columbus-erp.com
Open in
urlscan Pro
185.2.4.90
Malicious Activity!
Public Scan
Submission: On April 09 via manual from US
Summary
TLS certificate: Issued by GeoTrust TLS RSA CA G1 on June 11th 2018. Valid for: 2 years.
This is the only time columbus-erp.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Office 365 (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
12 | 185.2.4.90 185.2.4.90 | 203461 (REGISTER_...) (REGISTER_UK-AS) | |
9 | 45.60.13.52 45.60.13.52 | 19551 (INCAPSULA) (INCAPSULA) | |
1 | 185.67.45.137 185.67.45.137 | 201682 (LIQUID-WE...) (LIQUID-WEB-BV) | |
1 7 | 2a00:1450:400... 2a00:1450:4001:81c::200e | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:1450:400... 2a00:1450:400c:c00::9a | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:1450:400... 2a00:1450:4001:808::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 2001:4de0:ac1... 2001:4de0:ac19::1:b:3b | 20446 (HIGHWINDS3) (HIGHWINDS3) | |
1 | 151.101.112.217 151.101.112.217 | 54113 (FASTLY) (FASTLY) | |
32 | 9 |
ASN19551 (INCAPSULA, US)
cdn.clareitysecurity.net | |
collector.clareity.net |
ASN201682 (LIQUID-WEB-BV, NL)
PTR: uranus.mspcloudhost.com
www.novosco.com |
ASN15169 (GOOGLE, US)
www.google-analytics.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
12 |
columbus-erp.com
columbus-erp.com |
616 KB |
8 |
clareitysecurity.net
cdn.clareitysecurity.net |
1 MB |
7 |
google-analytics.com
1 redirects
www.google-analytics.com |
36 KB |
1 |
vimeo.com
player.vimeo.com |
6 KB |
1 |
bootstrapcdn.com
stackpath.bootstrapcdn.com |
7 KB |
1 |
googleapis.com
fonts.googleapis.com |
582 B |
1 |
doubleclick.net
stats.g.doubleclick.net |
102 B |
1 |
novosco.com
www.novosco.com |
58 KB |
1 |
clareity.net
collector.clareity.net |
5 KB |
32 | 9 |
Domain | Requested by | |
---|---|---|
12 | columbus-erp.com |
columbus-erp.com
|
8 | cdn.clareitysecurity.net |
columbus-erp.com
cdn.clareitysecurity.net |
7 | www.google-analytics.com |
1 redirects
cdn.clareitysecurity.net
columbus-erp.com |
1 | player.vimeo.com |
columbus-erp.com
|
1 | stackpath.bootstrapcdn.com |
columbus-erp.com
|
1 | fonts.googleapis.com |
columbus-erp.com
|
1 | stats.g.doubleclick.net |
columbus-erp.com
|
1 | www.novosco.com |
columbus-erp.com
|
1 | collector.clareity.net |
columbus-erp.com
|
32 | 9 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.google.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
www.columbus-erp.com GeoTrust TLS RSA CA G1 |
2018-06-11 - 2020-07-10 |
2 years | crt.sh |
cdn.clareitysecurity.net DigiCert SHA2 High Assurance Server CA |
2020-03-31 - 2022-04-05 |
2 years | crt.sh |
*.clareity.net DigiCert SHA2 High Assurance Server CA |
2020-01-06 - 2022-01-10 |
2 years | crt.sh |
*.novosco.com Go Daddy Secure Certificate Authority - G2 |
2019-01-21 - 2021-02-15 |
2 years | crt.sh |
*.google-analytics.com GTS CA 1O1 |
2020-03-24 - 2020-06-16 |
3 months | crt.sh |
*.g.doubleclick.net GTS CA 1O1 |
2020-03-24 - 2020-06-16 |
3 months | crt.sh |
upload.video.google.com GTS CA 1O1 |
2020-03-24 - 2020-06-16 |
3 months | crt.sh |
*.bootstrapcdn.com Sectigo RSA Domain Validation Secure Server CA |
2019-09-14 - 2020-10-13 |
a year | crt.sh |
vimeo.map.fastly.net GlobalSign CloudSSL CA - SHA256 - G3 |
2020-04-02 - 2020-11-08 |
7 months | crt.sh |
This page contains 2 frames:
Primary Page:
https://columbus-erp.com/Login/Login.htm
Frame ID: 1D97C1E0131C5D499790A0326087D218
Requests: 17 HTTP requests in this frame
Frame:
https://columbus-erp.com/idp/server.jsp
Frame ID: B8C98AA5B1BBFAA1EA724E46EAF897FA
Requests: 16 HTTP requests in this frame
Screenshot
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Google Analytics (Analytics) Expand
Detected patterns
- script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
- script /jquery-ui.*\.js/i
jQuery UI (JavaScript Libraries) Expand
Detected patterns
- script /jquery-ui.*\.js/i
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Title: UA-39826640-43
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 12- https://www.google-analytics.com/r/collect?v=1&_v=j81&a=1304872713&t=pageview&_s=1&dl=https%3A%2F%2Fcolumbus-erp.com%2FLogin%2FLogin.htm&ul=en-us&de=UTF-8&dt=SafeAccess%C2%AE%20Login&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEDAAUAB~&jid=990127294&gjid=1313789552&cid=1855977516.1586445135&tid=UA-45101381-2&_gid=665498542.1586445135&_r=1&z=71618707 HTTP 302
- https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-45101381-2&cid=1855977516.1586445135&jid=990127294&_gid=665498542.1586445135&gjid=1313789552&_v=j81&z=71618707
32 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
Login.htm
columbus-erp.com/Login/ |
3 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login.css
cdn.clareitysecurity.net/css/ |
10 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.min.js
cdn.clareitysecurity.net/js/ |
91 KB 38 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
loginxkd-dd-2.9.min.js
cdn.clareitysecurity.net/js/ |
41 KB 14 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1583937068116
collector.clareity.net/kdl/ |
18 KB 5 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
googletrack.js
cdn.clareitysecurity.net/sys/alberta/ |
651 B 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Office-365.jpg
www.novosco.com/images/easyblog_articles/37/ |
58 KB 58 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
analytics.js
www.google-analytics.com/ |
44 KB 18 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
server.jsp
columbus-erp.com/idp/ Frame B8C9 |
23 KB 23 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
paragon-login-background.png
cdn.clareitysecurity.net/sys/alberta/ |
860 KB 862 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
paragon-login-bg.png
cdn.clareitysecurity.net/sys/alberta/ |
395 KB 396 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-ui.min.js
cdn.clareitysecurity.net/js/ |
86 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-ui.min.css
cdn.clareitysecurity.net/css/ |
30 KB 9 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
collect
stats.g.doubleclick.net/r/ Redirect Chain
|
35 B 102 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
collect
www.google-analytics.com/r/ |
35 B 104 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ Frame B8C9 |
2 KB 582 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
font-awesome.min.css
stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/ Frame B8C9 |
30 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
style.min.css
columbus-erp.com/wp-includes/css/dist/block-library/ Frame B8C9 |
52 KB 53 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
videobackgroundpro.css
columbus-erp.com/wp-content/plugins/video-background-pro-S3HEFd/dist/ Frame B8C9 |
2 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main.min.css
columbus-erp.com/wp-content/themes/columbusenergy/assets/css/ Frame B8C9 |
165 KB 166 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
frontend.js
columbus-erp.com/wp-content/plugins/google-analytics-for-wordpress/assets/js/ Frame B8C9 |
23 KB 24 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.js
columbus-erp.com/wp-includes/js/jquery/ Frame B8C9 |
95 KB 95 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-migrate.min.js
columbus-erp.com/wp-includes/js/jquery/ Frame B8C9 |
10 KB 10 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
player.js
player.vimeo.com/api/ Frame B8C9 |
16 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
newlogo2.svg
columbus-erp.com/wp-content/uploads/2017/06/ Frame B8C9 |
2 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
VideoBackgroundPro.js
columbus-erp.com/wp-content/plugins/video-background-pro-S3HEFd/dist/ Frame B8C9 |
26 KB 26 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
app.min.js
columbus-erp.com/wp-content/themes/columbusenergy/assets/js/ Frame B8C9 |
210 KB 210 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
wp-embed.min.js
columbus-erp.com/wp-includes/js/ Frame B8C9 |
1 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
collect
www.google-analytics.com/ |
35 B 102 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
collect
www.google-analytics.com/ |
35 B 96 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
1 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
analytics.js
www.google-analytics.com/ Frame B8C9 |
44 KB 18 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
collect
www.google-analytics.com/r/ Frame B8C9 |
35 B 105 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Office 365 (Online)155 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate function| $ function| jQuery string| url boolean| isOnQA boolean| alertMe undefined| debugit boolean| ie8 function| isIE string| requiredKd string| idpurl string| cdnUrl string| jQueryUiUrl string| jQueryUiCssUrl string| ie8CssUrl string| inputs string| pleasewait string| loginTypeVal string| loginTypeMsg string| failureMsgId string| failMsg string| logincssMsg string| logoMsg string| loginbtnMsg string| loginXkdMsg string| loginformMsg string| warnalert number| keyedChars boolean| isChrome object| loginXkdId string| loginXkdUrl undefined| oldbrowserWarnData undefined| oldbrowserUrlData undefined| setFocus undefined| inputAutoData undefined| disablePageData undefined| backSpaceClearData undefined| savePwdData undefined| fakeSafariPwdData undefined| fakeChromePwdData undefined| fontIconsData undefined| redirectUrlData undefined| idpTimeoutData undefined| secondsLeftData undefined| sessionWarnData undefined| loadingData undefined| collectorIcon undefined| kdIconData boolean| oldie function| cdnCheck string| googleTrackMsg string| googleJsUrlMsg string| googleJsUrlCdnMsg string| mlsgooglecode boolean| trackit function| googleCheck string| forgotPwdUrlMsg string| changePwdUrlMsg function| passLinks string| setFocusMsg object| usernameInput function| setInputFocus string| inputAutoMsg boolean| autocomp function| autoComplete string| disablePageMsg string| disablePageDiv boolean| disablepage string| backSpaceClearMsg boolean| backspace function| backspaceClear string| savePwdMsg boolean| savepassword string| fakeSafariPwdMsg boolean| fakepwdadded boolean| fakepwd function| fakeSafariPwd string| fakeChromePwdMsg function| fakeChromePwd string| fontIconsUrl string| fontIconsMsg boolean| fontawesome function| iconsFonts string| redirectUrl string| redirectUrlMsg number| idpTimeout string| idpTimeoutMsg number| secondsLeft string| secondsLeftMsg string| sessionWarnMsg boolean| sessionWarnMe string| sessionDialogHtml function| sessionPop function| runSessionDialog object| assocDropdownId object| assocDropdownRememberJsId undefined| assocDropdownRememberJsUrl string| assocDropdownRememberJsMsg string| assocDropdownMsg string| assocDropdownCookieMsg boolean| assocDrop object| assocDropdownCookie function| checkDropDown function| setDropDown function| saveDropdown function| inputCheck object| loadingId string| loadingMsg object| loginFormId string| loginFormMsg function| showInputs string| checkBootStrapMsg boolean| useboostrap function| checkBootStrap string| ssoTypeMsg function| ssoType function| basicLogin function| doLogin function| keyPress function| submitLoginForm object| collectIframe string| collectorMsg string| collectorIconMsg boolean| collectorchecker function| checkCollector function| collecterSet boolean| docollect function| collectObjectCheck object| kdCollecterId string| kdCollecterMsg string| kdIconMsg boolean| didkdload function| loginKd string| qaDialogHtml function| runQaDialog function| qaDialog boolean| fakechromepwdadded boolean| fakechromepwd function| initCallback_3xkd function| validCallback_3xkd function| kdFailed_3xkd object| CLAREITY function| xkd object| _0x6bf2 function| CLAREITY_KD function| madKD_getVersion object| _0xb3d3 object| b64 string| GoogleAnalyticsObject function| ga object| google_tag_data object| gaplugins object| gaGlobal object| gaData3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.columbus-erp.com/ | Name: _gat Value: 1 |
|
.columbus-erp.com/ | Name: _gid Value: GA1.2.242748675.1586445138 |
|
.columbus-erp.com/ | Name: _ga Value: GA1.2.1065383340.1586445138 |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdn.clareitysecurity.net
collector.clareity.net
columbus-erp.com
fonts.googleapis.com
player.vimeo.com
stackpath.bootstrapcdn.com
stats.g.doubleclick.net
www.google-analytics.com
www.novosco.com
151.101.112.217
185.2.4.90
185.67.45.137
2001:4de0:ac19::1:b:3b
2a00:1450:4001:808::200a
2a00:1450:4001:81c::200e
2a00:1450:400c:c00::9a
45.60.13.52
00f973f96f9fcebd037f59485a24ac1f3f073d0fb20879ddf445265c7ef77d87
02324fbade97fbc223834e6afa838dc1e01185bd0393f8e26e084834b512ae69
0a27dc147ed1d0048a35f49ae3977452fd2050a59a569f790954afdf7f170c33
0e3fc4b2a21ea53249715a01cbf7f30b32f57af3e4d0354e2145f1cfa8f5e65c
15cc6fc3f739fa8573e2785f1f6af0cff8cebd1118a4b4f11df63d0f51c3bb64
16ad30dc7c52842f580962e62e29bd0474f9d3d99c93c81b8d384bdb52553719
17cecc18ee875908251a0ab107cc1ec9dd5fe73af2b759caa69316f5793c85b9
1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df
1dcab816ca5ee2317f01c1822391bcf8d8f9fdfaa3e5d776592d6c3ce6e559af
2667e4e07d4ef3578541f5759c9bb6e97f2b58a9b5f96459121d095b9f8de84f
2a760066fcee7a17505ce4d13428f8b5dc8907cb2ba6acc0020ddde89869a5e0
48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d
4c7194ca1acc1f5f8ba29da5df11a88f88ff0431e704f5fbbfd1b58890217c26
5265f71403a318cdbeb0c4ec01dbba2f00fbc8f046b0a79e40e8abe675b398ce
557cda85e24f236f7564d666b9a889ced11aff101227e3b3365cf248830f5cbc
64907bac65b3d6080557dbc26e2cc1ec94433cce8a4b7ad63dcf7ba4b959f948
65971d5f591a42f2548bcdcfd72e1cb238c8f884986d768db891c4ff99a900a3
6ebcda7a3a41ef97f0b4071160ceb1020e540fdc0f790079a5c2ef01ab654fe0
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
9de5950e705f78d02ae70cc5ee55ee333562d8ec083384f64e8d4a401a809e7a
b7e5367878f252a70a3eaecd650b0613a9bf53439c6a73fc76213fab103baad9
c6ef9f8587c0ea0a68513dac0aea52516ca82b424331a07fcdb43701e9e4705b
cffd9a45fadaba1379d434bc2db74f39bd11a2013950994760175ddfbd3aa158
d02934f0a5b722dbd076dda86e34373e037158a672a8a10409bcbdb5a9040b42
d4c1acdde2d8dc96d4347a5da9c0a7198dfb1985fc6b863511f6eaa7bde4cc99
d90f7ba613d7755d20df301724010a22211fe3b43c4f3969c7e17c866eaf23bc
eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d