unionplus.aws-card-dqa.capitalonegslbex.com
Open in
urlscan Pro
13.224.196.47
Malicious Activity!
Public Scan
Effective URL: https://unionplus.aws-card-dqa.capitalonegslbex.com/
Submission: On January 30 via api from US
Summary
TLS certificate: Issued by DigiCert SHA2 Extended Validation Ser... on January 9th 2020. Valid for: a year.
This is the only time unionplus.aws-card-dqa.capitalonegslbex.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: CapitalOne (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 9 | 13.224.196.47 13.224.196.47 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 18.197.253.20 18.197.253.20 | 16509 (AMAZON-02) (AMAZON-02) | |
6 | 23.5.99.175 23.5.99.175 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
2 | 3.124.119.57 3.124.119.57 | 16509 (AMAZON-02) (AMAZON-02) | |
21 | 5 |
ASN16509 (AMAZON-02, US)
PTR: server-13-224-196-47.fra2.r.cloudfront.net
unionplus.aws-card-dqa.capitalonegslbex.com |
ASN16509 (AMAZON-02, US)
PTR: ec2-18-197-253-20.eu-central-1.compute.amazonaws.com
nexus.ensighten.com |
ASN16625 (AKAMAI-AS, US)
PTR: a23-5-99-175.deploy.static.akamaitechnologies.com
ecm.capitalone.com |
ASN16509 (AMAZON-02, US)
PTR: ec2-3-124-119-57.eu-central-1.compute.amazonaws.com
tms.capitalone.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
capitalonegslbex.com
1 redirects
unionplus.aws-card-dqa.capitalonegslbex.com |
9 MB |
8 |
capitalone.com
ecminternal.clouddqt.capitalone.com Failed ecm.capitalone.com tms.capitalone.com |
92 KB |
1 |
ensighten.com
nexus.ensighten.com |
26 KB |
21 | 3 |
Domain | Requested by | |
---|---|---|
9 | unionplus.aws-card-dqa.capitalonegslbex.com |
1 redirects
unionplus.aws-card-dqa.capitalonegslbex.com
|
6 | ecm.capitalone.com |
unionplus.aws-card-dqa.capitalonegslbex.com
|
2 | tms.capitalone.com |
nexus.ensighten.com
|
1 | nexus.ensighten.com |
unionplus.aws-card-dqa.capitalonegslbex.com
|
0 | ecminternal.clouddqt.capitalone.com Failed |
unionplus.aws-card-dqa.capitalonegslbex.com
|
21 | 5 |
This site contains links to these domains. Also see Links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
capitalone.com DigiCert SHA2 Extended Validation Server CA |
2020-01-09 - 2021-01-08 |
a year | crt.sh |
nexus.ensighten.com DigiCert SHA2 Secure Server CA |
2019-10-03 - 2020-10-02 |
a year | crt.sh |
ecm.capitalone.com DigiCert SHA2 Extended Validation Server CA |
2019-08-01 - 2021-08-01 |
2 years | crt.sh |
tms.capitalone.com DigiCert SHA2 Extended Validation Server CA |
2018-11-06 - 2020-11-05 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
https://unionplus.aws-card-dqa.capitalonegslbex.com/
Frame ID: C122DA76FDCB6FD686A0CBC582C4B4D7
Requests: 22 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://unionplus.aws-card-dqa.capitalonegslbex.com/
HTTP 301
https://unionplus.aws-card-dqa.capitalonegslbex.com/ Page URL
Detected technologies
Amazon Web Services (PaaS) ExpandDetected patterns
- headers via /\(CloudFront\)$/i
- headers server /^AmazonS3$/i
Amazon Cloudfront (CDN) Expand
Detected patterns
- headers via /\(CloudFront\)$/i
Amazon S3 (Miscellaneous) Expand
Detected patterns
- headers server /^AmazonS3$/i
Page Statistics
36 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Title: Sign In
Search URL Search Domain Scan URL
Title: Set Up My Account
Search URL Search Domain Scan URL
Title: Forgot Username or Password?
Search URL Search Domain Scan URL
Title: Personal Credit Cards
Search URL Search Domain Scan URL
Title: Business Credit Cards
Search URL Search Domain Scan URL
Title: Personal Banking
Search URL Search Domain Scan URL
Title: Small Business Banking
Search URL Search Domain Scan URL
Title: Commercial Banking
Search URL Search Domain Scan URL
Title: Auto Loans
Search URL Search Domain Scan URL
Title: Investing
Search URL Search Domain Scan URL
Title: Canada
Search URL Search Domain Scan URL
Title: UK
Search URL Search Domain Scan URL
Title: About Capital One
Search URL Search Domain Scan URL
Title: Investors
Search URL Search Domain Scan URL
Title: Press
Search URL Search Domain Scan URL
Title: Investing for Good
Search URL Search Domain Scan URL
Title: Financial Education
Search URL Search Domain Scan URL
Title: Diversity & Inclusion
Search URL Search Domain Scan URL
Title: Search Jobs
Search URL Search Domain Scan URL
Title: Service members Civil Relief Act
Search URL Search Domain Scan URL
Title: Patriot Act Cert
Search URL Search Domain Scan URL
Title: Subpoena Policy
Search URL Search Domain Scan URL
Title: Additional Disclosures
Search URL Search Domain Scan URL
Title: Contact Us
Search URL Search Domain Scan URL
Title: Privacy
Search URL Search Domain Scan URL
Title: Security
Search URL Search Domain Scan URL
Title: Terms & Conditions
Search URL Search Domain Scan URL
Title: Accessibility
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://unionplus.aws-card-dqa.capitalonegslbex.com/
HTTP 301
https://unionplus.aws-card-dqa.capitalonegslbex.com/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
21 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
unionplus.aws-card-dqa.capitalonegslbex.com/ Redirect Chain
|
708 B 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
runtime.js
unionplus.aws-card-dqa.capitalonegslbex.com/ |
6 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
polyfills.js
unionplus.aws-card-dqa.capitalonegslbex.com/ |
236 KB 237 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
styles.js
unionplus.aws-card-dqa.capitalonegslbex.com/ |
437 KB 438 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
scripts.js
unionplus.aws-card-dqa.capitalonegslbex.com/ |
57 KB 58 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
vendor.js
unionplus.aws-card-dqa.capitalonegslbex.com/ |
8 MB 8 MB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.js
unionplus.aws-card-dqa.capitalonegslbex.com/ |
76 KB 76 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
primer_config.json
ecminternal.clouddqt.capitalone.com/EASE/Partnership/Primer/configs/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Bootstrap.js
nexus.ensighten.com/capitalone/dev/ |
83 KB 26 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
capital-one-logo.svg
ecm.capitalone.com/CI_Common/assets/images/logos/ |
4 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
96 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
www-fdic.svg
ecm.capitalone.com/CI_Common/assets/images/footer/ |
2 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
www-ehl.svg
ecm.capitalone.com/CI_Common/assets/images/footer/ |
437 B 873 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Optimist_W_Lt.woff2
ecm.capitalone.com/CI_Common/assets/fonts/ |
27 KB 28 KB |
Font
binary/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
serverComponent.php
tms.capitalone.com/capitalone/dev/ |
280 B 378 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
default-content.json
unionplus.aws-card-dqa.capitalonegslbex.com/assets/json/ |
10 KB 11 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
58e50941926f82c0ac0ac68d64bd6afc.js
tms.capitalone.com/capitalone/dev/code/ |
9 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
unionplus_primer_cardart.png
ecminternal.clouddqt.capitalone.com/EASE/Partnership/Primer/images/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
unionplus_primer_logo.svg
ecminternal.clouddqt.capitalone.com/EASE/Partnership/Primer/images/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
unionplus_primer_background.jpg
ecminternal.clouddqt.capitalone.com/EASE/Partnership/Primer/images/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Optimist_W_SBd.woff2
ecm.capitalone.com/CI_Common/assets/fonts/ |
28 KB 28 KB |
Font
binary/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Optimist_W_Rg.woff2
ecm.capitalone.com/CI_Common/assets/fonts/ |
28 KB 28 KB |
Font
binary/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- ecminternal.clouddqt.capitalone.com
- URL
- https://ecminternal.clouddqt.capitalone.com/EASE/Partnership/Primer/configs/primer_config.json
- Domain
- ecminternal.clouddqt.capitalone.com
- URL
- https://ecminternal.clouddqt.capitalone.com/EASE/Partnership/Primer/images/unionplus_primer_cardart.png
- Domain
- ecminternal.clouddqt.capitalone.com
- URL
- https://ecminternal.clouddqt.capitalone.com/EASE/Partnership/Primer/images/unionplus_primer_logo.svg
- Domain
- ecminternal.clouddqt.capitalone.com
- URL
- https://ecminternal.clouddqt.capitalone.com/EASE/Partnership/Primer/images/unionplus_primer_background.jpg
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: CapitalOne (Financial)196 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate object| webpackJsonp function| Zone function| __zone_symbol__Promise function| __zone_symbol__ZoneAwarePromise function| __zone_symbol__setTimeout function| __zone_symbol__clearTimeout function| __zone_symbol__setInterval function| __zone_symbol__clearInterval function| __zone_symbol__requestAnimationFrame function| __zone_symbol__cancelAnimationFrame function| __zone_symbol__webkitRequestAnimationFrame function| __zone_symbol__webkitCancelAnimationFrame function| __zone_symbol__alert function| __zone_symbol__prompt function| __zone_symbol__confirm function| __zone_symbol__MutationObserver function| __zone_symbol__WebKitMutationObserver function| __zone_symbol__IntersectionObserver function| __zone_symbol__FileReader boolean| __zone_symbol__ononabortpatched boolean| __zone_symbol__ononanimationendpatched boolean| __zone_symbol__ononanimationiterationpatched boolean| __zone_symbol__ononauxclickpatched boolean| __zone_symbol__ononblurpatched boolean| __zone_symbol__ononcancelpatched boolean| __zone_symbol__ononcanplaypatched boolean| __zone_symbol__ononcanplaythroughpatched boolean| __zone_symbol__ononchangepatched boolean| __zone_symbol__ononcuechangepatched boolean| __zone_symbol__ononclickpatched boolean| __zone_symbol__ononclosepatched boolean| __zone_symbol__ononcontextmenupatched boolean| __zone_symbol__onondblclickpatched boolean| __zone_symbol__onondragpatched boolean| __zone_symbol__onondragendpatched boolean| __zone_symbol__onondragenterpatched boolean| __zone_symbol__onondragleavepatched boolean| __zone_symbol__onondragoverpatched boolean| __zone_symbol__onondroppatched boolean| __zone_symbol__onondurationchangepatched boolean| __zone_symbol__ononemptiedpatched boolean| __zone_symbol__ononendedpatched boolean| __zone_symbol__ononerrorpatched boolean| __zone_symbol__ononfocuspatched boolean| __zone_symbol__onongotpointercapturepatched boolean| __zone_symbol__ononinputpatched boolean| __zone_symbol__ononinvalidpatched boolean| __zone_symbol__ononkeydownpatched boolean| __zone_symbol__ononkeypresspatched boolean| __zone_symbol__ononkeyuppatched boolean| __zone_symbol__ononloadpatched boolean| __zone_symbol__ononloadstartpatched boolean| __zone_symbol__ononloadeddatapatched boolean| __zone_symbol__ononloadedmetadatapatched boolean| __zone_symbol__ononlostpointercapturepatched boolean| __zone_symbol__ononmousedownpatched boolean| __zone_symbol__ononmouseenterpatched boolean| __zone_symbol__ononmouseleavepatched boolean| __zone_symbol__ononmousemovepatched boolean| __zone_symbol__ononmouseoutpatched boolean| __zone_symbol__ononmouseoverpatched boolean| __zone_symbol__ononmouseuppatched boolean| __zone_symbol__ononmousewheelpatched boolean| __zone_symbol__ononpausepatched boolean| __zone_symbol__ononplaypatched boolean| __zone_symbol__ononplayingpatched boolean| __zone_symbol__ononpointercancelpatched boolean| __zone_symbol__ononpointerdownpatched boolean| __zone_symbol__ononpointerenterpatched boolean| __zone_symbol__ononpointerleavepatched boolean| __zone_symbol__ononpointermovepatched boolean| __zone_symbol__ononpointeroverpatched boolean| __zone_symbol__ononpointeruppatched boolean| __zone_symbol__ononprogresspatched boolean| __zone_symbol__ononratechangepatched boolean| __zone_symbol__ononresetpatched boolean| __zone_symbol__ononresizepatched boolean| __zone_symbol__ononscrollpatched boolean| __zone_symbol__ononseekedpatched boolean| __zone_symbol__ononseekingpatched boolean| __zone_symbol__ononselectpatched boolean| __zone_symbol__ononselectionchangepatched boolean| __zone_symbol__ononselectstartpatched boolean| __zone_symbol__ononstalledpatched boolean| __zone_symbol__ononsubmitpatched boolean| __zone_symbol__ononsuspendpatched boolean| __zone_symbol__onontimeupdatepatched boolean| __zone_symbol__ononvolumechangepatched boolean| __zone_symbol__onontransitionendpatched boolean| __zone_symbol__ononwaitingpatched boolean| __zone_symbol__ononwheelpatched boolean| __zone_symbol__onontogglepatched boolean| __zone_symbol__ononafterprintpatched boolean| __zone_symbol__ononappinstalledpatched boolean| __zone_symbol__ononbeforeinstallpromptpatched boolean| __zone_symbol__ononbeforeprintpatched boolean| __zone_symbol__ononbeforeunloadpatched boolean| __zone_symbol__onondevicemotionpatched boolean| __zone_symbol__onondeviceorientationpatched boolean| __zone_symbol__onondeviceorientationabsolutepatched boolean| __zone_symbol__ononhashchangepatched boolean| __zone_symbol__ononlanguagechangepatched boolean| __zone_symbol__ononmessagepatched boolean| __zone_symbol__ononofflinepatched boolean| __zone_symbol__onononlinepatched boolean| __zone_symbol__ononpageshowpatched boolean| __zone_symbol__ononpagehidepatched boolean| __zone_symbol__ononpopstatepatched boolean| __zone_symbol__ononrejectionhandledpatched boolean| __zone_symbol__ononstoragepatched boolean| __zone_symbol__ononunhandledrejectionpatched boolean| __zone_symbol__ononunloadpatched boolean| __zone_symbol__onondragstartpatched boolean| __zone_symbol__ononanimationstartpatched boolean| __zone_symbol__ononsearchpatched boolean| __zone_symbol__ononwebkitanimationendpatched boolean| __zone_symbol__ononwebkitanimationiterationpatched boolean| __zone_symbol__ononwebkitanimationstartpatched boolean| __zone_symbol__ononwebkittransitionendpatched boolean| __zone_symbol__ononpointeroutpatched boolean| __zone_symbol__ononmessageerrorpatched object| __core-js_shared__ object| core undefined| usabillaUsername function| setUsabillaUsername function| getUsabillaUsername function| loadUsabillaJS object| Cof_sic function| InstalledFontDetector function| fnBrowserDevicePrintVersion function| fnZeroPad function| fnBrowserCurrentTimeStamp function| fnBrowserUserAgent function| fnBrowserTimeZone function| fnBrowserScreen function| fnBrowserFontSmoothingEnabled function| fnBrowserLanguage function| fnBrowserFonts function| fnBrowserFontsOld function| fnBrowserPlugins function| fnBrowserPluginsOld function| fnBrowserCookieEnabled function| fnBrowserJavaEnabled function| fnBrowserTouchEnabled function| fnBrowserSilverLightDetails function| fnBrowserFlashDetails function| fnBrowserCanvasHash function| fnBrowserTrueAgent function| fnBrowserConnectionInfo function| fnBrowserLatency function| fnBrowserInfo function| fnBrowserSystemInfo function| fnBrowserFormFields object| B64 function| fnB64Enc function| fnStripExtension function| fnIsBlank function| fnGetArrIndexValue function| fnB64Dec function| webProperties_on_sic function| clearCookiesOnSignInPageLoad_on_sic function| createC1CCIDCookie_on_sic function| collectDFPAH function| fnGetTime function| fnCSM function| mathEval function| fnTCN object| Sha256 object| ngDevMode object| ng object| __zone_symbol__popstatefalse object| __zone_symbol__hashchangefalse object| __zone_symbol__resizefalse object| __zone_symbol__orientationchangefalse function| getAngularTestability function| getAllAngularTestabilities function| getAllAngularRootElements object| frameworkStabilizers object| ensBootstraps object| __zone_symbol__loadfalse object| Bootstrapper object| GlobalSnowplowNamespace function| sp object| __zone_symbol__beforeunloadfalse object| __zone_symbol__unloadfalse object| publisherFW string| k object| __zone_symbol__focusfalse function| __zone_symbol__addEventListener function| __zone_symbol__removeEventListener undefined| __zone_symbol__eventListeners undefined| __zone_symbol__removeAllListeners function| eventListeners function| removeAllListeners0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ecm.capitalone.com
ecminternal.clouddqt.capitalone.com
nexus.ensighten.com
tms.capitalone.com
unionplus.aws-card-dqa.capitalonegslbex.com
ecminternal.clouddqt.capitalone.com
13.224.196.47
18.197.253.20
23.5.99.175
3.124.119.57
017d9cf1015d4388c0069e8f2e147d998616605a8fdbb461cd964ff5cda545e3
2814ae645f0912212718a9e26255a2794a76096ac59f1a45adc32b64e6de7c5d
2d23c63e03fb685ed80f2554da2069dbc431720b6ed4f3f7cce579f52aaa62af
2e72ccb7a59f8982e1ddd96e1c6b6cc6a834e87f18ce7b420e3f456f593dfa4e
40ad45d7d3e8068c4f490f0dc16ce8fc81c0fa709afb9a68e8e64d62c5bf709b
4780362e30f6246a8df42c1c6415149b539439285c0e6d5b5acf9e891ab4bcb0
48b4ed4ba8ee0eaeddfba861e6772c61f818931816102636a888ec0b49bce056
57dfca5b95599a613da940f4a49ab6378fcf0586366a47cae679796930bf0eed
58773c4a53125c9e6e60a4a527d2c7696b36263e95f643644cfdee5346157289
5cc82b6dc651cd71361f7da0d6cc98c685f093aeb9d57ae99069aba15409a024
5dd8452d0400a7891ee18975e3f030d298c77f56df0209efcecbbbe6ce197c6e
5e8d7a354466ec4f2bf5fbdda8b1cc41de3ebcc5ba2c2be0d749fe03a727ac82
7fe3d31dd45511807552787b7a7a02c661f831bd07b66c76c896d557a0d1cb4b
8ae11caa658fd61e703a8ba9000d4254001513ac5e86ce36814b2aab62c5d9ff
902c5a9d8ad932630fb2021fe1a1a7f4f06513b19e8d073866178ee65ff33fe9
980a9734795aa633dc294b6fb3f97f81ede9e56f542ab742e72fee88d2886700
9b98e19f831844b3dae8e1fd65b6802bc778446fbdacac8203e34bbc02eacbcd
b8977fb5528fef54d6b9b5ad1377c8837617e5db1db7b554c8fc932ed3d7e1da