global4721-americanexpress.com
Open in
urlscan Pro
46.165.244.129
Malicious Activity!
Public Scan
Submission: On November 13 via automatic, source openphish
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on November 13th 2017. Valid for: 3 months.
This is the only time global4721-americanexpress.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: American Express (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
34 | 46.165.244.129 46.165.244.129 | 28753 (LEASEWEB-...) (LEASEWEB-DE-FRA-10) | |
3 | 95.100.188.44 95.100.188.44 | 16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies) | |
3 | 34.193.61.227 34.193.61.227 | 14618 (AMAZON-AES) (AMAZON-AES - Amazon.com) | |
1 | 148.173.101.84 148.173.101.84 | 6307 (AMERICAN-...) (AMERICAN-EXPRESS - American Express Company) | |
1 2 | 185.34.188.178 185.34.188.178 | 15224 (OMNITURE) (OMNITURE - Adobe Systems Inc.) | |
42 | 5 |
ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a95-100-188-44.deploy.akamaitechnologies.com
www.aexp-static.com |
ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-34-193-61-227.compute-1.amazonaws.com
nexus.ensighten.com |
ASN6307 (AMERICAN-EXPRESS - American Express Company, US)
PTR: gct-VIP.americanexpress.com
gct.americanexpress.com |
ASN15224 (OMNITURE - Adobe Systems Inc., US)
PTR: americanexpress.com.ssl.d2.sc.omtrdc.net
omns.americanexpress.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
34 |
global4721-americanexpress.com
global4721-americanexpress.com |
745 KB |
3 |
americanexpress.com
1 redirects
gct.americanexpress.com omns.americanexpress.com |
2 KB |
3 |
ensighten.com
nexus.ensighten.com |
22 KB |
3 |
aexp-static.com
www.aexp-static.com |
63 KB |
42 | 4 |
Domain | Requested by | |
---|---|---|
34 | global4721-americanexpress.com |
global4721-americanexpress.com
|
3 | nexus.ensighten.com |
global4721-americanexpress.com
nexus.ensighten.com |
3 | www.aexp-static.com |
global4721-americanexpress.com
nexus.ensighten.com |
2 | omns.americanexpress.com | 1 redirects |
1 | gct.americanexpress.com | |
42 | 5 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
www.global4721-americanexpress.com Let's Encrypt Authority X3 |
2017-11-13 - 2018-02-11 |
3 months | crt.sh |
americanexpress.com GeoTrust SSL CA - G3 |
2017-06-20 - 2018-09-19 |
a year | crt.sh |
nexus.ensighten.com Symantec Class 3 Secure Server SHA256 SSL CA |
2014-10-27 - 2018-01-13 |
3 years | crt.sh |
gct.americanexpress.com DigiCert SHA2 Extended Validation Server CA |
2016-08-01 - 2018-08-06 |
2 years | crt.sh |
omns.americanexpress.com Verizon Public SureServer EV SSL CA G14-SHA2 |
2016-02-19 - 2018-04-16 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
https://global4721-americanexpress.com/78b794bbc290f8e/b23b8/myca/confirm_identity?security=a58433221001a07a0aa400f8b20f1de2&session=0ef274df50eb3adef4ecc17faf6ff1e0e5a568b6
Frame ID: 22109.1
Requests: 42 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 40- https://omns.americanexpress.com/b/ss/amexpressprod/1/JS-2.1.0/s99356870586558?AQB=1&ndh=1&pf=1&t=13%2F10%2F2017%2015%3A4%3A14%201%200&fid=59B256B1C8100283-22EE99CF408D42DA&ce=UTF-8&ns=1americanexpress&pageName=global4721-americanexpress.com%2F78b794bbc290f8e%2Fb23b8%2Fmyca%2Fconfirm_identity&g=https%3A%2F%2Fglobal4721-americanexpress.com%2F78b794bbc290f8e%2Fb23b8%2Fmyca%2Fconfirm_identity%3Fsecurity%3Da58433221001a07a0aa400f8b20f1de2%26session%3D0ef274df50eb3adef4ecc17faf6ff1e0e5a568b6&c.&omn.&visitorCheck=VisitorAPI%20Missing&temp=1&itagexists=no&gvs=1&etwidth=1600ðeight=1200&etratio=0.75&etorientation=landscape&.omn&.c&cc=USD&server=global4721-americanexpress.com&c4=UnknownMarket&v22=D%3Dgctrac&c48=D%3Dgctrac&c49=ENS-Acq%20r20.0.0-AM%3A2.1.0-VISID%3ANA-DIL%3ANA-Mbox%3ANA&v65=D%3Domnmycademo&c67=D%3Dmrcards&v67=D%3Dmrcards&c75=fb&v75=MCMID%20not%20available&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1 HTTP 302
- https://omns.americanexpress.com/b/ss/amexpressprod/1/JS-2.1.0/s99356870586558?AQB=1&pccr=true&vidn=2D04DA3705313974-4000012600002018&&ndh=1&pf=1&t=13%2F10%2F2017%2015%3A4%3A14%201%200&fid=59B256B1C8100283-22EE99CF408D42DA&ce=UTF-8&ns=1americanexpress&pageName=global4721-americanexpress.com%2F78b794bbc290f8e%2Fb23b8%2Fmyca%2Fconfirm_identity&g=https%3A%2F%2Fglobal4721-americanexpress.com%2F78b794bbc290f8e%2Fb23b8%2Fmyca%2Fconfirm_identity%3Fsecurity%3Da58433221001a07a0aa400f8b20f1de2%26session%3D0ef274df50eb3adef4ecc17faf6ff1e0e5a568b6&c.&omn.&visitorCheck=VisitorAPI%20Missing&temp=1&itagexists=no&gvs=1&etwidth=1600ðeight=1200&etratio=0.75&etorientation=landscape&.omn&.c&cc=USD&server=global4721-americanexpress.com&c4=UnknownMarket&v22=D%3Dgctrac&c48=D%3Dgctrac&c49=ENS-Acq%20r20.0.0-AM%3A2.1.0-VISID%3ANA-DIL%3ANA-Mbox%3ANA&v65=D%3Domnmycademo&c67=D%3Dmrcards&v67=D%3Dmrcards&c75=fb&v75=MCMID%20not%20available&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1
42 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
confirm_identity
global4721-americanexpress.com/78b794bbc290f8e/b23b8/myca/ |
45 KB 45 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
FuidFypCommonStyles.css
global4721-americanexpress.com/78b794bbc290f8e/form/css/ |
8 KB 8 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
FuidFypRetrieveUserIdStyles.css
global4721-americanexpress.com/78b794bbc290f8e/form/css/ |
5 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
FuidFypRetrievePasswordStyles.css
global4721-americanexpress.com/78b794bbc290f8e/form/css/ |
10 KB 10 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
foresee-surveydef.js
global4721-americanexpress.com/78b794bbc290f8e/form/js/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
inav_responsive_intl.css
global4721-americanexpress.com/78b794bbc290f8e/file/ |
132 KB 132 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
clear.gif
global4721-americanexpress.com/78b794bbc290f8e/b23b8/myca/ |
353 B 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo_bluebox.gif
global4721-americanexpress.com/78b794bbc290f8e/form/img/ |
4 KB 4 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
DE.gif
global4721-americanexpress.com/78b794bbc290f8e/form/pics/flag/ |
1 KB 1 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
img_custservice_pointer.gif
global4721-americanexpress.com/78b794bbc290f8e/form/img/ |
205 B 205 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
btn_closeicon.gif
global4721-americanexpress.com/78b794bbc290f8e/form/img/ |
211 B 211 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
module940_head.png
global4721-americanexpress.com/78b794bbc290f8e/form/img/ |
322 B 322 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Tab_off_1_getStarted.gif
global4721-americanexpress.com/78b794bbc290f8e/form/img/ |
2 KB 2 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Tab_off_2_retrieveID.gif
global4721-americanexpress.com/78b794bbc290f8e/form/img/ |
2 KB 2 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Tab_on_3_security.gif
global4721-americanexpress.com/78b794bbc290f8e/form/img/ |
2 KB 2 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Tab_off_4_finish.gif
global4721-americanexpress.com/78b794bbc290f8e/form/img/ |
1 KB 1 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icn_spinningwheel.gif
global4721-americanexpress.com/78b794bbc290f8e/form/img/ |
539 B 539 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
content-head.gif
global4721-americanexpress.com/78b794bbc290f8e/form/img/ |
199 B 199 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icon_padlock.gif
global4721-americanexpress.com/78b794bbc290f8e/form/img/ |
256 B 256 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
tab_foot3.gif
global4721-americanexpress.com/78b794bbc290f8e/form/img/ |
1 KB 1 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
finish.jpg
global4721-americanexpress.com/78b794bbc290f8e/form/img/ |
10 KB 10 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
tab_foot2.gif
global4721-americanexpress.com/78b794bbc290f8e/form/img/ |
789 B 789 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
clear.gif
global4721-americanexpress.com/78b794bbc290f8e/b23b8/myca/img/ |
357 B 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
commonFunctionsResponsive_Intl.js
global4721-americanexpress.com/78b794bbc290f8e/file/ |
79 KB 79 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
prototype.js
global4721-americanexpress.com/78b794bbc290f8e/file/js/ |
139 KB 139 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
FuidUIText.js
global4721-americanexpress.com/78b794bbc290f8e/file/js/ |
5 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
FuidFypRetrieveUserIdScript.js
global4721-americanexpress.com/78b794bbc290f8e/file/js/ |
23 KB 23 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
FuidFypRetrievePasswordScript.js
global4721-americanexpress.com/78b794bbc290f8e/file/js/ |
21 KB 21 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
iNav_ngi_sprite_new.gif
global4721-americanexpress.com/78b794bbc290f8e/file/img/ |
23 KB 23 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
img_bg_background.jpg
global4721-americanexpress.com/78b794bbc290f8e/form/img/ |
223 KB 223 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
module940_body.png
global4721-americanexpress.com/78b794bbc290f8e/form/img/ |
159 B 159 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
tab_content1.gif
global4721-americanexpress.com/78b794bbc290f8e/form/img/ |
171 B 171 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
module940_foot.png
global4721-americanexpress.com/78b794bbc290f8e/form/img/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
iNav_ngi_sprite_footer.gif
global4721-americanexpress.com/78b794bbc290f8e/file/img/ |
934 B 934 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
iOAjquery1.6.3.min.js
www.aexp-static.com/api/axpi/ioa/js/ |
90 KB 31 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Bootstrap.js
nexus.ensighten.com/amex/ |
62 KB 18 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gct.js
www.aexp-static.com/api/axpi/GCT/ |
8 KB 4 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
serverComponent.php
nexus.ensighten.com/amex/ |
329 B 258 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Cookie set
CreateCookie.do
gct.americanexpress.com/gct/ |
43 B 43 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
82c5c7f70e5f65f093d22d74a7906f73.js
nexus.ensighten.com/amex/prod/code/ |
26 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
s_code_global_context.js
www.aexp-static.com/api/axpi/omniture/ |
80 KB 27 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Cookie set
s99356870586558
omns.americanexpress.com/b/ss/amexpressprod/1/JS-2.1.0/ Redirect Chain
|
43 B 43 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: American Express (Financial)0 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
gct.americanexpress.com
global4721-americanexpress.com
nexus.ensighten.com
omns.americanexpress.com
www.aexp-static.com
148.173.101.84
185.34.188.178
34.193.61.227
46.165.244.129
95.100.188.44
04eea524d24325a485b358f4825ce022fa111df2fd1a2b2f89218af368963f82
0d4e7d13d424c4569af233a3188ac42edaa093a12bced0dba6095c00047006e3
16d5d7c09be1496f92fb44ed7ad2ebbe1e7c17265758c38ea1f17e66aa327168
183346f0a0af6252f7e760e6e75a59687ee3ef522fe787015c2ae37c13faa806
194b37addb793c71c33302afb3239216455121d66303067e15904eedd0a66b12
217edbb76a515e479cd52852a19ea3a0c7636d1a46748fa5cf73448ad7ee916d
29a948906d0be0c0b8777180b0d7b2f9fe94158ade5d90a2dc62b16c3743748b
314d5f2b4d654ee0f4bca4a63633305d56c569151e1ad7a2feef9ad89914c09b
352ff58f101fd04f532cefd9e4b762dfdb7d131f3126a88a78fae5c60c6e5bbb
35f2a207786813e43464b6c578221c0d46fb34b82e8dcdc846a905631add36f9
374b18fa6e99ba5c441a67c05d02c23520f226ef77ff36b1453a1c2d66684b93
3ed772fb8bc11079c9ffbdcd666844c3788bc438b7951fe9fe7e12e31fdfeb5c
49bbbaac61f1ca70c37ce5956855bfe9f502e585f0e95716fd8892be94a3d785
5a279cfa714b507531a127814b3e45d03d2fa4f5a44f7a239076eec0db0824b6
5b88f98a5c8a34fc5966c02ce6fbd936928644a957bab4efba77cc8df6c2dc8a
5d6213d0f52321dcd51a93ff022c7e53a67815fb58f479b7b0a3553ca37452ac
66902eb8ab37b544667bb44253fcfa194072578f7d50a71a69ba10450cdd8b46
683d409af38c9b998dc9abee8abbe50d4ba0ed2d863a686bf25fb2ee938365d1
68e5f9a0050a6541fe87b34bfa1b0ec0041965802a3e9177ae1bcd153733889a
6b60184e70809fa2bfb9613093af377232e5a65f63122e1bd3216702d3c8fe10
6bb14fac1afb10934d15ab73901474712e9d845827d7c9fa29ba1d1c290dce88
6c8c003e9260c32eb9c505fbae44ccf07217d8b34e1645466868f273bed8346b
714a41e7664d04a280837d20db15ad1eadf5f7a97dca270f327c46f70a996727
77ad4a7798fd6760cd45fca1cf6705a2a3e61968ea98dac7482fb57c6c8a6bac
8322f4950bd1a9839d4f868cfa605e48ccf5edc2064f5df8712a9620ea206717
8441eced149d766a55fcfa6d07d034973e1e2a9428382216878f663db1add947
848c1ca8680f5d9c12ea717789eee3e61cfa19b75ddef57277d1ede1abb3a942
88ad4108b7ad4583031d3839a1202ee82ce8b3e077f4489aa332988659b2abce
8901b87c3125997a9f8f9c42c006eeb498774c239446026260f9b1c679bc84da
98bec7aa5eb57c98a8a4d8ca4410ba0ae6ba68220c2552f252d686335d0b1227
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a2722e700c61b09d89b442253c9b8f525cd0682c8c6797dac6f40798df65e83c
b3b888586eed7572f6308fd16e4efc9f9ec6e94d07412c17db8b999ec80a0213
b754eb74fa8f416b4803252f7994d7aa22d697a5eb77f0b4df8e3839f9621c9e
bb5e3948b41212b9863c5759ef5d078b1bcce9c58e7391cd3ab985143174a9bd
ce3a083448d10129267ce3688204e3fd26ccc177af3bb6ae034fd1238ba43e4a
df2faf3832d597b6d9b7efe7c640f9a1a0a295b98bb5077b7e5ef0b5262338c5
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
ee06c74beaf4a1a0f00826ecf89f00ba691c057ab61eac05ac9a75d1f57b372d
f3c1a68a6a9e10e0455a4b910d1279e740b5dbcd6c7f431a8400d40fc1a9bdf4
f89bcb071bc8618d28ca5c9e6f5ccac799aa666ac74420dfefbcd8b6c7e0bda2