![](/screenshots/7916ad7c-81eb-484f-b077-e95b3a2dea6e.png)
medersa-champs.org
Open in
urlscan Pro
68.171.212.28
Malicious Activity!
Public Scan
Effective URL: https://medersa-champs.org/Glendale/Adobe/Adobe_CN/Adobe_CN/vmpv2azta3bont9vvbxbe4wm.php?436beD156303504037186f394ea5c42612...
Submission Tags: @ipnigh
Submission: On July 13 via api from GB
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on May 16th 2019. Valid for: 3 months.
This is the only time medersa-champs.org was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Adobe (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 4 | 68.171.212.28 68.171.212.28 | 22878 (ASACENET1) (ASACENET1 - ACENET) | |
5 | 2a02:26f0:6c0... 2a02:26f0:6c00:29c::1efd | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
1 | 2a02:26f0:6c0... 2a02:26f0:6c00:19d::1efd | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
5 | 52.85.181.129 52.85.181.129 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
2 | 54.230.202.132 54.230.202.132 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
1 | 2.18.232.23 2.18.232.23 | 16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies) | |
1 4 | 52.213.106.142 52.213.106.142 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
5 | 104.109.64.186 104.109.64.186 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
2 | 54.72.196.194 54.72.196.194 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
1 | 2a02:26f0:6c0... 2a02:26f0:6c00:196::19fd | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
29 | 11 |
ASN22878 (ASACENET1 - ACENET, INC., US)
PTR: algerie-hebergement.net
medersa-champs.org |
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-52-85-181-129.fra50.r.cloudfront.net
static.adobelogin.com |
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-54-230-202-132.fra50.r.cloudfront.net
client.messaging.adobe.com |
ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a2-18-232-23.deploy.static.akamaitechnologies.com
assets.adobedtm.com |
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-213-106-142.eu-west-1.compute.amazonaws.com
dpm.demdex.net |
ASN20940 (AKAMAI-ASN1, US)
PTR: a104-109-64-186.deploy.static.akamaitechnologies.com
use.typekit.net |
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-54-72-196-194.eu-west-1.compute.amazonaws.com
sstats.adobe.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
10 |
adobe.com
wwwimages2.adobe.com www.adobe.com client.messaging.adobe.com sstats.adobe.com |
56 KB |
6 |
typekit.net
use.typekit.net p.typekit.net |
612 KB |
5 |
adobelogin.com
static.adobelogin.com |
70 KB |
4 |
demdex.net
1 redirects
dpm.demdex.net |
6 KB |
4 |
medersa-champs.org
2 redirects
medersa-champs.org |
9 KB |
1 |
adobedtm.com
assets.adobedtm.com |
155 KB |
0 |
demandbase.com
Failed
api.demandbase.com Failed |
|
0 |
evidon.com
Failed
c.evidon.com Failed |
|
29 | 8 |
Domain | Requested by | |
---|---|---|
5 | use.typekit.net |
medersa-champs.org
use.typekit.net |
5 | static.adobelogin.com |
medersa-champs.org
|
5 | wwwimages2.adobe.com |
medersa-champs.org
wwwimages2.adobe.com |
4 | dpm.demdex.net |
1 redirects
medersa-champs.org
assets.adobedtm.com |
4 | medersa-champs.org |
2 redirects
static.adobelogin.com
|
2 | sstats.adobe.com |
assets.adobedtm.com
|
2 | client.messaging.adobe.com |
medersa-champs.org
|
1 | p.typekit.net |
use.typekit.net
|
1 | assets.adobedtm.com |
www.adobe.com
|
1 | www.adobe.com |
medersa-champs.org
|
0 | api.demandbase.com Failed |
assets.adobedtm.com
|
0 | c.evidon.com Failed |
wwwimages2.adobe.com
|
29 | 12 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.adobe.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
medersa-champs.org Let's Encrypt Authority X3 |
2019-05-16 - 2019-08-14 |
3 months | crt.sh |
*.adobe.com DigiCert SHA2 Secure Server CA |
2018-11-06 - 2020-02-05 |
a year | crt.sh |
ims-na1.adobelogin.com DigiCert SHA2 Secure Server CA |
2018-08-30 - 2020-08-28 |
2 years | crt.sh |
*.messaging.adobe.com DigiCert SHA2 Secure Server CA |
2018-06-27 - 2020-07-01 |
2 years | crt.sh |
assets.adobedtm.com DigiCert SHA2 High Assurance Server CA |
2019-06-27 - 2021-07-01 |
2 years | crt.sh |
*.demdex.net DigiCert SHA2 High Assurance Server CA |
2018-01-09 - 2021-02-12 |
3 years | crt.sh |
*.typekit.net DigiCert SHA2 Secure Server CA |
2018-07-20 - 2020-01-03 |
a year | crt.sh |
sstats.adobe.com DigiCert SHA2 High Assurance Server CA |
2019-04-14 - 2020-07-17 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://medersa-champs.org/Glendale/Adobe/Adobe_CN/Adobe_CN/vmpv2azta3bont9vvbxbe4wm.php?436beD156303504037186f394ea5c42612a358c1aede5de337186f394ea5c42612a358c1aede5de337186f394ea5c42612a358c1aede5de337186f394ea5c42612a358c1aede5de337186f394ea5c42612a358c1aede5de3&login=Memberservices@legalshield.com
Frame ID: A62952052E24D2B8C1F7530915EA6AD3
Requests: 29 HTTP requests in this frame
Screenshot
![](/screenshots/7916ad7c-81eb-484f-b077-e95b3a2dea6e.png)
Page URL History Show full URLs
-
https://medersa-champs.org/unex/2/?login=Memberservices@legalshield.com
HTTP 302
https://medersa-champs.org/Glendale/Adobe/Adobe_CN/Adobe_CN/?login=Memberservices@legalshield.com HTTP 302
https://medersa-champs.org/Glendale/Adobe/Adobe_CN/Adobe_CN/vmpv2azta3bont9vvbxbe4wm.php?436beD15630350... Page URL
Detected technologies
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i
![](/vendor/wappa/icons/adobedmt.png)
Detected patterns
- script /\/\/assets.adobedtm.com\//i
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Title: 了解更多。
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://medersa-champs.org/unex/2/?login=Memberservices@legalshield.com
HTTP 302
https://medersa-champs.org/Glendale/Adobe/Adobe_CN/Adobe_CN/?login=Memberservices@legalshield.com HTTP 302
https://medersa-champs.org/Glendale/Adobe/Adobe_CN/Adobe_CN/vmpv2azta3bont9vvbxbe4wm.php?436beD156303504037186f394ea5c42612a358c1aede5de337186f394ea5c42612a358c1aede5de337186f394ea5c42612a358c1aede5de337186f394ea5c42612a358c1aede5de337186f394ea5c42612a358c1aede5de3&login=Memberservices@legalshield.com Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 15- https://dpm.demdex.net/id?d_visid_ver=3.3.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=9E1005A551ED61CA0A490D45%40AdobeOrg&d_nsid=0&ts=1563035043217 HTTP 302
- https://dpm.demdex.net/id/rd?d_visid_ver=3.3.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=9E1005A551ED61CA0A490D45%40AdobeOrg&d_nsid=0&ts=1563035043217
29 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
vmpv2azta3bont9vvbxbe4wm.php
medersa-champs.org/Glendale/Adobe/Adobe_CN/Adobe_CN/ Redirect Chain
|
34 KB 8 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
privacy.min.js
wwwimages2.adobe.com/etc/beagle/public/globalnav/adobe-privacy/latest/ |
10 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.min.js
www.adobe.com/marketingtech/ |
12 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
light.css
static.adobelogin.com/renga-idprovider/resources/412f897439591c341ede769476580085/spectrum/css/ |
54 KB 11 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
spectrum_head.js
static.adobelogin.com/renga-idprovider/resources/412f897439591c341ede769476580085/spectrum/script/ |
11 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
spectrum_body.js
static.adobelogin.com/renga-idprovider/resources/412f897439591c341ede769476580085/spectrum/script/ |
155 KB 51 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
AdobeMessagingClient.css
client.messaging.adobe.com/latest/ |
44 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
AdobeMessagingClient.js
client.messaging.adobe.com/latest/ |
56 KB 13 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
spectrum_capsindicator.js
static.adobelogin.com/renga-idprovider/resources/412f897439591c341ede769476580085/spectrum/script/ |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
evidon-sitenotice-tag.js
wwwimages2.adobe.com/etc/beagle/public/globalnav/privacy-files/sitenotice/ |
43 KB 12 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
country.js
c.evidon.com/geo/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
snthemes.js
wwwimages2.adobe.com/etc/beagle/public/globalnav/privacy-files/sitenotice/414/ |
234 KB 8 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
settings.js
wwwimages2.adobe.com/etc/beagle/public/globalnav/privacy-files/sitenotice/414/medersa-champs/ |
0 0 |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
launch-EN919758db9a654a17bac7d184b99c4820.min.js
assets.adobedtm.com/ |
580 KB 155 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
en.js
wwwimages2.adobe.com/etc/beagle/public/globalnav/privacy-files/sitenotice/414/translations/ |
159 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sprite.svg
static.adobelogin.com/renga-idprovider/resources/412f897439591c341ede769476580085/spectrum/img/ |
3 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
rd
dpm.demdex.net/id/ Redirect Chain
|
0 -1 B |
XHR
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
ip.json
api.demandbase.com/api/v2/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
hlx1mlm.js
use.typekit.net/ |
34 KB 12 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
login_flow
medersa-champs.org/renga-idprovider/pages/ |
350 B 550 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
rd
dpm.demdex.net/id/ |
6 KB 3 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
id
sstats.adobe.com/ |
90 B 720 B |
XHR
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
id
dpm.demdex.net/ |
6 KB 3 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
p.gif
p.typekit.net/ |
35 B 367 B |
XHR
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
m
use.typekit.net/af/9fd8c9/0000000000000000000177e7/27/ |
195 KB 150 KB |
XHR
font/opentype |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
m
use.typekit.net/af/1e5f35/0000000000000000000177ec/27/ |
195 KB 149 KB |
XHR
font/opentype |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
m
use.typekit.net/af/078880/0000000000000000000177ee/27/ |
201 KB 151 KB |
XHR
font/opentype |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
m
use.typekit.net/af/5acd1b/0000000000000000000177f3/27/ |
201 KB 150 KB |
XHR
font/opentype |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
s51076835885995
sstats.adobe.com/b/ss/adbadobenonacdcprod,adbadobeprototype/1/JS-2.8.0-L9UP/ |
43 B 585 B |
XHR
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- c.evidon.com
- URL
- https://c.evidon.com/geo/country.js
- Domain
- api.demandbase.com
- URL
- https://api.demandbase.com/api/v2/ip.json?key=e4086fa3ea9d74ac2aae2719a0e5285dc7075d7b&rnd=7499&callback=Request_2193347
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Adobe (Consumer)54 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask object| marketingtech object| evidon object| adobePrivacy function| DigitalData object| digitalData function| __satelliteLoadedCallback object| __satelliteLoadedPromise object| _satellite object| launchConfig string| special_day_char object| Modernizr function| scReport function| scJarvisReport function| scUserInteractionEvent function| getEnhancedDropdownParent function| KoreanPolicies object| Mailcheck function| $ function| jQuery object| _ function| getValidatorGroups object| components object| IMS boolean| __satelliteLoaded function| Visitor object| s_c_il number| s_c_in function| DemandbaseAPI boolean| thirdParty_allPagesTags boolean| thirdParty_pageLoadAdobeDotcom boolean| thirdParty_pageLoadAcrobatDotCom boolean| thirdParty_pageLoadMicroSites number| s_objectID number| s_giq function| DIL function| AppMeasurement function| AppMeasurement_Module_ActivityMap function| AppMeasurement_Module_AudienceManagement function| AppMeasurement_Module_Integrate function| AppMeasurement_Module_Media object| s_adobe object| s_adbadobenonacdc object| s function| Request_2193347 function| handle object| jQuery19102017112722221499 object| views object| AdobeMessagingExperienceClient function| AdobeMessagingClient object| Typekit object| s_i_adbadobenonacdcprod_adbadobeprototype0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=31536000 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
api.demandbase.com
assets.adobedtm.com
c.evidon.com
client.messaging.adobe.com
dpm.demdex.net
medersa-champs.org
p.typekit.net
sstats.adobe.com
static.adobelogin.com
use.typekit.net
www.adobe.com
wwwimages2.adobe.com
api.demandbase.com
c.evidon.com
104.109.64.186
2.18.232.23
2a02:26f0:6c00:196::19fd
2a02:26f0:6c00:19d::1efd
2a02:26f0:6c00:29c::1efd
52.213.106.142
52.85.181.129
54.230.202.132
54.72.196.194
68.171.212.28
1adc9c2fb9f83cf7036d1a026daaadf2d471126dc3f8469eaa6c93e2dff6790b
2ddb0a13e9ab56c98f38b55305cfd5bb2e123786224d05585969e09d86d3e6e0
306c19f28f895bff08ba4e7123afaca5048e6b24f3745a0a526bfc1c5789e94d
312411ef9e9b12af86bdda826ed973339a3034849227d1b8cfb6979f82a37586
36f7cb6c4fbc21768922ebedb540fdb950a21089bc51a18a7032afc593e83ad0
38576ca6dd9cb727b19d59dc728dd4cc18b646cc6732ed07ea6fcc51d9a30aca
4ba3a0f07f589f1f033d6e35c30dd4d2661450f0d3ec426fcb9dd0d8e6969ee4
615441e7d21a22edeb876a6e953cb62d564b7fee3e4c0b16a273cd452ae3337e
6632ced592a3c1f8202599807565643aecea32421d9f13498c78665564c27a4a
675713619205b2dea877c15f02aed5220881fc575ed66dddb1379eb21731bc7b
6df01675fda8e149b5b6451ac48ed8f251380d74fc15ceeeecc193457d1471bd
72049b2d67fdb3fe32b68cca066ec4e0ade3a4838458e446391b46a3aa42ef15
80d144866406d7c42da5a6c1e0c745b9fee83c4ef5b9223c9b408b6d704529e9
88e59f673679c6819b4987fdbec6cf4307f5cd753ca9e616b4df279408735644
9b9265c69a5cc295d1ab0d04e0273b3677db1a6216ce2ccf4efc8c277ed84b39
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a4aa7a64652371437c654f39fa8d81570e70a46345b73afc176c5d79f82c094f
c48c3508e392f1fb27856575fd687d61401f737d072fcf331e68586ebbb2665c
dc7bb89ca704eb9bcf1404f0d4180a73a444b30f735e2becff16e060db34188a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e83c87f082e02dfd8f1acbda5500f0121f9dbc897348ffb3c76597a64235a65c
e859dd198f9db558da0e08f8c964e286767e822c8eb9712cc93473e8bd45e177
edeb74415aff966b73b68b3a230541331a08083bdc087f893577dfcd53155ccd
ef59184a3de8be1988f073b4830b6ea92432742d54169cb25dc983a8b2ce8dc9
f11099fe0f0d89ab90e2b7cb174a057c836550316d624794ad5b7bee512cfb00
f81eecde0700031eaf7f579c8aa396d3b07e47991d7fb3226b8314d02474f78b