3da5a5.circultural.com
Open in
urlscan Pro
104.27.243.24
Malicious Activity!
Public Scan
Effective URL: https://3da5a5.circultural.com/l/8c579bd6-2433-11e6-9af1-02401b02a2b5/v/a5490a9c-5467-11e9-b5d7-1140a62f7fe2/
Submission: On April 01 via manual from AT
Summary
TLS certificate: Issued by COMODO ECC Domain Validation Secure S... on March 1st 2019. Valid for: 6 months.
This is the only time 3da5a5.circultural.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Scam (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
11 | 173.254.28.76 173.254.28.76 | 46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1 - Unified Layer) | |
1 | 103.221.220.17 103.221.220.17 | 18403 (FPT-AS-AP...) (FPT-AS-AP The Corporation for Financing & Promoting Technology) | |
1 | 46.105.201.240 46.105.201.240 | 16276 (OVH) (OVH) | |
1 | 192.99.33.165 192.99.33.165 | 16276 (OVH) (OVH) | |
1 1 | 194.87.99.154 194.87.99.154 | 48347 (MTW-AS) (MTW-AS) | |
1 3 | 198.143.165.221 198.143.165.221 | 32475 (SINGLEHOP...) (SINGLEHOP-LLC - SingleHop LLC) | |
1 | 104.25.213.28 104.25.213.28 | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
1 | 104.25.42.115 104.25.42.115 | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
2 | 54.93.139.95 54.93.139.95 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
5 | 104.27.243.24 104.27.243.24 | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
3 | 2a00:1450:400... 2a00:1450:4001:816::2004 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
1 | 2a00:1450:400... 2a00:1450:4001:818::2003 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
29 | 11 |
ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US)
PTR: just76.justhost.com
revneuropsi.com.ar |
ASN18403 (FPT-AS-AP The Corporation for Financing & Promoting Technology, VN)
PTR: h2.azdigi.com
cafephim.vn |
ASN16276 (OVH, FR)
PTR: ns560083.ip-192-99-33.net
s4.histats.com |
ASN32475 (SINGLEHOP-LLC - SingleHop LLC, US)
PTR: server04.com-2.mobi
search.frenkulok.info |
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
onwardinated.com |
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
presicdn.com |
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-54-93-139-95.eu-central-1.compute.amazonaws.com
trck-ms.com |
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
circultural.com | |
3da5a5.circultural.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
11 |
revneuropsi.com.ar
revneuropsi.com.ar |
55 KB |
5 |
circultural.com
circultural.com 3da5a5.circultural.com |
54 KB |
3 |
google.com
www.google.com |
567 B |
3 |
frenkulok.info
1 redirects
search.frenkulok.info |
4 KB |
2 |
trck-ms.com
trck-ms.com |
295 B |
2 |
histats.com
s10.histats.com s4.histats.com |
5 KB |
1 |
gstatic.com
www.gstatic.com |
91 KB |
1 |
presicdn.com
presicdn.com |
4 KB |
1 |
onwardinated.com
onwardinated.com |
1 KB |
1 |
senterutilisation.tk
1 redirects
senterutilisation.tk |
679 B |
1 |
cafephim.vn
cafephim.vn |
251 B |
29 | 11 |
Domain | Requested by | |
---|---|---|
11 | revneuropsi.com.ar |
revneuropsi.com.ar
|
4 | 3da5a5.circultural.com |
3da5a5.circultural.com
|
3 | www.google.com |
3da5a5.circultural.com
www.gstatic.com |
3 | search.frenkulok.info |
1 redirects
revneuropsi.com.ar
search.frenkulok.info |
2 | trck-ms.com |
presicdn.com
3da5a5.circultural.com |
1 | www.gstatic.com |
www.google.com
|
1 | circultural.com |
onwardinated.com
|
1 | presicdn.com |
onwardinated.com
|
1 | onwardinated.com |
search.frenkulok.info
|
1 | senterutilisation.tk | 1 redirects |
1 | s4.histats.com |
s10.histats.com
|
1 | s10.histats.com |
revneuropsi.com.ar
|
1 | cafephim.vn |
revneuropsi.com.ar
|
29 | 13 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
cafephim.vn COMODO RSA Domain Validation Secure Server CA |
2018-03-20 - 2020-06-17 |
2 years | crt.sh |
ssl378821.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2 |
2019-03-17 - 2019-09-23 |
6 months | crt.sh |
ssl377659.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2 |
2019-03-03 - 2019-09-09 |
6 months | crt.sh |
trck-ms.com Amazon |
2018-10-05 - 2019-11-05 |
a year | crt.sh |
ssl381364.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2 |
2019-03-01 - 2019-09-07 |
6 months | crt.sh |
www.google.com Google Internet Authority G3 |
2019-03-01 - 2019-05-24 |
3 months | crt.sh |
*.google.com Google Internet Authority G3 |
2019-03-01 - 2019-05-24 |
3 months | crt.sh |
This page contains 3 frames:
Primary Page:
https://3da5a5.circultural.com/l/8c579bd6-2433-11e6-9af1-02401b02a2b5/v/a5490a9c-5467-11e9-b5d7-1140a62f7fe2/
Frame ID: FE0598C8BC9C0E9B60DC3ACA6A4A580F
Requests: 27 HTTP requests in this frame
Frame:
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LegYR0TAAAAAPQj12s9xvGu3_2O2jvIB5bb2NI6&co=aHR0cHM6Ly8zZGE1YTUuY2lyY3VsdHVyYWwuY29tOjQ0Mw..&hl=en&type=image&v=v1552285980763&theme=light&size=normal&cb=5l3dhkje1tqt
Frame ID: 6EB4396FFCC98966FC109B474DCE3569
Requests: 1 HTTP requests in this frame
Frame:
https://www.google.com/recaptcha/api2/bframe?hl=en&v=v1552285980763&k=6LegYR0TAAAAAPQj12s9xvGu3_2O2jvIB5bb2NI6&cb=n1xscee0aune
Frame ID: 6582759D3BA47660EF5D6BD9545B5940
Requests: 1 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- http://revneuropsi.com.ar/ Page URL
-
http://senterutilisation.tk/index/?5731550755135
HTTP 302
http://search.frenkulok.info/?utm_medium=4c23b9fecf7dfd895dfe0da99e857f3bee8e9d42&utm_campaign=808 Page URL
- http://search.frenkulok.info/?utm_term=6674868688308405011&clickverify=1&utm_content=e6c2c6dcd68fd49594fc... Page URL
-
http://search.frenkulok.info/proc.php?0abecaa014c979d7ee77c7a22859e79827853cee
HTTP 302
https://onwardinated.com/c/5a37c8ad-f104-11e5-9f1f-0626cc8adced?pubid=stw&subid=6674868688308405011 Page URL
- https://circultural.com/v/a50b2d26-5467-11e9-9060-014fff5ad1e7/c/5a37c8ad-f104-11e5-9f1f-0626cc8adce... Page URL
- https://3da5a5.circultural.com/l/8c579bd6-2433-11e6-9af1-02401b02a2b5/v/a5490a9c-5467-11e9-b5d7-1140a62f7fe2/ Page URL
Detected technologies
Nginx (Web Servers) ExpandDetected patterns
- headers server /nginx(?:\/([\d.]+))?/i
reCAPTCHA (Captchas) Expand
Detected patterns
- env /^Recaptcha$/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://revneuropsi.com.ar/ Page URL
-
http://senterutilisation.tk/index/?5731550755135
HTTP 302
http://search.frenkulok.info/?utm_medium=4c23b9fecf7dfd895dfe0da99e857f3bee8e9d42&utm_campaign=808 Page URL
- http://search.frenkulok.info/?utm_term=6674868688308405011&clickverify=1&utm_content=e6c2c6dcd68fd49594fc9695a6a795938a8bb8888c8f8cbdb2c6b0c4b6b78583babb88b8bcbfbc8db283b58186b684859af7f9f7faecfffce2f6bde1e4fef9f49892e8d8eea88382858f85c1af8987cbfac9ccf9cccbfcfdf295919d8592f4f5fbcbf9fffeffccfcf0f3f0c1c6c795 Page URL
-
http://search.frenkulok.info/proc.php?0abecaa014c979d7ee77c7a22859e79827853cee
HTTP 302
https://onwardinated.com/c/5a37c8ad-f104-11e5-9f1f-0626cc8adced?pubid=stw&subid=6674868688308405011 Page URL
- https://circultural.com/v/a50b2d26-5467-11e9-9060-014fff5ad1e7/c/5a37c8ad-f104-11e5-9f1f-0626cc8adced/?_i=1&_r=search.frenkulok.info&_s=a50b2d58-5467-11e9-9061-014fff5ad162&pubid=stw&subid=6674868688308405011&_d=7|0|0|0|1|1|t|t|1600x1200|u|1|Google%20Inc.|1|24|24|96|74-f2397a3c|0|0|107|1|1|t|t|lum0y,6nq96o,0|en-US|Linux%20x86_64|aaaa0|20030107|5.0%20(Windows%20NT%2010.0;%20WOW64;%20rv:50.0)%20Gecko/20100101%20Firefox/50.0|0|8|148.251.45.170|u|t|t|t|u|u|u|u|ex:nq6ww|1|u|t|n|n|n|n|1600x1200|0|0|t|0|t|a50b2e02-5467-11e9-9062-114fff5ad1b0|cs_rr Page URL
- https://3da5a5.circultural.com/l/8c579bd6-2433-11e6-9af1-02401b02a2b5/v/a5490a9c-5467-11e9-b5d7-1140a62f7fe2/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 14- http://senterutilisation.tk/index/?5731550755135 HTTP 302
- http://search.frenkulok.info/?utm_medium=4c23b9fecf7dfd895dfe0da99e857f3bee8e9d42&utm_campaign=808
- http://search.frenkulok.info/proc.php?0abecaa014c979d7ee77c7a22859e79827853cee HTTP 302
- https://onwardinated.com/c/5a37c8ad-f104-11e5-9f1f-0626cc8adced?pubid=stw&subid=6674868688308405011
29 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Cookie set
/
revneuropsi.com.ar/ |
12 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mootools.js
revneuropsi.com.ar/media/system/js/ |
73 KB 24 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
caption.js
revneuropsi.com.ar/media/system/js/ |
2 KB 1 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
layout.css
revneuropsi.com.ar/templates/neuro/css/ |
1 KB 783 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
style.css
revneuropsi.com.ar/templates/neuro/css/ |
4 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
redib_v2_p.jpg
revneuropsi.com.ar/images/M_images/ |
3 KB 3 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo%20latindex.jpg
revneuropsi.com.ar/images/M_images/ |
9 KB 9 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
r.php
cafephim.vn/wp-includes/ID3/ |
50 B 251 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
js15_as.js
s10.histats.com/ |
11 KB 5 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
header.png
revneuropsi.com.ar/templates/neuro/images/ |
8 KB 8 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main_top.png
revneuropsi.com.ar/templates/neuro/images/ |
410 B 694 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
dotline.gif
revneuropsi.com.ar/templates/neuro/images/ |
50 B 324 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main_bottom.png
revneuropsi.com.ar/templates/neuro/images/ |
419 B 700 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
0.php
s4.histats.com/stats/ |
52 B 323 B |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Cookie set
/
search.frenkulok.info/ Redirect Chain
|
3 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
search.frenkulok.info/ |
5 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
5a37c8ad-f104-11e5-9f1f-0626cc8adced
onwardinated.com/c/ Redirect Chain
|
3 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
x.static.min.js
presicdn.com/js/ |
9 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
trck-ms.com/d/a50b2e02-5467-11e9-9062-114fff5ad1b0/txqglq/ |
0 147 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
circultural.com/v/a50b2d26-5467-11e9-9060-014fff5ad1e7/c/5a37c8ad-f104-11e5-9f1f-0626cc8adced/ |
89 B 486 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
/
3da5a5.circultural.com/l/8c579bd6-2433-11e6-9af1-02401b02a2b5/v/a5490a9c-5467-11e9-b5d7-1140a62f7fe2/ |
7 KB 7 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
imag.png
3da5a5.circultural.com/static/8c579bd6-2433-11e6-9af1-02401b02a2b5/ |
30 KB 30 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
api.js
www.google.com/recaptcha/ |
837 B 567 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
push_engine.min.js
3da5a5.circultural.com/js/ |
35 KB 16 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
recaptcha__en.js
www.gstatic.com/recaptcha/api2/v1552285980763/ |
261 KB 91 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
anchor
www.google.com/recaptcha/api2/ Frame 6EB4 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
trck-ms.com/resource/42ccf994a7be888cd89f3a3f55118165/pushNotification.setId/ |
62 B 148 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
a5490a9c-5467-11e9-b5d7-1140a62f7fe2
3da5a5.circultural.com/ns/ |
0 59 B |
Fetch
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bframe
www.google.com/recaptcha/api2/ Frame 6582 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Scam (Online)18 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask function| verifyCallback number| widgetId1 function| onloadCallback function| showCaptcha function| hideCaptcha function| getRecaptchaUrl function| onCaptchaResolved function| gotoFinalLocation function| beforeCaptchaRender function| afterCaptchaRender object| ___grecaptcha_cfg object| grecaptcha boolean| __google_recaptcha_client object| recaptcha object| closure_lm_7045441 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.circultural.com/ | Name: __cfduid Value: da554ac464cdcfd38fc3ec6cf8e401a801554113974 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
3da5a5.circultural.com
cafephim.vn
circultural.com
onwardinated.com
presicdn.com
revneuropsi.com.ar
s10.histats.com
s4.histats.com
search.frenkulok.info
senterutilisation.tk
trck-ms.com
www.google.com
www.gstatic.com
103.221.220.17
104.25.213.28
104.25.42.115
104.27.243.24
173.254.28.76
192.99.33.165
194.87.99.154
198.143.165.221
2a00:1450:4001:816::2004
2a00:1450:4001:818::2003
46.105.201.240
54.93.139.95
0c233816ee56c5684ae64cdc08a19513f5b9dfd7160c2d9524518e77fa96d8cd
1150b3194f9775770997680fa04fdcef649076d98a762e6ae65a6e78ecd7425f
1f730c8b78091c3479abc2fb805b9093138f05acd0de421b8da96389cbbb9668
22065a49a9b01fa6c0701850dbc5e748a050ba7e895e038d90791a24b55d3ec1
23fccdb05b145fea1486378a35f6a24f4543d246455e1abec14822d151efb7f8
265342b05a607dde91ecdb7c49fac981e11dcf44182728df09ef46b7eb1a5606
2e106b78086a30e075548b3c8c3b8399322c22b0f5de8fdf0fab855944f8d7fb
549219d5407a4f99e0b6e2376a961e6dfd60cd05d8f1686133f19de05c9d0913
54a858dec7f07a738db99eb6e3491e1f265899bde891d0f30b73332ac9c0ef7b
5826af90cd385982f8319da4193d8dca0cc90863a57ff2b7503f0765113472c6
6b6fec7fa84dcf2248090bb8784460d7905231023785fe401eededa6f671607e
89d35e8fcc07d938ac298bbd7c1c91b0655633259be0e0a249bc2c6f15bd2c5a
8a992976e7128e1f1691fe3675fe92ca350df6b28bce4791c2f75a11e71914d1
8fa2da14a5489c83d0a1baf513ab61a834eb2d210c135f167736e774b3f182fb
a00bbd8482ad735f717afaf3259f1b61f8230bbfe35ced25d5b31dfbfa2fe1dd
a2ac71641adbc09811d58412b4b925b157e8e34a27ca8337ae919414a20c4676
a45880bfa026035a611329d03d7ee086b7679b9e5285ecc882478d357470ce82
ad60db0c806b6630e1b3b92acfb4f0d76ab0d1252a0f426c22618052078a59a7
aef06b5dbb7798b2a41e2a48f0e8ad4eccc4fbf334d19aa31273580bec2fb9f3
b4ad7bbf8e3a76aa92c4df6d4265c4e12e9d899989cc97df3dbca0f004be856b
c050c0f3db9ea1415709b08722ad498786ae1ec00e0312a65001b3fb0d0318eb
d974ad0879c9a00df9b3c0e8f8f37d1beed90bbda94253509a8f261ca01e208e
daba5777f6a5908e4fe55664534b3b0a4081d5be781dc55df8208d3137dd4010
dc2e6648828300169bef3da08044371d02e98e94832acd160151bd27e56bd3e9
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855