bawelteey.com
Open in
urlscan Pro
188.114.97.3
Malicious Activity!
Public Scan
Effective URL: https://bawelteey.com/?s=796477848004337920&ssk=0e050f3c261af2373a29715d65ab749f&svar=1711458636&z=4677282&pz=4662709&...
Submission Tags: @phish_report
Submission: On March 26 via api from FI — Scanned from FI
Summary
TLS certificate: Issued by GTS CA 1P5 on January 31st 2024. Valid for: 3 months.
This is the only time bawelteey.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Community Verdicts: Malicious — 1 votes Show Verdicts
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 162.0.209.252 162.0.209.252 | 22612 (NAMECHEAP...) (NAMECHEAP-NET) | |
1 | 162.254.39.23 162.254.39.23 | 22612 (NAMECHEAP...) (NAMECHEAP-NET) | |
1 | 172.67.8.141 172.67.8.141 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 2 | 64.227.23.114 64.227.23.114 | 14061 (DIGITALOC...) (DIGITALOCEAN-ASN) | |
1 4 | 139.45.197.239 139.45.197.239 | 9002 (RETN-AS) (RETN-AS) | |
1 | 188.114.96.3 188.114.96.3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 37.48.68.71 37.48.68.71 | 60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands) | |
1 2 | 139.45.197.237 139.45.197.237 | 9002 (RETN-AS) (RETN-AS) | |
3 | 139.45.195.8 139.45.195.8 | 9002 (RETN-AS) (RETN-AS) | |
9 | 188.114.97.3 188.114.97.3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
8 | 139.45.197.251 139.45.197.251 | () () | |
30 | 11 |
ASN22612 (NAMECHEAP-NET, US)
PTR: business101-4.web-hosting.com
nebswin87.xyz |
ASN22612 (NAMECHEAP-NET, US)
PTR: premium285-2.web-hosting.com
cdnconnect.site |
ASN14061 (DIGITALOCEAN-ASN, US)
cchcontent.com | |
nowcontentright.com |
ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
datatechone.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
bawelteey.com
bawelteey.com — Cisco Umbrella Rank: 69284 |
36 KB |
8 |
jouteetu.net
jouteetu.net |
|
4 |
gtoonfd.com
1 redirects
gtoonfd.com |
15 KB |
3 |
rtmark.net
my.rtmark.net — Cisco Umbrella Rank: 8136 |
2 KB |
2 |
thaudray.com
1 redirects
thaudray.com — Cisco Umbrella Rank: 175397 |
1 KB |
2 |
datatechone.com
datatechone.com — Cisco Umbrella Rank: 21413 |
931 B |
1 |
cdntechone.com
cdntechone.com — Cisco Umbrella Rank: 63209 |
9 KB |
1 |
nowcontentright.com
1 redirects
nowcontentright.com |
267 B |
1 |
cchcontent.com
1 redirects
cchcontent.com — Cisco Umbrella Rank: 964158 |
287 B |
1 |
amung.us
whos.amung.us — Cisco Umbrella Rank: 12665 |
29 B |
1 |
cdnconnect.site
cdnconnect.site — Cisco Umbrella Rank: 964313 |
392 B |
1 |
nebswin87.xyz
nebswin87.xyz |
2 KB |
30 | 12 |
Domain | Requested by | |
---|---|---|
9 | bawelteey.com |
bawelteey.com
|
8 | jouteetu.net |
bawelteey.com
|
4 | gtoonfd.com |
1 redirects
cdntechone.com
|
3 | my.rtmark.net |
gtoonfd.com
bawelteey.com |
2 | thaudray.com |
1 redirects
gtoonfd.com
|
2 | datatechone.com |
cdntechone.com
gtoonfd.com |
1 | cdntechone.com |
nebswin87.xyz
|
1 | nowcontentright.com | 1 redirects |
1 | cchcontent.com | 1 redirects |
1 | whos.amung.us |
nebswin87.xyz
|
1 | cdnconnect.site |
nebswin87.xyz
|
1 | nebswin87.xyz | |
30 | 12 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
nebswin87.xyz Sectigo RSA Domain Validation Secure Server CA |
2024-03-12 - 2025-03-12 |
a year | crt.sh |
cdnconnect.site Sectigo RSA Domain Validation Secure Server CA |
2023-06-10 - 2024-06-10 |
a year | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2023-06-11 - 2024-06-09 |
a year | crt.sh |
cdntechone.com GTS CA 1P5 |
2024-02-23 - 2024-05-23 |
3 months | crt.sh |
datatechone.com Sectigo RSA Domain Validation Secure Server CA |
2023-12-10 - 2024-12-23 |
a year | crt.sh |
gtoonfd.com R3 |
2024-01-23 - 2024-04-22 |
3 months | crt.sh |
thaudray.com R3 |
2024-02-05 - 2024-05-05 |
3 months | crt.sh |
rtmark.net R3 |
2024-03-02 - 2024-05-31 |
3 months | crt.sh |
bawelteey.com GTS CA 1P5 |
2024-01-31 - 2024-04-30 |
3 months | crt.sh |
jouteetu.net R3 |
2024-03-13 - 2024-06-11 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://bawelteey.com/?s=796477848004337920&ssk=0e050f3c261af2373a29715d65ab749f&svar=1711458636&z=4677282&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=Europe/Helsinki&bto=-120
Frame ID: 527EAA4A09F5098B09F114EBB51F5FBF
Requests: 31 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- https://nebswin87.xyz/ Page URL
-
https://cchcontent.com/?k=803d9ba946dd26b8d3b3b639209a27ff&type=mainstream&subtype=global%20S
HTTP 302
https://nowcontentright.com/?k=af40c34f717ab940f7055db47c478ec4&type=mainstream&subtype=global&r=1&u=b HTTP 302
https://gtoonfd.com/link?z=4677281&var=14867&ymid=ca4467e9c71e7c7cc2457c219bda3dd4 HTTP 302
https://cdntechone.com/r.html?axcid=e7ddf874-40d2-43d7-b8fd-56541bff0853&axtsid=4677281&axcusid1=14... Page URL
-
http://gtoonfd.com/link?z=4677281&var=14867&ymid=ca4467e9c71e7c7cc2457c219bda3dd4&acb=proxy-sma...
HTTP 307
https://gtoonfd.com/link?z=4677281&var=14867&ymid=ca4467e9c71e7c7cc2457c219bda3dd4&acb=proxy-sma... Page URL
-
https://thaudray.com/?z=4677282&syncedCookie=true&rhd=false
HTTP 302
https://bawelteey.com/?s=796477848004337920&ssk=0e050f3c261af2373a29715d65ab749f&svar=1711458636&z... Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://nebswin87.xyz/ Page URL
-
https://cchcontent.com/?k=803d9ba946dd26b8d3b3b639209a27ff&type=mainstream&subtype=global%20S
HTTP 302
https://nowcontentright.com/?k=af40c34f717ab940f7055db47c478ec4&type=mainstream&subtype=global&r=1&u=b HTTP 302
https://gtoonfd.com/link?z=4677281&var=14867&ymid=ca4467e9c71e7c7cc2457c219bda3dd4 HTTP 302
https://cdntechone.com/r.html?axcid=e7ddf874-40d2-43d7-b8fd-56541bff0853&axtsid=4677281&axcusid1=14867&clid={ymid}&r=http%3A%2F%2Fgtoonfd.com%2Flink%3Fz%3D4677281%26var%3D14867%26ymid%3Dca4467e9c71e7c7cc2457c219bda3dd4%26acb%3Dproxy-smart-link&axcusid2=Smartlink&axadvid=1053995&axcamid=4225 Page URL
-
http://gtoonfd.com/link?z=4677281&var=14867&ymid=ca4467e9c71e7c7cc2457c219bda3dd4&acb=proxy-smart-link&axcusid2=Smartlink&axadvid=1053995&axcamid=4225
HTTP 307
https://gtoonfd.com/link?z=4677281&var=14867&ymid=ca4467e9c71e7c7cc2457c219bda3dd4&acb=proxy-smart-link&axcusid2=Smartlink&axadvid=1053995&axcamid=4225 Page URL
-
https://thaudray.com/?z=4677282&syncedCookie=true&rhd=false
HTTP 302
https://bawelteey.com/?s=796477848004337920&ssk=0e050f3c261af2373a29715d65ab749f&svar=1711458636&z=4677282&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&btz=Europe/Helsinki&bto=-120 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 3- https://cchcontent.com/?k=803d9ba946dd26b8d3b3b639209a27ff&type=mainstream&subtype=global%20S HTTP 302
- https://nowcontentright.com/?k=af40c34f717ab940f7055db47c478ec4&type=mainstream&subtype=global&r=1&u=b HTTP 302
- https://gtoonfd.com/link?z=4677281&var=14867&ymid=ca4467e9c71e7c7cc2457c219bda3dd4 HTTP 302
- https://cdntechone.com/r.html?axcid=e7ddf874-40d2-43d7-b8fd-56541bff0853&axtsid=4677281&axcusid1=14867&clid={ymid}&r=http%3A%2F%2Fgtoonfd.com%2Flink%3Fz%3D4677281%26var%3D14867%26ymid%3Dca4467e9c71e7c7cc2457c219bda3dd4%26acb%3Dproxy-smart-link&axcusid2=Smartlink&axadvid=1053995&axcamid=4225
- http://gtoonfd.com/link?z=4677281&var=14867&ymid=ca4467e9c71e7c7cc2457c219bda3dd4&acb=proxy-smart-link&axcusid2=Smartlink&axadvid=1053995&axcamid=4225 HTTP 307
- https://gtoonfd.com/link?z=4677281&var=14867&ymid=ca4467e9c71e7c7cc2457c219bda3dd4&acb=proxy-smart-link&axcusid2=Smartlink&axadvid=1053995&axcamid=4225
30 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
nebswin87.xyz/ |
6 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
cdnconnect.site/ |
284 B 392 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
/
whos.amung.us/pingjs/ |
29 B 29 B |
Image
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
r.html
cdntechone.com/ Redirect Chain
|
22 KB 9 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
add
datatechone.com/log/ |
2 B 467 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
link
gtoonfd.com/ Redirect Chain
|
33 KB 14 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
sftouch
thaudray.com/ |
0 0 |
Ping
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
img.gif
my.rtmark.net/ |
43 B 491 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
add
datatechone.com/log/ |
2 B 464 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
favicon.ico
gtoonfd.com/ |
0 150 B |
Other
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Primary Request
/
bawelteey.com/ Redirect Chain
|
42 KB 14 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
favicon.ico
gtoonfd.com/ |
0 150 B |
Other
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gid.js
my.rtmark.net/ |
65 B 542 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
micro.tag.min.js
bawelteey.com/pfe/current/ |
35 KB 13 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
327 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
/
bawelteey.com/19/4662728/ |
3 KB 2 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
/
bawelteey.com/ |
2 B 524 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
rhd
bawelteey.com/ |
3 KB 3 KB |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
custom
jouteetu.net/ |
0 0 |
Ping
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
4662709
bawelteey.com/sw-check-permissions/ |
0 994 B |
Other
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
custom
jouteetu.net/ |
0 0 |
Ping
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
zone
bawelteey.com/ |
0 588 B |
Ping
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
custom
jouteetu.net/ |
0 0 |
Ping
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
custom
jouteetu.net/ |
0 0 |
Ping
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gid.js
my.rtmark.net/ |
65 B 541 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
custom
jouteetu.net/ |
0 0 |
Ping
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
favicon.ico
bawelteey.com/ |
0 421 B |
Other
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
custom
jouteetu.net/ |
0 0 |
Ping
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
zone
bawelteey.com/ |
796 B 1 KB |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
custom
jouteetu.net/ |
0 0 |
Ping
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
custom
jouteetu.net/ |
0 0 |
Ping
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
Verdicts & Comments Add Verdict or Comment
Malicious
task.domain
Submitted on
March 26th 2024, 1:21:28 pm
UTC —
From United States
Threats:
Phishing
Brands:
Facebook
US
Comment: May only be viewable from Facebook app internal browser. Facebook login phishing site.
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
30 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onpagereveal function| getCookie function| rtrDebugLog function| getGid function| addURLParams string| osVerUrlParam string| osVerNum object| osVerPromise function| redirectLocker function| openLink function| Prefetcher string| tbPrefLog string| mtPushZone string| mtS string| mtZ string| tbZone string| tbADZone string| mtTargetUrl string| mtDebug string| mtRDC string| mtSameDomain string| pushTagDomain string| pushTagMicroName string| wvrdParam function| redirect object| mtScript function| updateURLParameter object| _0xd6c1 object| reverseConfig object| zfgformats11 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
gtoonfd.com/ | Name: OAID Value: 04802be32ed148b2e4257b0d20385c68 |
|
gtoonfd.com/ | Name: oaidts Value: 1711458635 |
|
gtoonfd.com/ | Name: phpckd4677281 Value: true |
|
gtoonfd.com/ | Name: allcnt Value: 1 |
|
my.rtmark.net/ | Name: ID Value: 04802be32ed148b2e4257b0d20385c68 |
|
thaudray.com/ | Name: OAID Value: 00802b2616294807f8cfcfe29a9f70c7 |
|
thaudray.com/ | Name: oaidts Value: 1711458636 |
|
bawelteey.com/ | Name: reverse Value: jNLSIIjT0n0YyCPOUZB9aP1mc-PQSDmD1HzJYJ8Izj0 |
|
bawelteey.com/ | Name: OAID Value: 7a5698ae0457b262b01eec546661146f |
|
bawelteey.com/ | Name: oaidts Value: 1711458636 |
|
bawelteey.com/ | Name: prefetchAd_4662728 Value: true |
5 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=31536000; includeSubDomains; preload; |
X-Content-Type-Options | nosniff |
X-Frame-Options | SAMEORIGIN |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
bawelteey.com
cchcontent.com
cdnconnect.site
cdntechone.com
datatechone.com
gtoonfd.com
jouteetu.net
my.rtmark.net
nebswin87.xyz
nowcontentright.com
thaudray.com
whos.amung.us
139.45.195.8
139.45.197.237
139.45.197.239
139.45.197.251
162.0.209.252
162.254.39.23
172.67.8.141
188.114.96.3
188.114.97.3
37.48.68.71
64.227.23.114
00e50b95635d8901370fb573af83d39d6f73218a68535f99160e0fdf93ac9a25
0cb055d2fdc3a9c9410db12b6fe0ec373a67c3be37f4d23d42babbc3f542735e
150752c6647071e5ac46b5ed1ee63e8e585b312bcc01a275adfb0c723c874cae
1d786c095491d75e47c55ce94a86237405cb485f9a35c46c52f232585fa2f429
2e8b6f1041383ad11fe9127b990ad5f08b2a631ebd010eec9f1c4455c5b415d8
3e7b356332511e9bdf006a117f916340edb0898a0869e30b2cfeed15e5bbc353
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
56c09cdddbb52eff660021ca91896cde47f956f91be4b43601d8224873bdcbcc
785c9ae55eb9710019f4b32060731514e6bf11d2fb96e0c5bc5dec7d2bfc9319
955a7f7e7a9158b178d2ca39513763b297bbec13f6083c534c099af7876c1c8c
c34a9e06ef57962b9172bdbfe06c744a40cc594ccb902607d6d7aef4880d04c5
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e7de21f0d518a0ee4faaffdaac09dbbc69ea8b2419baedf959b4333cbf56ea1a