cutter-as.cf
Open in
urlscan Pro
94.177.230.126
Malicious Activity!
Public Scan
Submitted URL: https://maria-chelyapinaru.432.com1.ru/lord.html
Effective URL: http://cutter-as.cf/comcstwind/b693905f292d3d6a3b5519465edcf89b/
Submission: On May 09 via manual from US
Effective URL: http://cutter-as.cf/comcstwind/b693905f292d3d6a3b5519465edcf89b/
Submission: On May 09 via manual from US
Summary
This website contacted 19 IPs
in 8 countries
across 12 domains to perform 43 HTTP transactions.
The main IP is 94.177.230.126, located in
Frankfurt, Germany and
belongs to XANDMAIL-ASN, DE.
The main domain is cutter-as.cf.
This is the only time cutter-as.cf was scanned on urlscan.io!
This is the only time cutter-as.cf was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Xfinity (Consumer)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 1 | 80.78.250.147 80.78.250.147 | 43146 (AGAVA3) (AGAVA3) | |
| 3 4 | 94.177.230.126 94.177.230.126 | 200185 (XANDMAIL-ASN) (XANDMAIL-ASN) | |
| 12 | 76.96.69.84 76.96.69.84 | 7922 (COMCAST-7922) (COMCAST-7922 - Comcast Cable Communications) | |
| 1 | 18.195.118.165 18.195.118.165 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
| 1 | 52.36.158.250 52.36.158.250 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
| 2 | 52.222.250.14 52.222.250.14 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
| 1 | 178.250.2.100 178.250.2.100 | 44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE) | |
| 2 | 204.13.194.235 204.13.194.235 | 29990 (ASN-APPNEXUS) (ASN-APPNEXUS - AppNexus) | |
| 1 | 23.67.129.200 23.67.129.200 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
| 1 | 2.18.235.40 2.18.235.40 | 16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies) | |
| 2 | 62.67.193.31 62.67.193.31 | 26667 (RUBICONPR...) (RUBICONPROJECT - The Rubicon Project) | |
| 2 | 62.67.193.43 62.67.193.43 | 26667 (RUBICONPR...) (RUBICONPROJECT - The Rubicon Project) | |
| 1 | 35.156.129.78 35.156.129.78 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
| 1 | 2.18.232.130 2.18.232.130 | 16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies) | |
| 6 | 52.2.148.143 52.2.148.143 | 14618 (AMAZON-AES) (AMAZON-AES - Amazon.com) | |
| 3 | 185.60.216.19 185.60.216.19 | 32934 (FACEBOOK) (FACEBOOK - Facebook) | |
| 2 | 185.60.216.35 185.60.216.35 | 32934 (FACEBOOK) (FACEBOOK - Facebook) | |
| 2 | 52.0.18.114 52.0.18.114 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
| 43 | 19 |
1
80.78.250.147
(Russian Federation)
ASN43146 (AGAVA3, RU)
PTR: cp432.agava.net
ASN43146 (AGAVA3, RU)
PTR: cp432.agava.net
| maria-chelyapinaru.432.com1.ru |
4
94.177.230.126
(Frankfurt, Germany)
ASN200185 (XANDMAIL-ASN, DE)
PTR: host126-230-177-94.static.arubacloud.de
ASN200185 (XANDMAIL-ASN, DE)
PTR: host126-230-177-94.static.arubacloud.de
| cutter-as.cf |
12
76.96.69.84
(United States)
ASN7922 (COMCAST-7922 - Comcast Cable Communications, LLC, US)
ASN7922 (COMCAST-7922 - Comcast Cable Communications, LLC, US)
| login.comcast.net |
1
18.195.118.165
(Cambridge, United States)
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-18-195-118-165.eu-central-1.compute.amazonaws.com
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-18-195-118-165.eu-central-1.compute.amazonaws.com
| pixel.quantserve.com |
1
52.36.158.250
(Boardman, United States)
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-36-158-250.us-west-2.compute.amazonaws.com
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-36-158-250.us-west-2.compute.amazonaws.com
| dmp.tidaltv.com |
2
52.222.250.14
(Seattle, United States)
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-52-222-250-14.txl51.r.cloudfront.net
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-52-222-250-14.txl51.r.cloudfront.net
| privacy-policy.truste.com |
2
204.13.194.235
(New York, United States)
ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US)
ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US)
| oascentral.comcast.net |
1
23.67.129.200
(Amsterdam, Netherlands)
ASN20940 (AKAMAI-ASN1, US)
PTR: a23-67-129-200.deploy.static.akamaitechnologies.com
ASN20940 (AKAMAI-ASN1, US)
PTR: a23-67-129-200.deploy.static.akamaitechnologies.com
| ads.rubiconproject.com |
2
62.67.193.31
(United Kingdom)
ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US)
ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US)
| optimized-by.rubiconproject.com |
2
62.67.193.43
(United Kingdom)
ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US)
ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US)
| beacon-eu2.rubiconproject.com |
1
35.156.129.78
(Frankfurt, Germany)
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-35-156-129-78.eu-central-1.compute.amazonaws.com
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-35-156-129-78.eu-central-1.compute.amazonaws.com
| pixel.quantserve.com |
1
2.18.232.130
(European Union)
ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
| cdn.oas-c18.adnxs.com |
6
52.2.148.143
(Ashburn, United States)
ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-52-2-148-143.compute-1.amazonaws.com
ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-52-2-148-143.compute-1.amazonaws.com
| s.update.rubiconproject.com |
3
185.60.216.19
(Ireland)
ASN32934 (FACEBOOK - Facebook, Inc., US)
ASN32934 (FACEBOOK - Facebook, Inc., US)
| connect.facebook.net | |
| staticxx.facebook.com |
2
52.0.18.114
(Ashburn, United States)
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-0-18-114.compute-1.amazonaws.com
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-0-18-114.compute-1.amazonaws.com
| s.update.rubiconproject.com |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 14 |
comcast.net
login.comcast.net oascentral.comcast.net |
158 KB |
| 13 |
rubiconproject.com
ads.rubiconproject.com optimized-by.rubiconproject.com beacon-eu2.rubiconproject.com s.update.rubiconproject.com |
59 KB |
| 4 |
facebook.com
www.facebook.com staticxx.facebook.com |
215 B |
| 4 |
cutter-as.cf
3 redirects
cutter-as.cf |
32 KB |
| 2 |
truste.com
privacy-policy.truste.com |
4 KB |
| 2 |
quantserve.com
pixel.quantserve.com |
755 B |
| 1 |
facebook.net
connect.facebook.net |
62 KB |
| 1 |
adnxs.com
cdn.oas-c18.adnxs.com |
378 B |
| 1 |
moatads.com
z.moatads.com |
76 KB |
| 1 |
criteo.com
rtax.criteo.com |
708 B |
| 1 |
tidaltv.com
dmp.tidaltv.com |
677 B |
| 1 |
com1.ru
maria-chelyapinaru.432.com1.ru |
249 B |
| 43 | 12 |
| Domain | Requested by | |
|---|---|---|
| 12 | login.comcast.net |
cutter-as.cf
login.comcast.net |
| 8 | s.update.rubiconproject.com |
cutter-as.cf
s.update.rubiconproject.com |
| 4 | cutter-as.cf |
3 redirects
maria-chelyapinaru.432.com1.ru
|
| 2 | staticxx.facebook.com |
connect.facebook.net
|
| 2 | www.facebook.com |
cutter-as.cf
connect.facebook.net |
| 2 | beacon-eu2.rubiconproject.com |
cutter-as.cf
|
| 2 | optimized-by.rubiconproject.com |
ads.rubiconproject.com
|
| 2 | oascentral.comcast.net |
cutter-as.cf
|
| 2 | privacy-policy.truste.com |
cutter-as.cf
|
| 2 | pixel.quantserve.com |
cutter-as.cf
optimized-by.rubiconproject.com |
| 1 | connect.facebook.net |
cutter-as.cf
|
| 1 | cdn.oas-c18.adnxs.com |
cutter-as.cf
|
| 1 | z.moatads.com |
oascentral.comcast.net
|
| 1 | ads.rubiconproject.com |
oascentral.comcast.net
|
| 1 | rtax.criteo.com |
cutter-as.cf
|
| 1 | dmp.tidaltv.com |
cutter-as.cf
|
| 1 | maria-chelyapinaru.432.com1.ru | |
| 43 | 17 |
This site contains links to these domains. Also see Links.
| Domain |
|---|
| oascentral.comcast.net |
| www.comcast.net |
| www.surveymonkey.com |
| customer.xfinity.com |
| login.comcast.net |
| www.facebook.com |
| xfinity.comcast.net |
| my.xfinity.com |
| customer.comcast.com |
| privacy.truste.com |
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| *.agava.net AlphaSSL CA - SHA256 - G2 |
2018-04-02 - 2019-04-03 |
a year | crt.sh |
| *.facebook.com DigiCert SHA2 High Assurance Server CA |
2017-12-15 - 2019-03-22 |
a year | crt.sh |
This page contains 5 frames:
Primary Page:
http://cutter-as.cf/comcstwind/b693905f292d3d6a3b5519465edcf89b/
Frame ID: 038A5A50E9028E64D79B081CC67B54BB
Requests: 40 HTTP requests in this frame
Frame:
http://staticxx.facebook.com/connect/xd_arbiter/r/RQ7NiRXMcYA.js?version=42
Frame ID: 5474CCE90662E47592F38E6CF91C5E6A
Requests: 1 HTTP requests in this frame
Frame:
https://staticxx.facebook.com/connect/xd_arbiter/r/RQ7NiRXMcYA.js?version=42
Frame ID: F39FD803C58BF1A3FBF2AA45A74FA38A
Requests: 1 HTTP requests in this frame
Frame:
https://www.facebook.com/connect/ping?client_id=161991040493541&domain=cutter-as.cf&origin=1&redirect_uri=http%3A%2F%2Fstaticxx.facebook.com%2Fconnect%2Fxd_arbiter%2Fr%2FRQ7NiRXMcYA.js%3Fversion%3D42%23cb%3Df1a7c69af2ee8b4%26domain%3Dcutter-as.cf%26origin%3Dhttp%253A%252F%252Fcutter-as.cf%252Ff39848935c4b424%26relation%3Dparent&response_type=token%2Csigned_request%2Ccode&sdk=joey&version
Frame ID: EBA10C39A335D352B53E5154C1E5CA0F
Requests: 1 HTTP requests in this frame
Frame:
data://truncated
Frame ID: F8C319D9E84642EDB08A896D2AD9FEFC
Requests: 1 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- https://maria-chelyapinaru.432.com1.ru/lord.html Page URL
-
http://cutter-as.cf/comcstwind
HTTP 301
http://cutter-as.cf/comcstwind/ HTTP 302
http://cutter-as.cf/comcstwind/b693905f292d3d6a3b5519465edcf89b HTTP 301
http://cutter-as.cf/comcstwind/b693905f292d3d6a3b5519465edcf89b/ Page URL
Detected technologies
Nginx
(Web Servers)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- headers server /nginx(?:\/([\d.]+))?/i
SiteCatalyst
(Analytics)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- env /^s_(?:account|objectID|code|INST)$/i
jQuery
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- env /^jQuery$/i
Page Statistics
14 Outgoing links
These are links going to different origins than the main page.
URL: https://oascentral.comcast.net/RealMedia/ads/click_lx.ads/comcast.net/RubiconSIPassback/L29/1312718548/x32/Comcast/CIM_2018Q1_SIG_1400_FILLERB/8603257.html/6c5073742f6c727a427845414450427a;zip=DE:10243
Search URL Search Domain Scan URL
URL: http://www.comcast.net/adinformation
Title: Ad Info
Title: Ad Info
Search URL Search Domain Scan URL
URL: https://www.surveymonkey.com/s.aspx?sm=FyNNVDhj_2f2FNc2KVOHQ4eg_3d_3d
Title: Ad Feedback
Title: Ad Feedback
Search URL Search Domain Scan URL
URL: https://customer.xfinity.com/#/terms/payment-method
Title: Terms and Conditions for Stored Payment Methods
Title: Terms and Conditions for Stored Payment Methods
Search URL Search Domain Scan URL
URL: https://login.comcast.net/myaccount/lookup?continue=https%3A%2F%2Flogin.comcast.net%2Flogin%3FreqId%3D44716814-f737-4744-88b1-7bde36869843%26forceAuthn%3Dfalse%26ipAddrAuthn%3Dfalse%26lang%3Den%26s%3Doauth%26deviceAuthn%3Dfalse%26r%3Dcomcast.net%26continue%3Dhttps%253A%252F%252Flogin.comcast.net%252Foauth%252Fauthorize%253Fresponse_type%253Dcode%2526redirect_uri%253Dhttp%25253A%25252F%25252Fmy.xfinity.com%25252Foauth%25252Fcallback%2526client_id%253DXfinity-Portal%2526state%253Dhttp%25253A%25252F%25252Fmy.xfinity.com%25252F%25253Fcid%25253Dcust%252526amcid%25253DSEG_MYACCOUNT%2526response%253D1%26passive%3Dfalse%26client_id%3DXfinity-Portal%26rm%3D2&lang=en
Title: Don't know your email or username?
Title: Don't know your email or username?
Search URL Search Domain Scan URL
URL: https://login.comcast.net/myaccount/reset?continue=https%3A%2F%2Flogin.comcast.net%2Flogin%3FreqId%3D44716814-f737-4744-88b1-7bde36869843%26forceAuthn%3Dfalse%26ipAddrAuthn%3Dfalse%26lang%3Den%26s%3Doauth%26deviceAuthn%3Dfalse%26r%3Dcomcast.net%26continue%3Dhttps%253A%252F%252Flogin.comcast.net%252Foauth%252Fauthorize%253Fresponse_type%253Dcode%2526redirect_uri%253Dhttp%25253A%25252F%25252Fmy.xfinity.com%25252Foauth%25252Fcallback%2526client_id%253DXfinity-Portal%2526state%253Dhttp%25253A%25252F%25252Fmy.xfinity.com%25252F%25253Fcid%25253Dcust%252526amcid%25253DSEG_MYACCOUNT%2526response%253D1%26passive%3Dfalse%26client_id%3DXfinity-Portal%26rm%3D2&lang=en
Title: Forgot your password?
Title: Forgot your password?
Search URL Search Domain Scan URL
URL: https://login.comcast.net/myaccount/create-uid?continue=https%3A%2F%2Flogin.comcast.net%2Flogin%3FreqId%3D44716814-f737-4744-88b1-7bde36869843%26forceAuthn%3Dfalse%26ipAddrAuthn%3Dfalse%26lang%3Den%26s%3Doauth%26deviceAuthn%3Dfalse%26r%3Dcomcast.net%26continue%3Dhttps%253A%252F%252Flogin.comcast.net%252Foauth%252Fauthorize%253Fresponse_type%253Dcode%2526redirect_uri%253Dhttp%25253A%25252F%25252Fmy.xfinity.com%25252Foauth%25252Fcallback%2526client_id%253DXfinity-Portal%2526state%253Dhttp%25253A%25252F%25252Fmy.xfinity.com%25252F%25253Fcid%25253Dcust%252526amcid%25253DSEG_MYACCOUNT%2526response%253D1%26passive%3Dfalse%26client_id%3DXfinity-Portal%26rm%3D2&lang=en
Title: Create a Username »
Title: Create a Username »
Search URL Search Domain Scan URL
URL: http://customer.xfinity.com/help-and-support/internet/facebookconnect/
Title: here
Title: here
Search URL Search Domain Scan URL
URL: http://www.facebook.com/help
Title: here
Title: here
Search URL Search Domain Scan URL
URL: http://xfinity.comcast.net/siteindex/
Title: Site Map
Title: Site Map
Search URL Search Domain Scan URL
URL: http://xfinity.comcast.net/privacy/
Title: Privacy Policy
Title: Privacy Policy
Search URL Search Domain Scan URL
URL: http://my.xfinity.com/terms/web/
Title: Terms of Service
Title: Terms of Service
Search URL Search Domain Scan URL
URL: https://customer.comcast.com/contact-us/
Title: Contact Us
Title: Contact Us
Search URL Search Domain Scan URL
URL: http://privacy.truste.com/privacy-seal/Comcast-Cable-Communications-Management,-LLC/validation?rid=bf9d4d6f-2b32-4201-a167-5b55a4451508
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://maria-chelyapinaru.432.com1.ru/lord.html Page URL
-
http://cutter-as.cf/comcstwind
HTTP 301
http://cutter-as.cf/comcstwind/ HTTP 302
http://cutter-as.cf/comcstwind/b693905f292d3d6a3b5519465edcf89b HTTP 301
http://cutter-as.cf/comcstwind/b693905f292d3d6a3b5519465edcf89b/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 26- http://connect.facebook.net/en_US/all.js HTTP 307
- https://connect.facebook.net/en_US/all.js
43 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
lord.html
maria-chelyapinaru.432.com1.ru/ |
102 B 249 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
Primary Request
/
cutter-as.cf/comcstwind/b693905f292d3d6a3b5519465edcf89b/ Redirect Chain
|
31 KB 31 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
styles.min.css
login.comcast.net/static/css/ |
17 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
segments.json
pixel.quantserve.com/api/ |
39 B 471 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
data.json
dmp.tidaltv.com/audience/browser/ |
117 B 677 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
nc.min.js
login.comcast.net/proxy/captcha/resource/33376/v6/skins/open-comcast-cima-2/ |
69 KB 19 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
asc
privacy-policy.truste.com/privacy-seal/Comcast-Cable-Communications-Management,-LLC/ |
17 B 575 B |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
seal
privacy-policy.truste.com/privacy-seal/Comcast-Cable-Communications-Management,-LLC/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
jquery-1.7.min.js
login.comcast.net/static/js/libs/ |
92 KB 33 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
jquery.tools-1.2.6.min.js
login.comcast.net/static/js/libs/ |
45 KB 16 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
omniture.js
login.comcast.net/static/js/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
rta.js
rtax.criteo.com/delivery/rta/ |
169 B 708 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
1142221033@x32
oascentral.comcast.net/RealMedia/ads/adstream_jx.ads/comcast.net/login_secure/notve/ |
2 KB 3 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
11648.js
ads.rubiconproject.com/ad/ |
25 KB 7 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
moatad.js
z.moatads.com/comcastapn56341864860/ |
244 KB 76 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
150582-10.js
optimized-by.rubiconproject.com/a/11648/36314/ |
2 KB 2 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
4df62b06-a6e7-4cac-bc70-645f22ce13a7
beacon-eu2.rubiconproject.com/beacon/d/ |
43 B 268 B |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
150582-15.js
optimized-by.rubiconproject.com/a/11648/36314/ |
3 KB 2 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
segments.json
pixel.quantserve.com/api/ |
39 B 284 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
1b31b98a-51fc-4f60-a258-d93743f38f6b
beacon-eu2.rubiconproject.com/beacon/d/ |
43 B 268 B |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
omniture.js
login.comcast.net/static/js/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
1061473595@x32
oascentral.comcast.net/RealMedia/ads/adstream_jx.ads/comcast.net/RubiconSIPassback/ |
3 KB 3 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
1523299613
cdn.oas-c18.adnxs.com/RealMedia/ads/Creatives/Comcast/CIM_2018Q1_SIG_1400_FILLERB/1523299613476_8603257.gif/ |
43 B 378 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
omniture.js
login.comcast.net/static/js/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
analytics.js
s.update.rubiconproject.com/2/873648/ |
4 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
xfinity-logo.png
login.comcast.net/static/images/global/ |
8 KB 8 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
/
login.comcast.net/proxy/captcha/data/track/ |
500 B 759 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET S |
all.js
connect.facebook.net/en_US/ Redirect Chain
|
206 KB 62 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
omniture.js
login.comcast.net/static/js/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET S |
/
www.facebook.com/impression.php/fd67185a1682cc/ |
43 B 215 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
RQ7NiRXMcYA.js
staticxx.facebook.com/connect/xd_arbiter/r/ Frame 5474 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
RQ7NiRXMcYA.js
staticxx.facebook.com/connect/xd_arbiter/r/ Frame F39F |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
ping
www.facebook.com/connect/ Frame EBA1 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST H/1.1 |
postback
s.update.rubiconproject.com/2/4.37.0/873648/VZ7e5vbaAuq7LmXqhNHbmFk0nkbUvlh9/ |
2 B 632 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
nv-main.js
s.update.rubiconproject.com/2/4.37.0/ |
125 KB 41 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST H/1.1 |
postback
s.update.rubiconproject.com/2/4.37.0/873648/VZ7e5vbaAuq7LmXqhNHbmFk0nkbUvlh9/ |
2 B 632 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST H/1.1 |
postback
s.update.rubiconproject.com/2/4.37.0/873648/VZ7e5vbaAuq7LmXqhNHbmFk0nkbUvlh9/ |
2 B 632 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
/
login.comcast.net/proxy/captcha/data/ |
52 KB 52 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
home.png
login.comcast.net/static/images/sprites/ |
18 KB 18 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET BLOB |
c766bbdb-1a68-49c7-b694-63e66b1faea3
http://cutter-as.cf/ |
476 B 0 |
Other
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST H/1.1 |
postback
s.update.rubiconproject.com/2/4.37.0/873648/VZ7e5vbaAuq7LmXqhNHbmFk0nkbUvlh9/ |
2 B 632 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ Frame F8C3 |
35 B 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headersResponse headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST H/1.1 |
postback
s.update.rubiconproject.com/2/4.37.0/873648/VZ7e5vbaAuq7LmXqhNHbmFk0nkbUvlh9/ |
2 B 632 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST H/1.1 |
postback
s.update.rubiconproject.com/2/4.37.0/873648/VZ7e5vbaAuq7LmXqhNHbmFk0nkbUvlh9/ |
2 B 632 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Xfinity (Consumer)404 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
string| f_ADTARGET_ZIP string| f_AM_CID boolean| f_ENABLE_ADTARGETING string| crtg_nid string| crtg_cookiename string| crtg_varname function| crtg_getCookie string| crtg_content number| crtg_rnd function| qc_results string| quantSegs object| _vdlg object| opts string| OAS_query object| OAS_rn string| OAS_rns string| first_time string| OAS_type string| OAS_sitepage string| OAS_listpos undefined| rp_account undefined| rp_site undefined| rp_zonesize undefined| rp_adtype string| rp_smartfile object| rp_account_config object| RubiconAdServing object| rp_requests number| rubicon_cb string| rubicon_rurl string| rubicon_ad string| rubicon_creative string| rubicon_tag_code function| forpreview object| root undefined| ct undefined| et undefined| hourElapsed undefined| msg undefined| pixelDomain undefined| pxSrc undefined| px object| Moat#G26 object| MoatSuperV26 object| callbacks object| Moat#PML#26#1.2 boolean| Moat#EVA string| x32adtag string| adtag_x32 function| ncsII1 function| ncslIl11l1l111l function| ncsI111 object| ncs1Il1I1Il function| ncsIlII function| ncsI111l function| ncsII1IlII function| ncsII11 number| ncs11ll1II string| ncs11ll object| ncs1Il1I1I function| ncslIl111I function| ncsI111llll function| ncsl11l111 function| ncsllll1II function| ncslIl1 function| ncsl11l string| NC_FLASHEVENT_CONNECT string| NC_FLASHEVENT_START string| NC_FLASHEVENT_COMPLETE string| NC_FLASHEVENT_DOWNLOAD_COMPLETE string| NC_FLASHEVENT_DOWNLOAD_RETRY string| NC_FLASHEVENT_DOWNLOAD_FAILURE string| NC_FLASHEVENT_PLAY_CLICKED string| NC_FLASHEVENT_PLAY_WAITING string| NC_FLASHEVENT_REPLAY_CLICKED string| NC_FLASHEVENT_REPLAY_WAITING function| ncFOnEvent string| NC_FLASHEVENT_SEND_MUTE string| NC_FLASHEVENT_SEND_PLAY string| NC_FLASHEVENT_SEND_SETPLAYMODE function| ncFSendFlashEvent function| ncFCmdError function| ncFSetRegion function| ncsII11I function| ncsllll1I function| ncslIl111I1 function| ncsl1llI1ll function| ncsl11 boolean| isIE boolean| isWin boolean| isOpera function| ncsllll1III function| ncsllll function| ncsII11I11 function| ncsII11I11I function| ncsIlII1l1I function| ncsl11l111l function| ncsI111lll function| ncsIlI function| ncslIl11 function| ncsII1Il function| ncsII1IlIII function| ncsII1IlI function| ncsI111ll function| ncsIlII1l1 function| ncslIl111 object| ncJSON object| ncWaitForDOMCallbacks number| ncsl1llI111 number| ncs11Il1l function| ncWaitForDOM object| ncInitData function| ncLoadPlayerExternal function| lmLoadPlayerExternal function| ncReinitializePlayer function| lmReinitializePlayer function| ncGetValidationFields function| lmGetValidationFields function| ncOnTrackLoaded function| ncNotifyWidgetLoaded object| ncLanguages object| ncLanguageDict function| ncsllll1 function| ncslll string| ncsI1III111 string| ncsl1lI string| ncsl1lI1ll string| ncs1Il1I1 boolean| ncsl1lI1 number| ncs1IlIl string| ncSkin string| ncs11ll1II1 string| ncs11Il1lIl string| ncs11l string| ncsIllI string| ncsI1III1 string| ncPlayerType string| ncs1Il1I string| ncs11Il1 string| ncsIll string| ncDataType string| ncs11I string| ncsIllII1 string| ncsI1II string| ncDeliveryMethodDefault string| ncsl1lI1llI string| ncs11Il string| ncStateInit string| ncStateVideo string| ncStateAudio string| ncStateVideo_SubLoading string| ncStateVideo_SubPlaying string| ncs11ll1I string| ncsI1I string| ncsl1l number| ncsI1III string| ncsIllII1I string| ncTrackStateTrack string| ncsIllII string| ncs1IlI string| ncsIllII1II string| ncs1Il string| ncsl1llI11 string| ncs11ll1 string| ncsl1llI string| ncs1IlIlIIl string| ncs1Il1 string| ncs11Il1lI object| ncsl1ll object| ncs1IlIlI boolean| ncs1IlIlII number| ncVideoWidth number| ncVideoHeight number| ncsI1III11 string| ncsl1lI1l string| ncsl1llI1 number| ncslIlIII boolean| ncslIlIII11 string| ncsI1I11 string| ncsIl11IIl string| ncslIlII string| ncs1lI1I1 string| ncsl1IlIl1I string| ncslI1l string| ncsI1IlI string| ncsI1Il string| ncs1lI1 string| ncslIlI string| ncs1lI1I1lI string| ncs1lI string| ncslI1ll1 number| ncs1lI1I number| ncsI1I1 string| ncsIl11II string| ncsI1I11lI string| ncsl1Il object| ncsl1I number| ncslI1ll11l number| ncs1lI1I1l string| ncslI1ll number| ncs1lI11lI number| ncsl1IlIl boolean| ncslIl string| ncsIl11IIll boolean| ncslI1ll11 boolean| ncsl1IlIl1 string| ncslI1 object| ncsIl11 object| ncsI1IlIl object| ncsI1IlIlI object| ncsI1I11l object| ncsl1IlI boolean| ncs1lI11 object| ncsI1I11lI1 string| ncsIl1 string| ncs1lI11lI1 object| ncClusterEntries string| ncs1lI11l boolean| ncsI1IlIlII number| ncsIl11I object| ncslIlIII1 boolean| ncs111ll1ll number| ncTrackRequestTimeout object| ncs11I1 string| ncslII1ll object| ncsII1l1 number| ncDisplayFlag_Directions number| ncDisplayFlag_DirectionsVerbose number| ncDisplayFlag_ButtonHelp number| ncDisplayFlag_ButtonNewChallenge number| ncDisplayFlag_ButtonAudioChallenge number| ncDisplayFlag_ButtonMute number| ncDisplayFlag_PoweredBy number| ncDisplayFlags object| ncs11I1lll object| ncs11I1lll1 object| ncs111ll1l string| ncsI11l string| ncsI11 string| ncs1II string| ncslII1ll1 string| ncsII1l boolean| ncsII1l1l11 string| ncsII1l1l1 function| ncPlayerInitState function| ncsl1llI1l function| ncsII11I1 function| ncsl11l11 function| ncsIlII1l function| ncOnExitState function| ncOnEnterState function| ncOnEnterSubState function| ncOnExitSubState function| ncsIlII1 function| ncsII1I function| ncsl1IlI1 function| ncOnFlashEvent function| ncs11Il1111 function| ncs1111lIl number| ncsll1 object| ncs11I1l function| ncs11Il11 function| ncSetTrackData string| ncslII1 function| ncsI11Il1I function| ncsI11I function| ncs1Il1l1 function| ncs1Il1l11 function| ncSaveGlobals function| ncGetCustomSWF function| ncAppendFlashVars function| ncRenderExtDirections function| ncRenderExtDirectionsVerbose function| ncRenderExtButtons function| ncRenderExtAnswerInput function| ncRenderExtPrivate function| ncRenderExtFooter function| ncslIII function| ncRenderExtMedia function| ncRenderScriptPlayer function| ncBindScriptPlayer function| ncslIIIll1 function| ncsIlIlIll1 function| ncs1111lI function| ncsI11Il function| ncs1Il1l111 function| ncsIlIlI function| ncLoadTrackRetryEnabled function| ncs11Il111 function| ncs1111lIlI function| ncsIlIl function| ncsI11Il1 function| ncslIIIll object| ncs1IIl object| ncsll1l1lll object| ncsI11l1 string| ncs1lI1I1I string| ncsll1l1ll function| ncslIIIll1l function| ncsl1IlI1I function| ncs1llIl function| ncs1111l function| ncsIlIlIl function| ncs1llIl1 function| ncslIIIl function| ncsIlIlIll function| ncs1llIl11 function| ncs1llI function| ncs1ll function| ncs1llIl111 function| ncGetDataParams function| ncsI11Il1Il function| ncGetDirectionsText function| ncFilterCmd function| ncCmdNewChallenge function| ncCmdRefresh function| ncCmdReplay function| ncCmdHelp function| ncCmdToggleAudio function| ncCmdSetPlayerMode function| ncCmdLeaveAnswerBox function| ncCmdEnterAnswerBox function| ncCmdClickAnswerBox function| ncCmdError function| ncs1Il1l function| ncs1111 function| ncsl1IlI1I1 function| ncs11lI function| ncs1I1IIl1I function| ncs1I1II function| ncs11lIIl1l function| ncs111l1l function| ncslIll1Il function| ncs11l1I111 function| ncs1ll11I1 function| ncs1111I1 function| ncs11l1 string| ncsll1l string| ncsI11l11Il string| ncs1IIll1 string| ncs11I1ll string| ncs111ll1 string| ncsI11l11I string| ncs1lI1I1I1 string| ncs1IIll string| ncsII1l1l string| ncsll1l1l number| ncslII1l number| ncslII1ll11 string| ncsll1l1 object| ncs111 object| ncslII object| ncs1IIll1l number| ncs1IIll1lI object| ncsI11l11 string| ncs111l string| ncs111ll function| ncs1I1IIl function| ncs111l1lI1 function| ncslIll1I function| ncslIll1Ill function| ncs11l1I11 function| ncs11lIIl1 object| nucaptcha function| ncOpenSkinRenderScriptPlayer function| ncGetDirectionsText_Skin function| ncRenderScriptPlayer_Skin function| ncLoadPlayer function| lmLoadPlayer object| data number| ncEnterStateTime string| ck function| $ function| jQuery object| time function| flashembed object| jQuery1709957295230277636 object| login function| fblogin function| callServer function| fbAsyncInit object| FB undefined| s_code object| ozoki_data object| ozoki_uq object| ozoki_json string| ozoki_os string| ozoki_url undefined| ozoki_fl object| ozoki_ct string| ozoki_tc object| ozoki_opt number| ozoki_st object| ozoki_spt boolean| ozoki_loaded object| __ozoki_handlers function| __ozoki_call object| __wo_mt_handlers function| __wo_mt_func string| saved_sc string| saved_tc object| ncPrivateTrackData string| ________ok object| xxx0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ads.rubiconproject.com
beacon-eu2.rubiconproject.com
cdn.oas-c18.adnxs.com
connect.facebook.net
cutter-as.cf
dmp.tidaltv.com
login.comcast.net
maria-chelyapinaru.432.com1.ru
oascentral.comcast.net
optimized-by.rubiconproject.com
pixel.quantserve.com
privacy-policy.truste.com
rtax.criteo.com
s.update.rubiconproject.com
staticxx.facebook.com
www.facebook.com
z.moatads.com
178.250.2.100
18.195.118.165
185.60.216.19
185.60.216.35
2.18.232.130
2.18.235.40
204.13.194.235
23.67.129.200
35.156.129.78
52.0.18.114
52.2.148.143
52.222.250.14
52.36.158.250
62.67.193.31
62.67.193.43
76.96.69.84
80.78.250.147
94.177.230.126
09b3d1d373b566ce6a958d0f089607510592619f028081822696b387da06d703
184bdd403c5676cf483b4a891b60c54fa4a0644892e328cbbad706cf4449bc04
2572fe7186db9b64536312dd238afe75a49d8d0b99dfc4210f4be304e2ed1da7
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
2d6962ec9fa83cbf8e546f0117544a0d2f8590d95dd28d36960272f2b8894b96
3e811b97dc60cf37a74f0bffee4222c2697e409c2cc78548e47b3384926c4338
4eb9974960ac8e3e9b322bc5abe88cd12d8a53b36894fd85dbfe1a4409a07ce3
534d56bd673065577c1eb30ce347dc1ec01c65f7e66d3d1784ff9ec9f4bf55e8
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
5499896400ea6e35ca9c95a4c12d62ddbb08a28539736e72c61781409d8a6311
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
719a81cef72698d646285817dca45066dae48fe462fe853aac79e45af50313fb
847ec2bbe06b316899e011a0abdd47e14a5620dd8fa83e59f02b7edb955ae54c
98d79dc9b541f1ead105aa55631c2b2ff88dbcf678c3b02884551109f6ed34f5
a90f02a9856bdf24568f35cf996e0cb5d6831a77958b628854162e81edaa4911
a9e05d3f1dfd0d64f55fedd190a46205e15a3e532f676b073683ba5276f2c970
aea1b1b66ea361a8235c838811585c1c052b69faccdc879bb50540b99e0d7316
af2d3351d5bb6b63e81eb19140f27324fd7b0ba94dc7c39b6154461243e4986e
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
baded18c119b8175b3cd4e96040fbe45d075292cda2f5b62ad121b0c20e22144
c47bb8af6317ddc64116b9fa30f3d2d46ea6b759789556c003a08fd57c0f6e8a
ca4c23f4cd3e8179f3dd75482a0ea81bd58990191ce829f66eac0104675bf287
d6123bbc1676ccd43cee4dee1debd68a4669dfb80e702a475bb0daf040349639
d970b90a027e5a9e134b866fad7eaa34c91fc10bed428517636c5af634c4b5b0
dc1f60275f714d42da0c2f5af09934ea5ee1ecd831270690f00a7de0159d550e
e696e10d58ec6d106d4239958e9f28f575222d1fcfa23f4c47f8cd542de46670
e9d7f3e0c6da70dd4da639829d35aeeb7c1f139ee90020a61ecbda557e912230
f2cbb9c684c7244f1098767b9b4e12521777afee1fd2c93aae1e762f1a1ff85d
fccf0b671af9aaa565fb04ab72d41cecd99f5a0cb8cc3dc9d7b1da77a85fa5fa