bonivan.cfd
Open in
urlscan Pro
193.233.203.151
Malicious Activity!
Public Scan
Submission: On July 17 via automatic, source openphish — Scanned from DE
Summary
This is the only time bonivan.cfd was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Scotiabank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
8 | 193.233.203.151 193.233.203.151 | 200019 (ALEXHOST) (ALEXHOST) | |
4 | 2a02:26f0:170... 2a02:26f0:1700:194::51e | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
5 | 2600:9000:267... 2600:9000:2670:9600:d:e6dd:f300:21 | 16509 (AMAZON-02) (AMAZON-02) | |
1 3 | 63.32.136.28 63.32.136.28 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 34.243.204.162 34.243.204.162 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 63.140.62.222 63.140.62.222 | 15224 (OMNITURE) (OMNITURE) | |
1 1 | 52.19.10.201 52.19.10.201 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 99.80.78.170 99.80.78.170 | 16509 (AMAZON-02) (AMAZON-02) | |
23 | 8 |
ASN20940 (AKAMAI-ASN1, NL)
dmtags.scotiabank.com |
ASN16509 (AMAZON-02, US)
dlslhpkfqfglo.cloudfront.net |
ASN16509 (AMAZON-02, US)
PTR: ec2-63-32-136-28.eu-west-1.compute.amazonaws.com
dpm.demdex.net |
ASN16509 (AMAZON-02, US)
PTR: ec2-34-243-204-162.eu-west-1.compute.amazonaws.com
scotiabank.demdex.net |
ASN15224 (OMNITURE, US)
PTR: ip-63-140-62-222.data.adobedc.net
somniture.scotiabank.com |
ASN16509 (AMAZON-02, US)
PTR: ec2-52-19-10-201.eu-west-1.compute.amazonaws.com
cm.everesttech.net |
ASN16509 (AMAZON-02, US)
PTR: ec2-99-80-78-170.eu-west-1.compute.amazonaws.com
csf-e58f0d0de3ce9fa5ebc118ad6482af34.memcyco.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
bonivan.cfd
bonivan.cfd |
96 KB |
5 |
cloudfront.net
dlslhpkfqfglo.cloudfront.net |
791 KB |
5 |
scotiabank.com
dmtags.scotiabank.com — Cisco Umbrella Rank: 273867 somniture.scotiabank.com — Cisco Umbrella Rank: 196692 |
91 KB |
4 |
demdex.net
1 redirects
dpm.demdex.net — Cisco Umbrella Rank: 319 scotiabank.demdex.net — Cisco Umbrella Rank: 160796 |
4 KB |
1 |
memcyco.com
csf-e58f0d0de3ce9fa5ebc118ad6482af34.memcyco.com — Cisco Umbrella Rank: 672463 |
|
1 |
everesttech.net
1 redirects
cm.everesttech.net — Cisco Umbrella Rank: 2184 |
490 B |
23 | 6 |
Domain | Requested by | |
---|---|---|
8 | bonivan.cfd |
bonivan.cfd
|
5 | dlslhpkfqfglo.cloudfront.net |
bonivan.cfd
dlslhpkfqfglo.cloudfront.net |
4 | dmtags.scotiabank.com |
bonivan.cfd
dmtags.scotiabank.com |
3 | dpm.demdex.net | 1 redirects |
1 | csf-e58f0d0de3ce9fa5ebc118ad6482af34.memcyco.com |
dlslhpkfqfglo.cloudfront.net
|
1 | cm.everesttech.net | 1 redirects |
1 | somniture.scotiabank.com |
dmtags.scotiabank.com
|
1 | scotiabank.demdex.net |
dmtags.scotiabank.com
|
23 | 8 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.scotiabank.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
apps.scotiabank.com Entrust Certification Authority - L1K |
2023-11-21 - 2024-12-21 |
a year | crt.sh |
*.cloudfront.net Amazon RSA 2048 M01 |
2023-10-10 - 2024-09-19 |
a year | crt.sh |
*.demdex.com DigiCert Global G2 TLS RSA SHA256 2020 CA1 |
2023-09-26 - 2024-10-26 |
a year | crt.sh |
somniture.scotiabank.com Entrust Certification Authority - L1K |
2023-08-21 - 2024-09-21 |
a year | crt.sh |
*.memcyco.com Amazon RSA 2048 M03 |
2024-02-25 - 2025-03-25 |
a year | crt.sh |
This page contains 3 frames:
Primary Page:
http://bonivan.cfd/scotia/personal/details/index.php/assets
Frame ID: CADDC794C0FA9984448549EF739A4B0B
Requests: 21 HTTP requests in this frame
Frame:
https://scotiabank.demdex.net/dest5.html?d_nsid=0
Frame ID: 223077C69938FE8CBE0460F948348A42
Requests: 1 HTTP requests in this frame
Frame:
https://csf-e58f0d0de3ce9fa5ebc118ad6482af34.memcyco.com/cdn/cd/csframe.html
Frame ID: D2EFF43F95021AB256047E03B758E207
Requests: 1 HTTP requests in this frame
Screenshot
Page Title
Sign in | ScotiabankPage URL History Show full URLs
-
http://bonivan.cfd/scotia/personal/details/index.php/assets
HTTP 307
https://bonivan.cfd/scotia/personal/details/index.php/assets HTTP 307
http://bonivan.cfd/scotia/personal/details/index.php/assets Page URL
Detected technologies
React (JavaScript Frameworks) ExpandDetected patterns
- <[^>]+data-react
OneTrust (Cookie compliance) Expand
Detected patterns
- otSDKStub\.js
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
6 Outgoing links
These are links going to different origins than the main page.
Title: Scotiabank
Search URL Search Domain Scan URL
Title: Contact Us
Search URL Search Domain Scan URL
Title: Security
Search URL Search Domain Scan URL
Title: Legal
Search URL Search Domain Scan URL
Title: Privacy
Search URL Search Domain Scan URL
Title: Accessibility
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://bonivan.cfd/scotia/personal/details/index.php/assets
HTTP 307
https://bonivan.cfd/scotia/personal/details/index.php/assets HTTP 307
http://bonivan.cfd/scotia/personal/details/index.php/assets Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 9- https://dpm.demdex.net/id?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=0AAF22CE52827A080A490D4D%40AdobeOrg&d_nsid=0&ts=1721178072141 HTTP 302
- https://dpm.demdex.net/id/rd?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=0AAF22CE52827A080A490D4D%40AdobeOrg&d_nsid=0&ts=1721178072141
- https://cm.everesttech.net/cm/dd?d_uuid=59950277643873997722910854015933113960 HTTP 302
- https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZpcX2AAAAG72tQNx
23 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
assets
bonivan.cfd/scotia/personal/details/index.php/ Redirect Chain
|
100 KB 17 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
launch-edbf66c903b6.min.js
dmtags.scotiabank.com/launch/novaweb/27c34d6e7144/094054a424e3/ |
256 KB 67 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
mutha-scotia-wrapper.min.js
dlslhpkfqfglo.cloudfront.net/cdn/ca/ |
5 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
7c428f63a00e5bd025fa159e8c94389f.svg
bonivan.cfd/scotia/personal/details/index.php/assets/ |
9 KB 9 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main.054ad90d49cb5bf3a1c6.chunk.js
bonivan.cfd/scotia/personal/details/index.php/assets/ |
100 KB 17 KB |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
styles.ee1730d27a38e7dfb0d6.css
bonivan.cfd/scotia/personal/details/index.php/assets/ |
100 KB 17 KB |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
8fd30bd010d9e2c7677ec339685f958b.woff
bonivan.cfd/scotia/personal/details/index.php/assets/ |
100 KB 17 KB |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
1pOmQMP1I
bonivan.cfd/GdtB_q_Bp/Tov/M_-Xnw/t1EOXGYmr9Lw7V/TVIrUAROBg/Qg/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
50805f331bb1b697aafb6f0c28b09212.woff2
bonivan.cfd/scotia/personal/details/index.php/assets/ |
100 KB 17 KB |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.6.1.min.js
dlslhpkfqfglo.cloudfront.net/cdn/ca/ |
2 MB 781 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
rd
dpm.demdex.net/id/ Redirect Chain
|
5 KB 2 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
AppMeasurement.min.js
dmtags.scotiabank.com/launch/novaweb/27c34d6e7144/094054a424e3/7466ee70b697/hostedLibFiles/EPc7341b33570d4c988798fc9f0093d4b2/ |
35 KB 13 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
AppMeasurement_Module_ActivityMap.min.js
dmtags.scotiabank.com/launch/novaweb/27c34d6e7144/094054a424e3/7466ee70b697/hostedLibFiles/EPc7341b33570d4c988798fc9f0093d4b2/ |
3 KB 2 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
otSDKStub.js
dmtags.scotiabank.com/aempublic/Onetrust/scotiabank/oneTrust_production/scripttemplates/ |
21 KB 7 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
4fbad486-5e37-45d2-bcbc-b89a6d33ea60.json
dmtags.scotiabank.com/aempublic/Onetrust/scotiabank/oneTrust_production/consent/4fbad486-5e37-45d2-bcbc-b89a6d33ea60/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
favicon.ico
bonivan.cfd/ |
273 B 489 B |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gpk
dlslhpkfqfglo.cloudfront.net/cdn/cd/ |
767 B 1 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
dest5.html
scotiabank.demdex.net/ Frame 2230 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
id
somniture.scotiabank.com/ |
48 B 457 B |
XHR
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ibs:dpid=411&dpuuid=ZpcX2AAAAG72tQNx
dpm.demdex.net/ Redirect Chain
|
42 B 716 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
csframe.html
csf-e58f0d0de3ce9fa5ebc118ad6482af34.memcyco.com/cdn/cd/ Frame D2EF |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
gwf
dlslhpkfqfglo.cloudfront.net/cdn/cd/ |
8 KB 6 KB |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
l
dlslhpkfqfglo.cloudfront.net/cdn/cd/ |
104 B 581 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- dmtags.scotiabank.com
- URL
- https://dmtags.scotiabank.com/aempublic/Onetrust/scotiabank/oneTrust_production/consent/4fbad486-5e37-45d2-bcbc-b89a6d33ea60/4fbad486-5e37-45d2-bcbc-b89a6d33ea60.json
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Scotiabank (Banking)54 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| stylesLink object| process object| LD_CONFIG object| REDUX_STATE object| webpackJsonp function| a0d function| a0ad function| a0ab function| a0ac function| a0c object| a0f function| a0e function| a0af function| a0ai function| a0ah boolean| a0g function| a0F function| a0ag string| a0h function| a0ae string| a0i function| a0E function| a0a9 function| a0j number| a0k function| a0aa function| a0l object| _satellite boolean| __satelliteLoaded object| adobe function| Visitor object| s_c_il number| s_c_in function| OptanonWrapper object| appEventData number| _dataLayerOverwriteMonitor function| AppMeasurement function| s_gi function| s_pgicq function| AppMeasurement_Module_ActivityMap object| s function| inList number| a object| OneTrustStub function| $ function| jQuery function| lTa object| murmurHash3 function| UAParser object| localforage object| KJUR function| JSEncrypt object| CryptoJS20 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
dlslhpkfqfglo.cloudfront.net/ | Name: aphishCookie-1721176014806-SCOTIA Value: OGSVPERFpOjyr6tP8sBMZZoR38egrBthedThE8OeKEWzBfDDO5 |
|
.demdex.net/ | Name: demdex Value: 59950277643873997722910854015933113960 |
|
.bonivan.cfd/ | Name: AMCVS_0AAF22CE52827A080A490D4D%40AdobeOrg Value: 1 |
|
csf-e58f0d0de3ce9fa5ebc118ad6482af34.memcyco.com/ | Name: AWSALBCORS Value: TyjSlzxtf+vVPikvT7TUf2xI7E4jgimUdd4vfAD/zPq/jE3LZcpBLpvLeiuQwAfT6i4bATM6Vke2IhSOncIJk4ujSXtpKM1zwGdIuocJae1hOIvJQzoUB3zAlWBl |
|
.dpm.demdex.net/ | Name: dpm Value: 59950277643873997722910854015933113960 |
|
.bonivan.cfd/ | Name: AMCV_0AAF22CE52827A080A490D4D%40AdobeOrg Value: 179643557%7CMCIDTS%7C19922%7CMCMID%7C67825054951949858062699836933796219770%7CMCAAMLH-1721782872%7C6%7CMCAAMB-1721782872%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1721185272s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-19929%7CvVersion%7C5.5.0 |
|
.adnxs.com/ | Name: receive-cookie-deprecation Value: 1 |
|
.doubleclick.net/ | Name: IDE Value: AHWqTUmDUXv39dRHl1zdLHQcbfn-bx9kXvrr1B_yjnptfIn6KpvrirJfuvduhVHY1SI |
|
.mathtag.com/ | Name: uuid Value: 2dab6697-17d9-4c00-b806-19e837146b25 |
|
.twitter.com/ | Name: personalization_id Value: "v1_b1R/MBibavylW6+jFg18Qw==" |
|
.rfihub.com/ | Name: rud Value: H4sIAAAAAAAA_-MSNjU0MTI2NjM3srQwsjAFMo0thPgMdYsyfXMyndID8jPMUwDzGRqaJQAAAA |
|
.rfihub.com/ | Name: ruds Value: H4sIAAAAAAAA_-MSNjU0MTI2NjM3srQwsjAFMo0thPgMdYsyfXMyndID8jPMUwDzGRqaJQAAAA |
|
.rfihub.com/ | Name: eud Value: H4sIAAAAAAAA_1vFxGtobmRoaG5hYG5sbGoBAJUm6nUQAAAA |
|
.quantserve.com/ | Name: d Value: EOoBDAGsLLmvYA |
|
.quantserve.com/ | Name: mc Value: 669717d9-5973e-b6f7c-a85fa |
|
.eyeota.net/ | Name: SERVERID Value: 21619~DM |
|
.onaudience.com/ | Name: cookie Value: 06b1a3d6584d9baa |
|
.demdex.net/ | Name: dextp Value: 269-1-1721178072528|358-1-1721178072629|601-1-1721178072729|771-1-1721178072830|822-1-1721178072930|1123-1-1721178073031|1121-1-1721178073131|903-1-1721178073232|1175-1-1721178073332|22052-1-1721178073433|30064-1-1721178073533|30646-1-1721178073634|73426-1-1721178073734|121998-1-1721178073836|144230-1-1721178073937|144231-1-1721178074037|144232-1-1721178074138|144233-1-1721178074238|144234-1-1721178074339|144235-1-1721178074439|144236-1-1721178074540|144237-1-1721178074640|161033-1-1721178074741|139200-1-1721178074841 |
|
.amazon-adsystem.com/ | Name: ad-id Value: AzWog9yCSEMBs1mWr8ddBT4 |
|
.amazon-adsystem.com/ | Name: ad-privacy Value: 0 |
8 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
bonivan.cfd
cm.everesttech.net
csf-e58f0d0de3ce9fa5ebc118ad6482af34.memcyco.com
dlslhpkfqfglo.cloudfront.net
dmtags.scotiabank.com
dpm.demdex.net
scotiabank.demdex.net
somniture.scotiabank.com
dmtags.scotiabank.com
193.233.203.151
2600:9000:2670:9600:d:e6dd:f300:21
2a02:26f0:1700:194::51e
34.243.204.162
52.19.10.201
63.140.62.222
63.32.136.28
99.80.78.170
0e75dcdb10e0af63ccde169392f6798a407d6f78ff86ce0a9d4f9d4415ded774
43ebbda651e8e78fe58b65e55b9b217884f2475b66042e9e17866215f890803e
6b1fc966c38b12c845f9fd8bdb76027106b776783fd44eeed917663942b5fd16
80288204b47f9f5755f02392ab5b390131a6310d472997e8de7b50db2adefbf0
949e10ac987de3321d38c17582ca6ccfe9628cc3cdeeffcdab6798a0c4a47f27
9f150a1488281309462ef931abfdd42e4109d6191476bf9b013a61c91709cd2b
a58d8fe0278b952a970f58d42a86ad2506a973d4153cb888a9c33f0992e98c99
b90b775b65c2623322caaa52d7acf6af709ca59bdd475a54043b6308d91828c4
c34c500f08ebe23a81e67e6518dc4737afd96905596c54158d205f6d70afb614
c85e9e190e2b35fc4f3627952ade96e9d163eae291ac1ecedc76fd26205d104d
cc7807249343287cecb6a5d77394c47c1e0962cd76b944824c0b24112571c0eb
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e43d169c7008cecc62007a13d11ffb5c5dba032995aa9e2545cbb580fb175818
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f012c00d43164a4de843ae80abefe500f8497e1123d11c965cd3b40600fe9720