gracegate-inc.involve.me
Open in
urlscan Pro
3.125.247.132
Malicious Activity!
Public Scan
Submission: On August 02 via manual from US — Scanned from DE
Summary
TLS certificate: Issued by Amazon on May 19th 2022. Valid for: a year.
This is the only time gracegate-inc.involve.me was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Office 365 (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 | 3.125.247.132 3.125.247.132 | 16509 (AMAZON-02) (AMAZON-02) | |
22 | 2600:9000:205... 2600:9000:2057:4600:1:6558:48c0:21 | 16509 (AMAZON-02) (AMAZON-02) | |
3 | 2a00:1450:400... 2a00:1450:4001:801::200a | 15169 (GOOGLE) (GOOGLE) | |
2 | 99.86.4.122 99.86.4.122 | 16509 (AMAZON-02) (AMAZON-02) | |
3 | 2a00:1450:400... 2a00:1450:4001:82b::2003 | 15169 (GOOGLE) (GOOGLE) | |
2 | 65.9.62.238 65.9.62.238 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 151.101.194.137 151.101.194.137 | 54113 (FASTLY) (FASTLY) | |
2 | 185.221.87.248 185.221.87.248 | 206998 (NEW-2) (NEW-2) | |
37 | 8 |
ASN16509 (AMAZON-02, US)
PTR: ec2-3-125-247-132.eu-central-1.compute.amazonaws.com
gracegate-inc.involve.me |
ASN16509 (AMAZON-02, US)
d3fs9o4a89jmeb.cloudfront.net |
ASN16509 (AMAZON-02, US)
PTR: server-99-86-4-122.fra6.r.cloudfront.net
assets.involve.me |
ASN16509 (AMAZON-02, US)
PTR: server-65-9-62-238.fra56.r.cloudfront.net
involveme-vapor-production-storage.s3-accelerate.amazonaws.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
22 |
cloudfront.net
d3fs9o4a89jmeb.cloudfront.net |
559 KB |
4 |
involve.me
gracegate-inc.involve.me assets.involve.me — Cisco Umbrella Rank: 345113 |
103 KB |
3 |
gstatic.com
fonts.gstatic.com |
92 KB |
3 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 73 |
2 KB |
2 |
nr-data.net
bam.eu01.nr-data.net — Cisco Umbrella Rank: 9160 |
2 KB |
2 |
amazonaws.com
involveme-vapor-production-storage.s3-accelerate.amazonaws.com |
50 KB |
1 |
newrelic.com
js-agent.newrelic.com — Cisco Umbrella Rank: 470 |
18 KB |
37 | 7 |
Domain | Requested by | |
---|---|---|
22 | d3fs9o4a89jmeb.cloudfront.net |
gracegate-inc.involve.me
|
3 | fonts.gstatic.com |
fonts.googleapis.com
|
3 | fonts.googleapis.com |
d3fs9o4a89jmeb.cloudfront.net
gracegate-inc.involve.me |
2 | bam.eu01.nr-data.net |
gracegate-inc.involve.me
|
2 | involveme-vapor-production-storage.s3-accelerate.amazonaws.com |
gracegate-inc.involve.me
|
2 | assets.involve.me |
gracegate-inc.involve.me
|
2 | gracegate-inc.involve.me |
gracegate-inc.involve.me
|
1 | js-agent.newrelic.com |
gracegate-inc.involve.me
|
37 | 8 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.involve.me |
Subject Issuer | Validity | Valid | |
---|---|---|---|
involve.me Amazon |
2022-05-19 - 2023-06-17 |
a year | crt.sh |
*.cloudfront.net Amazon |
2022-02-01 - 2023-01-31 |
a year | crt.sh |
upload.video.google.com GTS CA 1C3 |
2022-07-11 - 2022-10-03 |
3 months | crt.sh |
*.involve.me Amazon |
2022-01-05 - 2023-02-03 |
a year | crt.sh |
*.gstatic.com GTS CA 1C3 |
2022-07-11 - 2022-10-03 |
3 months | crt.sh |
*.s3-accelerate.amazonaws.com Amazon |
2021-11-24 - 2022-11-14 |
a year | crt.sh |
js-agent.newrelic.com GlobalSign Atlas R3 DV TLS CA 2022 Q2 |
2022-07-10 - 2023-08-11 |
a year | crt.sh |
*.eu01.nr-data.net DigiCert TLS RSA SHA256 2020 CA1 |
2022-01-24 - 2023-02-09 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://gracegate-inc.involve.me/microsoft
Frame ID: C83B904B581CB7A1471B9A0E2F383E64
Requests: 37 HTTP requests in this frame
Screenshot
Page Title
MicrosoftDetected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Font Awesome (Font Scripts) Expand
Detected patterns
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Underscore.js (JavaScript Libraries) Expand
Detected patterns
- underscore.*\.js(?:\?ver=([\d.]+))?
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
37 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
microsoft
gracegate-inc.involve.me/ |
98 KB 99 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
participant.css
d3fs9o4a89jmeb.cloudfront.net/0b3a5b37-837e-446b-82e2-e1df878c9910/css/ |
30 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fontawesome.css
d3fs9o4a89jmeb.cloudfront.net/0b3a5b37-837e-446b-82e2-e1df878c9910/css/vendor/ |
7 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
offline.min.css
d3fs9o4a89jmeb.cloudfront.net/0b3a5b37-837e-446b-82e2-e1df878c9910/css/ |
5 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
offline.en.min.css
d3fs9o4a89jmeb.cloudfront.net/0b3a5b37-837e-446b-82e2-e1df878c9910/css/ |
3 KB 780 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-2.1.4.min.js
d3fs9o4a89jmeb.cloudfront.net/0b3a5b37-837e-446b-82e2-e1df878c9910/js/vendor/jquery/ |
82 KB 29 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.visible.min.js
d3fs9o4a89jmeb.cloudfront.net/0b3a5b37-837e-446b-82e2-e1df878c9910/js/ |
803 B 1 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.js
d3fs9o4a89jmeb.cloudfront.net/0b3a5b37-837e-446b-82e2-e1df878c9910/js/vendor/bootstrap/ |
48 KB 13 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
underscore@1.8.3.min.js
d3fs9o4a89jmeb.cloudfront.net/0b3a5b37-837e-446b-82e2-e1df878c9910/js/vendor/underscore/ |
16 KB 6 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.validate.min.js
d3fs9o4a89jmeb.cloudfront.net/0b3a5b37-837e-446b-82e2-e1df878c9910/js/validate/ |
23 KB 8 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
rangeslider.min.js
d3fs9o4a89jmeb.cloudfront.net/0b3a5b37-837e-446b-82e2-e1df878c9910/js/ |
10 KB 3 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
offline.min.js
d3fs9o4a89jmeb.cloudfront.net/0b3a5b37-837e-446b-82e2-e1df878c9910/js/ |
9 KB 3 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
webfont.js
d3fs9o4a89jmeb.cloudfront.net/0b3a5b37-837e-446b-82e2-e1df878c9910/js/vendor/ |
13 KB 5 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
gracegate-inc.involve.me/api/gracegate-inc/microsoft/fonts/ |
109 B 1 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
vue-participant.js
d3fs9o4a89jmeb.cloudfront.net/0b3a5b37-837e-446b-82e2-e1df878c9910/js/ |
258 KB 81 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
2 KB 521 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
1 KB 945 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
3 KB 641 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
HEAD H2 |
offline_check_pixel.png
assets.involve.me/assets/img/ |
0 457 B |
XHR
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
participantApp.js
d3fs9o4a89jmeb.cloudfront.net/0b3a5b37-837e-446b-82e2-e1df878c9910/js/chunks/ |
183 KB 51 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
NGS6v5_NC0k9P9H2TbE.woff2
fonts.gstatic.com/s/heebo/v21/ |
26 KB 27 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
QGYsz_wNahGAdqQ43Rh_fKDp.woff2
fonts.gstatic.com/s/worksans/v17/ |
47 KB 47 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
QGY_z_wNahGAdqQ43RhVcIgYT2Xz5u32K0nXBi8Jpg.woff2
fonts.gstatic.com/s/worksans/v17/ |
18 KB 18 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
participantView.js
d3fs9o4a89jmeb.cloudfront.net/0b3a5b37-837e-446b-82e2-e1df878c9910/js/chunks/ |
114 KB 24 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pageNavigation.js
d3fs9o4a89jmeb.cloudfront.net/0b3a5b37-837e-446b-82e2-e1df878c9910/js/chunks/ |
10 KB 3 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
d447832e-afa3-4afd-b3d9-49840317dc24.png
involveme-vapor-production-storage.s3-accelerate.amazonaws.com/uploads/assets/ |
28 KB 29 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
spacer.js
d3fs9o4a89jmeb.cloudfront.net/0b3a5b37-837e-446b-82e2-e1df878c9910/js/chunks/items/ |
2 KB 1 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
image.js
d3fs9o4a89jmeb.cloudfront.net/0b3a5b37-837e-446b-82e2-e1df878c9910/js/chunks/items/ |
9 KB 4 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
headline.js
d3fs9o4a89jmeb.cloudfront.net/0b3a5b37-837e-446b-82e2-e1df878c9910/js/chunks/items/ |
5 KB 2 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
freeTextAnswer.js
d3fs9o4a89jmeb.cloudfront.net/0b3a5b37-837e-446b-82e2-e1df878c9910/js/chunks/items/ |
271 KB 65 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
checkbox.js
d3fs9o4a89jmeb.cloudfront.net/0b3a5b37-837e-446b-82e2-e1df878c9910/js/chunks/items/ |
943 KB 195 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
button.js
d3fs9o4a89jmeb.cloudfront.net/0b3a5b37-837e-446b-82e2-e1df878c9910/js/chunks/items/ |
233 KB 55 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
powered_by_involve_me.svg
assets.involve.me/assets/img/frontend/ |
8 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
6def5a52-9529-4394-b4cf-5a61fea9c881.png
involveme-vapor-production-storage.s3-accelerate.amazonaws.com/uploads/assets/ |
20 KB 21 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
nr-spa-1216.min.js
js-agent.newrelic.com/ |
49 KB 18 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
NRJS-c4ef86541c0917e6e8d
bam.eu01.nr-data.net/1/ |
49 B 1 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
NRJS-c4ef86541c0917e6e8d
bam.eu01.nr-data.net/events/1/ |
24 B 876 B |
XHR
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Office 365 (Online)36 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation object| NREUM object| newrelic function| __nr_require object| brandquiz object| dataLayer function| route function| $ function| jQuery function| jqueryValidateLoaded object| Offline object| WebFont object| __INITIAL_STATE__ object| bootstrap function| _ object| webpackChunkbrandquiz object| core object| __core-js_shared__ object| global object| System function| asap function| Observable function| setImmediate function| clearImmediate object| regeneratorRuntime boolean| _babelPolyfill object| Vapor function| axios boolean| loaded3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
gracegate-inc.involve.me/ | Name: lvapp_session Value: eyJpdiI6IktsbjNLczZCR2dYNk9aY2Roa2JQNnc9PSIsInZhbHVlIjoid0JQMjRheXJOU0ZEazluQXZuQ0hzUGEzL1dhWmVpZUJMVXBxdVhmeGhhejlwWUpVUEllZUpadThJaFRWQkZYT2kvR0Z0U0tMZHdmRHptSU5MTlpLTWtmaXNqSlRlN0dlQnVwQldONnNoMi9tekFtVTdxUkxKb0tWaHVOSzd6U2IiLCJtYWMiOiI3YjQwMWE4MTg0ZDZkMDU2ZGE5MjZmYTg4ODIxMDRlMTUwNGE2MTFkNDA4ZTUyNjJjMGY4NjBjNDllNzdlYWU0IiwidGFnIjoiIn0%3D |
|
gracegate-inc.involve.me/ | Name: XSRF-TOKEN Value: eyJpdiI6InBGN0VpejNReEYwb3hHZG8rS2JFRUE9PSIsInZhbHVlIjoiWU91MnRNbmdrZmplSHhaUmswNnZpUXdzdjRlUS83T0lsaDN5dlRoVlpxckJLbEU0bUZmT2RweDNQYmZTbnhGRW9DbS9RU1NUWHRLdW5lTXllVVl0VGR2QUgyb0xId2lzM2ZHQnVqRVU3dkQ2UnF0bXh0WVlzTTNqMTdNWVVGZGwiLCJtYWMiOiI5YjRkMDNjZjA3ODBjNmU2MGM0MTdiYWJlM2E0NmQ3NTU1OTMxMWM3MjhhYjFmN2ZhYjlkZDFkODc3NDk5MWY3IiwidGFnIjoiIn0%3D |
|
.nr-data.net/ | Name: JSESSIONID Value: ce00ae3fe2b933b7 |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=31536000; includeSubDomains |
X-Content-Type-Options | nosniff |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
assets.involve.me
bam.eu01.nr-data.net
d3fs9o4a89jmeb.cloudfront.net
fonts.googleapis.com
fonts.gstatic.com
gracegate-inc.involve.me
involveme-vapor-production-storage.s3-accelerate.amazonaws.com
js-agent.newrelic.com
151.101.194.137
185.221.87.248
2600:9000:2057:4600:1:6558:48c0:21
2a00:1450:4001:801::200a
2a00:1450:4001:82b::2003
3.125.247.132
65.9.62.238
99.86.4.122
00d6b0f2bfa378c2fbaa04d52dd7504705e5ca13d6fb73aa103e0250befc76fb
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
17eee7833a8bd226f26beb486a2a9ed121fbcef0f209ee2d38a90511a69dd0d9
1afa8d82b6c6a5af7c0a895f025db889b2ef8316ca1f134ee4cd2415a8ef8b7d
1b086bbbf3b85dd45d31090a062fe18c41e6d32ba682fd3b41fa229fe692de1b
1d160ebaf7773e92149090cb463d5380fb8658423e263b42bde506f370905379
21232af01322d412f1e5b0bb4d8e5cfd1b5909c2cec0f7333d6fa54561d9a51c
24ba3b0ccdeb71300923b46fcb44fc5c94cc0dc1044db589a80a562d8204bd4c
25ed464bab601edda42b091ad85921a2929494b6f4b29cd084372e8cbad4215f
3d543fa48e0133a77d22c660bba78917782b03b23a504a84801f54c4060ca526
3dbfd192961150faaa5762d0bf7a6fc352ae6db0e0bc505b815804a026016079
481b2fb6ea4f714f9b58e143ddb63f973e0fc1b14a4d8213517b4451644c9fae
545156adeae44dadc82b98d504f805ebe77fb79c928ef34eed1057bb9d4cb8fe
5735dc0f41e6575b3c446749ff221fed891988e66b7313e985a0e9c0cfbea52b
6075f083ceacaf074929317df3e8b5d2c5dc65655f35f7f30852c4d5c2993d7c
6b396d144bd77fcf6bf0c38c2fee798cc00ad12695344a9f804c4200527c226d
74b012f69b8093a83baf42a790b8f40abe33c433387d45f09e050b86b2768635
76d1f8617c03638076d65eeb7a97a4dd2c4b55f5c2f46a9390195f3519f3af60
81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee
8fef0ec80b7d8d8744a371ab7422d28e5f498ec2349600a1a4d03fbef75245f3
a1b6400a21ddee090e93d8882ffa629963132785bfa41b0abbea199d278121e9
afe7b19db9ac30347a6894fef6b09f25ef7462ee5c94bfd972667bdc5fcb71ef
b03e43ce44ada45426dc8a04a881dead1910bb1463c6b2edac6d6b2f7cfb309d
b38977ea35fde92fe200fa14ac7cc55e2edce54b998ce9a08734ba1dd9053fed
b407b1eaf801528248b0865354fe7e95317ec215fe39bc1e05c43cb93c82ca0f
c5e83bba6cbcc25ab08e1e310d4208bee6ad7de63c93cb22ecca05c4b2b5e438
d132821d2f0c36f79f55595fc1e2ab4a17eff77da0bfa93c7471e492d9bf2992
d28f925786cbe9c6f2196bb18aeefca18bab6314529dee4a9f7a0c1e3251d1fc
d309140634aabe5b432e7a348c44aaa2b6b8cd13fca36fb2ec0120b515362aa0
dac715f087720dd7ff7067f5d2ec1988851fa93140ae8a9cbfaa15659dd7fd82
ddfbf1dc9b9daef8074e7eab6d73a5c32018260e6cfc182c7408ed13d6837e95
e25a96d34d57661d6a83e77e715f03e583eb762176532a1c34eddd87e806257e
e35b80a02aae081034ba745cd2af7029197e71783f2fb1be2207949d2d340f97
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e50c96286e4580f1694cd50f733cc26b72225e335d1f9cd024f042b8bb83e743
e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b
fc06fc50864b581475433965fdcb0ed1f3a9c9f2ff5c2cf50f99ad63e40f1c09