s3.amazonaws.com
Open in
urlscan Pro
52.216.129.253
Malicious Activity!
Public Scan
Effective URL: https://s3.amazonaws.com/c1pc/734141/1763/4B0DE75380FA7044B79556BA2F?cid=zr4d5007772f8f11e999d30a931296f8263a07c05ee94246...
Submission: On February 13 via manual from US
Summary
TLS certificate: Issued by DigiCert Baltimore CA-2 G2 on December 3rd 2018. Valid for: a year.
This is the only time s3.amazonaws.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Fake Flash UpdateDomain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 6 | 199.59.242.151 199.59.242.151 | 395082 (BODIS-NJ) (BODIS-NJ - Bodis) | |
1 | 2a00:1450:400... 2a00:1450:4001:81d::2004 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
1 | 2a00:1450:400... 2a00:1450:4001:824::200a | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
2 | 2a00:1450:400... 2a00:1450:4001:817::2003 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
2 | 34.237.217.178 34.237.217.178 | 14618 (AMAZON-AES) (AMAZON-AES - Amazon.com) | |
2 2 | 2.16.186.73 2.16.186.73 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
4 | 52.216.129.253 52.216.129.253 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
1 | 143.204.208.12 143.204.208.12 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
6 | 52.216.102.93 52.216.102.93 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
1 | 2.16.186.80 2.16.186.80 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
23 | 9 |
ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-34-237-217-178.compute-1.amazonaws.com
usa.xanthos-alf.com |
ASN20940 (AKAMAI-ASN1, US)
PTR: a2-16-186-73.deploy.static.akamaitechnologies.com
www.archiveinterface.com |
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
s3.amazonaws.com |
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-143-204-208-12.fra53.r.cloudfront.net
dfgftt4ecf1of.cloudfront.net |
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
s3.amazonaws.com |
ASN20940 (AKAMAI-ASN1, US)
PTR: a2-16-186-80.deploy.static.akamaitechnologies.com
www.protocoladmin.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
10 |
amazonaws.com
s3.amazonaws.com |
192 KB |
6 |
googgle.cm
1 redirects
www.googgle.cm |
15 KB |
2 |
archiveinterface.com
2 redirects
www.archiveinterface.com |
2 KB |
2 |
xanthos-alf.com
usa.xanthos-alf.com |
3 KB |
2 |
gstatic.com
fonts.gstatic.com |
17 KB |
1 |
protocoladmin.com
www.protocoladmin.com |
203 B |
1 |
cloudfront.net
dfgftt4ecf1of.cloudfront.net |
4 KB |
1 |
googleapis.com
fonts.googleapis.com |
686 B |
1 |
google.com
www.google.com |
53 KB |
23 | 9 |
Domain | Requested by | |
---|---|---|
10 | s3.amazonaws.com |
usa.xanthos-alf.com
s3.amazonaws.com |
6 | www.googgle.cm |
1 redirects
www.googgle.cm
|
2 | www.archiveinterface.com | 2 redirects |
2 | usa.xanthos-alf.com |
www.googgle.cm
usa.xanthos-alf.com |
2 | fonts.gstatic.com | |
1 | www.protocoladmin.com |
s3.amazonaws.com
|
1 | dfgftt4ecf1of.cloudfront.net |
s3.amazonaws.com
|
1 | fonts.googleapis.com |
www.googgle.cm
|
1 | www.google.com |
www.googgle.cm
|
23 | 9 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.googleapis.com Google Internet Authority G3 |
2019-01-23 - 2019-04-17 |
3 months | crt.sh |
*.google.com Google Internet Authority G3 |
2019-01-29 - 2019-04-23 |
3 months | crt.sh |
s3.amazonaws.com DigiCert Baltimore CA-2 G2 |
2018-12-03 - 2019-10-25 |
a year | crt.sh |
*.cloudfront.net DigiCert Global CA G2 |
2018-10-08 - 2019-10-09 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://s3.amazonaws.com/c1pc/734141/1763/4B0DE75380FA7044B79556BA2F?cid=zr4d5007772f8f11e999d30a931296f8263a07c05ee94246b98fa10bb09f185057036109648c25fc475e&source=hotel-ban-wAVG6Swg&r=25271001-be68-e811-81f7-ed46f4389d4a&s=e4f5c92a-46f2-4704-8ed1-d8831beb8eed&client=chrome&kd=aHR0cDovL3d3dy5wcm90b2NvbGFkbWluLmNvbQ%253d%253d&h=ShtBRBACEAsHBwgUAwIfCQFtBwMLCQMKAw0cCQcBBwoLBx8ICgMHBhMVEVlCGggKBgcJCwEBAggAFRVVEwMRAgcKBQgHBgAUUVUEAB9cDwcAFAsBVA8fXFMCB18HAwoBVg1WFB0bX0BWGggbX0JFSUAKHRdBChlXXFhJX1xZRUoZVV5UERwQS1UbDVhEVV8cEEhRUBUMCQgAHBBbVkkVDEVLRlVP&x=1&u=aHR0cHM6Ly9zMy5hbWF6b25hd3MuY29tLzE1OTMvUmw4aFNnL3djMFMzVlAvUGxheWVyLmRtZz9jaWQ9enI0ZDUwMDc3NzJmOGYxMWU5OTlkMzBhOTMxMjk2ZjgyNjNhMDdjMDVlZTk0MjQ2Yjk4ZmExMGJiMDlmMTg1MDU3MDM2MTA5NjQ4YzI1ZmM0NzVlJnNvdXJjZT1ob3RlbC1iYW4td0FWRzZTd2cmcj0yNTI3MTAwMS1iZTY4LWU4MTEtODFmNy1lZDQ2ZjQzODlkNGEmcz1lNGY1YzkyYS00NmYyLTQ3MDQtOGVkMS1kODgzMWJlYjhlZWQmY2xpZW50PWNocm9tZSZrZD1hSFIwY0RvdkwzZDNkeTV3Y205MGIyTnZiR0ZrYldsdUxtTnZiUSUyNTNkJTI1M2Q%3d
Frame ID: 2C5C4B48C5A970CD398AD54EF033AD7D
Requests: 23 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- http://www.googgle.cm/ Page URL
-
http://www.googgle.cm/rz?u=http%3A%2F%2Fusa.xanthos-alf.com%2Fzcvisitor%2F4d500777-2f8f-11e9-99d3-...
HTTP 302
http://usa.xanthos-alf.com/zcvisitor/4d500777-2f8f-11e9-99d3-0a931296f826?campaignid=086c7340-890f-11e8... Page URL
- http://usa.xanthos-alf.com/zcredirect?visitid=4d500777-2f8f-11e9-99d3-0a931296f826&type=js&browserWidth... Page URL
-
http://www.archiveinterface.com/5WhBeHbr0?cid=zr4d5007772f8f11e999d30a931296f8263a07c05ee94246b98fa10bb09f18...
HTTP 302
http://www.archiveinterface.com/SfHYYh9IdFtb?cid=zr4d5007772f8f11e999d30a931296f8263a07c05ee94246b98fa10bb09... HTTP 302
https://s3.amazonaws.com/c1pc/734141/1763/4B0DE75380FA7044B79556BA2F?cid=zr4d5007772f8f11e999d30a9312... Page URL
Detected technologies
Lua (Programming Languages) ExpandDetected patterns
- headers server /openresty(?:\/([\d.]+))?/i
Nginx (Web Servers) Expand
Detected patterns
- headers server /openresty(?:\/([\d.]+))?/i
OpenResty (Web Servers) Expand
Detected patterns
- headers server /openresty(?:\/([\d.]+))?/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- env /^jQuery$/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://www.googgle.cm/ Page URL
-
http://www.googgle.cm/rz?u=http%3A%2F%2Fusa.xanthos-alf.com%2Fzcvisitor%2F4d500777-2f8f-11e9-99d3-0a931296f826%3Fcampaignid%3D086c7340-890f-11e8-a025-0e41d0acbc1a¬adsafe
HTTP 302
http://usa.xanthos-alf.com/zcvisitor/4d500777-2f8f-11e9-99d3-0a931296f826?campaignid=086c7340-890f-11e8-a025-0e41d0acbc1a Page URL
- http://usa.xanthos-alf.com/zcredirect?visitid=4d500777-2f8f-11e9-99d3-0a931296f826&type=js&browserWidth=1600&browserHeight=1200&iframeDetected=false Page URL
-
http://www.archiveinterface.com/5WhBeHbr0?cid=zr4d5007772f8f11e999d30a931296f8263a07c05ee94246b98fa10bb09f185057036109648c25fc475e&source=hotel-ban-wAVG6Swg&e=3&r=25271001-be68-e811-81f7-ed46f4389d4a
HTTP 302
http://www.archiveinterface.com/SfHYYh9IdFtb?cid=zr4d5007772f8f11e999d30a931296f8263a07c05ee94246b98fa10bb09f185057036109648c25fc475e&source=hotel-ban-wAVG6Swg&r=25271001-be68-e811-81f7-ed46f4389d4a&d=ShtBRBACEAsHBwgUAwIfCQFtBwMLCQMKAwwcAQIHBwoABx8ICgMHBhMVEVxCSBADFRlSCENTHQ8BDQYCABYCBwQLHQ11BnV8BAUBAAJ_sl_dgEBDQdyBQEHDAF0cAt1Eh4aXklTFAsbW0RGSEEDGBlCCh1RX1lIVllXRkodU11VEBUVX0EbCQMDCQoLBQcBCQEcEFxeSRUMX0xfXB4aVlVTFAtXRlxeFBBKUBQLV0ZcXhQQSVRfEwMLAQEUEFpTRhMDR0JHXR4bWFJdGwkSWkxGSUQMHhZAAxxZX1hNWV9YREMcW11UGAcEAAAfYFQKUWRRHk5QAGELZGkYZl1YSlVAFlZUUBRM&a=2&s=e4f5c92a-46f2-4704-8ed1-d8831beb8eed&client=chrome&kd=aHR0cDovL3d3dy5wcm90b2NvbGFkbWluLmNvbQ%253d%253d HTTP 302
https://s3.amazonaws.com/c1pc/734141/1763/4B0DE75380FA7044B79556BA2F?cid=zr4d5007772f8f11e999d30a931296f8263a07c05ee94246b98fa10bb09f185057036109648c25fc475e&source=hotel-ban-wAVG6Swg&r=25271001-be68-e811-81f7-ed46f4389d4a&s=e4f5c92a-46f2-4704-8ed1-d8831beb8eed&client=chrome&kd=aHR0cDovL3d3dy5wcm90b2NvbGFkbWluLmNvbQ%253d%253d&h=ShtBRBACEAsHBwgUAwIfCQFtBwMLCQMKAw0cCQcBBwoLBx8ICgMHBhMVEVlCGggKBgcJCwEBAggAFRVVEwMRAgcKBQgHBgAUUVUEAB9cDwcAFAsBVA8fXFMCB18HAwoBVg1WFB0bX0BWGggbX0JFSUAKHRdBChlXXFhJX1xZRUoZVV5UERwQS1UbDVhEVV8cEEhRUBUMCQgAHBBbVkkVDEVLRlVP&x=1&u=aHR0cHM6Ly9zMy5hbWF6b25hd3MuY29tLzE1OTMvUmw4aFNnL3djMFMzVlAvUGxheWVyLmRtZz9jaWQ9enI0ZDUwMDc3NzJmOGYxMWU5OTlkMzBhOTMxMjk2ZjgyNjNhMDdjMDVlZTk0MjQ2Yjk4ZmExMGJiMDlmMTg1MDU3MDM2MTA5NjQ4YzI1ZmM0NzVlJnNvdXJjZT1ob3RlbC1iYW4td0FWRzZTd2cmcj0yNTI3MTAwMS1iZTY4LWU4MTEtODFmNy1lZDQ2ZjQzODlkNGEmcz1lNGY1YzkyYS00NmYyLTQ3MDQtOGVkMS1kODgzMWJlYjhlZWQmY2xpZW50PWNocm9tZSZrZD1hSFIwY0RvdkwzZDNkeTV3Y205MGIyTnZiR0ZrYldsdUxtTnZiUSUyNTNkJTI1M2Q%3d Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 9- http://www.googgle.cm/rz?u=http%3A%2F%2Fusa.xanthos-alf.com%2Fzcvisitor%2F4d500777-2f8f-11e9-99d3-0a931296f826%3Fcampaignid%3D086c7340-890f-11e8-a025-0e41d0acbc1a¬adsafe HTTP 302
- http://usa.xanthos-alf.com/zcvisitor/4d500777-2f8f-11e9-99d3-0a931296f826?campaignid=086c7340-890f-11e8-a025-0e41d0acbc1a
23 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
/
www.googgle.cm/ |
4 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
caf.js
www.google.com/adsense/domains/ |
151 KB 53 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
px.gif
www.googgle.cm/ |
42 B 275 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
px.gif
www.googgle.cm/ |
42 B 275 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
glp
www.googgle.cm/ |
8 KB 9 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
5 KB 686 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
gzb
www.googgle.cm/ |
198 B 515 B |
XHR
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
mem5YaGs126MiZpBA-UN_r8OUuhpKKSTjw.woff2
fonts.gstatic.com/s/opensans/v15/ |
9 KB 9 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2
fonts.gstatic.com/s/opensans/v15/ |
9 KB 9 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
4d500777-2f8f-11e9-99d3-0a931296f826
usa.xanthos-alf.com/zcvisitor/ Redirect Chain
|
1008 B 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
zcredirect
usa.xanthos-alf.com/ |
580 B 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
4B0DE75380FA7044B79556BA2F
s3.amazonaws.com/c1pc/734141/1763/ Redirect Chain
|
39 KB 39 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
42e6.css
s3.amazonaws.com/c1pc/734141/1763/1147/ |
363 B 718 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
macpopup_icon.png
dfgftt4ecf1of.cloudfront.net/assets/yourupdaternow_1490051557/images/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
hFIqLlotAkq8gqFaegHK
s3.amazonaws.com/c1pc/734141/1763/CC0B1E/ |
18 KB 18 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
173382
s3.amazonaws.com/c1pc/734141/1763/CF03D7090D19DA4A82E854F6/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
X_AG.gif
s3.amazonaws.com/c1pc/734141/1763/3819a760-/ |
12 KB 12 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
B3ENWLlY102lJkF.gif
s3.amazonaws.com/c1pc/734141/1763/2A048D5/ |
12 KB 12 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
AF7A41280.gif
s3.amazonaws.com/c1pc/734141/1763/3C472082/ |
12 KB 12 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
d7a18004-4524-49c7-9dde-dea
s3.amazonaws.com/c1pc/734141/1763/1839/ |
963 B 1 KB |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
F_eyrJSlJE6
s3.amazonaws.com/c1pc/734141/1763/c6c8c42d-fc3c-44f0-90/ |
91 KB 91 KB |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
7418030
s3.amazonaws.com/c1pc/734141/1763/3503ca22-4873-/ |
3 KB 3 KB |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
www.protocoladmin.com/stats/ |
0 203 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Fake Flash Update6 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask object| botDetect function| $ function| jQuery0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
dfgftt4ecf1of.cloudfront.net
fonts.googleapis.com
fonts.gstatic.com
s3.amazonaws.com
usa.xanthos-alf.com
www.archiveinterface.com
www.googgle.cm
www.google.com
www.protocoladmin.com
143.204.208.12
199.59.242.151
2.16.186.73
2.16.186.80
2a00:1450:4001:817::2003
2a00:1450:4001:81d::2004
2a00:1450:4001:824::200a
34.237.217.178
52.216.102.93
52.216.129.253
038a2ea593de45c444fa13451dae204dce948308edb05b1588c0336fe5aa6816
2699a1216390eca0b8ea2eca41c7f0ba8975d742ad40cb1507bfaf07749407b1
29cbb613fe08616b27e4e387ca6e128ee669c49ba0f8255876252b9ede4fb6e2
3512c0ef06746b560a0b4cca60e574f329c23b444e16b791366ae2e8794e8be0
35a21333c81302e934ee42b7b85b2c6a731bfffb418fe52fe795cb1974186976
5fd43e356d071fddb659ffe8ce5b2981445b4d7692b785a1698dac0916fc9eb8
5fe679bed2eba94b4e871707e95146af0cec1269975cc31b07dbad9601ae0919
63077447a560a97ad5471203faadd06e4e4bce7aa4cf3c526027646bac4057af
7339430c8358e0734677a4a5e43073c19b902dce5f5b0378361d1a8764c0e85b
7de9bf65af75b7d903ab55eee4d2be436e594b5f4a6292633e648b7a3c66563b
838d364789d7aa8ca6ade0dbf146e7ce82c98afc7ce1eba8273f3f3a13f89b1b
8868d2a2f803ea6802d54a11564b5b96c7d8be56117a328c8f605539d6dee167
8955c51fe2c62828fe356a5f42c3a88f4477fe013248ad1408ab03ab24092da6
8c25ade0a1d20dfb962dbc265e60d98d90544f13ce586820e3c3dc2baae64e81
aed2d4348180f74b6f177c26ff8236bcc9bbdae74188915cc6041dd6be8cadc5
b433fff5919be961f970430072a831557793a468074cd8aaf30427dc6209dc3d
d2db97fb183308458169b308f781e301e2541bbe99cab9628f82ed888d1b9de1
da1d9e0ae80ec0b4bfe25a802d202e43ce40de47c4a8c2766bca26345b2bb547
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f8c160703de84169dc013f17d77d5725b658e1b6a955ec826fbc0acc38787663