bnk1001sco34-al5e1dr3t.com
Open in
urlscan Pro
91.234.99.166
Malicious Activity!
Public Scan
Submission: On November 19 via automatic, source openphish
Summary
TLS certificate: Issued by cPanel, Inc. Certification Authority on November 17th 2018. Valid for: 3 months.
This is the only time bnk1001sco34-al5e1dr3t.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Scotiabank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
11 | 91.234.99.166 91.234.99.166 | 48666 (AS-MAROSN...) (AS-MAROSNET Moscow) | |
4 8 | 172.227.130.7 172.227.130.7 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
1 | 104.108.55.150 104.108.55.150 | 16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies) | |
1 | 2a00:1450:400... 2a00:1450:4001:80b::2003 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
2 | 104.108.33.247 104.108.33.247 | 16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies) | |
6 | 104.108.54.161 104.108.54.161 | 16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies) | |
1 2 | 172.82.234.180 172.82.234.180 | 15224 (OMNITURE) (OMNITURE - Adobe Systems Inc.) | |
26 | 8 |
ASN48666 (AS-MAROSNET Moscow, Russia, RU)
bnk1001sco34-al5e1dr3t.com |
ASN20940 (AKAMAI-ASN1, US)
PTR: a172-227-130-7.deploy.static.akamaitechnologies.com
www2.scotiaonline.scotiabank.com | |
www.scotiaonline.scotiabank.com |
ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a104-108-55-150.deploy.static.akamaitechnologies.com
apps.scotiabank.com |
ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a104-108-33-247.deploy.static.akamaitechnologies.com
service.maxymiser.net |
ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a104-108-54-161.deploy.static.akamaitechnologies.com
www.livehelp.scotiabank.com | |
www2.livehelp.scotiabank.com |
ASN15224 (OMNITURE - Adobe Systems Inc., US)
PTR: scotiabank.com.ssl.sc.omtrdc.net
somniture.scotiabank.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
17 |
scotiabank.com
5 redirects
www2.scotiaonline.scotiabank.com www.scotiaonline.scotiabank.com apps.scotiabank.com www.livehelp.scotiabank.com somniture.scotiabank.com www2.livehelp.scotiabank.com |
158 KB |
11 |
bnk1001sco34-al5e1dr3t.com
bnk1001sco34-al5e1dr3t.com |
1 MB |
2 |
maxymiser.net
service.maxymiser.net |
5 KB |
1 |
gstatic.com
fonts.gstatic.com |
16 KB |
26 | 4 |
Domain | Requested by | |
---|---|---|
11 | bnk1001sco34-al5e1dr3t.com |
bnk1001sco34-al5e1dr3t.com
|
5 | www2.livehelp.scotiabank.com |
www.scotiaonline.scotiabank.com
|
4 | www.scotiaonline.scotiabank.com |
bnk1001sco34-al5e1dr3t.com
|
4 | www2.scotiaonline.scotiabank.com | 4 redirects |
2 | somniture.scotiabank.com |
1 redirects
bnk1001sco34-al5e1dr3t.com
|
2 | service.maxymiser.net |
apps.scotiabank.com
|
1 | www.livehelp.scotiabank.com |
www.scotiaonline.scotiabank.com
|
1 | fonts.gstatic.com |
www.scotiaonline.scotiabank.com
|
1 | apps.scotiabank.com |
bnk1001sco34-al5e1dr3t.com
|
26 | 9 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
bnk1001sco34-al5e1dr3t.com cPanel, Inc. Certification Authority |
2018-11-17 - 2019-02-15 |
3 months | crt.sh |
www.scotiaonline.scotiabank.com Entrust Certification Authority - L1M |
2018-09-04 - 2020-09-04 |
2 years | crt.sh |
apps.scotiabank.com Entrust Certification Authority - L1K |
2018-08-15 - 2019-04-18 |
8 months | crt.sh |
*.google.com Google Internet Authority G3 |
2018-10-30 - 2019-01-22 |
3 months | crt.sh |
*.maxymiser.net DigiCert SHA2 Secure Server CA |
2018-02-14 - 2019-03-16 |
a year | crt.sh |
www.livehelp.scotiabank.com Entrust Certification Authority - L1K |
2018-10-09 - 2020-10-09 |
2 years | crt.sh |
somniture.scotiabank.com Entrust Certification Authority - L1K |
2018-07-18 - 2020-09-29 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
https://bnk1001sco34-al5e1dr3t.com/bnk2idsco273bi236ds2/confirm.html
Frame ID: A29D718FB8358E7EC8EFC038CE552956
Requests: 27 HTTP requests in this frame
Screenshot
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
RequireJS (JavaScript Frameworks) Expand
Detected patterns
- env /^requirejs$/i
HeadJS (JavaScript Libraries) Expand
Detected patterns
- env /^head$/i
Modernizr (JavaScript Libraries) Expand
Detected patterns
- env /^Modernizr$/i
Segment (Analytics) Expand
Detected patterns
- env /^analytics$/i
SiteCatalyst (Analytics) Expand
Detected patterns
- script /\/s[_-]code.*\.js/i
- env /^s_(?:account|objectID|code|INST)$/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery(?:\-|\.)([\d.]*\d)[^\/]*\.js/i
- script /jquery.*\.js/i
- env /^jQuery$/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 4- https://www2.scotiaonline.scotiabank.com/js/jquery/bns-jquery-1.4.2.js HTTP 302
- https://www.scotiaonline.scotiabank.com/js/jquery/bns-jquery-1.4.2.js
- https://www2.scotiaonline.scotiabank.com/js/s_code.js HTTP 302
- https://www.scotiaonline.scotiabank.com/js/s_code.js
- https://www2.scotiaonline.scotiabank.com/js/baseFramework_en.js HTTP 302
- https://www.scotiaonline.scotiabank.com/js/baseFramework_en.js
- https://www2.scotiaonline.scotiabank.com/js/jquery/c2c/c2c-loader.js HTTP 302
- https://www.scotiaonline.scotiabank.com/js/jquery/c2c/c2c-loader.js
- https://somniture.scotiabank.com/b/ss/scotiabanknewscotiaonlineprod,scotiabankglobal/1/H.26.2/s37600259329940?AQB=1&ndh=1&t=19%2F10%2F2018%203%3A21%3A9%201%200&fid=7D83E969A830CE46-2804FA1B964DD7C2&ce=UTF-8&ns=scotiabank&pageName=SO%3AUnknown&g=https%3A%2F%2Fbnk1001sco34-al5e1dr3t.com%2Fbnk2idsco273bi236ds2%2Fconfirm.html&ch=SO&c7=10%3A15PM&v7=10%3A15PM&c8=Sunday&v8=Sunday&c50=SO&v50=SO&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1 HTTP 302
- https://somniture.scotiabank.com/b/ss/scotiabanknewscotiaonlineprod,scotiabankglobal/1/H.26.2/s37600259329940?AQB=1&pccr=true&vidn=2DF9161285313956-6000010A6000D546&&ndh=1&t=19%2F10%2F2018%203%3A21%3A9%201%200&fid=7D83E969A830CE46-2804FA1B964DD7C2&ce=UTF-8&ns=scotiabank&pageName=SO%3AUnknown&g=https%3A%2F%2Fbnk1001sco34-al5e1dr3t.com%2Fbnk2idsco273bi236ds2%2Fconfirm.html&ch=SO&c7=10%3A15PM&v7=10%3A15PM&c8=Sunday&v8=Sunday&c50=SO&v50=SO&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1
26 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
confirm.html
bnk1001sco34-al5e1dr3t.com/bnk2idsco273bi236ds2/ |
17 KB 17 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
id
bnk1001sco34-al5e1dr3t.com/bnk2idsco273bi236ds2/confirm_files/ |
251 B 467 B |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
id_002
bnk1001sco34-al5e1dr3t.com/bnk2idsco273bi236ds2/confirm_files/ |
255 B 472 B |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
css.css
bnk1001sco34-al5e1dr3t.com/bnk2idsco273bi236ds2/confirm_files/ |
236 KB 236 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
scripts.js
bnk1001sco34-al5e1dr3t.com/bnk2idsco273bi236ds2/confirm_files/ |
779 KB 779 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bns-jquery-1.4.2.js
www.scotiaonline.scotiabank.com/js/jquery/ Redirect Chain
|
314 KB 96 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
s_code.js
www.scotiaonline.scotiabank.com/js/ Redirect Chain
|
47 KB 20 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
baseFramework_en.js
www.scotiaonline.scotiabank.com/js/ Redirect Chain
|
28 KB 7 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mmcore.js
apps.scotiabank.com/max/js/ |
12 KB 5 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
c2c-loader.js
www.scotiaonline.scotiabank.com/js/jquery/c2c/ Redirect Chain
|
4 KB 2 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
components.js
bnk1001sco34-al5e1dr3t.com/bnk2idsco273bi236ds2/confirm_files/ |
237 KB 237 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo.svg
bnk1001sco34-al5e1dr3t.com/bnk2idsco273bi236ds2/confirm_files/ |
12 KB 12 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
async.js
bnk1001sco34-al5e1dr3t.com/bnk2idsco273bi236ds2/confirm_files/ |
54 KB 54 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
translation.json
bnk1001sco34-al5e1dr3t.com/bnk2idsco273bi236ds2/locales/en-US/ |
368 B 568 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
translation.json
bnk1001sco34-al5e1dr3t.com/bnk2idsco273bi236ds2/locales/en/ |
365 B 565 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
MDadn8DQ_3oT6kvnUq_2r_esZW2xOQ-xsNqO47m55DA.woff2
fonts.gstatic.com/s/lato/v11/ |
16 KB 16 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mmcore_old.js
service.maxymiser.net/cdn/scotiabank/js/ |
12 KB 5 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
service.maxymiser.net/cg/v5us/ |
54 B 499 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
_data
bnk1001sco34-al5e1dr3t.com/_bm/ |
326 B 526 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
c2c-dcdef.js
www.livehelp.scotiabank.com/dcjs/ |
301 B 643 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
s37600259329940
somniture.scotiabank.com/b/ss/scotiabanknewscotiaonlineprod,scotiabankglobal/1/H.26.2/ Redirect Chain
|
43 B 678 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
219 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headersResponse headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
c2c-plugin.css
www2.livehelp.scotiabank.com/css/plugin/ |
693 B 694 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.cookie.js
www2.livehelp.scotiabank.com/js/base/ |
2 KB 1 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
c2c-cookie.js
www2.livehelp.scotiabank.com/js/base/ |
6 KB 2 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
c2c-pstmsg.js
www2.livehelp.scotiabank.com/js/base/ |
4 KB 2 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
c2c-plugin.v2.js
www2.livehelp.scotiabank.com/js/plugin/ |
77 KB 19 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Scotiabank (Banking)134 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| requirejs function| require function| define function| $ function| jQuery object| html5 object| Modernizr object| Foundation object| usedVer object| BnsTmxLoader object| BankingJS string| feature function| DP_jQuery_1542597669307 function| $j string| analytics string| analyticsInternalLinks boolean| analyticsEnabled function| moveFocus string| s_account object| s string| urlSite string| acctmatch function| s_getObjectID function| s_doPlugins string| s_code string| s_objectID function| s_gi function| s_giqf function| c_r function| c_rspers function| c_w string| s_an function| s_sp function| s_jn function| s_rep function| s_d function| s_fe function| s_fa function| s_ft object| s_c_il number| s_c_in number| s_giq function| solui function| _cmn_print_binder undefined| curtainControl function| toggleCurtain function| bindCurtainHandlers function| unBindCurtainHandlers function| setCurtainLaunchAnchorFocus function| setSearchFieldFocus function| openCurtain function| flipCurtain function| closeCurtain function| addCurtainClass function| removeCurtainClass function| countByCharacters function| validateServiceContainers function| _cmn_quick_menu_binder function| ExpandMenu function| ExpandMenuByKey function| closeMenuByKey function| LoseExpand function| _cmn_modal_accessibility_bind function| _cmn_calculator_bind function| resetCalculator object| solwa function| webAnalytics function| analyticsPageBypass string| disclaimer function| _fullDisclaimer string| intradayCalculation function| _intradayCalculation function| _previousclosedetails string| intradayCalculationSPCGIIA function| _intradayCalculationSPCGIIA string| intradayCalculationSMDI function| _intradayCalculationSMDI function| openThirdPartySite function| js_help_center_topquestions_forcategory function| goMessageCenter function| invokeApplication string| intradayCalculationSMI function| _intradayCalculationSMI function| _cmn_accounts_dropdown_binder function| _cmn_download_icon_binder function| ExpandDownload function| LoseDownload function| RemoveUnsupportedItems4Touch function| setDefaultHomeAcctDialog function| setAutoTab function| getUrlParamValue function| setInputDigitsOnly function| LaunchInfoAlertOverlay function| stopRKey string| scPrefix function| isMaxDigitsCardNum object| regCardNum function| isCardNum object| mmsystem object| mmcore object| mmRequestCallbacks object| BnsC2CLoader function| check object| _cf object| _ac object| cf string| _sd_trace object| dispInput object| dc object| gmar number| dsts object| gnov number| dste object| spr object| fl object| cd number| utc object| tz number| thisy number| thish number| thismin number| thisd number| s_semaphore object| s_i_0_scotiabank string| regProp string| dcIndJsURL object| head object| script object| cssLnk number| enumIndex object| jsList object| nextJs undefined| _BnsPostMessage object| BnsPostMessage0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
apps.scotiabank.com
bnk1001sco34-al5e1dr3t.com
fonts.gstatic.com
service.maxymiser.net
somniture.scotiabank.com
www.livehelp.scotiabank.com
www.scotiaonline.scotiabank.com
www2.livehelp.scotiabank.com
www2.scotiaonline.scotiabank.com
104.108.33.247
104.108.54.161
104.108.55.150
172.227.130.7
172.82.234.180
2a00:1450:4001:80b::2003
91.234.99.166
12eb4ce7c92b35a64659c0aaa13a38cedde52a6d1b7e42acd9f14f6b9c536d1f
1474ec7e472fa2d738c21fb9d88fa3d08d5a2d78781adba5744fc8f4c1eacf18
2b562d7dd5bc11d13de8007a1230cc479b4c19f1000e437521de554d9f85e0ae
3712c17c27414c5a3981a0c1946d831001f5ad4e45b62577c08928c37f6ec8d4
3a6528d79fad1c6d95597704e165c77f0e89f772249045e4a1ce7db49d4c22cc
3b5c26d17a0d333bf8c2b6c502bf23a8f1d4a308a9b327185461b5a215a97818
3ee06783e2b747ce9493c4bbe480d195380864e45f7e3d7877d6402a76b76192
481a7a946e17e4e1e7eb0d642e6315f0e8d85f8aa37ee965b41c29341c084df2
5aa6367c479c5b3ecdcce9de3589bbc9332a9dc0e235f69ebefc1e2269e04dca
64e3b238dda41f80bcf2d4eec558ea259093b2f4b381aee2dfd18782501450f1
751c701e559430e9cfd8d8fd7c33d8e7f8d5fef335d2d3f110bac38e88106309
7adfe31c84a2ccc357fa960addd3037cf79f17328719ca6351a39f1535c14978
7ffc3b03a66208e80b2b54e292fc56711a3cef954af398ff35abcadc4d259fc8
96917b8299eb47122073ff4ea320e04092a8f29620aff637b8ece49d7c33d30d
9fc1ebdd1d49741a4f0aeb25fafa46d73290cb1381aed455ff8d23b44570acc1
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a4fe358e369339f40c2dadae1f52e2be798060cc2c9ce318c89ce69e6446324f
a977e936f122dcb21d3c778c27773885627bb09b907c5942a50f85210bc72ebe
b0345514a496de4d48566a663f865db71cda059c7f855779230785d08e04deb6
b1b38e3dfbd776e583be8667c46e4a6a1afa21b0f8612670ba58c15001a7b019
b3c414806e659b347c31f9205558d257b959cb5a465ba7c83943a3a8ca6aa59f
c54ab51f01b9b490939b339d65d34601798c166a252628eefc9854ecffa31f5f
c648188e43c897b79c879f3748ee759b1f8b0d7a682aebaaa62ef2062e676b86
cdecae69c3c35ebd75b78d8b6e38d59fc17c790cdca29a6f5cbb87ec648125c3
dc79efce1015c63a6ba0db917a7f9c904bbab5803a77363248b6dfc6fbef1fa7
f176b48c4da7f64235edb03f4e0805abd751a34466e12ee7b1512f4c441b72bd
f469a7f7b1e882c7e0ae7a22340323a31cf3dba27c30e667a204f340e5fc4d0b