rewardsprogram.euquestions2.com
Open in
urlscan Pro
2606:4700:30::681f:4bed
Malicious Activity!
Public Scan
Effective URL: https://rewardsprogram.euquestions2.com/eu/fr/a.php?clickid=1562407915.27-158010169-24883&c1=a1m7&sid=158010169&tm=token
Submission: On July 06 via api from BE
Summary
TLS certificate: Issued by CloudFlare Inc ECC CA-2 on April 9th 2019. Valid for: a year.
This is the only time rewardsprogram.euquestions2.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Customer Survey Spam (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 2606:4700:10:... 2606:4700:10::6814:da2a | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
1 1 | 198.74.59.73 198.74.59.73 | 63949 (LINODE-AP...) (LINODE-AP Linode) | |
2 2 | 35.192.185.253 35.192.185.253 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
1 2 | 66.172.12.145 66.172.12.145 | 11051 (CYBERVERSE) (CYBERVERSE - Evocative) | |
26 | 2606:4700:30:... 2606:4700:30::681f:4bed | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
1 | 209.197.3.15 209.197.3.15 | 20446 (HIGHWINDS3) (HIGHWINDS3 - Highwinds Network Group) | |
1 | 2606:4700:30:... 2606:4700:30::681b:abe1 | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
1 | 54.230.202.97 54.230.202.97 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
30 | 5 |
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
tinyurl.com |
ASN63949 (LINODE-AP Linode, LLC, US)
PTR: li550-73.members.linode.com
godt-liv.ml |
ASN15169 (GOOGLE - Google LLC, US)
PTR: 253.185.192.35.bc.googleusercontent.com
hwmanymore.com | |
goatshpprd.com |
ASN11051 (CYBERVERSE - Evocative, Inc., US)
PTR: ip-66-172-12-145.chunkhost.com
go.teldamps.com |
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
rewardsprogram.euquestions2.com |
ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US)
PTR: vip0x00f.map2.ssl.hwcdn.net
maxcdn.bootstrapcdn.com |
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
mnvrmnd.com |
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-54-230-202-97.fra50.r.cloudfront.net
api.pushnami.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
26 |
euquestions2.com
rewardsprogram.euquestions2.com |
135 KB |
2 |
teldamps.com
1 redirects
go.teldamps.com |
772 B |
1 |
pushnami.com
api.pushnami.com |
7 KB |
1 |
mnvrmnd.com
mnvrmnd.com |
|
1 |
bootstrapcdn.com
maxcdn.bootstrapcdn.com |
7 KB |
1 |
goatshpprd.com
1 redirects
goatshpprd.com |
712 B |
1 |
hwmanymore.com
1 redirects
hwmanymore.com |
278 B |
1 |
godt-liv.ml
1 redirects
godt-liv.ml |
282 B |
1 |
tinyurl.com
1 redirects
tinyurl.com |
961 B |
30 | 9 |
Domain | Requested by | |
---|---|---|
26 | rewardsprogram.euquestions2.com |
go.teldamps.com
rewardsprogram.euquestions2.com |
2 | go.teldamps.com | 1 redirects |
1 | api.pushnami.com |
rewardsprogram.euquestions2.com
|
1 | mnvrmnd.com |
rewardsprogram.euquestions2.com
|
1 | maxcdn.bootstrapcdn.com |
rewardsprogram.euquestions2.com
|
1 | goatshpprd.com | 1 redirects |
1 | hwmanymore.com | 1 redirects |
1 | godt-liv.ml | 1 redirects |
1 | tinyurl.com | 1 redirects |
30 | 9 |
This site contains links to these domains. Also see Links.
Domain |
---|
mnvrmnd.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni.cloudflaressl.com CloudFlare Inc ECC CA-2 |
2019-04-09 - 2020-04-09 |
a year | crt.sh |
*.bootstrapcdn.com COMODO RSA Domain Validation Secure Server CA |
2018-10-03 - 2019-10-12 |
a year | crt.sh |
*.pushnami.com Amazon |
2019-06-14 - 2020-07-14 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
https://rewardsprogram.euquestions2.com/eu/fr/a.php?clickid=1562407915.27-158010169-24883&c1=a1m7&sid=158010169&tm=token
Frame ID: 1A88C94A3601D6A17F00A96555D52ADF
Requests: 29 HTTP requests in this frame
Frame:
https://mnvrmnd.com/tracking/universalJSRequest.php?clickid=1562407915.27-158010169-24883&c1=a1m7&sid=158010169&ffq=set|ff|flux_fts|ff|lixlxlotxlzpzqiqiteilpxzqcizcliolxptpa7091|ff|set|ff|clickid|ff|%7Bclickid%7D|ff|set|ff|c1|ff|%7Bc1%7D|ff|set|ff|sid|ff|%7Bsid%7D|ff|set|ff|tm|ff|token|ff|set|ff|flux_url|ff|https%3A%2F%2Frewardsprogram.euquestions2.com%2Feu%2Ffr%2Fa.php%3Fclickid%3D1562407915.27-158010169-24883%26c1%3Da1m7%26sid%3D158010169|ff|set|ff|flux_ref|ff|http%3A%2F%2Fgo.teldamps.com%2Fts60-international-credit-gen|ff|set|ff|flux_fn|ff|543536038690450121|ff|set|ff|flux_inject|ff|%7B%22intoUrl%22%3Afalse%2C%22intoForms%22%3A%7B%22selector%22%3Anull%7D%2C%22intoLinks%22%3A%7B%22selector%22%3A%22a.flux_cta%22%7D%2C%22tokens%22%3A%7B%22flux_sess%22%3A%22%7Bsession-id%7D%22%7D%7D&frameId=_ffq_track_
Frame ID: 9EC2FF1DC9414EBC3B6F6DEC723BFB18
Requests: 1 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://tinyurl.com/y2w44mur/14231xk442384hk9591bl28851th2910bo2226rr
HTTP 301
http://godt-liv.ml/14231xk442384hk9591bl28851th2910bo2226rr HTTP 302
http://hwmanymore.com/?E=rkaP2hHejC5RsAKJa5jV2QvZOkeavcEx&s1=82/14231/442384 HTTP 302
https://goatshpprd.com/?E=rkaP2hHejC5RsAKJa5jV2QvZOkeavcEx&s1=82/14231/442384&ckmguid=681ef893-f321... HTTP 302
http://go.teldamps.com/ts60-international-credit-gen Page URL
-
http://go.teldamps.com/match-52/24883/158010169/1562407913/mf_c7249d2c-4ece-4cb7-b39e-ed2173962425/...
HTTP 302
https://rewardsprogram.euquestions2.com/eu/fr/a.php?clickid=1562407915.27-158010169-24883&c1=a1m7&sid=158010169&tm=t... Page URL
Detected technologies
Nginx (Web Servers) ExpandDetected patterns
- headers server /nginx(?:\/([\d.]+))?/i
Font Awesome (Font Scripts) Expand
Detected patterns
- html /<link[^>]* href=[^>]+(?:([\d.]+)\/)?(?:css\/)?font-awesome(?:\.min)?\.css/i
Page Statistics
2 Outgoing links
These are links going to different origins than the main page.
Title: CLIQUEZ ICI
Search URL Search Domain Scan URL
Title: CLIQUEZ ICI
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://tinyurl.com/y2w44mur/14231xk442384hk9591bl28851th2910bo2226rr
HTTP 301
http://godt-liv.ml/14231xk442384hk9591bl28851th2910bo2226rr HTTP 302
http://hwmanymore.com/?E=rkaP2hHejC5RsAKJa5jV2QvZOkeavcEx&s1=82/14231/442384 HTTP 302
https://goatshpprd.com/?E=rkaP2hHejC5RsAKJa5jV2QvZOkeavcEx&s1=82/14231/442384&ckmguid=681ef893-f321-4f0f-997f-96b00b4745bf HTTP 302
http://go.teldamps.com/ts60-international-credit-gen Page URL
-
http://go.teldamps.com/match-52/24883/158010169/1562407913/mf_c7249d2c-4ece-4cb7-b39e-ed2173962425/dHM2MC1pbnRlcm5hdGlvbmFsLWNyZWRpdC1nZW4=
HTTP 302
https://rewardsprogram.euquestions2.com/eu/fr/a.php?clickid=1562407915.27-158010169-24883&c1=a1m7&sid=158010169&tm=token Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://tinyurl.com/y2w44mur/14231xk442384hk9591bl28851th2910bo2226rr HTTP 301
- http://godt-liv.ml/14231xk442384hk9591bl28851th2910bo2226rr HTTP 302
- http://hwmanymore.com/?E=rkaP2hHejC5RsAKJa5jV2QvZOkeavcEx&s1=82/14231/442384 HTTP 302
- https://goatshpprd.com/?E=rkaP2hHejC5RsAKJa5jV2QvZOkeavcEx&s1=82/14231/442384&ckmguid=681ef893-f321-4f0f-997f-96b00b4745bf HTTP 302
- http://go.teldamps.com/ts60-international-credit-gen
30 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
ts60-international-credit-gen
go.teldamps.com/ Redirect Chain
|
429 B 513 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
a.php
rewardsprogram.euquestions2.com/eu/fr/ Redirect Chain
|
35 KB 9 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/ |
30 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
facebook.css
rewardsprogram.euquestions2.com/eu/fr/css/ |
18 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cssbluegol.css
rewardsprogram.euquestions2.com/eu/fr/css/ |
1007 B 454 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
amazon.css
rewardsprogram.euquestions2.com/eu/fr/css/ |
2 KB 498 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
amznewg.css
rewardsprogram.euquestions2.com/eu/fr/css/ |
275 B 207 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
a.png
rewardsprogram.euquestions2.com/eu/fr/l/ |
9 KB 9 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
frflag.png
rewardsprogram.euquestions2.com/eu/fr/images/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
presenthead.png
rewardsprogram.euquestions2.com/eu/fr/images/ |
13 KB 13 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
present.png
rewardsprogram.euquestions2.com/eu/fr/images/ |
13 KB 13 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
loading.gif
rewardsprogram.euquestions2.com/eu/fr/images/ |
1 KB 2 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fb-check.jpg
rewardsprogram.euquestions2.com/eu/fr/images/ |
646 B 752 B |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
phone.jpg
rewardsprogram.euquestions2.com/eu/fr/images/ |
5 KB 6 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
5.png
rewardsprogram.euquestions2.com/eu/fr/images/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cartblack.png
rewardsprogram.euquestions2.com/eu/fr/images/ |
8 KB 8 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
iphone.jpg
rewardsprogram.euquestions2.com/eu/fr/images/ |
4 KB 4 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
watches.jpg
rewardsprogram.euquestions2.com/eu/fr/images/ |
9 KB 9 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
4.png
rewardsprogram.euquestions2.com/eu/fr/images/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
tablet.jpg
rewardsprogram.euquestions2.com/eu/fr/images/ |
8 KB 8 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
f1.jpg
rewardsprogram.euquestions2.com/eu/fr/images/ |
2 KB 2 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
com_s9.jpg
rewardsprogram.euquestions2.com/eu/fr/images/ |
11 KB 11 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
f.jpg
rewardsprogram.euquestions2.com/eu/fr/images/ |
2 KB 2 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
f3.jpg
rewardsprogram.euquestions2.com/eu/fr/images/ |
1 KB 2 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
f6.jpg
rewardsprogram.euquestions2.com/eu/fr/images/ |
1 KB 1 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
com_s9b.jpg
rewardsprogram.euquestions2.com/eu/fr/images/ |
12 KB 12 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
f5.jpg
rewardsprogram.euquestions2.com/eu/fr/images/ |
1 KB 1 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cc.png
rewardsprogram.euquestions2.com/eu/fr/images/ |
10 KB 10 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
universalJSRequest.php
mnvrmnd.com/tracking/ Frame 9EC2 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
5c365643eeb4c100109517b6
api.pushnami.com/scripts/v1/pushnami-adv/ |
24 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Customer Survey Spam (Consumer)31 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask string| tk string| newURL object| months object| days object| time object| d string| dateNow string| c1 function| socle function| nextQuestion function| drawszlider function| selectReward function| showModal object| comments number| slidewhere number| holvanszlider object| mydate number| year number| day number| month string| daym function| ffluxQuery object| fflux string| searchQuery object| pushWrap function| showFbChkOptIn undefined| o object| Pushnami7 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
mnvrmnd.com/ | Name: __cflb Value: 1759559876 |
|
mnvrmnd.com/ | Name: csid2 Value: ahps8q7797tjrh08l5rbstjsp7 |
|
mnvrmnd.com/ | Name: PHPSESSID Value: ahps8q7797tjrh08l5rbstjsp7 |
|
mnvrmnd.com/ | Name: ff-do-ss Value: node-119280778|XSBz7|XSBz7 |
|
.mnvrmnd.com/ | Name: __cfduid Value: dff767a5472f07ea25c6f11d574c034b81562407915 |
|
rewardsprogram.euquestions2.com/ | Name: PHPSESSID Value: djv3umebllnhutfusap9i3vbk7 |
|
.euquestions2.com/ | Name: __cfduid Value: d5c580d35a4912fdb6a6514e93fb596b41562407915 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
api.pushnami.com
go.teldamps.com
goatshpprd.com
godt-liv.ml
hwmanymore.com
maxcdn.bootstrapcdn.com
mnvrmnd.com
rewardsprogram.euquestions2.com
tinyurl.com
198.74.59.73
209.197.3.15
2606:4700:10::6814:da2a
2606:4700:30::681b:abe1
2606:4700:30::681f:4bed
35.192.185.253
54.230.202.97
66.172.12.145
02deafac2798c926ef826b26d97bac956459fa59600c555bbca04cc7c4afbbfe
1071f4f77ec205b365f4819a52a1cc617dc76152bbf68ff6fb9a1b037a0f808e
1539a006427495c4ff3640cc0220e9bf91eb932fd02b96e749a483e668fc85ac
18b60afc8548639623f2395f3f828b2ea05d029d0218b9632ee85909ef8071f4
248ec048f18428c832697369173e5801d2facfbced81e4331b9d8c8c9bae49fa
40361853c237fdb30bb38f4d0bf28a756cf40ca80be438b14231ba42b7ed987c
4604e524a2131ee561e13c9fe760267a0bbc64ca91027ab92fd355ff4dc1514d
48009a9653676b93d1749c2f87dafd370ef7c48683b26ce99fa4dd033096127b
4e3dbf3fcde964ca22b110c0ddd200cc054992c08bb26dbbde23f1ad94f068ee
50a3290216ca4d778af89d26039d7eb54582ad9331090bca5f4a8cfc0a9a2184
606de7c96412aa199126c85bcae803e648bbddfed2a2adfcee258a94265e6ebf
6ba2141090eb469b5c60ba9bc3158d14b781b1a5bc1073d531ada4fb75d4dcbf
735ee02711d4d62d8cfba0c075237f227491a044441540d39f8c8203ccd54cea
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
7a15c7fd6cff51cb3a08a1b705e578578f16f316835547063e9298a27257936b
7fe38f9fc2e3040ef5768cda90d5340d4bfda2167a29473d7ed59379431682e2
8068542f56aae2f41c2822f90d0d6ec7bcdbe91a09676840a73db81cbcbde868
808759a636c47f1145634b14ad373856f9d59d0574b606c1580ac65279491910
83c6c68049b117e9e003ab598b4d090448b551d0c0c39d65b35cb1d01a821484
8fccb5c96c54856548fbad584f0e41f72313b94b33ec32d328985b3267f4035e
93619c22601047342bb8a8bad0159b699e3a9fc96decb1346e454f4f881441d6
c54b3acd031d174f96f8b939e7636cab350422c68d197442d345594c6d243ec3
cb6088cc9f84fbb1208445298c7741588b625d606b61847d1d671ab4f8f60306
da79dc902b464e92380f8fdbcaf1432cf71f74adc0befcc79313cb3ed36d5212
e71ed54801386e335ff34fe13967db2e411a6e4b7e6703bf6b25a2536b9a7335
e978a40dc8f1798cb358ace0d17651a1d6453b22d4ff0ec7926614a517cb6ac2
eb7796b1744853f978dc23e3a819ff1b809e382b84026ee69de7ca4a363cac3c
f0f176edcd72c19d8d502cda24ca1d0294a19b3cc4a5486297239edaa8fcccc6
fe2d19612d240d2691f29765819cf80cb915ab990d4c319846d03d9ba88b0b5a