www.seguro.ngibnk.com
Open in
urlscan Pro
51.91.212.198
Malicious Activity!
Public Scan
Submission: On October 18 via automatic, source certstream-suspicious — Scanned from DE
Summary
TLS certificate: Issued by cPanel, Inc. Certification Authority on August 3rd 2021. Valid for: 3 months.
This is the only time www.seguro.ngibnk.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: HSBC (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
21 | 51.91.212.198 51.91.212.198 | 16276 (OVH) (OVH) | |
1 | 185.126.226.146 185.126.226.146 | 204085 (NGS) (NGS) | |
1 | 142.250.181.238 142.250.181.238 | 15169 (GOOGLE) (GOOGLE) | |
2 | 142.250.185.202 142.250.185.202 | 15169 (GOOGLE) (GOOGLE) | |
3 | 142.250.185.195 142.250.185.195 | 15169 (GOOGLE) (GOOGLE) | |
1 | 52.222.214.101 52.222.214.101 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 35.161.131.79 35.161.131.79 | 16509 (AMAZON-02) (AMAZON-02) | |
33 | 9 |
ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f14.1e100.net
translate.google.com |
ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f10.1e100.net
translate.googleapis.com |
ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f3.1e100.net
www.gstatic.com |
ASN16509 (AMAZON-02, US)
PTR: server-52-222-214-101.fra56.r.cloudfront.net
cdn.appdynamics.com |
ASN16509 (AMAZON-02, US)
PTR: ec2-35-161-131-79.us-west-2.compute.amazonaws.com
col.eum-appdynamics.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
21 |
ngibnk.com
www.seguro.ngibnk.com |
3 MB |
3 |
gstatic.com
www.gstatic.com |
4 KB |
2 |
googleapis.com
translate.googleapis.com |
80 KB |
1 |
eum-appdynamics.com
col.eum-appdynamics.com |
1 KB |
1 |
appdynamics.com
cdn.appdynamics.com |
18 KB |
1 |
google.com
translate.google.com |
27 KB |
1 |
onlinewebfonts.com
db.onlinewebfonts.com |
680 B |
33 | 7 |
Domain | Requested by | |
---|---|---|
21 | www.seguro.ngibnk.com |
www.seguro.ngibnk.com
|
3 | www.gstatic.com |
www.seguro.ngibnk.com
translate.googleapis.com |
2 | translate.googleapis.com | |
1 | col.eum-appdynamics.com |
www.seguro.ngibnk.com
|
1 | cdn.appdynamics.com |
www.seguro.ngibnk.com
|
1 | translate.google.com |
www.seguro.ngibnk.com
|
1 | db.onlinewebfonts.com |
www.seguro.ngibnk.com
db.onlinewebfonts.com |
33 | 7 |
This site contains links to these domains. Also see Links.
Domain |
---|
ngibnk.com |
www.moipourtoi.com |
translate.google.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
seguro.ngibnk.com cPanel, Inc. Certification Authority |
2021-08-03 - 2021-11-01 |
3 months | crt.sh |
onlinewebfonts.com Sectigo RSA Domain Validation Secure Server CA |
2020-10-12 - 2021-11-11 |
a year | crt.sh |
*.google.com GTS CA 1C3 |
2021-09-13 - 2021-11-20 |
2 months | crt.sh |
upload.video.google.com GTS CA 1C3 |
2021-09-13 - 2021-11-20 |
2 months | crt.sh |
*.gstatic.com GTS CA 1C3 |
2021-09-13 - 2021-11-20 |
2 months | crt.sh |
*.appdynamics.com DigiCert TLS RSA SHA256 2020 CA1 |
2021-06-21 - 2022-07-22 |
a year | crt.sh |
*.eum-appdynamics.com DigiCert TLS RSA SHA256 2020 CA1 |
2021-06-14 - 2022-07-15 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
https://www.seguro.ngibnk.com/
Frame ID: 04BF429EA52DFB93B957F9E5DD32BB49
Requests: 33 HTTP requests in this frame
Frame:
data://truncated
Frame ID: D5317245737FEB4911BB86E235D33BBE
Requests: 1 HTTP requests in this frame
Screenshot
Page Title
NGI Bank Individuals: Online banking and banking servicesDetected technologies
Adobe Experience Manager (CMS) ExpandDetected patterns
- /etc/designs/
AppDynamics (Analytics) Expand
Detected patterns
- adrum
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
3 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Title: site de rencontres gratuit
Search URL Search Domain Scan URL
Title: Google Ãœbersetzer
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
33 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
www.seguro.ngibnk.com/ |
63 KB 9 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
clientlib-default.min.4c8f1bd3d61e8743b7402fa38be6af87.css
www.seguro.ngibnk.com/etc/ |
559 KB 563 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
clientlib.min.b3ec3a2325eaa4cbc74a2e2f0b755b0f.js
www.seguro.ngibnk.com/etc/designs/gba/appd/ |
37 KB 37 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
44f1d96a0579112e89a76a877b4645f4
db.onlinewebfonts.com/c/ |
1 KB 680 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo.png
www.seguro.ngibnk.com/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
hb-homepage-international1.jpg
www.seguro.ngibnk.com/content/ |
98 KB 98 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
tile-vie.jpg
www.seguro.ngibnk.com/content/ |
237 KB 237 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
assurance-vie.jpg
www.seguro.ngibnk.com/content/ |
197 KB 197 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
paying-shop-946055220.jpg
www.seguro.ngibnk.com/content/ |
125 KB 125 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
etude-expat-explorer.jpg
www.seguro.ngibnk.com/content/ |
490 KB 491 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
conference-chef-entreprise.jpg
www.seguro.ngibnk.com/content/ |
554 KB 554 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
banque-international-400x227px.png
www.seguro.ngibnk.com/content/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
patrimoine-400x227px.png
www.seguro.ngibnk.com/content/ |
6 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
proche-client-400x227px.png
www.seguro.ngibnk.com/content/ |
7 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-all-v2.js
www.seguro.ngibnk.com/etc/ |
109 KB 109 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
clientlib-all.min.075769d33f82a042ed7ccb61ae7f98fd.js
www.seguro.ngibnk.com/etc/ |
382 KB 385 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
element.js
translate.google.com/translate_a/ |
76 KB 27 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
44f1d96a0579112e89a76a877b4645f4.woff2
db.onlinewebfonts.com/t/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
44f1d96a0579112e89a76a877b4645f4.woff
db.onlinewebfonts.com/t/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
44f1d96a0579112e89a76a877b4645f4.ttf
db.onlinewebfonts.com/t/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
UniversNextforHSBCW02-Bd.woff
www.seguro.ngibnk.com/etc/common/fonts/ |
26 KB 26 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
UniversNextforHSBCW02-Rg.woff
www.seguro.ngibnk.com/etc/common/fonts/ |
27 KB 27 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
HSBCIcon-Font.woff
www.seguro.ngibnk.com/etc/common/fonts/ |
22 KB 22 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
UniversNextforHSBCW02-Lt.woff
www.seguro.ngibnk.com/etc/common/fonts/ |
26 KB 26 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
UniversNextforHSBCW02-Th.woff
www.seguro.ngibnk.com/etc/common/fonts/ |
26 KB 26 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
authorize.auth.json
www.seguro.ngibnk.com/ |
315 B 365 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
translateelement.css
translate.googleapis.com/translate_static/css/ |
18 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
m=el_main
translate.googleapis.com/_/translate_http/_/js/k=translate_http.tr.de.Hv-Wvpw6uvU.O/d=1/exm=el_conf/ed=1/rs=AN8SPfrRRDqyWCt2vhBeBuY_uWNxIe05hA/ |
222 KB 76 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame D531 |
2 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
translate_24dp.png
www.gstatic.com/images/branding/product/1x/ |
846 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
googlelogo_color_42x16dp.png
www.gstatic.com/images/branding/googlelogo/1x/ |
910 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
translate_24dp.png
www.gstatic.com/images/branding/product/2x/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
adrum-ext.0086dbec5e8a6e717bf36d3a06b62042.js
cdn.appdynamics.com/ |
45 KB 18 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
adrum
col.eum-appdynamics.com/eumcollector/beacons/browser/v1/AD-AAB-AAH-YHG/ |
0 1 KB |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- db.onlinewebfonts.com
- URL
- http://db.onlinewebfonts.com/t/44f1d96a0579112e89a76a877b4645f4.woff2
- Domain
- db.onlinewebfonts.com
- URL
- http://db.onlinewebfonts.com/t/44f1d96a0579112e89a76a877b4645f4.woff
- Domain
- db.onlinewebfonts.com
- URL
- http://db.onlinewebfonts.com/t/44f1d96a0579112e89a76a877b4645f4.ttf
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: HSBC (Banking)74 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect boolean| originAgentCluster string| adrum-app-key number| adrum-start-time object| ADRUM undefined| $ function| jQuery object| respond function| moment object| Bootstrap object| GPWS object| HSBC_utils object| Mustache object| __core-js_shared__ object| core function| googleTranslateElementInit2 function| _DumpException object| default_tr string| MSG_TRANSLATE string| MSG_CANCEL string| MSG_CLOSE function| MSGFUNC_PAGE_TRANSLATED_TO function| MSGFUNC_TRANSLATED_TO string| MSG_GENERAL_ERROR string| MSG_LEARN_MORE function| MSGFUNC_POWERED_BY string| MSG_TRANSLATE_PRODUCT_NAME string| MSG_TRANSLATION_IN_PROGRESS function| MSGFUNC_TRANSLATE_PAGE_TO function| MSGFUNC_VIEW_PAGE_IN string| MSG_RESTORE string| MSG_SSL_INFO_LOCAL_FILE string| MSG_SSL_INFO_SECURE_PAGE string| MSG_SSL_INFO_INTRANET_PAGE string| MSG_SELECT_LANGUAGE function| MSGFUNC_TURN_OFF_TRANSLATION function| MSGFUNC_TURN_OFF_FOR string| MSG_ALWAYS_HIDE_AUTO_POPUP_BANNER string| MSG_ORIGINAL_TEXT string| MSG_FILL_SUGGESTION string| MSG_SUBMIT_SUGGESTION string| MSG_SHOW_TRANSLATE_ALL string| MSG_SHOW_RESTORE_ALL string| MSG_SHOW_CANCEL_ALL string| MSG_TRANSLATE_TO_MY_LANGUAGE function| MSGFUNC_TRANSLATE_EVERYTHING_TO string| MSG_SHOW_ORIGINAL_LANGUAGES string| MSG_OPTIONS string| MSG_TURN_OFF_TRANSLATION_FOR_THIS_SITE string| MSG_ALT_SUGGESTION string| MSG_ALT_ACTIVITY_HELPER_TEXT string| MSG_USE_ALTERNATIVES string| MSG_DRAG_TIP string| MSG_CLICK_FOR_ALT string| MSG_DRAG_INSTUCTIONS string| MSG_SUGGESTION_SUBMITTED string| MSG_MANAGE_TRANSLATION_FOR_THIS_SITE string| MSG_ALT_AND_CONTRIBUTE_ACTIVITY_HELPER_TEXT string| MSG_ORIGINAL_TEXT_NO_COLON string| MSG_LANGUAGE_UNSUPPORTED string| MSG_LANGUAGE_TRANSLATE_WIDGET function| _exportVersion function| _getCallbackFunction function| _exportMessages function| _loadJs function| _loadCss function| _isNS function| _setupNS object| google function| GTranslateGetCurrentLang function| GTranslateFireEvent function| doGTranslate function| revslider_showDoubleJqueryError object| closure_lm_2631912 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.google.com/ | Name: NID Value: 511=OB9DkD-uMJaAu0jmGWhLVvm4twwYAiE8Hq869nqTS5TVICkX8sMSaMdpRNvRbDRqZOLNT1yT_Eb3SgbQNq6SR0g3PpvhpVtIfQshosBzOtERwjwP-gdYXyaiFTfCoaArizB1BRNXIXnmmvve5mHQPj9z3h9PJZGIYULQt6haoCY |
|
www.seguro.ngibnk.com/ | Name: gt_auto_switch Value: 1 |
4 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdn.appdynamics.com
col.eum-appdynamics.com
db.onlinewebfonts.com
translate.google.com
translate.googleapis.com
www.gstatic.com
www.seguro.ngibnk.com
db.onlinewebfonts.com
142.250.181.238
142.250.185.195
142.250.185.202
185.126.226.146
35.161.131.79
51.91.212.198
52.222.214.101
077e93842fb9f10f472440bfc289607a263e3da7bb2ce637fd8d3918990251d2
0ffa8f000b06e8e9de9452d7f8597ad22c2f18ebe03a6cc318589c9dd27cc762
1410bf3ef15162a56d0c7ea0f851483738179ce8281a269f4ed88612e9c9a695
190c1c5d443872f7ee23494c42cfd80c30e97311da2ae748bbf6ab036d80b53c
1fe93d773a537c17456fc95e7dbfb69cba2914ac73c5f9b01d4db046667c688e
2ce693c688cf188c89f4b5b81d69678b10edc552bbf06f9c744cce04c1ad2e6c
318031252ad84165978bffe9823ebd9f39fd73219086f79a0f3fe1f5585a5828
3c4d61ca89ef0bb3a059a814d9572e7d116a90e572ed0bc892ee5d498a231089
40e383012486057a45274a1edb1a7bb660d6a3e62de30b9fbf7d7643d963a91b
4dac0026fbfa2615dce30c0af12830863fe885f84387a0147b9e338f548d5d82
4f884246b11b4b680be50f310aecd5c7711299c9818178f10d14eac12585d548
580245633d829cdc4a80192bc505ad254af0ed2955d5add87b56917a1c0f64df
5a861509b658aa24fc3aed2867ac3c061e7d818d90b9990959afc6d1b5d4ff99
5b3c5ac64576f368ed01127c64c145c5d42f3cbd24750974c810949db01ef1ea
5d0a6e3bc914db376bf187c380750b197c317e1bf40fab9ad959ad5facd8f9ed
6318394f737c66f0e2ccfcd88e3935c6667633a1b95fa29fba2b75431d55eef2
6752391d2ef31c42d6595b8bd97c02289564ab70e3ceb6fa380f9bc97045cc10
68bd41b8249cc4595322e60416d8bea302e056124929c0fb57b177a33b97f012
7da0fcf5011f66d43746091e130db6ef4d55ff13410d57209fb0f44d90cdee60
8ab0846fcd228a973529d4b57593635785ceb98edef071551e43bcbbfb6a2492
92916a049bf4f0d9e155fc9ae28687ba9b4e49da2da72a257fac3e9cc7ee28d1
9e7a00f6088eb4cc2f6161547b5bebecb760c10ea57764cfa1dfebc8c6ce898f
a2429a89d72494e93258e30f19213d16f57c6779cf7d8d11fdbd66b837ea3611
acf3a01aa1b63a4ab6cca270b4fa30cb7c574166ac4897b25dfa71117cecc637
bedfbf71027c3eb5b7b9dd9caa2a9ebd8998e82bedac28cb4b3b1de6d418da51
c53f21f56d5b464354cbe048727bfc68c55945a197e693069ce18db614f4ac85
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e57fa923e1242b94093a29bc1497e22d7b5f78d6f124fe5ffc651383af545e13
ebb991b4937d6015d8937e8d23f6fa5b315e898a018d1f0972efe59765b754b4
f8efe2257763f8349f55d56e9cf2450be483a9e98112fddf9bf2dbcaa4ab2855