cox (Telecommunication)38 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask function| $ function| jQuery function| MarkerClusterer function| Cluster function| ClusterIcon object| Mailcheck object| jQuery111109098213530024095 object| localCookieStorage object| sessionCookieStorage object| cookieStorage function| webpackJsonpjwplayer function| jwplayer object| Mustache object| coxfw object| temp function| e object| visitor function| Visitor object| s_c_il number| s_c_in function| targetPageParamsAll object| adobe object| ___target_traces function| mboxCreate function| mboxDefine function| mboxUpdate object| bmi object| now number| year object| templateHelpers boolean| showOtherMonths boolean| enableButtonThrobber object| currentForm object| ttMETA function| ttMBX2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.vitrofusionart.com.ar/ | Name: mbox Value: session#3428a6c488d14cd8a9685bd51fe553ad#1551047976 |
|
.vitrofusionart.com.ar/ | Name: check Value: true |
115 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
counter.yadro.ru
mc.yandex.ru
media.giphy.com
simranpandey.com
static-segments.beringmedia.com
target.cox.com
u.to
vitrofusionart.com.ar
webcdn.cox.com
webcdn2.cox.com
webcdn3.cox.com
www13.0zz0.com
138.201.50.137
151.101.122.2
195.216.243.155
198.1.122.41
2a02:6b8::1:119
54.230.202.112
54.230.202.180
65.98.66.50
66.117.23.121
69.12.91.67
88.212.196.66
0590c0522f645b461f87ebfef5c2802929865595bba5bb5b857ff41ec0cb79b7
0bcff9c79b38becab79117a976e563986fa4f7cdeefb12b9e38b70c0cf8250be
177fa49e1b4c4c13e154d1e772020963b8559f71f2a177dea0de1a605535dc77
22e7a1b10c110072f5a0bfd16e2197a76b279ec879bcce8978fada1dc9ee5d40
2fe8c2b4fed251b1c1a7043632725d317e2a465363d1ecb09d1d68a9987b7f41
302ab22765954e7f571d953e234af6d149fba4d8d3befae348eeb00348d949ec
3b1fb860b6d5b264c976809fdf3647ab08fec3f90bedc5078032714307b378d3
4cf0220445aef0676a2558c88e2f6c689af0df434680d506408f461e42a7cef7
5f632169d9c8fe955fca916748d4f9206815a0196a0c4f954eaa9fa8c4f0e726
62d2d7724aac0d9d97492320c5ea8707f9532f78c17acfb7d690fd76ce119704
8b154bc50d5bac034e7d805645580b9531ba916f9f0fbdeb21962fb810798aab
95443b77d7e09fd5bfdbdd9c04d4a88c38ae42e9d020513fc2581c16c152fd94
b6da7801e7fa04e4e3cefdc57bcfd88fe9e6c3d1573225df13521c57c0bbeb63
cb3cd619e56a7b12cba0f5e98ae57ce8ce87f4c9fbe30fe190bd59520209331f
cca13a043d768c596be1f3e6410e2fc05872542c9cdca6485d19584b2a0aae1c
d088ca48a987af6cf468f6a183b39babdeb1282cc84784c08bb8514d836127ed
d1d05e599f94582eb6c8d853fc2e93118ae92f919a0df5c88b320e16e7b6ec9f
d60826499153bf6fcb4e8a8809d3b10d737cf4990ee4a0c8d796af7d5c0a9175
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eca4508ac349c1431be2a8409f816b2dfc13418f38ffc8fffaa97170a929b07f
ecebe9478a91a7e43c7b682c87e4bfb352241090c13a0e21c046b8e1cba10565