--===============0552684718424922240==
Content-Type: multipart/alternative; boundary="===============5142591692349464080=="
MIME-Version: 1.0
--===============5142591692349464080==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Cybersecurity and Infrastructure Security Agency (CISA)
You are subscribed to Cybersecurity Advisories for Cybersecurity and Infras= tructure Security Agency. This information has recently been updated and is=
now available.
=E2=80=8B=E2=80=8BSupply Chain Compromise Impacts Axios Node Package Manage= r=E2=80=8B [
https://www.cisa.gov/news-events/alerts/2026/04/20/supply-chai= n-compromise-impacts-axios-node-package-manager ] 04/20/2026 3:00 PM EDT=20
CISA is releasing this alert to provide guidance in response to the softwar=
e supply chain compromise of the Axios node package manager (npm).1 [ #note=
1 ] Axios is an HTTP client for JavaScript that developers commonly use in = Node.js and browser environments.=C2=A0
On March 31, 2026, two npm packages for versions
axios@1.14.1 and axios@0.3= 0.4 of Axios npm injected the malicious dependency plain-crypto-js@4.2.1 th=
at downloads multi-stage payloads from cyber threat actor infrastructure, i= ncluding a remote access trojan.2 [ #note2 ]
CISA urges organizations to implement the following recommendations to dete=
ct and remediate a potential compromise:=E2=80=AF
* Monitor and review code repositories, continuous integration/continuous=
delivery (CI/CD) pipelines, and developer machines that ran npm install or=
npm update with the compromised Axios version.=20
* Search for cached versions of affected dependencies in artifact reposit= ories and dependency management tools. Pin npm package dependency versions =
to known safe releases.=20
If compromised dependencies are identified, revert the environment to a kno=
wn safe state.=C2=A0
* Downgrade to
axios@1.14.0 or
axios@0.30.3 and delete node_modules/plain= -crypto-js/.=20
* Rotate/revoke credentials that may have been exposed on affected system=
s or pipelines (e.g., version control system [VCS] tokens, CI/CD secrets, c= loud keys, npm tokens, and Secure Shell [SSH] keys). For ephemeral CI jobs,=
rotate all secrets injected into the compromised run.=20
* Monitor for unexpected child processes and anomalous network behavior, = specifically during npm install or npm update.=20
* Block and monitor outbound connections to Sfrclak[.]com domains.=20
* Conduct continuous indicator searches and endpoint detection and respon=
se (EDR) hunts to confirm no indicators of compromise (IOCs) remain; ensure=
no further egress to the command and control (C2).=20
In addition, CISA recommends organizations using Axios npm:
* Mandate phishing-resistant multifactor authentication (MFA) on all deve= loper accounts, especially for critical platforms.=20
* Set=E2=80=AFignore-scripts=3Dtrue in the .npmrc configuration file, whi=
ch prevents potentially malicious scripts from executing during npm install=
packages.=20
* Set min-release-age=3D7 in the .npmrc configuration file to only instal=
l packages that have been published for at least seven days, which helps av= oid installation of packages that may not be completely vetted or are poten= tially malicious.=20
* Establish and maintain a baseline of normal execution behavior for tool=
s that use Axios.=20
* Alert when a dependency behaves differently (e.g., building containers,=
enabling shells, executing commands) and trace outbound network activity f=
or anomalous connections.=20
See the following resources for additional guidance on this compromise:=C2=
=A0
* GitHub: _Post Mortem: axios npm supply chain compromise #10636_ [ https= ://github.com/axios/axios/issues/10636 ]=20
* Microsoft: _Mitigating the Axios npm supply chain compromise_ [ https:/= /www.microsoft.com/en-us/security/blog/2026/04/01/mitigating-the-axios-npm-= supply-chain-compromise/ ]=20
* StepSecurity: _axios Compromised on npm - Malicious Versions Drop Remot=
e Access Trojan_ [
https://www.stepsecurity.io/blog/axios-compromised-on-np= m-malicious-versions-drop-remote-access-trojan ]=20
* npm Docs: _Securing your code_ [
https://docs.npmjs.com/packages-and-mo= dules/securing-your-code ]=20
* Socket: _Supply Chain Attack on Axios Pulls Malicious Dependency from n= pm_ [
https://socket.dev/blog/axios-npm-package-compromised ]=20
*Disclaimer*
The information in this report is being provided =E2=80=9Cas is=E2=80=9D fo=
r informational purposes only. CISA does not endorse any commercial entity,=
product, company, or service, including any entities, products, or service=
s linked within this document. Any reference to specific commercial entitie=
s, products, processes, or services by service mark, trademark, manufacture=
r, or otherwise, does not constitute or imply endorsement, recommendation, =
or favoring by CISA.
*Notes*
1 =E2=80=9CPost Mortem: axios npm supply chain compromise,=E2=80=9D axios G= itHub, Issue #10636, March 31, 2026,
https://github.com/axios/axios/issues/= 10636.
2 =E2=80=9CMitigating the Axios npm supply chain compromise,=E2=80=9D Micro= soft Threat Intelligence and Microsoft Defender Security Research Team, Apr=
il 1, 2026,
https://www.microsoft.com/en-us/security/blog/2026/04/01/mitiga= ting-the-axios-npm-supply-chain-compromise/.
Please share your thoughts with us through this anonymous survey [
https://= cisasurvey.gov1.qualtrics.com/jfe/form/SV_9n4TtB8uttUPaM6?Source=3DGovDeliv= ery
https://www.cisa.gov/news-events/alerts/2026/04/20/supply-chain-compromi= se-impacts-axios-node-package-manager ]. We appreciate your feedback.=C2=A0
This product is provided subject to this Notification [
https://www.cisa.go= v/notification ] and this Privacy & Use [
https://www.cisa.gov/privacy-poli=
cy ] policy.=C2=A0
=C2=A0
body { font-size: 1em; font-family: Arial, Verdana, sans-serif; font-weight=
: normal; font-style: normal; color: #333333; }=20
Having trouble viewing this message?=C2=A0View it as a webpage [
https://co= ntent.govdelivery.com/accounts/USDHSCISA/bulletins/413c7a5 ].=C2=A0 [ https= ://content.govdelivery.com/accounts/USDHS/bulletins/292141e ]
You are subscribed to updates from the Cybersecurity and Infrastructure Sec= urity Agency [
https://www.cisa.gov ] (CISA)
Manage Subscriptions [
https://public.govdelivery.com/accounts/USDHSCISA/su= bscriber/edit?preferences=3Dtrue#tab1 ]=C2=A0=C2=A0|=C2=A0=C2=A0Privacy Pol= icy [
https://www.cisa.gov/privacy-policy ]=C2=A0=C2=A0|=C2=A0 Help [ https= ://subscriberhelp.granicus.com/s/article/Subscriber-Help-Center ] [ https:/= /insights.govdelivery.com/Communications/Subscriber_Help_Center ]
Connect with CISA:=20
Facebook [
https://www.facebook.com/CISA ]=C2=A0 |=C2=A0 Twitter [
https://= twitter.com/CISAgov ]=C2=A0 |=C2=A0 Instagram [
https://Instagram.com/cisag=
ov ]=C2=A0 |=C2=A0 LinkedIn [
https://www.linkedin.com/company/cybersecurit= y-and-infrastructure-security-agency ]=C2=A0 |=C2=A0=C2=A0 YouTube [ https:= //www.youtube.com/channel/UCxyq9roe-npgzrVwbpoAy0A ]
________________________________________________________________________
This email was sent to
cisa@toolazy.synchro.net using GovDelivery Communica= tions Cloud, on behalf of: Cybersecurity and Infrastructure Security Agency=
=C2=B7 707 17th St, Suite 4000 =C2=B7 Denver, CO 80202 GovDelivery logo [ =
https://subscriberhelp.granicus.com/ ]=20
body .abe-column-block { min-height: 5px; } table.gd_combo_table img {margi= n-left:10px; margin-right:10px;} table.gd_combo_table div.govd_image_displa=
y img, table.gd_combo_table td.gd_combo_image_cell img {margin-left:0px; ma= rgin-right:0px;}
--===============5142591692349464080==
Content-Type: text/html; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "
http://www.= w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns=3D"
http://www.w3.org/1999/xhtml" xml:lang=3D"en" lang=3D"en"> <head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3DUTF-8"> <title> =E2=80=8B=E2=80=8BSupply Chain Compromise Impacts Axios Node Pac= kage Manager=E2=80=8B
</title>
</head>
<body style=3D"">
<table width=3D"700" border=3D"0" cellspacing=3D"0" cellpadding=3D"0"=
align=3D"center">
<tr>
<td>
<!--[if (gte mso 9)|(IE)]>
<table style=3D"display:none"><tr><td><a name=3D"gd_top" id=3D"gd_top"></= a></td></tr></table>
<![endif]-->
<a name=3D"gd_top" id=3D"gd_top"></a>
=20
<p><img src=3D"
https://content.govdelivery.com/attachments/fancy_images/U= SDHSCISA/2020/06/3486054/05152023-gov-delivery-banner-copy_original.png" al= t=3D"Cybersecurity and Infrastructure Security Agency (CISA)" title=3D"" wi= dth=3D"600" height=3D"100"></p>
<p>You are subscribed to Cybersecurity Advisories for Cybersecurity and I= nfrastructure Security Agency. This information has recently been updated a=
nd is now available.</p>
<div class=3D"rss_item" style=3D"margin-bottom: 2em;">
<div class=3D"rss_title" style=3D"font-weight: bold; font-size: 120%; margi=
n: 0 0 0.3em; padding: 0;"><a href=3D"
https://www.cisa.gov/news-events/aler= ts/2026/04/20/supply-chain-compromise-impacts-axios-node-package-manager" t= arget=3D"_blank" title=3D"=E2=80=8B=E2=80=8BSupply Chain Compromise Impacts=
Axios Node Package Manager=E2=80=8B" rel=3D"noopener">=E2=80=8B=E2=80=8BSu= pply Chain Compromise Impacts Axios Node Package Manager=E2=80=8B</a></div> <div class=3D"rss_pub_date" style=3D"font-size: 90%; font-style: italic; co= lor: #666666; margin: 0 0 0.3em; padding: 0;">04/20/2026 3:00 PM EDT</div>
<div class=3D"rss_description" style=3D"margin: 0 0 0.3em; padding: 0;">
<div class=3D"OutlineElement Ltr SCXW232133708 BCX8">
<p>CISA is releasing this alert to provide guidance in response to the soft= ware supply chain compromise of the Axios node package manager (npm).<a hre= f=3D"#note1"><sup>1</sup></a> Axios is an HTTP client for JavaScript that d= evelopers commonly use in Node.js and browser environments.=C2=A0</p>
</div>
<div class=3D"OutlineElement Ltr SCXW232133708 BCX8">
<p>On March 31, 2026, two npm packages for versions <code>
axios@1.14.1</cod=
and <code>axios@0.30.4</code> of Axios npm injected the malicious depend=
ency <code>plain-crypto-js@4.2.1</code> that downloads multi-stage payloads=
from cyber threat actor infrastructure, including a remote access trojan.<=
a href=3D"#note2"><sup>2</sup></a></p>
<div class=3D"OutlineElement Ltr SCXW205905216 BCX8">
<p>CISA urges organizations to implement the following recommendations to d= etect and remediate a potential compromise:=E2=80=AF</p>
</div>
<div class=3D"ListContainerWrapper SCXW205905216 BCX8">
<li>Monitor and review code repositories, continuous integration/continuous=
delivery (CI/CD) pipelines, and developer machines that ran <code>npm inst= all</code> or <code>npm update</code> with the compromised Axios version.
<li>Search for cached versions of affected dependencies in artifact reposit= ories and dependency management tools. Pin npm package dependency versions =
to known safe releases.</li>
</ul>
</li>
</ul>
<div class=3D"OutlineElement Ltr SCXW94631961 BCX8">
<p>If compromised dependencies are identified, revert the environment to a = known safe state.=C2=A0</p>
</div>
<div class=3D"ListContainerWrapper SCXW94631961 BCX8">
<li>Downgrade to <code>
axios@1.14.0</code> or <code>
axios@0.30.3</code> and=
delete <code>node_modules/plain-crypto-js/</code>.</li>
</ul>
</div>
<div class=3D"ListContainerWrapper SCXW94631961 BCX8">
<li>Rotate/revoke credentials that may have been exposed on affected system=
s or pipelines (e.g., version control system [VCS] tokens, CI/CD secrets, c= loud keys, npm tokens, and Secure Shell [SSH] keys). For ephemeral CI jobs,=
rotate all secrets injected into the compromised run.</li>
</ul>
</div>
<div class=3D"ListContainerWrapper SCXW94631961 BCX8">
<li>Monitor for unexpected child processes and anomalous network behavior, = specifically during <code>npm install</code> or <code>npm update</code>.
<li>Block and monitor outbound connections to <code>Sfrclak[.]com</code> do= mains.</li>
<li>Conduct continuous indicator searches and endpoint detection and respon=
se (EDR) hunts to confirm no indicators of compromise (IOCs) remain; ensure=
no further egress to the command and control (C2).</li>
</ul>
</li>
</ul>
<div class=3D"OutlineElement Ltr SCXW237985159 BCX8">
<p>In addition, CISA recommends organizations using Axios npm:</p>
</div>
<div class=3D"ListContainerWrapper SCXW237985159 BCX8">
<li>Mandate phishing-resistant multifactor authentication (MFA) on all deve= loper accounts, especially for critical platforms.</li>
</ul>
</div>
<div class=3D"ListContainerWrapper SCXW237985159 BCX8">
<li>Set=E2=80=AF<code>ignore-scripts=3Dtrue</code> in the <code>.npmrc</cod=
configuration file, which prevents potentially malicious scripts from ex=
ecuting during npm install packages.</li>
</ul>
</div>
<div class=3D"ListContainerWrapper SCXW237985159 BCX8">
<li>Set <code>min-release-age=3D7</code> in the <code>.npmrc</code> configu= ration file to only install packages that have been published for at least = seven days, which helps avoid installation of packages that may not be comp= letely vetted or are potentially malicious.</li>
</ul>
</div>
<div class=3D"ListContainerWrapper SCXW237985159 BCX8">
<li>Establish and maintain a baseline of normal execution behavior for tool=
s that use Axios.
<li>Alert when a dependency behaves differently (e.g., building containers,=
enabling shells, executing commands) and trace outbound network activity f=
or anomalous connections.</li>
</ul>
</li>
</ul>
<div class=3D"SCXW13694102 BCX8">
<div class=3D"OutlineElement Ltr SCXW13694102 BCX8">
<p>See the following resources for additional guidance on this compromise:= =C2=A0</p>
</div>
<div class=3D"ListContainerWrapper SCXW13694102 BCX8">
<li>GitHub: <a href=3D"
https://github.com/axios/axios/issues/10636" target= =3D"_blank" rel=3D"noopener"><u>Post Mortem: axios npm supply chain comprom= ise #10636</u></a>
</li>
</ul>
</div>
</div>
<div class=3D"SCXW13694102 BCX8">
<div class=3D"ListContainerWrapper SCXW13694102 BCX8">
<li>Microsoft: <a href=3D"
https://www.microsoft.com/en-us/security/blog/202= 6/04/01/mitigating-the-axios-npm-supply-chain-compromise/" target=3D"_blank=
" rel=3D"noopener"><u>Mitigating the Axios npm supply chain compromise</u><=
</li>
</ul>
</div>
<div class=3D"ListContainerWrapper SCXW13694102 BCX8">
<li>StepSecurity: <a href=3D"
https://www.stepsecurity.io/blog/axios-comprom= ised-on-npm-malicious-versions-drop-remote-access-trojan" target=3D"_blank"=
rel=3D"noopener"><u>axios Compromised on npm - Malicious Versions Drop Rem= ote Access Trojan</u></a>
</li>
</ul>
</div>
<div class=3D"ListContainerWrapper SCXW13694102 BCX8">
<li>npm Docs: <a href=3D"
https://docs.npmjs.com/packages-and-modules/securi= ng-your-code" target=3D"_blank" rel=3D"noopener"><u>Securing your code</u><=
</li>
</ul>
</div>
<div class=3D"ListContainerWrapper SCXW13694102 BCX8">
<li>Socket: <a href=3D"
https://socket.dev/blog/axios-npm-package-compromise=
d" target=3D"_blank" rel=3D"noopener"><u>Supply Chain Attack on Axios Pulls=
Malicious Dependency from npm</u></a>
</li>
</ul>
<h2><strong>Disclaimer</strong></h2>
<p>The information in this report is being provided =E2=80=9Cas is=E2=80=9D=
for informational purposes only. CISA does not endorse any commercial enti= ty, product, company, or service, including any entities, products, or serv= ices linked within this document. Any reference to specific commercial enti= ties, products, processes, or services by service mark, trademark, manufact= urer, or otherwise, does not constitute or imply endorsement, recommendatio=
n, or favoring by CISA.</p>
<h2><strong>Notes</strong></h2>
<p><a id=3D"note1" class=3D"ck-anchor" name=3D"note1"></a><sup>1</sup> =E2= =80=9CPost Mortem: axios npm supply chain compromise,=E2=80=9D axios GitHub=
, Issue #10636, March 31, 2026, <a href=3D"
https://github.com/axios/axios/i= ssues/10636" target=3D"_blank" rel=3D"noopener">
https://github.com/axios/ax= ios/issues/10636</a>.</p>
<p><a id=3D"note2" class=3D"ck-anchor" name=3D"note2"></a><sup>2</sup> =E2= =80=9CMitigating the Axios npm supply chain compromise,=E2=80=9D Microsoft = Threat Intelligence and Microsoft Defender Security Research Team, April 1,=
2026, <a href=3D"
https://www.microsoft.com/en-us/security/blog/2026/04/01/= mitigating-the-axios-npm-supply-chain-compromise/" target=3D"_blank" rel=3D= "noopener">
https://www.microsoft.com/en-us/security/blog/2026/04/01/mitigat= ing-the-axios-npm-supply-chain-compromise/</a>.</p>
<p>Please share your thoughts with us through this <a href=3D"
https://cisas= urvey.gov1.qualtrics.com/jfe/form/SV_9n4TtB8uttUPaM6?Source=3DGovDeliveryht= tps://www.cisa.gov/news-events/alerts/2026/04/20/supply-chain-compromise-im= pacts-axios-node-package-manager" target=3D"_blank" title=3D"anonymous surv= ey" rel=3D"noopener">anonymous survey</a>. We appreciate your feedback.=C2= =A0</p>
<p>This product is provided subject to this <a href=3D"
https://www.cisa.gov= /notification" target=3D"_blank" title=3D"Notification" rel=3D"noopener">No= tification</a> and this <a href=3D"
https://www.cisa.gov/privacy-policy" tar= get=3D"_blank" title=3D"Privacy & Use" rel=3D"noopener">Privacy & U= se</a> policy.=C2=A0</p>
<p>=C2=A0</p>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<style>body {
font-size: 1em; font-family: Arial, Verdana, sans-serif; font-weight: norma=
l; font-style: normal; color: #333333;
}
</style>
=20
<div id=3D"mail_footer">
<p style=3D"text-align: center;"><span style=3D"font-size: 10.0pt; colo=
r: #757575;">Having trouble viewing this message?=C2=A0</span><a href=3D"ht= tps://content.govdelivery.com/accounts/USDHSCISA/bulletins/413c7a5" target= =3D"_blank" rel=3D"noopener">View it as a webpage</a>.=C2=A0<a href=3D"http= s://content.govdelivery.com/accounts/USDHS/bulletins/292141e" target=3D"_bl= ank" rel=3D"noopener"></a><span style=3D"font-size: 10.0pt; color: #757575;= "></span></p>
<p style=3D"text-align: center;"><span style=3D"font-size: 10.0pt; color: #= 757575;">You are subscribed to updates from the </span><a href=3D"
https://w= ww.cisa.gov"><span style=3D"font-size: 10.0pt;">Cybersecurity and Infrastru= cture Security Agency</span></a><span style=3D"font-size: 10.0pt; color: #7= 57575;"> (CISA)<br></span><a href=3D"
https://public.govdelivery.com/account= s/USDHSCISA/subscriber/edit?preferences=3Dtrue#tab1" target=3D"_blank" rel= =3D"noopener"><span style=3D"font-size: 10.0pt; color: #00568c;">Manage Sub= scriptions</span></a>=C2=A0=C2=A0<span style=3D"font-size: 10.0pt; color: #= 757575;">|=C2=A0=C2=A0</span><a href=3D"
https://www.cisa.gov/privacy-policy=
" target=3D"_blank" rel=3D"noopener"><span style=3D"font-size: 10.0pt; colo=
r: #00568c;">Privacy Policy</span></a><span style=3D"font-size: 10.0pt; col= or: #757575;">=C2=A0=C2=A0|=C2=A0 <a href=3D"
https://subscriberhelp.granicu= s.com/s/article/Subscriber-Help-Center" target=3D"_blank" rel=3D"noopener">= Help</a><a href=3D"
https://insights.govdelivery.com/Communications/Subscrib= er_Help_Center" target=3D"_blank" rel=3D"noopener"></a></span><span style= =3D"font-size: 10.0pt; color: #757575;"></span></p>
<p style=3D"text-align: center;"><span style=3D"font-size: 10.0pt; color: #= 757575;">Connect with CISA: <br></span><a href=3D"
https://www.facebook.com/= CISA" target=3D"_blank" rel=3D"noopener"><span style=3D"font-size: 10.0pt; = color: #00568c;">Facebook</span></a><span style=3D"font-size: 10.0pt; color=
: #757575;">=C2=A0 |=C2=A0 </span><a href=3D"
https://twitter.com/CISAgov" t= arget=3D"_blank" rel=3D"noopener"><span style=3D"font-size: 10.0pt; color: = #00568c;">Twitter</span></a><span style=3D"font-size: 10.0pt; color: #75757= 5;">=C2=A0 |=C2=A0 </span><a href=3D"
https://Instagram.com/cisagov" target= =3D"_blank" rel=3D"noopener"><span style=3D"font-size: 10.0pt; color: #0056= 8c;">Instagram</span></a><span style=3D"font-size: 10.0pt; color: #757575;"= >=C2=A0 |=C2=A0 </span><a href=3D"
https://www.linkedin.com/company/cybersec= urity-and-infrastructure-security-agency" target=3D"_blank" rel=3D"noopener= "><span style=3D"font-size: 10.0pt; color: #00568c;">LinkedIn</span></a><sp=
an style=3D"font-size: 10.0pt; color: #757575;">=C2=A0 |=C2=A0=C2=A0 </span= ><a href=3D"
https://www.youtube.com/channel/UCxyq9roe-npgzrVwbpoAy0A" targe= t=3D"_self"><span style=3D"font-size: 10.0pt; color: #00568c;">YouTube</spa= n></a><span style=3D"font-size: 10.0pt; color: #757575;"></span></p>
</div>
<div id=3D"tagline">
<hr>
<table style=3D"width: 100%;" border=3D"0" cellspacing=3D"0" cellpadding=3D=
<tbody>
<td style=3D"color: #757575; font-size: 10px; font-family: Arial;" width=3D= "89%">This email was sent to
cisa@toolazy.synchro.net using GovDelivery Com= munications Cloud, on behalf of: Cybersecurity and Infrastructure Security = Agency =C2=B7 707 17th St, Suite 4000 =C2=B7 Denver, CO 80202</td>
<td align=3D"right" width=3D"11%"><a href=3D"
https://subscriberhelp.granicu= s.com/" target=3D"_blank" rel=3D"noopener"><img src=3D"
https://content.govd= elivery.com/images/govd-logo-dark.png" border=3D"0" alt=3D"GovDelivery logo=
" width=3D"115"></a></td>
</tr>
</tbody>
</table>
<style type=3D"text/css">body .abe-column-block { min-height: 5px; } table.= gd_combo_table img {margin-left:10px; margin-right:10px;} table.gd_combo_ta= ble div.govd_image_display img, table.gd_combo_table td.gd_combo_image_cell=
img {margin-left:0px; margin-right:0px;}</style>
</div>
</td>
</tr>
</table>
<img alt=3D"" src=3D"
https://links-2.govdelivery.com/CI0/0101019dac4e62fc-5= 8007c90-cb40-4662-8e3a-24ecc1993a4e-000000/5i8IF5bXnmRqlgFzcd4aD47W-4OM-HmV= 3--2B11eaWs=3D452" style=3D"display: none; width: 1px; height: 1px;">
</body>
</html>
--===============5142591692349464080==--
--===============0552684718424922240==--