login.jamalbuster.com
Open in
urlscan Pro
77.73.134.36
Malicious Activity!
Public Scan
Effective URL: https://login.jamalbuster.com/mn
Submission: On March 17 via manual from IN — Scanned from DE
Summary
TLS certificate: Issued by R3 on March 13th 2023. Valid for: 3 months.
This is the only time login.jamalbuster.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
3 3 | 192.41.46.10 192.41.46.10 | 13951 (DATABANK-SLC) (DATABANK-SLC) | |
11 | 162.241.203.51 162.241.203.51 | 19871 (NETWORK-S...) (NETWORK-SOLUTIONS-HOSTING) | |
1 | 2a00:1450:400... 2a00:1450:4001:828::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 162.241.27.245 162.241.27.245 | 46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1) | |
1 | 77.73.134.36 77.73.134.36 | 204603 (PARTNER-AS) (PARTNER-AS) | |
1 8 | 2606:4700::68... 2606:4700::6812:6b9 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
6 | 104.16.168.131 104.16.168.131 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 1 | 13.225.78.99 13.225.78.99 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 108.138.17.39 108.138.17.39 | 16509 (AMAZON-02) (AMAZON-02) | |
28 | 8 |
ASN13951 (DATABANK-SLC, US)
PTR: 192-41-46-10.c7dc.com
my.dealersocket.com |
ASN19871 (NETWORK-SOLUTIONS-HOSTING, US)
PTR: 162-241-203-51.unifiedlayer.com
5w.ae2gl.aaproducoes.com.br |
ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: 162-241-27-245.unifiedlayer.com
herontechnocast.com |
ASN13335 (CLOUDFLARENET, US)
js.hcaptcha.com | |
newassets.hcaptcha.com | |
hcaptcha.com |
ASN16509 (AMAZON-02, US)
PTR: server-13-225-78-99.fra2.r.cloudfront.net
findicons.com |
ASN16509 (AMAZON-02, US)
PTR: server-108-138-17-39.fra56.r.cloudfront.net
images.freeimages.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
11 |
aaproducoes.com.br
5w.ae2gl.aaproducoes.com.br |
158 KB |
8 |
cloudflare.com
1 redirects
challenges.cloudflare.com — Cisco Umbrella Rank: 5237 |
124 KB |
6 |
hcaptcha.com
js.hcaptcha.com — Cisco Umbrella Rank: 14046 newassets.hcaptcha.com — Cisco Umbrella Rank: 11013 hcaptcha.com — Cisco Umbrella Rank: 7799 |
242 KB |
3 |
dealersocket.com
3 redirects
my.dealersocket.com — Cisco Umbrella Rank: 87711 |
2 KB |
1 |
freeimages.com
images.freeimages.com — Cisco Umbrella Rank: 138339 |
606 B |
1 |
findicons.com
1 redirects
findicons.com — Cisco Umbrella Rank: 365138 |
306 B |
1 |
jamalbuster.com
login.jamalbuster.com |
19 KB |
1 |
herontechnocast.com
herontechnocast.com |
119 B |
1 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 34 |
2 KB |
28 | 9 |
Domain | Requested by | |
---|---|---|
11 | 5w.ae2gl.aaproducoes.com.br |
5w.ae2gl.aaproducoes.com.br
|
8 | challenges.cloudflare.com |
1 redirects
login.jamalbuster.com
challenges.cloudflare.com 5w.ae2gl.aaproducoes.com.br |
4 | newassets.hcaptcha.com |
js.hcaptcha.com
newassets.hcaptcha.com |
3 | my.dealersocket.com | 3 redirects |
1 | hcaptcha.com |
newassets.hcaptcha.com
|
1 | images.freeimages.com |
login.jamalbuster.com
|
1 | findicons.com | 1 redirects |
1 | js.hcaptcha.com |
login.jamalbuster.com
|
1 | login.jamalbuster.com | |
1 | herontechnocast.com |
5w.ae2gl.aaproducoes.com.br
|
1 | fonts.googleapis.com |
5w.ae2gl.aaproducoes.com.br
|
28 | 11 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
upload.video.google.com GTS CA 1C3 |
2023-03-02 - 2023-05-25 |
3 months | crt.sh |
*.herontechnocast.com R3 |
2023-02-18 - 2023-05-19 |
3 months | crt.sh |
jamalbuster.com R3 |
2023-03-13 - 2023-06-11 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-05-15 - 2023-05-15 |
a year | crt.sh |
challenges.cloudflare.com Cloudflare Inc ECC CA-3 |
2022-09-18 - 2023-09-17 |
a year | crt.sh |
This page contains 4 frames:
Primary Page:
https://login.jamalbuster.com/mn
Frame ID: E06560D460B293288D42D7637FA45165
Requests: 17 HTTP requests in this frame
Frame:
https://newassets.hcaptcha.com/captcha/v1/7d69057/static/hcaptcha.html
Frame ID: 52AE2B8A8624FA1AEDA8A4A8120C8CAA
Requests: 2 HTTP requests in this frame
Frame:
https://newassets.hcaptcha.com/captcha/v1/7d69057/static/hcaptcha.html
Frame ID: 7BD925876F3F70D69BB22434D4C09221
Requests: 4 HTTP requests in this frame
Frame:
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/hjjsd/0x4AAAAAAADLmRBOfh4TeETa/auto/normal
Frame ID: BB7C00D9A23AB09D29F192F909167860
Requests: 6 HTTP requests in this frame
Screenshot
Page Title
Just a moment...Page URL History Show full URLs
-
https://my.dealersocket.com/emailtrack/track/track?siteId=19&sentId=51150&entityId=607895&emailType=doc&...
HTTP 307
https://my.dealersocket.com/VersionManager/EmailTrack/Route?page=%2Femailtrack%2Ftrack%2Ftrack%3FsiteId%... HTTP 302
https://my.dealersocket.com/emailtrack/track/track?NoRedirect=1&siteId=19&sentId=51150&entityId=607895&e... HTTP 302
http://5w.ae2gl.aaproducoes.com.br// Page URL
- https://login.jamalbuster.com/mn Page URL
Detected technologies
Font Awesome (Font Scripts) ExpandDetected patterns
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://my.dealersocket.com/emailtrack/track/track?siteId=19&sentId=51150&entityId=607895&emailType=doc&redirectLink=http://5w.ae2gl.aaproducoes.com.br://%23aHR0cHM6Ly9oZXJvbnRlY2hub2Nhc3QuY29tL2Jlc3RndXkvQ2xhcmlvcy9iZXRoLmZpdHpnZXJhbGRAY2xhcmlvcy5jb20=
HTTP 307
https://my.dealersocket.com/VersionManager/EmailTrack/Route?page=%2Femailtrack%2Ftrack%2Ftrack%3FsiteId%3D19%26sentId%3D51150%26entityId%3D607895%26emailType%3Ddoc%26redirectLink%3Dhttp%3A%2F%2F5w.ae2gl.aaproducoes.com.br%3A%2F%2F%2523aHR0cHM6Ly9oZXJvbnRlY2hub2Nhc3QuY29tL2Jlc3RndXkvQ2xhcmlvcy9iZXRoLmZpdHpnZXJhbGRAY2xhcmlvcy5jb20%3D HTTP 302
https://my.dealersocket.com/emailtrack/track/track?NoRedirect=1&siteId=19&sentId=51150&entityId=607895&emailType=doc&redirectLink=http:%2f%2f5w.ae2gl.aaproducoes.com.br:%2f%2f%23aHR0cHM6Ly9oZXJvbnRlY2hub2Nhc3QuY29tL2Jlc3RndXkvQ2xhcmlvcy9iZXRoLmZpdHpnZXJhbGRAY2xhcmlvcy5jb20%3d HTTP 302
http://5w.ae2gl.aaproducoes.com.br// Page URL
- https://login.jamalbuster.com/mn Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://my.dealersocket.com/emailtrack/track/track?siteId=19&sentId=51150&entityId=607895&emailType=doc&redirectLink=http://5w.ae2gl.aaproducoes.com.br://%23aHR0cHM6Ly9oZXJvbnRlY2hub2Nhc3QuY29tL2Jlc3RndXkvQ2xhcmlvcy9iZXRoLmZpdHpnZXJhbGRAY2xhcmlvcy5jb20= HTTP 307
- https://my.dealersocket.com/VersionManager/EmailTrack/Route?page=%2Femailtrack%2Ftrack%2Ftrack%3FsiteId%3D19%26sentId%3D51150%26entityId%3D607895%26emailType%3Ddoc%26redirectLink%3Dhttp%3A%2F%2F5w.ae2gl.aaproducoes.com.br%3A%2F%2F%2523aHR0cHM6Ly9oZXJvbnRlY2hub2Nhc3QuY29tL2Jlc3RndXkvQ2xhcmlvcy9iZXRoLmZpdHpnZXJhbGRAY2xhcmlvcy5jb20%3D HTTP 302
- https://my.dealersocket.com/emailtrack/track/track?NoRedirect=1&siteId=19&sentId=51150&entityId=607895&emailType=doc&redirectLink=http:%2f%2f5w.ae2gl.aaproducoes.com.br:%2f%2f%23aHR0cHM6Ly9oZXJvbnRlY2hub2Nhc3QuY29tL2Jlc3RndXkvQ2xhcmlvcy9iZXRoLmZpdHpnZXJhbGRAY2xhcmlvcy5jb20%3d HTTP 302
- http://5w.ae2gl.aaproducoes.com.br//
- https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP 302
- https://challenges.cloudflare.com/turnstile/v0/g/db880165/api.js?onload=onloadTurnstileCallback
- https://findicons.com/files/icons/2796/metro_uinvert_dock/64/microsoft_new_logo_alt.png HTTP 301
- https://images.freeimages.com/fic/images/icons/2796/metro_uinvert_dock/64/microsoft_new_logo_alt.png?ref=findicons
28 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
/
5w.ae2gl.aaproducoes.com.br// Redirect Chain
|
463 KB 158 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
25 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
font-awesome.min.css
5w.ae2gl.aaproducoes.com.br//css/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrap.min.css
5w.ae2gl.aaproducoes.com.br//css/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ion.rangeSlider.css
5w.ae2gl.aaproducoes.com.br//css/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ion.rangeSlider.skinFlat.css
5w.ae2gl.aaproducoes.com.br//css/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.bxslider.css
5w.ae2gl.aaproducoes.com.br//css/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.fancybox.css
5w.ae2gl.aaproducoes.com.br//css/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
flexslider.css
5w.ae2gl.aaproducoes.com.br//css/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
swiper.css
5w.ae2gl.aaproducoes.com.br//css/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
style.css
5w.ae2gl.aaproducoes.com.br//css/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
media.css
5w.ae2gl.aaproducoes.com.br//css/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
beth.fitzgerald@clarios.com
herontechnocast.com/bestguy/Clarios/ |
0 119 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
mn
login.jamalbuster.com/ |
18 KB 19 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
api.js
challenges.cloudflare.com/turnstile/v0/g/db880165/ Redirect Chain
|
14 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
api.js
js.hcaptcha.com/1/ |
284 KB 80 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
microsoft_new_logo_alt.png
images.freeimages.com/fic/images/icons/2796/metro_uinvert_dock/64/ Redirect Chain
|
254 B 606 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
hcaptcha.html
newassets.hcaptcha.com/captcha/v1/7d69057/static/ Frame 52AE |
2 KB 961 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
hcaptcha.html
newassets.hcaptcha.com/captcha/v1/7d69057/static/ Frame 7BD9 |
2 KB 815 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
normal
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/hjjsd/0x4AAAAAAADLmRBOfh4TeETa/auto/ Frame BB7C |
21 KB 7 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
v1
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/ Frame BB7C |
151 KB 55 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
hcaptcha.js
newassets.hcaptcha.com/captcha/v1/7d69057/ Frame 52AE |
284 KB 80 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
hcaptcha.js
newassets.hcaptcha.com/captcha/v1/7d69057/ Frame 7BD9 |
284 KB 80 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame 7BD9 |
798 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
checksiteconfig
hcaptcha.com/ Frame 7BD9 |
554 B 799 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
7bcbc919a74e89d
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/854984771:1679084844:ro1ndKn14y7ukZQIP7Jj0QvMWTdN6H6kHDOYkX_zHrU/7a982591cabe3619/ Frame BB7C |
108 KB 54 KB |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
ceTVoL-R2DSii0v
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/img/7a982591cabe3619/1679086631089/ Frame BB7C |
61 B 166 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
T4gi6BFCU76dBnW
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/7a982591cabe3619/1679086631093/0f1b99e734e980b83e41cd7511ce79018a67ba4d684d7e5e3505de8aa9cb7e0b/ Frame BB7C |
1 B 646 B |
Fetch
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
7bcbc919a74e89d
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/854984771:1679084844:ro1ndKn14y7ukZQIP7Jj0QvMWTdN6H6kHDOYkX_zHrU/7a982591cabe3619/ Frame BB7C |
868 B 1 KB |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)16 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 object| 2 boolean| credentialless function| verifyCallback_CF function| verifyCallback_hCaptcha function| validateElement function| refreshCallBack function| switchToSecondCaptcha function| onloadTurnstileCallback function| incrementLoader object| Raven object| hcaptcha object| grecaptcha object| turnstile number| ticker3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.dealersocket.com/ | Name: RP_rp Value: GEN |
|
.dealersocket.com/ | Name: RP_dc Value: 4 |
|
.jamalbuster.com/ | Name: EVILGINX2 Value: 3259653f3f9bf71c15325b4bdad439f617bb2eeffddc55177f2e9b245703933c |
12 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
5w.ae2gl.aaproducoes.com.br
challenges.cloudflare.com
findicons.com
fonts.googleapis.com
hcaptcha.com
herontechnocast.com
images.freeimages.com
js.hcaptcha.com
login.jamalbuster.com
my.dealersocket.com
newassets.hcaptcha.com
104.16.168.131
108.138.17.39
13.225.78.99
162.241.203.51
162.241.27.245
192.41.46.10
2606:4700::6812:6b9
2a00:1450:4001:828::200a
77.73.134.36
2267d1822dbefc10c25e17d1fa4a6d9331e5a126e2483c5aff542d6107ebca36
3194f75779ec9346d860489a923880683160a16c6a38476f6df6417c00797b2b
35c53fc28f1351ec1df712370cd08bd9c4dc5c5a70cc72e5c51896f2bde5c1df
47807adcfda24f7f27f0df1cd18673a42e819af0666e653e40db51f7bfa5180a
5448f8cff2b1c4d5122e726402ab1e22075c84faaa52300e3d108c4bcbda1789
57cafa49fb677c3f09d6e90b051917d10e7bb54e83102a25f3d32b06e8fa59a7
5dd45ab5ca1c184cf7145a7d2bcffd8b2eb6412624d381c4959f02c3b68ea290
6da43b944e494e885e69af021f93c6d9331c78aa228084711429160a5bbd15b5
7cf7d05023f0700848c65665f70bd76ba87bda35838b2fa6cf4fffae8f91f21b
826df2267364dccb21898d5afe1af9d535e8bcc5230e801995c4cd63cf4f7827
95b99b82dcc45a6649aeb55cfbb1cc647340a439fb9c483d0b11eec13b35b039
9a685dfa8e3de172dad03843f2674bf8175b2dce301827c8206e7df6c6f2f5f2
9f05242270132a89b0ce4c828959b3607c765029c84e4244d15b82b363d94f49
d395cc53363e6e22c75f73de0d4de7355ed844b65b8f0d149664ec06facd2d8e
fa567ea63c532d43e2f5e3e3962ff8b5fa0366f3c62ee0585fa6fe4be4c70f60