![](/screenshots/546f0b7e-609c-4d37-abb9-07240bc2a15b.png)
vgbalance.com
Open in
urlscan Pro
190.115.26.11
Malicious Activity!
Public Scan
Submission: On November 21 via manual from AU — Scanned from AU
Summary
TLS certificate: Issued by R3 on November 16th 2022. Valid for: 3 months.
This is the only time vgbalance.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: American Express (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 190.115.26.11 190.115.26.11 | 262254 (DDOS-GUAR...) (DDOS-GUARD CORP.) | |
2 | 104.87.102.220 104.87.102.220 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
3 | 104.18.11.207 104.18.11.207 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
3 3 | 45.60.11.91 45.60.11.91 | 19551 (INCAPSULA) (INCAPSULA) | |
3 | 45.60.15.91 45.60.15.91 | 19551 (INCAPSULA) (INCAPSULA) | |
2 | 74.125.24.147 74.125.24.147 | 15169 (GOOGLE) (GOOGLE) | |
8 | 13.35.8.28 13.35.8.28 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 52.18.63.80 52.18.63.80 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 35.80.101.90 35.80.101.90 | 16509 (AMAZON-02) (AMAZON-02) | |
4 | 142.251.10.94 142.251.10.94 | 15169 (GOOGLE) (GOOGLE) | |
1 | 142.250.4.94 142.250.4.94 | 15169 (GOOGLE) (GOOGLE) | |
30 | 11 |
ASN16625 (AKAMAI-AS, US)
PTR: a104-87-102-220.deploy.static.akamaitechnologies.com
www.aexp-static.com |
ASN13335 (CLOUDFLARENET, US)
maxcdn.bootstrapcdn.com |
ASN16509 (AMAZON-02, US)
PTR: server-13-35-8-28.sin5.r.cloudfront.net
images.ctfassets.net |
ASN16509 (AMAZON-02, US)
PTR: ec2-52-18-63-80.eu-west-1.compute.amazonaws.com
canarytokens.com |
ASN16509 (AMAZON-02, US)
PTR: ec2-35-80-101-90.us-west-2.compute.amazonaws.com
ssl.kaptcha.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
ctfassets.net
images.ctfassets.net — Cisco Umbrella Rank: 3728 |
76 KB |
6 |
amexprepaidcard.com
3 redirects
amexprepaidcard.com www.amexprepaidcard.com |
771 KB |
5 |
gstatic.com
www.gstatic.com fonts.gstatic.com |
361 KB |
3 |
bootstrapcdn.com
maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 712 |
103 KB |
2 |
google.com
www.google.com — Cisco Umbrella Rank: 2 |
2 KB |
2 |
aexp-static.com
www.aexp-static.com — Cisco Umbrella Rank: 13172 |
103 KB |
1 |
kaptcha.com
ssl.kaptcha.com — Cisco Umbrella Rank: 8798 |
623 B |
1 |
canarytokens.com
canarytokens.com — Cisco Umbrella Rank: 481844 |
238 B |
1 |
vgbalance.com
vgbalance.com |
15 KB |
0 |
giftingapp.com
Failed
prod.giftingapp.com Failed |
|
30 | 10 |
Domain | Requested by | |
---|---|---|
8 | images.ctfassets.net |
vgbalance.com
|
4 | www.gstatic.com |
www.google.com
www.gstatic.com |
3 | www.amexprepaidcard.com |
vgbalance.com
www.amexprepaidcard.com |
3 | amexprepaidcard.com | 3 redirects |
3 | maxcdn.bootstrapcdn.com |
vgbalance.com
maxcdn.bootstrapcdn.com |
2 | www.google.com |
vgbalance.com
www.gstatic.com |
2 | www.aexp-static.com |
vgbalance.com
www.aexp-static.com |
1 | fonts.gstatic.com |
www.google.com
|
1 | ssl.kaptcha.com |
vgbalance.com
|
1 | canarytokens.com |
vgbalance.com
|
1 | vgbalance.com | |
0 | prod.giftingapp.com Failed |
ssl.kaptcha.com
|
30 | 12 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.americanexpress.com |
www.peoplestrust.com |
www.fscarddisclosures.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
vgbalance.com R3 |
2022-11-16 - 2023-02-14 |
3 months | crt.sh |
m.americanexpress.com DigiCert SHA2 Extended Validation Server CA |
2022-05-16 - 2023-05-15 |
a year | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-01-29 - 2023-01-29 |
a year | crt.sh |
www.google.com GTS CA 1C3 |
2022-11-02 - 2023-01-25 |
3 months | crt.sh |
images.ctfassets.net Amazon |
2022-02-17 - 2023-03-18 |
a year | crt.sh |
canarytokens.org R3 |
2022-11-13 - 2023-02-11 |
3 months | crt.sh |
ssl.kaptcha.com Sectigo RSA Organization Validation Secure Server CA |
2022-10-18 - 2023-10-18 |
a year | crt.sh |
*.gstatic.com GTS CA 1C3 |
2022-11-02 - 2023-01-25 |
3 months | crt.sh |
This page contains 3 frames:
Primary Page:
https://vgbalance.com/amex.php
Frame ID: D79EBCC62BE228C76764D0455AB3260D
Requests: 23 HTTP requests in this frame
Frame:
https://ssl.kaptcha.com/logo.htm?m=109700&s=035906c1495843b39aea5b3738efbc55
Frame ID: 4EAD44568C733D6C66E8C4C37F387039
Requests: 2 HTTP requests in this frame
Frame:
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfHaWwfAAAAAPWSZHeXnHmXMX3-4w2NkAQwyJcZ&co=aHR0cHM6Ly92Z2JhbGFuY2UuY29tOjQ0Mw..&hl=en&v=Km9gKuG06He-isPsP6saG8cn&size=invisible&cb=m9w8zcify9qz
Frame ID: 107ED6864CF5D362F61B3E25AB0D46AD
Requests: 5 HTTP requests in this frame
Screenshot
![](/screenshots/546f0b7e-609c-4d37-abb9-07240bc2a15b.png)
Page Title
Check Balance | American Express Prepaid CardsDetected technologies
Detected patterns
- <[^>]+(?:https?:)?//(?:assets|downloads|images|videos)\.(?:ct?fassets\.net|contentful\.com)
Detected patterns
- \.php(?:$|\?)
![](/vendor/wappa/icons/Bootstrap.png)
Detected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
![](/vendor/wappa/icons/amex.png)
Detected patterns
- aexp-static\.com
![](/vendor/wappa/icons/Font Awesome.png)
Detected patterns
- <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
- <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
![](/vendor/wappa/icons/reCAPTCHA.png)
Detected patterns
- /recaptcha/api\.js
Page Statistics
4 Outgoing links
These are links going to different origins than the main page.
Title: click here
Search URL Search Domain Scan URL
Title: Terms of Use
Search URL Search Domain Scan URL
Title: Privacy Policy
Search URL Search Domain Scan URL
Title: Accessibility Statement
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 3- https://amexprepaidcard.com/styles.2d492a6b471753eb39b7.css HTTP 301
- https://www.amexprepaidcard.com/styles.2d492a6b471753eb39b7.css
- https://amexprepaidcard.com/polyfills.acf922391a343f1c2065.js HTTP 301
- https://www.amexprepaidcard.com/polyfills.acf922391a343f1c2065.js
- https://amexprepaidcard.com/main.563d191ddd3d3737569f.js HTTP 301
- https://www.amexprepaidcard.com/main.563d191ddd3d3737569f.js
30 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
amex.php
vgbalance.com/ |
50 KB 15 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
dls.css
www.aexp-static.com/cdaas/one/statics/axp-dls/5.4.0/package/dist/styles/ |
583 KB 66 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.css
maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/ |
118 KB 20 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/ |
30 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
styles.2d492a6b471753eb39b7.css
www.amexprepaidcard.com/ Redirect Chain
|
284 KB 27 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
api.js
www.google.com/recaptcha/ |
884 B 996 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
header_logo.png
images.ctfassets.net/ax2anqjzioj8/7CdIp3u6XsSbsUaivihtHm/a856545902716cafcca3825ab84d3338/ |
6 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
flagIconCA.png
images.ctfassets.net/ax2anqjzioj8/5GQDqYufjNszpUp9H4y8go/58469ddcd3d2a12a29a9cbb853ff4edb/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
AmEx_Prepaid_CA_HERO_022719.png
images.ctfassets.net/ax2anqjzioj8/7DYJfuoSNhKfC2bvAvvguQ/5d0b0d1c3eb7311f014319aaf4ffcc3c/ |
50 KB 51 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
tooltip.png
images.ctfassets.net/ax2anqjzioj8/3Xqrx2vwfm0wEEU4ciesCk/83815200b611d91995dd3691c43d34d8/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon_NoFees.png
images.ctfassets.net/ax2anqjzioj8/4rwamdB0p2S8qcsOYE8w6S/355ae685fdec1f7970fb87e295c715d2/ |
2 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon_lock.png
images.ctfassets.net/ax2anqjzioj8/3jGx0WfQAM2YcE0WE8yAOu/1721e476399ad3411b9836b9496958bd/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon_rewards.png_h_250
images.ctfassets.net/ax2anqjzioj8/1IO1iixaawkmuIimc64qQG/baa6adcc1d2bd2c48e3d7f4143661b5d/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
footer_logo.png_h_250_h_250
images.ctfassets.net/ax2anqjzioj8/5ukUNObcO0WL63LYNnq0iV/17f495fa76d7647462ebc6f7ab68a255/ |
6 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
polyfills.acf922391a343f1c2065.js
www.amexprepaidcard.com/ Redirect Chain
|
225 KB 69 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.563d191ddd3d3737569f.js
www.amexprepaidcard.com/ Redirect Chain
|
2 MB 674 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
oujxzijrushpqupx62pqysxow.jpg
canarytokens.com/ |
43 B 238 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
3be50273-0b2e-4aef-ae68-882eacd611f9-3.woff
www.aexp-static.com/nav/ngn/fonts/ |
36 KB 37 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
Arial.75400f069595b41e88ac.woff
www.amexprepaidcard.com/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
HelveticaNeue.a858f925b333458f7915.woff
www.amexprepaidcard.com/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
BentonSans-Regular.a20f0f5561b3c69fec54.woff
www.amexprepaidcard.com/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
fontawesome-webfont.woff2
maxcdn.bootstrapcdn.com/font-awesome/4.7.0/fonts/ |
75 KB 76 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo.htm
ssl.kaptcha.com/ Frame 4EAD |
169 B 623 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
recaptcha__en.js
www.gstatic.com/recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/ |
399 KB 160 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
fullLogo.gif
prod.giftingapp.com/img/ Frame 4EAD |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
anchor
www.google.com/recaptcha/api2/ Frame 107E |
7 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
styles__ltr.css
www.gstatic.com/recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/ Frame 107E |
52 KB 24 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
recaptcha__en.js
www.gstatic.com/recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/ Frame 107E |
399 KB 159 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
logo_48.png
www.gstatic.com/recaptcha/api2/ Frame 107E |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 107E |
15 KB 16 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- www.amexprepaidcard.com
- URL
- https://www.amexprepaidcard.com/Arial.75400f069595b41e88ac.woff
- Domain
- www.amexprepaidcard.com
- URL
- https://www.amexprepaidcard.com/HelveticaNeue.a858f925b333458f7915.woff
- Domain
- www.amexprepaidcard.com
- URL
- https://www.amexprepaidcard.com/BentonSans-Regular.a20f0f5561b3c69fec54.woff
- Domain
- prod.giftingapp.com
- URL
- https://prod.giftingapp.com/img/fullLogo.gif
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: American Express (Financial)31 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 object| 2 object| 3 function| _0x5cee function| _0x2eec function| _0x20a125 function| _0x2d91b3 function| _0x27e0c6 function| _0xa8f0cb function| _0x51482b function| _0x2dde82 string| r object| m function| _0x289dcc function| _0x3c5a function| _0x49cdc8 function| _0x57b040 function| _0x2321 object| webpackJsonp function| _0x1b47 function| _0x5f4efa function| _0x86f4a7 function| _0x48b8f2 function| _0x1d76 object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client object| recaptcha object| closure_lm_8129364 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.vgbalance.com/ | Name: __ddg1_ Value: wDVZ5bKhQesU2XTqogyM |
|
.amexprepaidcard.com/ | Name: visid_incap_2727501 Value: 6KUngNFmQGOkG0gcJ60G2hy/e2MAAAAAQUIPAAAAAABAR5VLNiZsRlEDyWROhn41 |
|
.amexprepaidcard.com/ | Name: incap_ses_360_2727501 Value: KXHCT5k8/iK72VtQ1Pr+BBy/e2MAAAAAcm4lbkDKDMOr5kMKDaq+tQ== |
|
ssl.kaptcha.com/ | Name: k Value: 21cb3474a4a24ed985b604d267937d8d |
7 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Content-Security-Policy | upgrade-insecure-requests; |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
amexprepaidcard.com
canarytokens.com
fonts.gstatic.com
images.ctfassets.net
maxcdn.bootstrapcdn.com
prod.giftingapp.com
ssl.kaptcha.com
vgbalance.com
www.aexp-static.com
www.amexprepaidcard.com
www.google.com
www.gstatic.com
prod.giftingapp.com
www.amexprepaidcard.com
104.18.11.207
104.87.102.220
13.35.8.28
142.250.4.94
142.251.10.94
190.115.26.11
35.80.101.90
45.60.11.91
45.60.15.91
52.18.63.80
74.125.24.147
02c7565a86d6d3a80295b85161d78fc88d8c79a0e314c0c7777570237a365ed0
0dc422afe0f9f4983f944d98e95515bf2474f4ce35ec9afda8d8f32cac03b559
10a0ad1096f0b6fcffab39f2cdad3b0df03a446a797f635bbe96af9a9debca12
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
210e26c65de4ebaf4cd8b619f79da4c9df297458f27c4f428ff8de558e9a64bd
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
3b2f17aad77e6930f34a34e57c08b3a12685ba8cee09b56ac0deb001c17ea5be
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
452f16e8e0272a473be93a2931604efebd1e4987ae4a0ae2544018243cc07164
48050d8eeb740bb31aaad9eb82bcd4a493b474c9385eeda5fc2ca2ea279cffad
4a59bb42cb945084820cd1eb370a22a68fa9451b9e57abb1daada408d2ff64e1
517887f97389c0a1643265c21cde5f48b6656210f22d8113fa4d3ddfc5b7e488
535c9e3ec9bb07fad6525cb6e51cc37cf87425efdca6ccd3b667197de60983c0
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
8eab7ce8c121542b0f98d35d88774d6ae6e4c88c0146f3cb61563971ae110778
974d90b329c98da2a4792036ae8a865b7f0dd8c7a6a96f09697ef3bc0f1a167d
a076faebaddd2e0404d60b2391206dfa6722b4c86c32231bd1ca8c3aa9e8bc6f
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
c2e71cee224c6c4da849d652ff77ebf4a91257eafe9e922c84ed2b97cb189961
d3761cdd2e4d73756a067b93a8bcfb283b5a5da64a40c6e1177604b94826dbf4
d71aa3bf57dab7ee6bd00f3691667dac7022fd5cba7d65355d4550656437f2a2
d9ce5b3de02d49eadf5341c63ad73506cc2b2f061854cfa48d447f4370c3eb87
ed7d7e72e46655e62e24fbd55493a82991ea2158b1dd38d6510ce648765ac83d
ed81e45122fdcebe6f60893184eb694f95ef50ff21f8ed64dafe9aabdfedd334
f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c