writbd.com
Open in
urlscan Pro
67.222.20.115
Malicious Activity!
Public Scan
Submission: On November 04 via api from US — Scanned from DE
Summary
TLS certificate: Issued by cPanel, Inc. Certification Authority on September 9th 2021. Valid for: 3 months.
This is the only time writbd.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Telekom (Telecommunication)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 9 | 67.222.20.115 67.222.20.115 | 63410 (PRIVATESY...) (PRIVATESYSTEMS) | |
1 | 80.158.67.40 80.158.67.40 | 34086 (SCZN-AS) (SCZN-AS) | |
1 1 | 2a00:cd0:104d... 2a00:cd0:104d:1:80:82:200:32 | 48173 (UNBELIEVA...) (UNBELIEVABLE-AS) | |
1 | 34.240.216.139 34.240.216.139 | 16509 (AMAZON-02) (AMAZON-02) | |
2 7 | 185.54.150.52 185.54.150.52 | 60164 (WEBTREKK-AS) (WEBTREKK-AS) | |
7 | 2003:2:2:140:... 2003:2:2:140:62:157:140:200 | 3320 (DTAG Inte...) (DTAG Internet service provider operations) | |
5 | 23.37.38.214 23.37.38.214 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
3 | 80.158.66.21 80.158.66.21 | 34086 (SCZN-AS) (SCZN-AS) | |
1 | 80.158.66.1 80.158.66.1 | 34086 (SCZN-AS) (SCZN-AS) | |
2 4 | 185.54.150.123 185.54.150.123 | 60164 (WEBTREKK-AS) (WEBTREKK-AS) | |
33 | 9 |
ASN63410 (PRIVATESYSTEMS, US)
PTR: host.guideline4web.com
writbd.com |
ASN16509 (AMAZON-02, US)
PTR: ec2-34-240-216-139.eu-west-1.compute.amazonaws.com
lns-ev.xplosion.de |
ASN3320 (DTAG Internet service provider operations, DE)
accounts.login.idm.telekom.com |
ASN16625 (AKAMAI-AS, US)
PTR: a23-37-38-214.deploy.static.akamaitechnologies.com
tags-eu.tiqcdn.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
12 |
telekom.de
2 redirects
www.telekom.de pix.telekom.de ebs10.telekom.de ebs01.telekom.de |
126 KB |
9 |
writbd.com
1 redirects
writbd.com |
335 KB |
7 |
telekom.com
accounts.login.idm.telekom.com |
230 KB |
5 |
tiqcdn.com
tags-eu.tiqcdn.com |
118 KB |
4 |
wcfbc.net
2 redirects
fbc.wcfbc.net |
1 KB |
1 |
xplosion.de
lns-ev.xplosion.de |
218 B |
1 |
xdn-ttp.de
1 redirects
xdn-ttp.de |
490 B |
33 | 7 |
Domain | Requested by | |
---|---|---|
9 | writbd.com |
1 redirects
writbd.com
|
7 | accounts.login.idm.telekom.com |
writbd.com
|
7 | pix.telekom.de |
2 redirects
writbd.com
|
5 | tags-eu.tiqcdn.com |
www.telekom.de
tags-eu.tiqcdn.com |
4 | fbc.wcfbc.net | 2 redirects |
3 | ebs10.telekom.de |
tags-eu.tiqcdn.com
writbd.com |
1 | ebs01.telekom.de |
tags-eu.tiqcdn.com
|
1 | lns-ev.xplosion.de |
writbd.com
|
1 | xdn-ttp.de | 1 redirects |
1 | www.telekom.de |
writbd.com
|
33 | 10 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.telekom.de |
meinkonto.telekom-dienste.de |
Subject Issuer | Validity | Valid | |
---|---|---|---|
writbd.com cPanel, Inc. Certification Authority |
2021-09-09 - 2021-12-08 |
3 months | crt.sh |
www.telekom.de TeleSec ServerPass Class 2 CA |
2020-08-11 - 2022-08-16 |
2 years | crt.sh |
pix.telekom.de TeleSec ServerPass Class 2 CA |
2020-07-06 - 2022-07-11 |
2 years | crt.sh |
accounts.login.idm.telekom.com TeleSec ServerPass Extended Validation Class 3 CA |
2021-09-10 - 2022-09-14 |
a year | crt.sh |
*.tiqcdn.com DigiCert SHA2 Secure Server CA |
2021-04-19 - 2022-04-27 |
a year | crt.sh |
ebs10.telekom.de TeleSec ServerPass Class 2 CA |
2021-01-11 - 2022-01-16 |
a year | crt.sh |
ebs01.telekom.de TeleSec ServerPass Class 2 CA |
2021-01-11 - 2022-01-16 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
https://writbd.com/VOLINHGGP/lnkl/ios/oauth2/
Frame ID: 2639B960679FA2BD79A0A70AB946E3E1
Requests: 17 HTTP requests in this frame
Frame:
https://www.telekom.de/resources/tbs-config/phoenix_login_tracking?page=benutzer&mode=%25mode%25&context=auth&status=first_attempt
Frame ID: 0DC8A4E0E007067D76C9292682D6B4A1
Requests: 16 HTTP requests in this frame
Screenshot
Page Title
Telekom LoginPage URL History Show full URLs
-
https://writbd.com/VOLINHGGP/lnkl/ios/oauth2
HTTP 301
https://writbd.com/VOLINHGGP/lnkl/ios/oauth2/ Page URL
Page Statistics
5 Outgoing links
These are links going to different origins than the main page.
Title: Benötigen Sie Hilfe?
Search URL Search Domain Scan URL
Title: Telekom Login erstellen
Search URL Search Domain Scan URL
Title: Hier informieren über VERIMI
Search URL Search Domain Scan URL
Title: Impressum
Search URL Search Domain Scan URL
Title: Datenschutz
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://writbd.com/VOLINHGGP/lnkl/ios/oauth2
HTTP 301
https://writbd.com/VOLINHGGP/lnkl/ios/oauth2/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 8- https://xdn-ttp.de/lns/import-event-0746?zid=653721ea-4998-4e08-8208-8d9e1dedf6ff HTTP 302
- https://lns-ev.xplosion.de/xdn-import/import-event?zid=qxKGVnDscaCBFoWzGYLr01AKCkMDDULbKIuSJ8SUJz1U01UDwufW8Z2YPIUPnrTT&partner=0746
- https://pix.telekom.de/196380495960676/cc?a=r&c=wteid_196380495960676&t=https%3A%2F%2Ffbc.wcfbc.net%2Fv1%2Ffbc%3Fp%3D453%2C0%26acc%3D196380495960676%26t%3D1636041864363%26err%3D HTTP 301
- https://fbc.wcfbc.net/v1/fbc?p=453,0&acc=196380495960676&t=1636041864363&err=&c=wteid_196380495960676&v=4163604186400871242 HTTP 307
- https://fbc.wcfbc.net/v1/fbc?p=453,0&acc=196380495960676&t=1636041864363&err=&c=wteid_196380495960676&v=4163604186400871242&rc
- https://pix.telekom.de/827974826901109/cc?a=r&c=wteid_827974826901109&t=https%3A%2F%2Ffbc.wcfbc.net%2Fv1%2Ffbc%3Fp%3D453%2C0%26acc%3D827974826901109%26t%3D1636041864371%26err%3D HTTP 301
- https://fbc.wcfbc.net/v1/fbc?p=453,0&acc=827974826901109&t=1636041864371&err=&c=wteid_827974826901109&v=4163604186400381711 HTTP 307
- https://fbc.wcfbc.net/v1/fbc?p=453,0&acc=827974826901109&t=1636041864371&err=&c=wteid_827974826901109&v=4163604186400381711&rc
33 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
writbd.com/VOLINHGGP/lnkl/ios/oauth2/ Redirect Chain
|
13 KB 14 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
components.min.css
writbd.com/VOLINHGGP/lnkl/ios/static/factorx/css/ |
98 KB 98 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login-24.05.1.css
writbd.com/VOLINHGGP/lnkl/ios/static/factorx/css/ |
18 KB 18 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-3.2.1.min.js
writbd.com/VOLINHGGP/lnkl/ios/static/factorx/js/ |
85 KB 85 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-matchheight-0.7.2.min.js
writbd.com/VOLINHGGP/lnkl/ios/static/factorx/js/ |
3 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
components.min.js
writbd.com/VOLINHGGP/lnkl/ios/static/factorx/js/ |
76 KB 76 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login.js
writbd.com/VOLINHGGP/lnkl/ios/static/factorx/js/ |
17 KB 17 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
services.png
writbd.com/VOLINHGGP/lnkl/ios/static/factorx/images/ |
22 KB 22 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
phoenix_login_tracking
www.telekom.de/resources/tbs-config/ Frame 0DC8 |
2 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
import-event
lns-ev.xplosion.de/xdn-import/ Redirect Chain
|
0 218 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wt
pix.telekom.de/196380495960676/ |
43 B 642 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
data_protection.svg
accounts.login.idm.telekom.com/static/factorx/images/ |
673 B 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
teleicon-outline.woff
accounts.login.idm.telekom.com/static/factorx/fonts/ |
9 KB 9 KB |
Font
application/x-font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
telegroteskscreen-ultra.woff
accounts.login.idm.telekom.com/static/factorx/fonts/ |
52 KB 53 KB |
Font
application/x-font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
telegroteskscreen-bold.woff
accounts.login.idm.telekom.com/static/factorx/fonts/ |
52 KB 53 KB |
Font
application/x-font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
telegroteskscreen-thin.woff
accounts.login.idm.telekom.com/static/factorx/fonts/ |
57 KB 57 KB |
Font
application/x-font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
telegroteskscreen-regular.woff
accounts.login.idm.telekom.com/static/factorx/fonts/ |
53 KB 54 KB |
Font
application/x-font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
teleicon-ui.woff
accounts.login.idm.telekom.com/static/factorx/fonts/ |
3 KB 3 KB |
Font
application/x-font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
utag.js
tags-eu.tiqcdn.com/utag/telekom/phoenix/prod/ Frame 0DC8 |
239 KB 62 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cookie.php
ebs10.telekom.de/opt-in/ Frame 0DC8 |
0 446 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
utag.223.js
tags-eu.tiqcdn.com/utag/telekom/phoenix/prod/ Frame 0DC8 |
100 KB 28 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
utag.225.js
tags-eu.tiqcdn.com/utag/telekom/phoenix/prod/ Frame 0DC8 |
93 KB 26 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
utag.216.js
tags-eu.tiqcdn.com/utag/telekom/phoenix/prod/ Frame 0DC8 |
6 KB 2 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
utag.v.js
tags-eu.tiqcdn.com/utag/tiqapp/ Frame 0DC8 |
2 B 221 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
unsupported-browser-hint.js
ebs01.telekom.de/resout/pk/unsupported-browser-hint/ Frame 0DC8 |
45 KB 18 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wt
pix.telekom.de/196380495960676/ Frame 0DC8 |
43 B 372 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wt
pix.telekom.de/827974826901109/ Frame 0DC8 |
43 B 395 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
teleneo-bold.woff2
ebs10.telekom.de/opt-in/font/teleneo/ Frame 0DC8 |
52 KB 53 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
teleneo-regular.woff2
ebs10.telekom.de/opt-in/font/teleneo/ Frame 0DC8 |
52 KB 52 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fbc
fbc.wcfbc.net/v1/ Frame 0DC8 Redirect Chain
|
69 B 209 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fbc
fbc.wcfbc.net/v1/ Frame 0DC8 Redirect Chain
|
69 B 209 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wt
pix.telekom.de/196380495960676/ Frame 0DC8 |
43 B 268 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wt
pix.telekom.de/827974826901109/ Frame 0DC8 |
43 B 247 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Telekom (Telecommunication)12 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler boolean| accountLocked boolean| accountLockedPermanent number| accountLockExpiration boolean| loginFailed function| $ function| jQuery object| Login7 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
pix.telekom.de/827974826901109 | Name: wteid_827974826901109 Value: 4163604186400381711 |
|
pix.telekom.de/827974826901109 | Name: wtsid_827974826901109 Value: 1 |
|
writbd.com/ | Name: PHPSESSID Value: 1da111f1c86a6db004e4214696474b57 |
|
.telekom.de/ | Name: wtsid_196380495960676 Value: 1 |
|
.telekom.de/ | Name: wteid_196380495960676 Value: 4163604186400871242 |
|
pix.telekom.de/ | Name: wt_nbg_Q3 Value: !lOO/El1kGcYhQbF4rilbAvsT7ogyB5lNqQ5kbp5m+tAf4mIiwfFODVtZiZzc8qDP5uF1mI8KeTOrEw== |
|
.wcfbc.net/ | Name: wt_cdbeid Value: 0d810ec9638218556092dbadb43fe82d |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
accounts.login.idm.telekom.com
ebs01.telekom.de
ebs10.telekom.de
fbc.wcfbc.net
lns-ev.xplosion.de
pix.telekom.de
tags-eu.tiqcdn.com
writbd.com
www.telekom.de
xdn-ttp.de
185.54.150.123
185.54.150.52
2003:2:2:140:62:157:140:200
23.37.38.214
2a00:cd0:104d:1:80:82:200:32
34.240.216.139
67.222.20.115
80.158.66.1
80.158.66.21
80.158.67.40
01fa42140c7fd1e43496b320027681e75123e8121c4ff52e7a390a4ec37d9379
14977cb7057352ad7715b93dec52f4993fc16980836d03b64f79566e8c9bec22
1eeeff19180291d40aab26257151123e9c3c7dbe499e65b8173b7576251bc0fb
2088675a0c256dd535f832bf6fe59b3a20f9fd46f41ef5bdb62d6ab265603728
295d169c7fffd85246d74c76766fe54f5f28658c0229d5ad2294a561ccf45340
2e3c8a492ea46b6bad0cb1f2a94a18d41ae3cb2fbf514f85388392cef4983d3e
3b6317d7c6288f6380f182e8bdc16b4cea82df91bc0f0209dfbce457b3e16910
3c3cff57406992d5b880806e120965b2a77f6a9ac1bbe7a781bfc9f752b4ab5c
3cf35b128c4c5dcd9bb0a12bcc009f2e46e382edec4737360a623d0052a6fe34
42d274b3c3f7c6565c2f3cc9b009770f143ceca121b91bc25f844f7040f18c94
4846b006021c37c16c53aa09e34927461ab6b26a49fb32381255dc8fbb673c83
53637a2d4745687c07969427a743c6b9207b3ba6e261fa19a61cccaab46eb316
58f33125f5843f4e0f816b8d0e431be5e32b623b167b3f2306561fcb9e7e6450
5baf3f6d6e798840ba02b6f22e9c1e7eee26abfb36fb8dc32513b2e8f3a6964c
6ebd3995a2d04fc1550f8d025400411954fdb51dcaa24def899d8fc33b2504a7
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
8cf9d2422c2750249fec853f27c4532cac2790daf9b6f5fe333c8a97554019f7
9caa474077788819f478507a542993b1c75648f25862aa8705df955b4c691893
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b80effdb6b1baee7ad8a926a027a9f085d0b91a1b52e3a8cf34e9a6b087aad97
c1a69853198ae592f980806d6d489f43d03ee49f60df58b32ad375c03127703a
dff75c72abbd5b70b8cf2acb31155760116d14517cc89b81d00285da85306497
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e83c5b67f2782dc1fd5260cb35b2c10242101b5a81a49093009be2f94227bcdf
ef29200ef7b4e594c2115db943e9e3c213f8fd57f236e7006c31af3d3d5876f3
f58ecb754487f42fbec18a84421310ab268024c38ec4f4e125aefbcc26fa2fe1