secured-mobile-login.com
Open in
urlscan Pro
94.177.12.157
Malicious Activity!
Public Scan
Submission: On August 15 via manual from US
Summary
This is the only time secured-mobile-login.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Wells Fargo (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 94.177.12.157 94.177.12.157 | 49981 (WORLDSTREAM) (WORLDSTREAM) | |
6 | 159.45.170.145 159.45.170.145 | 10837 (WELLSFARG...) (WELLSFARGO-10837) | |
3 | 104.111.228.212 104.111.228.212 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
3 | 104.111.216.170 104.111.216.170 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
11 | 159.45.2.178 159.45.2.178 | 10837 (WELLSFARG...) (WELLSFARGO-10837) | |
2 2 | 172.217.23.134 172.217.23.134 | 15169 (GOOGLE) (GOOGLE) | |
1 2 | 2a00:1450:400... 2a00:1450:4001:81b::2002 | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de | 32934 (FACEBOOK) (FACEBOOK) | |
1 1 | 2a00:1450:400... 2a00:1450:4001:806::2002 | 15169 (GOOGLE) (GOOGLE) | |
1 1 | 2a00:1450:400... 2a00:1450:4001:81c::2004 | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:1450:400... 2a00:1450:4001:800::2003 | 15169 (GOOGLE) (GOOGLE) | |
1 | 159.45.170.139 159.45.170.139 | 10837 (WELLSFARG...) (WELLSFARGO-10837) | |
1 | 13.226.155.42 13.226.155.42 | 16509 (AMAZON-02) (AMAZON-02) | |
2 | 52.1.244.191 52.1.244.191 | 14618 (AMAZON-AES) (AMAZON-AES) | |
31 | 11 |
ASN49981 (WORLDSTREAM, NL)
PTR: service-delivery.ml
secured-mobile-login.com |
ASN16625 (AKAMAI-AS, US)
PTR: a104-111-228-212.deploy.static.akamaitechnologies.com
www10.wellsfargomedia.com |
ASN16625 (AKAMAI-AS, US)
PTR: a104-111-216-170.deploy.static.akamaitechnologies.com
www15.wellsfargomedia.com |
ASN15169 (GOOGLE, US)
PTR: fra16s18-in-f134.1e100.net
ad.doubleclick.net |
ASN15169 (GOOGLE, US)
adservice.google.com | |
adservice.google.de |
ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net |
ASN16509 (AMAZON-02, US)
PTR: server-13-226-155-42.dus51.r.cloudfront.net
gateway.foresee.com |
ASN14618 (AMAZON-AES, US)
PTR: ec2-52-1-244-191.compute-1.amazonaws.com
analytics.foresee.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
18 |
wellsfargo.com
www.wellsfargo.com static.wellsfargo.com rubicon.wellsfargo.com |
277 KB |
6 |
wellsfargomedia.com
www10.wellsfargomedia.com www15.wellsfargomedia.com |
77 KB |
3 |
foresee.com
gateway.foresee.com analytics.foresee.com |
11 KB |
3 |
doubleclick.net
3 redirects
ad.doubleclick.net googleads.g.doubleclick.net |
2 KB |
2 |
google.de
adservice.google.de www.google.de |
695 B |
2 |
google.com
2 redirects
adservice.google.com www.google.com |
895 B |
1 |
facebook.com
www.facebook.com |
262 B |
1 |
secured-mobile-login.com
secured-mobile-login.com |
5 KB |
31 | 8 |
Domain | Requested by | |
---|---|---|
11 | static.wellsfargo.com |
secured-mobile-login.com
static.wellsfargo.com |
6 | www.wellsfargo.com |
secured-mobile-login.com
www.wellsfargo.com |
3 | www15.wellsfargomedia.com |
www.wellsfargo.com
|
3 | www10.wellsfargomedia.com |
secured-mobile-login.com
|
2 | analytics.foresee.com |
static.wellsfargo.com
|
2 | ad.doubleclick.net | 2 redirects |
1 | gateway.foresee.com |
static.wellsfargo.com
|
1 | rubicon.wellsfargo.com |
static.wellsfargo.com
|
1 | www.google.de | |
1 | www.google.com | 1 redirects |
1 | googleads.g.doubleclick.net | 1 redirects |
1 | www.facebook.com | |
1 | adservice.google.de | |
1 | adservice.google.com | 1 redirects |
1 | secured-mobile-login.com | |
31 | 15 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.wellsfargo.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
www.wellsfargo.com DigiCert EV RSA CA G2 |
2020-07-11 - 2022-07-20 |
2 years | crt.sh |
www10.wellsfargomedia.com GeoTrust RSA CA 2018 |
2020-06-30 - 2021-06-20 |
a year | crt.sh |
www15.wellsfargomedia.com DigiCert SHA2 Secure Server CA |
2019-12-31 - 2021-03-31 |
a year | crt.sh |
static.wellsfargo.com DigiCert EV RSA CA G2 |
2020-07-11 - 2022-07-20 |
2 years | crt.sh |
*.google.de GTS CA 1O1 |
2020-07-15 - 2020-10-07 |
3 months | crt.sh |
*.facebook.com DigiCert SHA2 High Assurance Server CA |
2020-07-21 - 2020-10-12 |
3 months | crt.sh |
rubicon.wellsfargo.com Wells Fargo Public Trust Certification Authority 01 G2 |
2019-06-25 - 2021-06-25 |
2 years | crt.sh |
*.foresee.com Go Daddy Secure Certificate Authority - G2 |
2018-09-21 - 2020-09-21 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
http://secured-mobile-login.com/
Frame ID: 1E8A81EDE82AA7395C2A59FAC06D00C6
Requests: 30 HTTP requests in this frame
7 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Title: Online & Mobile Security
Search URL Search Domain Scan URL
Title: Forgot Password/Username?
Search URL Search Domain Scan URL
Title: PRIVACY, Cookies, Security & Legal
Search URL Search Domain Scan URL
Title: Ad Choices
Search URL Search Domain Scan URL
Title: Online Access Agreement
Search URL Search Domain Scan URL
Title: ESIGN Consent
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 17- http://ad.doubleclick.net/ddm/activity/src=2549153;type=allv40;cat=all_a00f;u1=45202006210957431019573663;u5=y;u6=COB;u8=loginapp;u11=PROD;ord=7184639143511.129 HTTP 302
- http://ad.doubleclick.net/ddm/activity/src=2549153;dc_pre=CNuIlfmDnOsCFZO1GAodwj4LRA;type=allv40;cat=all_a00f;u1=45202006210957431019573663;u5=y;u6=COB;u8=loginapp;u11=PROD;ord=7184639143511.129 HTTP 302
- https://adservice.google.com/ddm/fls/p/src=2549153;dc_pre=CNuIlfmDnOsCFZO1GAodwj4LRA;type=allv40;cat=all_a00f;u1=45202006210957431019573663;u5=y;u6=COB;u8=loginapp;u11=PROD;ord=7184639143511.129;~oref=http://secured-mobile-login.com/ HTTP 302
- https://adservice.google.de/ddm/fls/p/src=2549153;dc_pre=CNuIlfmDnOsCFZO1GAodwj4LRA;type=allv40;cat=all_a00f;u1=45202006210957431019573663;u5=y;u6=COB;u8=loginapp;u11=PROD;ord=7184639143511.129;~oref=http://secured-mobile-login.com/
- http://www.facebook.com/tr?id=1578146899100389&ev=ALL_ALL_Page_LoginApp_COB&cd[currency]=USD&cd[value]=0.00&cd[Product]=&cd[Subproduct]=&cd[PageID]=&cd[CustomerType]=COB&cd[CustomerStatus]=y&_rnd=0.6819018878510295 HTTP 307
- https://www.facebook.com/tr?id=1578146899100389&ev=ALL_ALL_Page_LoginApp_COB&cd[currency]=USD&cd[value]=0.00&cd[Product]=&cd[Subproduct]=&cd[PageID]=&cd[CustomerType]=COB&cd[CustomerStatus]=y&_rnd=0.6819018878510295
- http://googleads.g.doubleclick.net/pagead/viewthroughconversion/984436569/?value=0&guid=ON&script=0&data.appid=loginapp&data.customertype=COB&data.customerstatus=y HTTP 302
- http://www.google.com/pagead/1p-user-list/984436569/?value=0&guid=ON&script=0&data.appid=loginapp&data.customertype=COB&data.customerstatus=y&is_vtc=1&random=1699578473 HTTP 302
- http://www.google.de/pagead/1p-user-list/984436569/?value=0&guid=ON&script=0&data.appid=loginapp&data.customertype=COB&data.customerstatus=y&is_vtc=1&random=1699578473&ipr=y
31 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
Cookie set
/
secured-mobile-login.com/ |
16 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
wf-fonts.css
www.wellsfargo.com/auth/static/css/ |
4 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
frontporch.css
www.wellsfargo.com/auth/static/css/ |
32 KB 33 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
signon_clean.css
www.wellsfargo.com/auth/static/wfa/css/ |
11 KB 12 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
masthead-wf_logo-e-148x16.svg
www10.wellsfargomedia.com/auth/static/images/ |
5 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
FP.svg
www10.wellsfargomedia.com/auth/static/images/ |
956 B 952 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
lock.svg
www10.wellsfargomedia.com/auth/static/images/ |
5 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
lightbox.js
www.wellsfargo.com/auth/static/scripts/components/public/lightbox/ |
3 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
frontporch.js
www.wellsfargo.com/auth/static/scripts/ |
2 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
stagecoach-BIM.svg
www.wellsfargo.com/auth/static/images/ |
39 KB 39 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
wellsfargoserif-rg.woff2
www15.wellsfargomedia.com/wfui/css/fonts/ |
26 KB 27 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
wellsfargosans-rg.woff2
www15.wellsfargomedia.com/wfui/css/fonts/ |
22 KB 22 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
wellsfargosans-sbd.woff2
www15.wellsfargomedia.com/wfui/css/fonts/ |
22 KB 23 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
utag.js
static.wellsfargo.com/tracking/main/ |
144 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
utag.136.js
static.wellsfargo.com/tracking/main/ |
79 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
utag.201.js
static.wellsfargo.com/tracking/main/ |
3 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
utag.297.js
static.wellsfargo.com/tracking/main/ |
5 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
utag.319.js
static.wellsfargo.com/tracking/main/ |
6 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
adservice.google.de/ddm/fls/p/src=2549153;dc_pre=CNuIlfmDnOsCFZO1GAodwj4LRA;type=allv40;cat=all_a00f;u1=45202006210957431019573663;u5=y;u6=COB;u8=loginapp;u11=PROD;ord=7184639143511.129;~oref=http:... Redirect Chain
|
42 B 172 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
tr
www.facebook.com/ Redirect Chain
|
44 B 262 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
www.google.de/pagead/1p-user-list/984436569/ Redirect Chain
|
42 B 523 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
gateway.min.js
static.wellsfargo.com/tracking/survey/ |
19 KB 8 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
detector-dom.min.js
static.wellsfargo.com/tracking/gb/ |
289 KB 89 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fs.utils.js
static.wellsfargo.com/tracking/survey/code/ |
43 KB 14 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fs.sanitize.js
static.wellsfargo.com/tracking/survey/code/ |
10 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cls_report
rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/ |
8 B 935 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fs.compress.js
static.wellsfargo.com/tracking/survey/code/ |
31 KB 12 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
config.json
gateway.foresee.com/sites/wellsfargo/production/ |
93 KB 11 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fs.trigger.js
static.wellsfargo.com/tracking/survey/code/ |
33 KB 11 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
events
analytics.foresee.com/ingest/ |
45 B 349 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H2 |
events
analytics.foresee.com/ingest/ |
0 0 |
Other
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Wells Fargo (Banking)53 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| trustedTypes function| nospaces function| validateForm function| check object| utag_data function| delegate object| Lightbox function| signonFormSubmitHandler function| gotoPreviousPage function| animateLabel function| removeAnimation function| focusError function| _typeof function| enrollButtonHandler boolean| utag_condload string| new_path object| utag_cfg_ovrd object| userAgentArr undefined| pathname undefined| urlArray undefined| url undefined| sRegExInput object| utag function| isNotUndefinedOrNull function| getDocumentTitleLable undefined| customDMPEvent undefined| getPayload undefined| fireDMPEvent undefined| isThankYouPage boolean| __tealium_twc_switch function| utag_pad function| utag_visitor_id string| gtagRename object| dataLayer function| gtag undefined| d object| fswf object| fsrConfigIntegrityHashes function| fsReady object| FSR object| FSFB function| _acsDefine function| _fsDefine function| _acsRequire function| _fsRequire function| _acsNormalizeUrl function| _fsNormalizeUrl function| _fsNormalizeAssetUrl boolean| _fsAlreadyBootedSDK function| acsReady object| _detector function| __acsReady__ function| __fsReady__1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
secured-mobile-login.com/ | Name: PHPSESSID Value: d4asailbb4s1kha1465sdb89i4 |
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ad.doubleclick.net
adservice.google.com
adservice.google.de
analytics.foresee.com
gateway.foresee.com
googleads.g.doubleclick.net
rubicon.wellsfargo.com
secured-mobile-login.com
static.wellsfargo.com
www.facebook.com
www.google.com
www.google.de
www.wellsfargo.com
www10.wellsfargomedia.com
www15.wellsfargomedia.com
104.111.216.170
104.111.228.212
13.226.155.42
159.45.170.139
159.45.170.145
159.45.2.178
172.217.23.134
2a00:1450:4001:800::2003
2a00:1450:4001:806::2002
2a00:1450:4001:81b::2002
2a00:1450:4001:81c::2004
2a03:2880:f11c:8183:face:b00c:0:25de
52.1.244.191
94.177.12.157
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
37d39fbd14b2546b653210e1a48a2bdcc131cd00d945c4ea10e2b287450ec84d
3a80ebe861b93c47265b21bc70a9fa88fc95e76f39cb291ad05b24597446ef8e
3f2554a3433de34e74e3de2e86fc435039d86f948fa0a8ade9052d80c8953563
4b388190de50141c7dcf5efdc8609518c0a3160e37047f3b9ea8e81ebbb40220
52e7cb4b3d5de594786ff07897ccf092a2bf6aadb84d1f571ec40b9118337129
6ad1909769c1c589bd8506f7e9b3063d88d180ee6c97e062d8d5518a2dad7398
7e110cd7bd24b7ab71f1620fff6c7c2692decbd5046a70abd02d5484c22c8c7d
7f8d4817b59a6b645d9c60f758e62b0eb2341bcc23131b733344ab159595d99a
8ac35c71d6490bbe16acba034ed804ac27965639ef21e39556fcc7f4645cdd00
8eefa322436955a85812c082e3ed2399efd61cef81bf4e07d4bee01146e21e62
99de011963b84eeb1ca9d4e572fe6b93549183e560c3923f5e0437dd7d47ab32
a7c4d583fbc806ab234e5dd81c7fc498d5644a134e6b5003b7bbf79a38bb91a0
afc97b95e72d14b1f31a26de1d1b19ef14e4dc4e480d606446d00cd8977911c1
bc6c8086d8f0fb627b7a8b0127f517ed309972a13f8d91249541f4f3ddc2d5f8
c6e8ab5e5918776d039b2cccde173e0d2ce70d50917cd26586781601b1d89110
c780ba9d833e972a5172b9ba4dc52a85e42174a06af393b1d4cc5792ae2c8f01
c81fc480a2270afa5259ca4ba2a1cbf06224d64410d58c9161b39d413173b565
c835b5ba4c840c95b2ca8e237053637055307a816f357232766ad2c09f032337
cd226514c3b94cbbf2d9af800fbe2e4f5b1a72b8c8d0cf21120e4988f2586822
ce6767013e4571a02911f8f68eee0ac2e0c26270b0ea48c2e3834f1f18eef801
cfadb5cc8bc3a5b846c651e4991c0b9d6d726f17276a88a72a41fb06d85b937c
dbe7f42c63a0af4bf5af8b47e41ffba974cc72bf1eebd793807c2ccec0e14a2e
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f65740ba9940fbb954cdda0e5ebd65f8bcffe947b1da26d0d4b2c769d4745fc6
fae46ecfc35c84f8c61c5dc3bbdd0e94b1f0f79c21ea14e5b32fdff8e1250b35