www.bmedsupport.com
Open in
urlscan Pro
198.54.114.39
Malicious Activity!
Public Scan
Effective URL: https://www.bmedsupport.com/index
Submission: On March 31 via automatic, source certstream-suspicious
Summary
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on March 31st 2021. Valid for: a year.
This is the only time www.bmedsupport.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Banca Mediolanum (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 32 | 198.54.114.39 198.54.114.39 | 22612 (NAMECHEAP...) (NAMECHEAP-NET) | |
1 | 54.225.157.230 54.225.157.230 | 14618 (AMAZON-AES) (AMAZON-AES) | |
32 | 2 |
ASN22612 (NAMECHEAP-NET, US)
PTR: business128-5.web-hosting.com
www.bmedsupport.com |
ASN14618 (AMAZON-AES, US)
PTR: ec2-54-225-157-230.compute-1.amazonaws.com
api.ipify.org |
Apex Domain Subdomains |
Transfer | |
---|---|---|
32 |
bmedsupport.com
1 redirects
www.bmedsupport.com |
600 KB |
1 |
ipify.org
api.ipify.org |
259 B |
32 | 2 |
Domain | Requested by | |
---|---|---|
32 | www.bmedsupport.com |
1 redirects
www.bmedsupport.com
|
1 | api.ipify.org |
www.bmedsupport.com
|
32 | 2 |
This site contains links to these domains. Also see Links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
bmedsupport.com Sectigo RSA Domain Validation Secure Server CA |
2021-03-31 - 2022-03-31 |
a year | crt.sh |
*.ipify.org Sectigo RSA Domain Validation Secure Server CA |
2021-01-19 - 2022-02-19 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.bmedsupport.com/index
Frame ID: 8DBD65BAB4CB0B6EE8991F3A76F3A3C3
Requests: 32 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://www.bmedsupport.com/
HTTP 302
https://www.bmedsupport.com/index Page URL
Detected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i
Apache (Web Servers) Expand
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Page Statistics
39 Outgoing links
These are links going to different origins than the main page.
Title: BANCA MEDIOLANUM
Search URL Search Domain Scan URL
Title: FAMILY BANKER
Search URL Search Domain Scan URL
Title: FONDAZIONE MEDIOLANUM ONLUS
Search URL Search Domain Scan URL
Title: Mediolanum Corporate University
Search URL Search Domain Scan URL
Title: Mediolanum Fiduciaria
Search URL Search Domain Scan URL
Title: Mediolanum Investment Banking
Search URL Search Domain Scan URL
Title: Banco Mediolanum
Search URL Search Domain Scan URL
Title: Bankhaus August Lenz
Search URL Search Domain Scan URL
Title: Gamax Management AG
Search URL Search Domain Scan URL
Title: EuroCQS S.p.A.
Search URL Search Domain Scan URL
Title: Flowe S.p.A. Società Benefit
Search URL Search Domain Scan URL
Title: Private Banking
Search URL Search Domain Scan URL
Title: Centodieci
Search URL Search Domain Scan URL
Title: Mediolanum Assicurazioni
Search URL Search Domain Scan URL
Title: Mediolanum Gestione Fondi
Search URL Search Domain Scan URL
Title: Mediolanum International Funds
Search URL Search Domain Scan URL
Title: Mediolanum International Life
Search URL Search Domain Scan URL
Title: Mediolanum Vita
Search URL Search Domain Scan URL
Title:
Search URL Search Domain Scan URL
Title:
Search URL Search Domain Scan URL
Title:
Search URL Search Domain Scan URL
Title:
Search URL Search Domain Scan URL
Title: Scopri di più
Search URL Search Domain Scan URL
Title: Scopri di più
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: Dati societari
Search URL Search Domain Scan URL
Title: Trasparenza
Search URL Search Domain Scan URL
Title: Reclami, ricorsi e conciliazioni
Search URL Search Domain Scan URL
Title: Promozioni e manifestazioni a premio
Search URL Search Domain Scan URL
Title: Governance
Search URL Search Domain Scan URL
Title: Rapporti dormienti
Search URL Search Domain Scan URL
Title: AML & CTF
Search URL Search Domain Scan URL
Title: Privacy
Search URL Search Domain Scan URL
Title: Bilanci
Search URL Search Domain Scan URL
Title: Contattaci
Search URL Search Domain Scan URL
Title: qui
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://www.bmedsupport.com/
HTTP 302
https://www.bmedsupport.com/index Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
32 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
index
www.bmedsupport.com/ Redirect Chain
|
47 KB 9 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.css
www.bmedsupport.com/static-assets/login-psd2/dist/ |
140 KB 21 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
login-psd2.css
www.bmedsupport.com/static-assets/login-psd2/dist/ |
405 B 682 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fonts.css
www.bmedsupport.com/static-assets/css/ |
6 KB 1003 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
all.min.css
www.bmedsupport.com/static-assets/fa/css/ |
57 KB 13 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.3.1.js
www.bmedsupport.com/static-assets/login-psd2/dist/ |
137 KB 39 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
dPg.js
www.bmedsupport.com/jsR/ |
0 406 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
home_check_err.js
www.bmedsupport.com/jsR/ |
958 B 943 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ARCBM_HomePage.js
www.bmedsupport.com/jsA/ |
4 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sha1.js
www.bmedsupport.com/jsS/ |
4 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
lightstreamer.js
www.bmedsupport.com/jsA/ |
165 KB 50 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
tastierino.js
www.bmedsupport.com/jsA/ |
4 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
homebm_oam1_psd2.js
www.bmedsupport.com/hide/ |
141 KB 25 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
HB-bmed-logo.jpg
www.bmedsupport.com/static-assets/images/menu/ |
33 KB 33 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
user.png
www.bmedsupport.com/static-assets/login-psd2/assets/img/ |
788 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ico-alert.png
www.bmedsupport.com/static-assets/images/common/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bmedonline-desk-tappadopotappa.png
www.bmedsupport.com/static-assets/images/upload/ |
37 KB 38 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bmedonline-desk-shopforyou-ottobre2020.png
www.bmedsupport.com/static-assets/images/upload/ |
69 KB 69 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bmedonline-desk-bonifici-ist.png
www.bmedsupport.com/static-assets/images/upload/ |
46 KB 46 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bmedonline-desk-crm-102020.png
www.bmedsupport.com/static-assets/images/upload/ |
120 KB 121 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo-mediolanum.png
www.bmedsupport.com/static-assets/images/footer/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ico_cookie_small.png
www.bmedsupport.com/static-assets/images/common/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.cookie.js
www.bmedsupport.com/static-assets/js/vendor/plugins/ |
1 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
popper.js
www.bmedsupport.com/static-assets/login-psd2/dist/ |
23 KB 8 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.js
www.bmedsupport.com/static-assets/login-psd2/dist/ |
50 KB 14 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style.js
www.bmedsupport.com/asset/ |
635 B 677 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
api.ipify.org/ |
23 B 259 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
arrow-down-nav-gruppo-off.png
www.bmedsupport.com/static-assets/images/menu/ |
155 B 554 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
mediolanumsans-regular.otf
www.bmedsupport.com/static-assets/fonts/webfontkit-20150730-065551/ |
14 KB 10 KB |
Font
font/otf |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
mediolanumsans-bold.otf
www.bmedsupport.com/static-assets/fonts/webfontkit-20150730-065025/ |
14 KB 10 KB |
Font
font/otf |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fa-brands-400.woff2
www.bmedsupport.com/static-assets/fa/webfonts/ |
74 KB 74 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
close-chat.png
www.bmedsupport.com/static-assets/images/common/ |
223 B 622 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Banca Mediolanum (Financial)189 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated function| getQSParam object| parm_login object| parm_successurl string| logoutLink string| QS function| $ function| jQuery string| OAM_CODICE_CLIENTE string| OAM_NICKNAME string| SA number| bmed_cr string| crFrom string| crCanale number| dPg_loaded undefined| io undefined| test number| home_check_err_loaded function| CLValidateForm function| CLFormatString function| addHighlight function| CLGeneratePosition function| CLRandom function| CLReturnPosition function| whenOnKeyPress function| setCookie function| getCookieData number| ARCBM_HomePage_loaded object| CryptoJS number| sha1_loaded object| Lightstreamer function| LightstreamerClient function| Subscription object| exp string| dove string| gStrong string| gVsess string| gIdTopic string| gPrefissoCellulare string| gNumeroCellulare string| gSkipCertificazione string| gSkipStrong string| gSkipMaxCert string| gSkipMaxSA string| gStatoCert string| gStatoStrong string| gStatoStrongBannerPsd2 string| gCellunivoco string| gCliC string| pwdCli string| gStrongPin string| gIdPrelogin string| gclientlight string| gCodiceCliente string| gSecurityToken string| gSecLev string| gTipologiaRinvio string| gTipoLayer string| gCodDispoPSD2 boolean| gLastStepPin1 object| gTastierino boolean| callLoginStrong string| linkRecCodici string| linkSbloccaBMed string| cClienteVerificato string| NUMEROTEL string| NOMECLI string| COGNOMECLI string| CONTI string| PRESSO string| INDIRIZZO string| LOCALITA string| CAP string| COMUNE string| PROVINCIA string| CANONE_DATA_ADD string| CANONE_ERR_NUM string| CANONE_ESENTE string| CANONE_CONTO_ADD string| CANONE_IBAN_CC string| CANONE_PROX_ADD string| IDPRENOTAZIONE string| FIRSTSTEP_ACT string| FIRSTSTEP_ACT_COD string| STATOCEL_CODE string| STATUSSYS_CODE string| STATUSSYS_SYS_STAT string| STATUSSYS_FLG_FAX string| STATUSSYS_ERR_CODE string| INFOCRUSC_LIV_SIC string| GETDAY_DATA_WORK string| ESTRADATA_TODAY string| PREFISSO string| TELEFONO number| IMPORTO string| APPLICA_PRICING string| TIPODISPOSITIVA string| ACTION_CODE string| IN_TIPO_DISP string| IN_ACTION_CODE string| IN_DISPSTATUS string| IN_STATO string| TESTO20SEC string| TESTO_INFO number| gContErrVerificaCod string| oamHost number| stopCert string| request_id boolean| sendSmsAble string| TESTO30SEC string| nmolLogin string| gIDPRELO string| hostToUseLS number| otpError string| sitoAss string| idPRELO string| ipAddress string| testCookie string| cOAMAuthnCookie string| ipAddr string| dominioAction function| goRigenearaPin function| prova function| Get_Cookie function| Delete_Cookie function| logInfoAgg function| tracciaStepGiornale function| funcPost function| lpad function| getMobileOperatingSystem function| autenticazione function| controllaPin function| sendSms function| disegnaTemplateSMS function| disegnaTemplateNPU function| disegnaTemplateSMSfake function| loginStrong function| login function| decodeErrorOAM function| accessoLogin function| decodeError function| preLogin function| openPopNmolCertMass function| continuaCertificazioneMass function| openPopNmolCert function| confermaCodiceCert function| sendCodCert function| sendCodSmsCert function| write2Pin function| getMotore function| getInfoDispositiva function| eseguiDispositiva function| setFocus function| onlyNumbers function| chiudiPopup function| skipLastStep function| disabilitaBtnSkip function| skip function| goStep1 function| goStep2 function| goStep3 function| callInfoStrong function| gestisciMsgErrore function| goTokenAppComplete function| goEsitoOK function| openLayerPSD2 function| loginApi function| logoutApi function| loginApi_mia function| openPopNoNomber function| openPopCertDup function| openPopCertDupMass function| openLayerPolizze function| richiediSmsPinDigit function| showToolTip function| hideToolTip function| getPopupSkip boolean| flgLogin string| re function| Popper object| bootstrap0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=31536000; includeSubDomains; preload; |
X-Content-Type-Options | nosniff |
X-Frame-Options | SAMEORIGIN |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
api.ipify.org
www.bmedsupport.com
198.54.114.39
54.225.157.230
11571276c6d6ec266a5ef6e8cea4f35a849795936398b89c8ae89245089f1c65
171ac238374d53520ded08e6f040948a28f13c83cf1799aef882270358e5c3f1
19f0d168a5f77ea13a63b7be27f2da7383469b15799f914298fedcd19088b7f0
1c9a34825e2ab2843ed717b32352187673c4472d7309db2f11ba097eb93eb40e
204aad35809bb1a7e8c25bd17e80704563c2d874832ca0ff105da37d217696ad
2abd40e780aac0d0cff59e3d49196e0bb48365d551bef8e39f479ebeffa64281
36618cc83f71bf0f34f4be177ee4ecd1bb6247e1ad854d573e868c8d13d3c4db
3a3cebc4d7a4938330f7ae34c9ddb7318805a2c1f275bd460c6377be4b4efc2e
42660412d013b3f04994265b6e1bc793ee425f1f8bd0fceee866257c1774351e
4521d2660af14ced6628837ff5ec772f2f7bc4467acfaee5d45529065bc322d4
48b5284916b1eb6d8e0d5a716113b046120f4f8a0f8be36ebbbb740d046c5fec
53e863b76390fb7a5e5d6dccfd194a5df891b350bc676b9a997d3ac26a401d80
6b8caca198c6640b93d631ffdf8a5867467be188170d9fb9368a53764f929d72
76f34e526753ea6dbc2bdd9e22165d329d977a0eb7a0bf8f0071c4031d12be26
83105545baa0ba2c920ae5dc59ae5007f5670f354145605046f7ffefeef612fd
8887872dfa818a2c63ba2a496f811cbcbef2e6444c0d343e295e832cece0f510
8c814712ccaf55e4f93469daf010ba277e8569d60781237c3a2ac6eaf81359e1
8d9aab5e84dc6e2446b86ef2b4e65cd50382627f0849b9fb4b64d143669b467c
9429cae40ac44408fc4596715dd0ddc23669b030216ec11cf8e883f314680780
978f221be3fa2db458a52300b95640faff8a8cef67bb9b896bd013eacc1df210
a07170bd0e630e10157796e6ef39ade02e9e571fcd1dfa91ec6b81a255fb764f
bcca6e8979eb8ba7c197665c12e572cadefe13f9ace182cf3f9391fb8f1b6088
bde02736a59a10dcacfdba91c6ec7b7acb07687c02348f3a8f783029c2db5355
bf1ed18df313c77146e696fd64c00b3d530e7cd70212e4048b02497a95c58c5a
d3caf12591d194712facd10bca14f0a924edb59c24447a3fd994a48286db8843
d6683412de237db4a88db3125dc8d6f59236e7792719a7e1a1dc637e1efd06e0
da1307c3553bdff5c01a7f863b6f022191cd735e2c9ecefe9817965402b88fd9
dbfe922af18d668b9cb90d98ad0e4bc25838b4c4d57ee8fd104aaca6372d6404
ded6c278bd03d63c5056e9b7f38ecfda6943e2fb36bafce7c9467d5e854d56a6
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f706d3ab65bc881e780aa6662ef31ab5e900c5ee0eec60971775bab33b102d90
feaaf4e9e2f8cd65ece2416845dbd7513d07029557275eb440497f17a6edd520