![](/screenshots/5880e429-6341-43bf-9faa-9ef094f2978c.png)
craftoptions.com
Open in
urlscan Pro
209.182.203.33
Malicious Activity!
Public Scan
Effective URL: https://craftoptions.com/login
Submission: On December 07 via manual from AU — Scanned from AU
Summary
TLS certificate: Issued by cPanel, Inc. Certification Authority on October 29th 2023. Valid for: 3 months.
This is the only time craftoptions.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Bendigo Bank (Banking)Community Verdicts: Malicious — 1 votes Show Verdicts
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 41.185.8.111 41.185.8.111 | 36943 (ZA-1-Grid) (ZA-1-Grid) | |
15 | 209.182.203.33 209.182.203.33 | 22611 (INMOTION) (INMOTION) | |
2 | 151.101.1.229 151.101.1.229 | 54113 (FASTLY) (FASTLY) | |
10 | 172.217.167.100 172.217.167.100 | 15169 (GOOGLE) (GOOGLE) | |
8 | 142.251.221.67 142.251.221.67 | 15169 (GOOGLE) (GOOGLE) | |
2 | 142.250.204.3 142.250.204.3 | 15169 (GOOGLE) (GOOGLE) | |
37 | 5 |
ASN15169 (GOOGLE, US)
PTR: syd09s17-in-f4.1e100.net
www.google.com |
ASN15169 (GOOGLE, US)
PTR: syd09s31-in-f3.1e100.net
www.gstatic.com |
ASN15169 (GOOGLE, US)
PTR: syd09s25-in-f3.1e100.net
fonts.gstatic.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
15 |
craftoptions.com
craftoptions.com |
222 KB |
10 |
gstatic.com
www.gstatic.com fonts.gstatic.com |
894 KB |
10 |
google.com
www.google.com — Cisco Umbrella Rank: 2 |
99 KB |
2 |
jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 313 |
283 KB |
1 |
callus-peel.com
1 redirects
callus-peel.com |
120 B |
37 | 5 |
Domain | Requested by | |
---|---|---|
15 | craftoptions.com |
craftoptions.com
|
10 | www.google.com |
craftoptions.com
www.gstatic.com www.google.com |
8 | www.gstatic.com |
www.google.com
www.gstatic.com |
2 | fonts.gstatic.com |
www.google.com
|
2 | cdn.jsdelivr.net |
craftoptions.com
|
1 | callus-peel.com | 1 redirects |
37 | 6 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
craftoptions.com cPanel, Inc. Certification Authority |
2023-10-29 - 2024-01-27 |
3 months | crt.sh |
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2023 Q3 |
2023-09-27 - 2024-10-28 |
a year | crt.sh |
www.google.com GTS CA 1C3 |
2023-11-20 - 2024-02-12 |
3 months | crt.sh |
*.gstatic.com GTS CA 1C3 |
2023-11-20 - 2024-02-12 |
3 months | crt.sh |
This page contains 4 frames:
Primary Page:
https://craftoptions.com/login
Frame ID: 6B9D16CCA01E4E0E182348308C4F7C86
Requests: 19 HTTP requests in this frame
Frame:
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcT7gspAAAAAEe4iSEYcHA_rKLB9_gaVrQnh2JQ&co=aHR0cDovL2xvY2FsaG9zdDo4MDAw&hl=en&v=-QbJqHfGOUB8nuVRLvzFLVed&size=invisible&sa=submit&cb=wzelfthasho
Frame ID: A00FBD9D82590EE39660CD01B8AFB420
Requests: 5 HTTP requests in this frame
Frame:
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lf--CkpAAAAAObZdzCnEI-2eHffjzeIZA7nDGOe&co=aHR0cHM6Ly9jcmFmdG9wdGlvbnMuY29tOjQ0Mw..&hl=en&v=cwQvQhsy4_nYdnSDY4u7O5_B&size=invisible&sa=submit&cb=m5jarrrbkarl
Frame ID: 4C62D2835B028A79BBDF8F9DE26F112E
Requests: 5 HTTP requests in this frame
Frame:
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lf--CkpAAAAAObZdzCnEI-2eHffjzeIZA7nDGOe&co=aHR0cHM6Ly9jcmFmdG9wdGlvbnMuY29tOjQ0Mw..&hl=en&v=cwQvQhsy4_nYdnSDY4u7O5_B&size=invisible&sa=submit&cb=4me48jpv2tky
Frame ID: F2C971D4EDE057113FC9C835B87D5989
Requests: 8 HTTP requests in this frame
Screenshot
![](/screenshots/5880e429-6341-43bf-9faa-9ef094f2978c.png)
Page Title
Bendigo Bank - Log in to e-bankingPage URL History Show full URLs
-
https://callus-peel.com/ali
HTTP 301
https://craftoptions.com/login Page URL
Detected technologies
Detected patterns
- <link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
- //cdn\.jsdelivr\.net/
![](/vendor/wappa/icons/reCAPTCHA.png)
Detected patterns
- /recaptcha/api\.js
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://callus-peel.com/ali
HTTP 301
https://craftoptions.com/login Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
37 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
login
craftoptions.com/ Redirect Chain
|
19 KB 20 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
axios.min.js
cdn.jsdelivr.net/npm/axios/dist/ |
33 KB 13 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
tailwind.min.css
cdn.jsdelivr.net/npm/tailwindcss@2.2.16/dist/ |
3 MB 270 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
app.css
craftoptions.com/css/ |
435 B 523 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
footer.css
craftoptions.com/css/ |
8 KB 8 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
loader.css
craftoptions.com/css/ |
620 B 672 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
token-popup.css
craftoptions.com/css/ |
818 B 871 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
api.js
www.google.com/recaptcha/ |
1 KB 1 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo.svg
craftoptions.com/assets/images/images/ |
6 KB 6 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
phone.svg
craftoptions.com/assets/images/icons/ |
629 B 694 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
symclogo.png
craftoptions.com/assets/images/images/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
password%202.png
craftoptions.com/assets/images/icons/ |
10 KB 10 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
question.png
craftoptions.com/assets/images/icons/ |
17 KB 17 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
user.png
craftoptions.com/assets/images/icons/ |
10 KB 10 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
password.png
craftoptions.com/assets/images/icons/ |
10 KB 10 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
app-store.svg
craftoptions.com/assets/images/images/ |
7 KB 7 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
play-store.svg
craftoptions.com/assets/images/images/ |
7 KB 7 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
anchor
www.google.com/recaptcha/api2/ Frame A00F |
41 KB 26 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bottom-banner.jpg
craftoptions.com/assets/images/images/ |
120 KB 120 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
recaptcha__en.js
www.gstatic.com/recaptcha/releases/cwQvQhsy4_nYdnSDY4u7O5_B/ |
501 KB 201 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
styles__ltr.css
www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/ Frame A00F |
55 KB 25 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
recaptcha__en.js
www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/ Frame A00F |
465 KB 186 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
anchor
www.google.com/recaptcha/api2/ Frame 4C62 |
40 KB 25 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
anchor
www.google.com/recaptcha/api2/ Frame F2C9 |
41 KB 26 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
kn2owPU74JTsOwTGty0aoUlXRSKSJihCWxBMzE3aLQs.js
www.google.com/js/bg/ Frame A00F |
17 KB 7 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
webworker.js
www.google.com/recaptcha/api2/ Frame A00F |
102 B 209 B |
Other
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
styles__ltr.css
www.gstatic.com/recaptcha/releases/cwQvQhsy4_nYdnSDY4u7O5_B/ Frame 4C62 |
55 KB 24 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
recaptcha__en.js
www.gstatic.com/recaptcha/releases/cwQvQhsy4_nYdnSDY4u7O5_B/ Frame 4C62 |
501 KB 200 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
styles__ltr.css
www.gstatic.com/recaptcha/releases/cwQvQhsy4_nYdnSDY4u7O5_B/ Frame F2C9 |
55 KB 24 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
recaptcha__en.js
www.gstatic.com/recaptcha/releases/cwQvQhsy4_nYdnSDY4u7O5_B/ Frame F2C9 |
501 KB 200 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
kn2owPU74JTsOwTGty0aoUlXRSKSJihCWxBMzE3aLQs.js
www.google.com/js/bg/ Frame 4C62 |
17 KB 7 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
webworker.js
www.google.com/recaptcha/api2/ Frame 4C62 |
102 B 185 B |
Other
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
kn2owPU74JTsOwTGty0aoUlXRSKSJihCWxBMzE3aLQs.js
www.google.com/js/bg/ Frame F2C9 |
17 KB 7 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo_48.png
www.gstatic.com/recaptcha/api2/ Frame F2C9 |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame F2C9 |
15 KB 16 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame F2C9 |
15 KB 15 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
webworker.js
www.google.com/recaptcha/api2/ Frame F2C9 |
102 B 185 B |
Other
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Malicious
task.url
Submitted on
December 7th 2023, 11:05:54 pm
UTC —
From Australia
Threats:
Phishing
Brands:
Bendigo Bank
AU
Comment: confirmed email phishing url targeting bendigo bank
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Bendigo Bank (Banking)17 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 object| 2 object| 3 object| documentPictureInPicture function| onSubmitToken function| onSubmit function| validateAccessId function| validateToken function| validatePassword function| axios object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client object| recaptcha object| closure_lm_2272532 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
craftoptions.com/ | Name: XSRF-TOKEN Value: eyJpdiI6IkxpaHNHVGhIZ1BzeENjS0JmS0Zxc2c9PSIsInZhbHVlIjoiYTcwTGN1WFUvQWlWQ1BGQktBYW1SWkNRR216ZGNsa2JjT1ZkdUc2ZWJpbkRJdkd1LzY5U1lYT09sUGc5RmlUMzkwYXhBLzkwck8zU1I5YlAvUXlIMVhMS0JnYXpRS05Sa0dVb1o0YWtVYjFVVHZBU3VyYlMyYVEwbUZJMENNMHoiLCJtYWMiOiIwYzBhNzVjMmM3MDc2YTM2OTdmNTdiNDhlMzdmZmM2ZWEwNDRiOWZhYmEzMDM5ODFmZTYzYzE3ZDYzYzVjMTE2IiwidGFnIjoiIn0%3D |
|
craftoptions.com/ | Name: bendigo_bank_session Value: eyJpdiI6IlIwcGxvYnhBdVVPYTlIM3NiTitNZVE9PSIsInZhbHVlIjoibEMyZWZIV1ZjQld6OUpHQTVhc2lmdmpjK3NvUlQ0cnJQU0ZnZVFPdDRoSGdDQ0ZiVEtEOEdmQnJFOTYvK0cxLy9oQWphcGN4Mnk5WnppRnhIeW1jY0pxNFNnVDF0RU9DcW5VenBzd09KSHZoNnFUazNFSzk0cUVVeklPb3JzcmYiLCJtYWMiOiIwYmY2ZGE2NWU0OWVkMDgzNDcwNTdhMmZjZTUyYmIzOTE0MzU5MGE2NzI4MTgwOWZiODMxN2I3NjdlYzRhNTNjIiwidGFnIjoiIn0%3D |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
callus-peel.com
cdn.jsdelivr.net
craftoptions.com
fonts.gstatic.com
www.google.com
www.gstatic.com
142.250.204.3
142.251.221.67
151.101.1.229
172.217.167.100
209.182.203.33
41.185.8.111
0353bba1e5ac2f11bc7063a4d6b4bedbf264062d928697120c7aa2077da83c45
065e6ee5bad4bc9c146f1aa7cad37ce9181360c02ff1b3b43194b5f1bdadbd01
153667004611f8905f074b17b69c32f43b8038f0d95d1341d00a88e48f990a6d
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
1e598d3fa3c35db74b39d4fbe7331540e252b089fd8e988132256af3700a1107
3b982b1161f739e5aeea821968daeed8e0ff5082c8dadbab5b29bb3f45edf60f
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
42bbce07fbfd4b2b2d7d8297065238543646ec3113de6e39ea3fde25a54a6b0d
4970c7161d03503a3eb5ec49e4190a03445c50cd5a9081714bd13183d2d948a7
523f9a0b4d6199f080c54328d15ddf392dd79e25dae8b57c842a0d604a563a56
550f26d03776c62d33e90b8028c6b4e2e7d1301c6ff769cff94592a93df71c68
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
6788908efcff931e3c0c4fb54a255932414a22e81971dcc1427c8a4f459a1fbf
7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050
927da8c0f53be094ec3b04c6b72d1aa149574522922628425b104ccc4dda2d0b
97c3f0d30f44ae22949de85a6f7112fc2ac7c5fc9fe2fa84d03437a7ee4f3085
99a2ef6a77162b3d70013268b7685f340bd39aefe0ac3d18996a7b3b2aee9cd4
9ceaee545793238a6cec7735817738d94c393eeb75d2ebd70fa9eaec3c2d9c5a
9e543ff55570b1c12e8da269a4d4800eff0b214c68b931128c0358b7a58c6be6
a74c59bc3e9fefd6e3a885e0ba305d5b856f433c1e43a24409bc3fab4c6ecb9b
ad8adec7567bd4d3cc26905bc9eca910da0f99d14191c35b235d1993233c387a
ae920b7f261382688ce3ff2b33ce7389d87b409105aabe9c21a23cdd22877b77
b311ac29f8d7837679d637891db9bbcc84ab0fa8652196d3605de190dc6a6857
b62f36160407c81030404ab242125afd42fa0da6626ef11e5f406dda12acf144
b9e2d2bbc645347ad9c836de690eae6f88d1fe889603d678d3d7681b699be280
c99781172737cc230c9b3e90249e1935d945904b0a6096bd41b7d02003ec6396
cf48443bc320e71a84e143e4ef942dfa109a3e31a947f4149c0e0534c75cc885
d64a6776e14f1d0c54a9cb57fc425570cb950aaa08889f44da461fab90a9df06
e97604d9f004b3e91e4f155938c3fcd15c7b525d50c866fcf8af8f914b20943f
fe2067618aa22d6669adfccf197eae94ef2f69d9bad9a411e6a4e5c04b57b429