global36582-americanexpress.com
Open in
urlscan Pro
207.244.89.74
Malicious Activity!
Public Scan
Effective URL: https://global36582-americanexpress.com/myca36582/19f96/?request_type=LogonHandler&Face=en_DE_df90ebf803789d67d7f80e1f935675b4&dispatch=...
Submission: On December 14 via manual from US
Summary
TLS certificate: Issued by cPanel, Inc. Certification Authority on December 14th 2017. Valid for: 3 months.
This is the only time global36582-americanexpress.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: American Express (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 184.168.131.241 184.168.131.241 | 26496 (AS-26496-...) (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com) | |
1 | 2400:cb00:204... 2400:cb00:2048:1::6812:3bdd | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
3 19 | 207.244.89.74 207.244.89.74 | 30633 (LEASEWEB-...) (LEASEWEB-USA-WDC-01 - Leaseweb USA) | |
3 | 104.108.52.12 104.108.52.12 | 16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies) | |
3 | 54.156.181.116 54.156.181.116 | 14618 (AMAZON-AES) (AMAZON-AES - Amazon.com) | |
1 | 148.173.101.84 148.173.101.84 | 6307 (AMERICAN-...) (AMERICAN-EXPRESS - American Express Company) | |
1 2 | 185.34.188.178 185.34.188.178 | 15224 (OMNITURE) (OMNITURE - Adobe Systems Inc.) | |
25 | 6 |
ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US)
PTR: ip-184-168-131-241.ip.secureserver.net
x.co |
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
short.id |
ASN30633 (LEASEWEB-USA-WDC-01 - Leaseweb USA, Inc., US)
global36582-americanexpress.com |
ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a104-108-52-12.deploy.static.akamaitechnologies.com
www.aexp-static.com |
ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-54-156-181-116.compute-1.amazonaws.com
nexus.ensighten.com |
ASN6307 (AMERICAN-EXPRESS - American Express Company, US)
PTR: gct-VIP.americanexpress.com
gct.americanexpress.com |
ASN15224 (OMNITURE - Adobe Systems Inc., US)
PTR: americanexpress.com.ssl.d2.sc.omtrdc.net
omns.americanexpress.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
19 |
global36582-americanexpress.com
3 redirects
global36582-americanexpress.com |
334 KB |
3 |
americanexpress.com
1 redirects
gct.americanexpress.com omns.americanexpress.com |
2 KB |
3 |
ensighten.com
nexus.ensighten.com |
22 KB |
3 |
aexp-static.com
www.aexp-static.com |
63 KB |
1 |
short.id
short.id |
|
1 |
x.co
1 redirects
x.co |
225 B |
25 | 6 |
Domain | Requested by | |
---|---|---|
19 | global36582-americanexpress.com |
3 redirects
global36582-americanexpress.com
|
3 | nexus.ensighten.com |
global36582-americanexpress.com
nexus.ensighten.com |
3 | www.aexp-static.com |
global36582-americanexpress.com
nexus.ensighten.com |
2 | omns.americanexpress.com |
1 redirects
global36582-americanexpress.com
|
1 | gct.americanexpress.com |
global36582-americanexpress.com
|
1 | short.id | |
1 | x.co | 1 redirects |
25 | 7 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni146407.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2 |
2017-12-11 - 2018-06-19 |
6 months | crt.sh |
global36582-americanexpress.com cPanel, Inc. Certification Authority |
2017-12-14 - 2018-03-14 |
3 months | crt.sh |
americanexpress.com GeoTrust SSL CA - G3 |
2017-06-20 - 2018-09-19 |
a year | crt.sh |
nexus.ensighten.com Symantec Class 3 Secure Server SHA256 SSL CA |
2014-10-27 - 2018-01-13 |
3 years | crt.sh |
gct.americanexpress.com DigiCert SHA2 Extended Validation Server CA |
2016-08-01 - 2018-08-06 |
2 years | crt.sh |
omns.americanexpress.com Verizon Public SureServer EV SSL CA G14-SHA2 |
2016-02-19 - 2018-04-16 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
https://global36582-americanexpress.com/myca36582/19f96/?request_type=LogonHandler&Face=en_DE_df90ebf803789d67d7f80e1f935675b4&dispatch=ffc5356d4b461e9ff106bc979e05a722bd3267f0
Frame ID: (AC05EEA9E91F82B09267506C0B84ED39)
Requests: 25 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://x.co/1Z2O36577/
HTTP 302
https://short.id/eg9r Page URL
-
https://global36582-americanexpress.com/myca36582
HTTP 301
https://global36582-americanexpress.com/myca36582/ HTTP 302
https://global36582-americanexpress.com/myca36582/19f96?request_type=LogonHandler&Face=en_DE_df90ebf803789d67d7f80e1... HTTP 301
https://global36582-americanexpress.com/myca36582/19f96/?request_type=LogonHandler&Face=en_DE_df90ebf803789d67d7f80e... Page URL
Detected technologies
Nginx (Web Servers) ExpandDetected patterns
- headers server /nginx(?:\/([\d.]+))?/i
CloudFlare (CDN) Expand
Detected patterns
- headers server /cloudflare/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://x.co/1Z2O36577/
HTTP 302
https://short.id/eg9r Page URL
-
https://global36582-americanexpress.com/myca36582
HTTP 301
https://global36582-americanexpress.com/myca36582/ HTTP 302
https://global36582-americanexpress.com/myca36582/19f96?request_type=LogonHandler&Face=en_DE_df90ebf803789d67d7f80e1f935675b4&dispatch=ffc5356d4b461e9ff106bc979e05a722bd3267f0 HTTP 301
https://global36582-americanexpress.com/myca36582/19f96/?request_type=LogonHandler&Face=en_DE_df90ebf803789d67d7f80e1f935675b4&dispatch=ffc5356d4b461e9ff106bc979e05a722bd3267f0 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://x.co/1Z2O36577/ HTTP 302
- https://short.id/eg9r
- https://omns.americanexpress.com/b/ss/amexpressprod/1/JS-2.1.0/s92553110610160?AQB=1&ndh=1&pf=1&t=14%2F11%2F2017%2022%3A25%3A17%204%200&fid=4C3C2703C7DD390A-265748EB961010D1&ce=UTF-8&ns=1americanexpress&pageName=global36582-americanexpress.com%2Fmyca36582%2F19f96%2F&g=https%3A%2F%2Fglobal36582-americanexpress.com%2Fmyca36582%2F19f96%2F%3Frequest_type%3Dlogonhandler%26face%3Den_de_df90ebf803789d67d7f80e1f935675b4%26dispatch%3Dffc5356d4b461e9ff106bc979e05a722bd3267f0&c.&omn.&visitorCheck=VisitorAPI%20Missing&itagexists=no&gvs=1&etwidth=1600ðeight=1200&etratio=0.75&etorientation=landscape&.omn&.c&cc=USD&server=global36582-americanexpress.com&c4=UnknownMarket&v22=D%3Dgctrac&c48=D%3Dgctrac&c49=ENS-Acq%20r20.0.1-AM%3A2.1.0-VISID%3ANA-DIL%3ANA-Mbox%3ANA&v65=D%3Domnmycademo&c67=D%3Dmrcards&v67=D%3Dmrcards&c75=fb&v75=MCMID%20not%20available&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1 HTTP 302
- https://omns.americanexpress.com/b/ss/amexpressprod/1/JS-2.1.0/s92553110610160?AQB=1&pccr=true&vidn=2D197D2685312DED-40000108E0008C04&&ndh=1&pf=1&t=14%2F11%2F2017%2022%3A25%3A17%204%200&fid=4C3C2703C7DD390A-265748EB961010D1&ce=UTF-8&ns=1americanexpress&pageName=global36582-americanexpress.com%2Fmyca36582%2F19f96%2F&g=https%3A%2F%2Fglobal36582-americanexpress.com%2Fmyca36582%2F19f96%2F%3Frequest_type%3Dlogonhandler%26face%3Den_de_df90ebf803789d67d7f80e1f935675b4%26dispatch%3Dffc5356d4b461e9ff106bc979e05a722bd3267f0&c.&omn.&visitorCheck=VisitorAPI%20Missing&itagexists=no&gvs=1&etwidth=1600ðeight=1200&etratio=0.75&etorientation=landscape&.omn&.c&cc=USD&server=global36582-americanexpress.com&c4=UnknownMarket&v22=D%3Dgctrac&c48=D%3Dgctrac&c49=ENS-Acq%20r20.0.1-AM%3A2.1.0-VISID%3ANA-DIL%3ANA-Mbox%3ANA&v65=D%3Domnmycademo&c67=D%3Dmrcards&v67=D%3Dmrcards&c75=fb&v75=MCMID%20not%20available&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1
25 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
eg9r
short.id/ Redirect Chain
|
491 B 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
/
global36582-americanexpress.com/myca36582/19f96/ Redirect Chain
|
40 KB 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ELILODefault.css
global36582-americanexpress.com/myca36582/form/css/ |
9 KB 9 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
RWDcmaxLogon_compress.css
global36582-americanexpress.com/myca36582/form/css/ |
851 B 851 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ELILOLarge.css
global36582-americanexpress.com/myca36582/form/css/ |
476 B 476 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
inav_responsive_intl.css
global36582-americanexpress.com/myca36582/file/ |
132 KB 132 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
clear.gif
global36582-americanexpress.com/myca36582/action/ |
343 B 343 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo_bluebox.gif
global36582-americanexpress.com/myca36582/form/img/ |
4 KB 4 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
DE.gif
global36582-americanexpress.com/myca36582/19f96/myca/pics/flag/ |
354 B 354 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
img_orangearrow.gif
global36582-americanexpress.com/myca36582/form/img/ |
181 B 181 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ApplePayBenefitsMYCALoginALL300x250px.jpg
global36582-americanexpress.com/myca36582/form/img/ |
78 KB 78 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
clear.gif
global36582-americanexpress.com/myca36582/form/img/ |
43 B 43 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
commonFunctionsResponsive_Intl.js
global36582-americanexpress.com/myca36582/file/ |
79 KB 79 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
iNav_ngi_sprite_new.gif
global36582-americanexpress.com/myca36582/file/img/ |
23 KB 23 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
elilo-sprite.gif
global36582-americanexpress.com/myca36582/form/form/img/ |
357 B 357 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login_button_big.png
global36582-americanexpress.com/myca36582/form/img/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
iNav_ngi_sprite_footer.gif
global36582-americanexpress.com/myca36582/file/img/ |
934 B 934 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
iOAjquery1.6.3.min.js
www.aexp-static.com/api/axpi/ioa/js/ |
90 KB 31 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Bootstrap.js
nexus.ensighten.com/amex/ |
62 KB 18 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gct.js
www.aexp-static.com/api/axpi/GCT/ |
8 KB 4 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
serverComponent.php
nexus.ensighten.com/amex/ |
329 B 257 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Cookie set
CreateCookie.do
gct.americanexpress.com/gct/ |
43 B 43 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
82c5c7f70e5f65f093d22d74a7906f73.js
nexus.ensighten.com/amex/prod/code/ |
26 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
s_code_global_context.js
www.aexp-static.com/api/axpi/omniture/ |
83 KB 28 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Cookie set
s92553110610160
omns.americanexpress.com/b/ss/amexpressprod/1/JS-2.1.0/ Redirect Chain
|
43 B 43 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: American Express (Financial)107 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onafterprint object| onbeforeprint string| browser object| isIpadIpod undefined| mt function| validation function| confirm_by_id object| NAV function| initOmnDefault number| ice undefined| $ undefined| jQuery function| $iOA function| $iN function| omn_rmaction function| omn_rmvar function| omn_bpoclick function| omn_bpoimpression function| ctn_rmaction function| ctn_rmvar function| omn_mer_rmaction function| omn_mer_rmleadstart function| omn_mer_rmshare function| omn_mer_rmvidstart function| omn_mer_rmvidcomplete function| omn_mer_trackdownload function| omn_mer_rmvar function| omn_mer_tracklogin function| omn_relatedprodclick function| searchWidgetAction function| searchWidgetError function| searchWidgetFAQAction function| searchWidgetHyperlinkClick function| searchWidgetSearch function| omn_rmdiscuss function| omn_rmfollowcomplete function| omn_rmfollowstart function| omn_rmlogin function| omn_rmprofile function| omn_rmregcomplete function| omn_rmregstart function| omn_rmaddpaybill function| omn_rmaddsscard function| omn_rmeStatement function| t function| tl object| ensBootstraps object| Bootstrapper function| initGCT object| qsArray string| k object| o object| icats_obj string| psj0 function| loadNGAMUTracking object| startTime number| TimeOutID function| iTagRuleCheckTimer string| s_devprod function| s_getmcmid object| s_rmvars string| s_rmact number| s_rmi number| omn_temp function| s_rmobj function| omn_rmvidstart function| omn_rmvidcomplete function| omn_rmsocialaction function| omn_rmshare function| omn_rmsiteerror function| omn_rmphonedial function| s_csi function| omn_rmassistaction function| omn_rmsearch function| omn_rmsearchclick function| omn_rmaddtocompare function| omn_counteroffered function| omn_crossselloffered function| omn_abtesttracker function| omn_clearfa function| s_doPlugins function| s_cleanQS function| c_rspers function| c_r function| c_w function| AppMeasurement_Module_Integrate function| clickTaleGetUID_PID string| standardDimensions string| customDimensions1 string| customDimensions2 string| customDimensions3 string| customDimensions4 function| AppMeasurement function| s_gi function| s_pgicq object| omn object| s_c_il number| s_c_in object| s number| s_objectID number| s_giq string| s_tnt string| j string| uc string| pv string| visit_num_val object| s_i_amexpressprod2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.global36582-americanexpress.com/ | Name: s_sess Value: %20tp%3D1200%3B%20s_cc%3Dtrue%3B%20s_ppv%3Dglobal36582-americanexpress.com%252Fmyca36582%252F19f96%252F%252C100%252C100%252C1200%3B |
|
.global36582-americanexpress.com/ | Name: s_pers Value: %20s_fid%3D4C3C2703C7DD390A-265748EB961010D1%7C1671056717740%3B%20s_visit%3D1%7C1513292117747%3B%20gpv_v41%3Dglobal36582-americanexpress.com%252Fmyca36582%252F19f96%252F%7C1513292117751%3B%20s_uvid%3D1513290317758494%7C1670970317757%3B%20s_vnum%3D1%7C1670970317758%3B%20s_invisit%3Dtrue%7C1513292117758%3B |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=63072000; includeSubdomains |
X-Content-Type-Options | nosniff |
X-Frame-Options | DENY |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
gct.americanexpress.com
global36582-americanexpress.com
nexus.ensighten.com
omns.americanexpress.com
short.id
www.aexp-static.com
x.co
104.108.52.12
148.173.101.84
184.168.131.241
185.34.188.178
207.244.89.74
2400:cb00:2048:1::6812:3bdd
54.156.181.116
0d4e7d13d424c4569af233a3188ac42edaa093a12bced0dba6095c00047006e3
183346f0a0af6252f7e760e6e75a59687ee3ef522fe787015c2ae37c13faa806
194b37addb793c71c33302afb3239216455121d66303067e15904eedd0a66b12
352ff58f101fd04f532cefd9e4b762dfdb7d131f3126a88a78fae5c60c6e5bbb
3ed772fb8bc11079c9ffbdcd666844c3788bc438b7951fe9fe7e12e31fdfeb5c
3fdce13cb5b6f815026e05fd1564c2ba1e7f01de47d6b241fbe093326e2fba35
5928460a1f2572334e7221acfcdccef727bb5e55b14dfefe00492a2675d9d504
5b88f98a5c8a34fc5966c02ce6fbd936928644a957bab4efba77cc8df6c2dc8a
7c3561cb6494af21aeb93bee7364f2914e578a6fb8208bd3c8812a071c2ca4bb
7cf79ec617b809191da9b18b2200486eae33c8149015253e498bc394fb5745d2
83a5f57735673ff8cca9d9364f44e96b0ad7c7c61a91624aaa41d022f74883d2
88e1f23c17e0d69700f6731467896887618e6677c70c3334ab2b309183876df5
8901b87c3125997a9f8f9c42c006eeb498774c239446026260f9b1c679bc84da
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a771965c6c6ce80d8a4aaa26d3db5b3b438bfe52d1127cb73b33e744ef283675
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b754eb74fa8f416b4803252f7994d7aa22d697a5eb77f0b4df8e3839f9621c9e
be36c92f1d4126f8a33f452e9b3598e0e7a358174e3ee4ce92d6d66c821a61f1
bf2a27559ef7a28d1157f0e8675d1e9c5b9b8e04ddd0f4cc722eb4eb2135bb16
c25766256590af8b54a59fa56ca2463e31b01f34f8eafa5a33ab0fd7aca745fb
c8bde1669e5038ef301da02d1f5d161f4f92170d26333c7e1eb498f9d52c937c
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
e835a4d32d448bcce3f2246f7a318fa64fd56a5ed7d0e0dae408b0ce09572960
f37bebf7cb79cfbd87d3b8707f0bf10e3b815c52bfe1c6d564f75781602593a8
fd710334e8e9ea09c46bf37ad1167ccc073c1ab215c3d9ae7047b0448451a9c3