www.hotbits.biz
Open in
urlscan Pro
108.167.172.194
Malicious Activity!
Public Scan
Submission: On March 18 via automatic, source openphish — Scanned from DE
Summary
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on July 19th 2023. Valid for: a year.
This is the only time www.hotbits.biz was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: ANZ Bank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
9 | 108.167.172.194 108.167.172.194 | 19871 (NETWORK-S...) (NETWORK-SOLUTIONS-HOSTING) | |
22 | 45.60.124.46 45.60.124.46 | 19551 (INCAPSULA) (INCAPSULA) | |
31 | 2 |
ASN19871 (NETWORK-SOLUTIONS-HOSTING, US)
PTR: mail.crystalcoastexteriors.com
www.hotbits.biz |
Apex Domain Subdomains |
Transfer | |
---|---|---|
22 |
anz.com
apib1.anz.com |
52 KB |
9 |
hotbits.biz
www.hotbits.biz |
16 KB |
31 | 2 |
Domain | Requested by | |
---|---|---|
22 | apib1.anz.com |
www.hotbits.biz
apib1.anz.com |
9 | www.hotbits.biz |
www.hotbits.biz
|
31 | 2 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.anz.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
hotbits.biz Sectigo RSA Domain Validation Secure Server CA |
2023-07-19 - 2024-07-18 |
a year | crt.sh |
apib1.anz.com DigiCert EV RSA CA G2 |
2023-04-03 - 2024-04-01 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
https://www.hotbits.biz/esteticaser.com/cgi-bin/questions.html
Frame ID: 650EC6BB31494F015FFD6C16D6B57885
Requests: 30 HTTP requests in this frame
Frame:
https://www.hotbits.biz/esteticaser.com/cgi-bin/_blank.htm
Frame ID: A21E974376B996A148243B243E19FB93
Requests: 1 HTTP requests in this frame
Screenshot
Page Title
ANZ Internet BankingDetected technologies
Microsoft ASP.NET (Web Frameworks) ExpandDetected patterns
- <input[^>]+name="__VIEWSTATE
Page Statistics
6 Outgoing links
These are links going to different origins than the main page.
Title: Help
Search URL Search Domain Scan URL
Title: FAQ
Search URL Search Domain Scan URL
Title: Contact Us
Search URL Search Domain Scan URL
Title: Security and Privacy Statement
Search URL Search Domain Scan URL
Title: Website Terms of Use
Search URL Search Domain Scan URL
Title: Terms and Conditions
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
31 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
questions.html
www.hotbits.biz/esteticaser.com/cgi-bin/ |
38 KB 11 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ANZBEAMNetIB.css
apib1.anz.com/apinetbank/ |
43 KB 8 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
AjaxHandlerV510.js
apib1.anz.com/apinetbank/Ajax/JavaScript/ |
5 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
AjaxBusinessRulesV510.js
apib1.anz.com/apinetbank/Ajax/JavaScript/ |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ProgressBarV510.js
apib1.anz.com/apinetbank/controls/ANZ/JavaScript/ |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
favoritesV510.js
apib1.anz.com/apinetbank/controls/ANZ/JavaScript/ |
868 B 899 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
FunctionsInetV510.js
apib1.anz.com/apinetbank/JavaScript/ |
26 KB 9 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ClientSideEventsV510.js
apib1.anz.com/apinetbank/JavaScript/ |
21 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
WebResource.axd
apib1.anz.com/apinetbank/apinetbank/ |
23 KB 7 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
WebResource.axd
apib1.anz.com/apinetbank/apinetbank/ |
3 KB 2 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ANZFJ_Logo.gif
apib1.anz.com/apinetbank/controls/ANZ/Images/Header/ |
3 KB 3 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ANZ_Tab_Spacer_2.gif
apib1.anz.com/apinetbank/controls/ANZ/Images/Header/ |
67 B 487 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ANZ_BG_Menu_Side_End.gif
apib1.anz.com/apinetbank/controls/ANZ/Images/Content/ |
2 KB 2 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ANZ_Menu_Spacer_2.gif
apib1.anz.com/apinetbank/controls/ANZ/Images/Content/ |
51 B 470 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ANZ_Menu_Spacer_1.gif
apib1.anz.com/apinetbank/controls/ANZ/Images/Content/ |
274 B 695 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
progressbar_0.gif
www.hotbits.biz/esteticaser.com/cgi-bin/controls/ANZ/Images/ProgressBar/ |
746 B 746 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
progressbar_1.gif
www.hotbits.biz/esteticaser.com/cgi-bin/controls/ANZ/Images/ProgressBar/ |
746 B 746 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
progressbar_2.gif
www.hotbits.biz/esteticaser.com/cgi-bin/controls/ANZ/Images/ProgressBar/ |
746 B 746 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
progressbar_3.gif
www.hotbits.biz/esteticaser.com/cgi-bin/controls/ANZ/Images/ProgressBar/ |
746 B 746 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
progressbar_4.gif
www.hotbits.biz/esteticaser.com/cgi-bin/controls/ANZ/Images/ProgressBar/ |
746 B 746 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
progressbar_5.gif
www.hotbits.biz/esteticaser.com/cgi-bin/controls/ANZ/Images/ProgressBar/ |
746 B 746 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
progressbar_6.gif
www.hotbits.biz/esteticaser.com/cgi-bin/controls/ANZ/Images/ProgressBar/ |
746 B 746 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ANZ_Tab_Over.gif
apib1.anz.com/apinetbank/controls/ANZ/Images/Header/ |
388 B 793 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ANZ_Tab_Out.gif
apib1.anz.com/apinetbank/controls/ANZ/Images/Header/ |
1 KB 1 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ANZ_Tab_Selected.gif
apib1.anz.com/apinetbank/controls/ANZ/Images/Header/ |
397 B 777 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ANZ_Menu_Spacer_1.gif
apib1.anz.com/apinetbank/controls/ANZ/Images/Content/ |
274 B 644 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ANZ_BG_Menu_Side_End.gif
apib1.anz.com/apinetbank/controls/ANZ/Images/Content/ |
2 KB 2 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
_blank.htm
www.hotbits.biz/esteticaser.com/cgi-bin/ Frame A21E |
746 B 517 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ANZ_BG_Logo.gif
apib1.anz.com/apinetbank/controls/ANZ/Images/Header/ |
276 B 657 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ANZ_BG_Toolbar.gif
apib1.anz.com/apinetbank/controls/ANZ/Images/Header/ |
220 B 618 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ANZ_Button.gif
apib1.anz.com/apinetbank/controls/ANZ/Images/button/ |
264 B 680 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: ANZ Bank (Banking)299 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| objHttpRequest object| objHttpResponse object| targetControl function| InitialiseAjaxRequest function| ProcessAjaxRequest function| finaliseAjaxRequest function| SendAjaxRequest function| CreateRequestObject function| OnRequestComplete function| ProcessAjaxResponse function| ProcessFormData function| ProcessAlterFormFields function| ProcessPullDownItems function| ProcessAjaxCommands function| FormatRequestUrl function| BuildAjaxRequest function| CreateXmlDocument function| CreateXmlNode function| BTSOINetAcTransfer_InitialiseAjaxRequest function| BTSOINetAcTransfer_ProcessAjaxRequest function| BTSOINetAcTransfer_OnAjaxError function| BTSOINetTransferOwnAc_InitialiseAjaxRequest function| BTSOINetTransferOwnAc_ProcessAjaxRequest function| BTSOINetTransferOwnAc_OnAjaxError object| timerID boolean| timerRunning number| timeValue number| count boolean| finish function| increment function| stopclock function| end function| startclock function| _ProgressBar object| image00 object| image01 object| image02 object| image03 object| image04 object| image05 object| image06 string| borderBackColor string| altBorderBackColor string| overBackColor string| downBackColor string| outBackColor string| minSize string| maxSize string| plusImageId string| minusImageId string| listId string| panelId function| overColor function| outColor function| downColor object| arrTabIndexArray number| previousIndex number| buttonCount boolean| IsProcessed boolean| IsShiftTabPressed object| MessengerWindow object| ComeHome boolean| IsBeamErrorDialog object| ChildWindow object| DownloadWindow object| childtitle object| disElements string| browserName string| validationMessage object| arrTranFieldValues object| arrControls boolean| IsForcePostback boolean| CanForcePostback boolean| ScrollComplete boolean| IsBeamPostBack number| IncrementTimerValue boolean| IsTimerRunning number| SessionTimerId boolean| FinishSessionTimer number| SessionTimer boolean| IsSessionTimingOut number| ServerSessionTimeoutValue number| TimeoutGracePeriodValue number| PageTimerId undefined| GraceTimerId boolean| SetFocusColor string| FocusColor string| NonFocusColor string| ControlFocusColorChanging boolean| ByPassFormDisable boolean| IsForceChildFocusRequired undefined| initialMouseX undefined| initialMouseY undefined| startX undefined| startY undefined| draggedObject boolean| IsFormAJAXEnabled object| BrowserType function| addEvent function| removeEvent function| Initialize function| StartSessionTimeoutCounter function| StopSessionTimeoutCounter function| IncrementSessionTimer function| TimeBeforeServerSessionTimeout function| ServerSessionTimeout function| ResetServerSessionTimeout function| TimeoutSessionLogin function| TimeoutSession function| ResetTimeout function| ClearTimeout function| doTimeOutWindow function| GetTimeOutPopupControl function| TimeOutPopupClosing function| TimeOutButtonClick function| ShowErrorDialog function| IsWindowClosing function| MenuKeyDown function| MenuMouseDown function| IEMouseDown function| IEMouseUp function| IEKeyDown function| IEKeyPressed function| NSMouseDown function| NSMouseUp function| NSKeyDown function| NSKeyUp function| NSKeyPressed function| CheckScrollPosition function| setupTabIndexFields function| FocusToNextField function| ForceFocusToBeamAlert function| controlTextSelect function| CanChangeBackcolor function| ChangeBackcolor function| ResetAllBackcolors function| IsControlVisible function| IsControlDisabled function| validateClientControl function| showValidateMessage function| TabValidation function| ButtonValidation function| CheckFormFieldChanged function| FormFieldChanged function| SaveFieldValues function| CompareFieldValues function| ForcePostback function| ForcePostbackAlt function| ProcessPostback function| DisableForm function| EnableForm function| EnableForPopup function| RefreshMe function| OpenChild function| OpenDownload function| OpenPagePrint function| OpenPagePrintNoPostback function| OpenPDFTemplate function| OpenMessenger function| PrintForm function| XtraReportPrintPDF function| OpenHelp function| OpenDisplayHtml function| CloseWindow function| FocusOnChild function| PopUpContextMenu function| SetControlFocus function| TrackFocusTextEdit function| TrackFocus function| setStyle function| ConfirmAction function| InitializeGrid function| ConfirmGridRowDelete function| CellButtonClick function| GetControl function| ConvertToInfragistics function| GetAcControlValue function| GetNumericControlValue function| GetControlValue function| SetControlValue function| ResetControlValue function| SetControlEnabledState function| SetControlVisibleState function| SetControlCurrencyDecimals function| SetControlForeColor function| RoundDown function| replaceAll function| replaceLeft function| LTrim function| RTrim function| Trim function| parseBool function| SetupValueFormat function| ByPassDisableForm function| AddGetBoxObjectFunction function| Get$ function| SetupDrag function| bm_StartDrag function| StartDrag function| BeginDrag function| EndDrag function| ZeroPadLeft function| numericEdit_onkeydown function| numericEditAlt_onkeydown function| DatePicker_ForceValueOnNullDate function| MaskEdit_NoDateControl_Onblur function| GetSystemValidDates function| SetSystemValidDate function| isValidDate function| GetMonthDays function| DaysInFebruary function| GetDatePartValue function| GetDatePartPosition function| FireEvents function| FireEventsAltTextChanged function| FireEventsAltValueChange function| FireEventsAltBlur function| FireEventsAlt function| ProcessFiredEvents function| CheckConditionalParameters function| CheckCondition function| CheckDateValues function| GetCompareValues function| DatePickerTodayLinkClick function| IBANCheck function| ValidateBIC function| ValidateTAG function| SetTagValue function| ValidateField function| ValidateFields function| GetAllFields function| HandlePayeeAdd function| ClearAndSetPullDowns function| HandleSecQuestions function| SetEnabled function| SetVisible function| ChangeClientSideValidation function| MakeVisible function| GetElement function| ShowSQPassword function| VisibleChangeSA function| PreLoadImages object| theForm function| __doPostBack function| WebForm_PostBackOptions function| WebForm_DoPostBackWithOptions object| __pendingCallbacks number| __synchronousCallBackIndex function| WebForm_DoCallback function| WebForm_CallbackComplete function| WebForm_ExecuteCallback function| WebForm_FillFirstAvailableSlot boolean| __nonMSDOMBrowser string| __theFormPostData object| __theFormPostCollection object| __callbackTextTypes function| WebForm_InitCallback function| WebForm_InitCallbackAddField function| WebForm_EncodeCallback object| __disabledControlArray function| WebForm_ReEnableControls function| WebForm_ReDisableControls function| WebForm_SimulateClick function| WebForm_FireDefaultButton function| WebForm_GetScrollX function| WebForm_GetScrollY function| WebForm_SaveScrollPositionSubmit function| WebForm_SaveScrollPositionOnSubmit function| WebForm_RestoreScrollPosition function| WebForm_TextBoxKeyHandler function| WebForm_TrimString function| WebForm_AppendToClassName function| WebForm_RemoveClassName function| WebForm_GetElementById function| WebForm_GetElementByTagName function| WebForm_GetElementsByTagName function| WebForm_GetElementDir function| WebForm_GetElementPosition function| WebForm_GetParentByTagName function| WebForm_SetElementHeight function| WebForm_SetElementWidth function| WebForm_SetElementX function| WebForm_SetElementY function| WebForm_FindFirstFocusableChild function| WebForm_AutoFocus function| WebForm_CanFocus function| WebForm_IsFocusableTag function| WebForm_IsInVisibleContainer function| WebForm_OnSubmit function| DisableHeader function| EnableHeader object| images function| DisableContent function| DisableFooter function| EnableFooter function| ValidateControls object| attributeValue number| index0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
8 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
apib1.anz.com
www.hotbits.biz
108.167.172.194
45.60.124.46
0699304ca15386f2c70c8f5ba09ed7e137952575015308cf34883f88b9e38e7d
144524233f795d6a425b76f7ae5c0bb622b5f67e2e6ae73532ad526528ca07cf
15c9bd600ed70158a9cd3737b87a79e3aefb9fd87db448ee8611d870986ea2e9
1eeada6eabe24dde53b72caf102691b567060450aa55ab51e78a9e0438e44249
23fcf9358ede3c2c1493bd02e97026a916a02de5ea466eb1e51fe903f2c5e372
3cad4212a2fc105f7b3c346ce30eeb87a3dc02b7887264fcf4046b8a31c320ca
40732e9dcfa704cf615e4691bb07aecfd1cc5e063220a46e4a7ff6560c77f5db
63c52aa99ca361b59a27e7f51fe5fadffef99e671f8b4f9560fab204219e0666
659ae1a29e3ed61b5c5a60d3792c96a11a256900e912f6cb1db030b29c01b12a
6ff1803bfa1cc63b4c17afe465fcd7e9720822bab024a583a7eb00d20f3b9870
781f44845576f0dfa93c7d764c30be923e1898cc4e4c9d1de6999a2f7ecd52e7
a035897fffc4a91edde74fc0cefe014f0a6e0bc840fc6a63743ed76b6f03ac75
a56d0d73b7adfed88c9b6eac84ac09f3c59b6cdb9757a724c71806aaf80ca96e
a759f24905fe6b321d5d8e0a7562a75bde726cbba7716a590d98f48e90e2e627
b0edef4e147d993bbd2c5bc2fa6d76f7802fc729f05f232ffccd04bbe80b46ff
b770759932dec13dbd50faf1c29389e5cf44489ebb17fff56c2fa8da2cd4b715
c4ccda8847de864e21a25f4036468ccb564001b75a3b81952deae00859a33fd5
c6b66a87abe7e4fa958bb16ce3fd1847192b294ce8c2c76fbd97ad415c8204ba
ca29e41b4937c09b79e9bbfc366d0089061d503076f1523e31fd9a098abea21f
d5172c2249c75adb323bf51f944c25e6a09bbb95fec927b049d527ff48d497db
d65109da0dae32d7c908381843341d0cb4622d718041c24784ebacbc2ecb71cc
f05790b42e6a5f26b2527a529cb1acda6d67dfd4fbeb4473fbae58c14702e2b0