cba.authid-au.com
Open in
urlscan Pro
104.21.53.50
Malicious Activity!
Public Scan
Submission: On March 15 via api from JP — Scanned from AU
Summary
TLS certificate: Issued by GTS CA 1P5 on March 11th 2023. Valid for: 3 months.
This is the only time cba.authid-au.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Commonwealth Bank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
26 | 104.21.53.50 104.21.53.50 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 13.224.250.69 13.224.250.69 | 16509 (AMAZON-02) (AMAZON-02) | |
2 | 13.224.250.95 13.224.250.95 | 16509 (AMAZON-02) (AMAZON-02) | |
2 | 13.224.250.91 13.224.250.91 | 16509 (AMAZON-02) (AMAZON-02) | |
1 2 | 104.89.119.122 104.89.119.122 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
34 | 6 |
ASN16509 (AMAZON-02, US)
PTR: server-13-224-250-69.sin52.r.cloudfront.net
1.a79ab95c1589a13f8a4cab612bc71f9f7.com |
ASN16509 (AMAZON-02, US)
PTR: server-13-224-250-95.sin52.r.cloudfront.net
1.b406929acabac9b095f124c81bdfcf57f.com |
ASN16509 (AMAZON-02, US)
PTR: server-13-224-250-91.sin52.r.cloudfront.net
1.c81358859121583b7adf2ace89cb39f44.com |
ASN16625 (AKAMAI-AS, US)
PTR: a104-89-119-122.deploy.static.akamaitechnologies.com
www.my.commbank.com.au | |
www2.my.commbank.com.au |
Apex Domain Subdomains |
Transfer | |
---|---|---|
26 |
authid-au.com
cba.authid-au.com |
670 KB |
2 |
commbank.com.au
1 redirects
www.my.commbank.com.au — Cisco Umbrella Rank: 567625 www2.my.commbank.com.au — Cisco Umbrella Rank: 984330 |
387 B |
2 |
c81358859121583b7adf2ace89cb39f44.com
1.c81358859121583b7adf2ace89cb39f44.com — Cisco Umbrella Rank: 24336 |
4 KB |
2 |
b406929acabac9b095f124c81bdfcf57f.com
1.b406929acabac9b095f124c81bdfcf57f.com — Cisco Umbrella Rank: 24293 |
4 KB |
2 |
a79ab95c1589a13f8a4cab612bc71f9f7.com
1.a79ab95c1589a13f8a4cab612bc71f9f7.com — Cisco Umbrella Rank: 24335 |
4 KB |
34 | 5 |
Domain | Requested by | |
---|---|---|
26 | cba.authid-au.com |
cba.authid-au.com
|
2 | 1.c81358859121583b7adf2ace89cb39f44.com |
cba.authid-au.com
1.c81358859121583b7adf2ace89cb39f44.com |
2 | 1.b406929acabac9b095f124c81bdfcf57f.com |
cba.authid-au.com
1.b406929acabac9b095f124c81bdfcf57f.com |
2 | 1.a79ab95c1589a13f8a4cab612bc71f9f7.com |
cba.authid-au.com
1.a79ab95c1589a13f8a4cab612bc71f9f7.com |
1 | www2.my.commbank.com.au | |
1 | www.my.commbank.com.au | 1 redirects |
34 | 6 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.authid-au.com GTS CA 1P5 |
2023-03-11 - 2023-06-09 |
3 months | crt.sh |
*.a79ab95c1589a13f8a4cab612bc71f9f7.com Sectigo RSA Domain Validation Secure Server CA |
2022-04-04 - 2023-04-04 |
a year | crt.sh |
*.b406929acabac9b095f124c81bdfcf57f.com Sectigo RSA Domain Validation Secure Server CA |
2022-04-06 - 2023-04-07 |
a year | crt.sh |
*.c81358859121583b7adf2ace89cb39f44.com Sectigo RSA Domain Validation Secure Server CA |
2022-04-06 - 2023-04-07 |
a year | crt.sh |
This page contains 6 frames:
Primary Page:
https://cba.authid-au.com/loading.php
Frame ID: 3849515F1B936F2479DB25D47665684E
Requests: 26 HTTP requests in this frame
Frame:
https://cba.authid-au.com/comm_files/sign-out.html
Frame ID: 141B76A076DF60B085445D7D7D17E1B6
Requests: 1 HTTP requests in this frame
Frame:
https://cba.authid-au.com/comm_files/signout.html
Frame ID: 4D5180AE7F7978EC130B21CB2FCCFFB1
Requests: 1 HTTP requests in this frame
Frame:
https://1.a79ab95c1589a13f8a4cab612bc71f9f7.com/scripts/prod/crossdomain.html
Frame ID: 47E4850E57BE1BD8C57E5A16512BB0E6
Requests: 2 HTTP requests in this frame
Frame:
https://1.b406929acabac9b095f124c81bdfcf57f.com/scripts/prod/crossdomain.html
Frame ID: ADE427DFDB961FC189EDA1ECB092E033
Requests: 2 HTTP requests in this frame
Frame:
https://1.c81358859121583b7adf2ace89cb39f44.com/scripts/prod/crossdomain.html
Frame ID: F2F0B0D84C833C492B1711583F7E3BEE
Requests: 2 HTTP requests in this frame
Screenshot
Page Title
NetBank - Log on to NetBank - Enjoy simple and secure online banking from Commonwealth BankDetected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
Bootstrap (Web Frameworks) Expand
Detected patterns
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 32- https://www.my.commbank.com.au/financial.js?url=https%3A%2F%2Fcba.authid-au.com%2Floading.php&referrer= HTTP 302
- https://www2.my.commbank.com.au/financial.js?url=https%3A%2F%2Fcba.authid-au.com%2Floading.php&referrer=
34 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
loading.php
cba.authid-au.com/ |
19 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logon-merge.8397238ab0ae7a25ea1af4d375f2c3df.css
cba.authid-au.com/comm_files/ |
34 KB 8 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.js
cba.authid-au.com/commbank_filez/js/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.js
cba.authid-au.com/files/ |
87 KB 32 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.mask.js
cba.authid-au.com/files/ |
23 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
2a817845.js.download
cba.authid-au.com/comm_files/ |
605 KB 114 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
cba_mainlogo.ac9de6fb5214be84653367c74ba0b5f0.gif
cba.authid-au.com/comm_files/ |
5 KB 5 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Partnership_NetBanklogon.jpg
cba.authid-au.com/comm_files/ |
17 KB 18 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
tracking-merge.8784d605543edaf86ccd7ce9c54ba0eb.js.download
cba.authid-au.com/comm_files/ |
117 KB 42 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
core-merge.36971982ebc03a2658d8e51f70007637.js.download
cba.authid-au.com/comm_files/ |
391 KB 122 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
marketing-merge.9c983bdf09d88d96f98b1c1daaf6d57d.js.download
cba.authid-au.com/comm_files/ |
90 KB 33 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
trackingbootstrap.c8068b07c37c03776d99cb952fec6272.js.download
cba.authid-au.com/comm_files/ |
11 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
instrumentation-merge.4043785f5795e2e8297bdfe0cdf60f4d.js.download
cba.authid-au.com/comm_files/ |
19 KB 8 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
func.9b8de72fe2f973dd95ef094847ce3974.js.download
cba.authid-au.com/comm_files/ |
68 KB 23 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
metrics.9fad0b7ae109eb7ff6f728371db87a10.js.download
cba.authid-au.com/comm_files/ |
8 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
smartbanner.d1197ec1675a985d0591d2083729fe1a.js.download
cba.authid-au.com/comm_files/ |
7 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
hbg.0236e4e9a193069c4e8554db8b06354c.png
cba.authid-au.com/comm_files/ |
254 B 716 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET BLOB |
b3cbc330-e58b-471a-ba4f-4329c808bbee
https://cba.authid-au.com/ |
165 KB 0 |
Other
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
sign-out.html
cba.authid-au.com/comm_files/ Frame 141B |
159 B 537 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
signout.html
cba.authid-au.com/comm_files/ Frame 4D51 |
224 B 576 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
logonsprite2.307a0c523f35f709f390895b4720d350.png
cba.authid-au.com/comm_files/ |
14 KB 14 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
crossdomain.html
1.a79ab95c1589a13f8a4cab612bc71f9f7.com/scripts/prod/ Frame 47E4 |
221 B 557 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
crossdomain.html
1.b406929acabac9b095f124c81bdfcf57f.com/scripts/prod/ Frame ADE4 |
221 B 555 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
crossdomain.html
1.c81358859121583b7adf2ace89cb39f44.com/scripts/prod/ Frame F2F0 |
221 B 557 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
crossdomain2.12.0.5273.b96c35cc.min.js
1.b406929acabac9b095f124c81bdfcf57f.com/scripts/prod/ Frame ADE4 |
3 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
crossdomain2.12.0.5273.b96c35cc.min.js
1.a79ab95c1589a13f8a4cab612bc71f9f7.com/scripts/prod/ Frame 47E4 |
3 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
crossdomain2.12.0.5273.b96c35cc.min.js
1.c81358859121583b7adf2ace89cb39f44.com/scripts/prod/ Frame F2F0 |
3 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
TrackingBase.json
cba.authid-au.com/static/cmxAssets/tracking/ |
315 B 645 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
tracking-merge.8784d605543edaf86ccd7ce9c54ba0eb.js.download
cba.authid-au.com/comm_files/ |
117 KB 42 KB |
XHR
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
core-merge.36971982ebc03a2658d8e51f70007637.js.download
cba.authid-au.com/comm_files/ |
391 KB 122 KB |
XHR
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
marketing-merge.9c983bdf09d88d96f98b1c1daaf6d57d.js.download
cba.authid-au.com/comm_files/ |
90 KB 33 KB |
XHR
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
instrumentation-merge.4043785f5795e2e8297bdfe0cdf60f4d.js.download
cba.authid-au.com/comm_files/ |
19 KB 8 KB |
XHR
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
func.9b8de72fe2f973dd95ef094847ce3974.js.download
cba.authid-au.com/comm_files/ |
68 KB 23 KB |
XHR
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
financial.js
www2.my.commbank.com.au/ Redirect Chain
|
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headersRedirect headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Commonwealth Bank (Banking)114 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 boolean| credentialless function| $ function| jQuery object| cdwpb object| cdApi object| Page_ValidationSummaries function| Visitor object| visitor object| CBAtracker string| s_account object| s object| tDate function| s_doPlugins function| AppMeasurement_Module_AudienceManagement function| AppMeasurement function| s_gi function| s_pgicq object| CommBank object| s_c_il number| s_c_in function| DIL number| s_objectID number| s_giq function| AppMeasurement_Module_DIL function| HashSet function| debounce boolean| isIE boolean| isWin boolean| isOpera function| JSGetSwfVer undefined| flashVersion boolean| flashVersionChecked function| getFlashVersion function| getFlashVersionScript object| paramArr object| newParamArr function| addParam object| valueArray function| createBanner function| writeBanner object| loadingQueue function| ValidationSummaryOnSubmit function| Page_ClientValidate undefined| _ValidatorGetValue function| RequiredFieldValidatorEvaluateIsValid function| ValidatorUpdateDisplay function| CustomValidatorEvaluateIsValid undefined| _CompareValidatorEvaluateIsValid function| CheckBoxListMandatoryValidator function| CheckBoxMandatoryValidator function| ValidateCalendarMandatory function| ValidateCalendar function| ValidateMaxLength function| ValidateCurrencyLength function| ValidateEmail function| ValidateMobile function| ValidateAutoCompleteField function| RowMandatoryValidate boolean| __cbaPreventValidationSummaryFlag function| __cbaPreventValidationSummary function| ValidationSummaryShowMessage function| ValidationSummaryHide object| Icrm number| jsVersion boolean| _isBeginRequestRegistered boolean| _isEndRequestRegistered function| DP_jQuery_1678853053498 object| jQuery191020504453443900572 function| Q object| mboxRequestParameters string| s_segList object| mboxFactoryDefault function| aam_tnt_cb function| addParameterToGlobalMboxRequest function| validateAndAddArrayParameter function| mboxDefine function| mboxCreate function| mboxUpdate object| adobe object| ___target_traces boolean| SMT_DISPLAY_PERF_STATS object| smtPageExecStartTime undefined| smtPageExecEndTime undefined| smtControlExecStartTime undefined| smtControlExecEndTime object| SMT undefined| url boolean| form1_submitted function| WebForm_OnSubmit function| StringBuffer object| Base64 function| Utf8EncodeEnumerator function| AnsiEncodeEnumerator function| Base64DecodeEnumerator object| Compression object| Logger object| RawDeflate function| OldWebForm_OnSubmit object| a0a function| a0b function| _typeof undefined| applicationObfuscation object| MAD object| _0xc7be function| invokeSafely object| navigatorObj object| pluginsObj function| getResource function| hash object| TrackingBootstrap string| s_host undefined| jsonCallback5 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
cba.authid-au.com/ | Name: PHPSESSID Value: f6b542e8bed1e0be599bbb2f7cc32b4b |
|
.authid-au.com/ | Name: bmuid Value: 1678853053000-6C0BFE94-EAF5-45F0-976C-B2BCB9061C02 |
|
.authid-au.com/ | Name: cdSNum Value: 1678853053374-sjn0000066-87217237-f7a6-49b9-867b-fec8cf136c65 |
|
.authid-au.com/ | Name: at_check Value: true |
|
.authid-au.com/ | Name: cdContextId Value: 2 |
3 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
1.a79ab95c1589a13f8a4cab612bc71f9f7.com
1.b406929acabac9b095f124c81bdfcf57f.com
1.c81358859121583b7adf2ace89cb39f44.com
cba.authid-au.com
www.my.commbank.com.au
www2.my.commbank.com.au
104.21.53.50
104.89.119.122
13.224.250.69
13.224.250.91
13.224.250.95
08df99ec4d261b66ad39c6b65776c83fc7d66591d0fbb466fe0950737db57bfc
0a23512ea579554af1f2614d6dea6120d38660028fc7624c71a978478fae0eb6
25e521f17135f161c1f02f0555af227292ab009967c461380e3135c414f288e6
4620bea7b8db9ffe1747e9c29910d7ea2ec84a7a3c7416e7a8a70e450073d820
47db8c5a79387f5a1a5c43b4ccd04c9b0633e33ffcdd6bc0d9e68c4686d49413
64966addee04d5b2fa4871ab52de3bf94c817203b2a47a160cdd1bde15eb6a32
6706829a5a7c75ffe4c05d68d9865f8581cdc16f4f7ed42a9de927f0330f147b
7cf46fbfca24dd814d3ef457da79b54ca3a38858a75f6f70ff49343231cc0bf9
81bf6b11b38dd4edee209e4783acd0180f5a4660b9123635d6afebe9470e9fd3
9cdad69a4b967c882c3d8e9cb054e7334b7f8870e96427a5d20ae2d17eff2622
a199620fe981df00a825f78761d3f7c8870f8117daa4a890e08018dec386dae8
bdb0b8e96a7b152a1d317c2dcb839d2a70f47c07782ee0ac6881d7c7443db5fc
c1366941e76e519a2aa15c50241f44f81528f5c5765f200c420d70e1fd26b893
c2dca1942a00fd9a1a9b3d993579bab824861ff28177cdb2e9c89d59e8cf5bc6
c3787cbabd5c9acf9bfdc72c8e706754d644a14d5bd538e675c1885ccae87341
d33e375915cb5eae9c0eb5d165daaf2de294633cf59b6e767d24ea64ada4eede
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
dcf81f81e9abca1b1942c63e37c79547ef37c0b8fd127655c6c23b59fabdf0b1
e195a1f3b45fe7186ed098bfe70f7c159e5007fb48333fbd8b22a173710055b0
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e53a237272ec15ad2e24ab6da3958e1d53b45e60cf09f5710d2cfa077a5eab6d
f0755c4aa02ff90cf951d4752166ce52ea98cb85b86186f954dcc5d9d9cd02c0
f1404e17ecd692ad59a6e0c12e730a364df185e9bf45afe95371c4eddb341814
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e