fromsignintruetrkguesthomepagebasicnavheadersignin.awaaly.com
Open in
urlscan Pro
2a02:4780:b:1057:0:79f:2985:8
Malicious Activity!
Public Scan
Submission: On May 09 via automatic, source certstream-suspicious — Scanned from DE
Summary
TLS certificate: Issued by R3 on May 9th 2023. Valid for: 3 months.
This is the only time fromsignintruetrkguesthomepagebasicnavheadersignin.awaaly.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: LinkedIn (Social Network)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
4 | 2a02:4780:b:1... 2a02:4780:b:1057:0:79f:2985:8 | 47583 (AS-HOSTINGER) (AS-HOSTINGER) | |
9 | 2606:2800:233... 2606:2800:233:6a53:4ac1:3bc8:ee4e:5990 | 15133 (EDGECAST) (EDGECAST) | |
5 | 2620:1ec:48:1... 2620:1ec:48:1::44 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
1 | 144.2.9.1 144.2.9.1 | 14413 (LINKEDIN) (LINKEDIN) | |
6 | 2a00:1450:400... 2a00:1450:4001:813::200d | 15169 (GOOGLE) (GOOGLE) | |
2 | 34.251.152.95 34.251.152.95 | 16509 (AMAZON-02) (AMAZON-02) | |
2 | 2a00:1450:400... 2a00:1450:4001:82a::2003 | 15169 (GOOGLE) (GOOGLE) | |
1 | 144.2.9.2 144.2.9.2 | 14413 (LINKEDIN) (LINKEDIN) | |
1 | 2620:1ec:21::16 2620:1ec:21::16 | 8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
1 | 2a02:26f0:350... 2a02:26f0:3500:16::215:149b | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
1 | 52.50.220.81 52.50.220.81 | 16509 (AMAZON-02) (AMAZON-02) | |
33 | 11 |
ASN47583 (AS-HOSTINGER, CY)
fromsignintruetrkguesthomepagebasicnavheadersignin.awaaly.com |
ASN15133 (EDGECAST, US)
static-exp1.licdn.com |
ASN16509 (AMAZON-02, US)
PTR: ec2-34-251-152-95.eu-west-1.compute.amazonaws.com
lnkd.demdex.net |
ASN20940 (AKAMAI-ASN1, NL)
platform.linkedin-ei.com |
ASN16509 (AMAZON-02, US)
PTR: ec2-52-50-220-81.eu-west-1.compute.amazonaws.com
dpm.demdex.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
licdn.com
static-exp1.licdn.com — Cisco Umbrella Rank: 281359 |
235 KB |
6 |
google.com
accounts.google.com — Cisco Umbrella Rank: 40 |
4 KB |
6 |
linkedin.com
platform.linkedin.com — Cisco Umbrella Rank: 3866 ponf.linkedin.com — Cisco Umbrella Rank: 13819 |
79 KB |
4 |
awaaly.com
fromsignintruetrkguesthomepagebasicnavheadersignin.awaaly.com |
18 KB |
3 |
linkedin-ei.com
ponf.linkedin-ei.com www.linkedin-ei.com platform.linkedin-ei.com |
46 KB |
3 |
demdex.net
lnkd.demdex.net — Cisco Umbrella Rank: 6063 dpm.demdex.net — Cisco Umbrella Rank: 220 |
6 KB |
2 |
gstatic.com
www.gstatic.com |
69 KB |
33 | 7 |
Domain | Requested by | |
---|---|---|
9 | static-exp1.licdn.com |
fromsignintruetrkguesthomepagebasicnavheadersignin.awaaly.com
|
6 | accounts.google.com |
fromsignintruetrkguesthomepagebasicnavheadersignin.awaaly.com
static-exp1.licdn.com www.gstatic.com |
5 | platform.linkedin.com |
fromsignintruetrkguesthomepagebasicnavheadersignin.awaaly.com
|
4 | fromsignintruetrkguesthomepagebasicnavheadersignin.awaaly.com |
static-exp1.licdn.com
|
2 | www.gstatic.com |
accounts.google.com
|
2 | lnkd.demdex.net |
fromsignintruetrkguesthomepagebasicnavheadersignin.awaaly.com
platform.linkedin.com |
1 | dpm.demdex.net |
platform.linkedin-ei.com
|
1 | platform.linkedin-ei.com |
static-exp1.licdn.com
|
1 | www.linkedin-ei.com |
static-exp1.licdn.com
|
1 | ponf.linkedin-ei.com | |
1 | ponf.linkedin.com |
fromsignintruetrkguesthomepagebasicnavheadersignin.awaaly.com
|
33 | 11 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
fromsignintruetrkguesthomepagebasicnavheadersignin.awaaly.com R3 |
2023-05-09 - 2023-08-07 |
3 months | crt.sh |
*.licdn.com DigiCert SHA2 Secure Server CA |
2022-08-23 - 2023-08-24 |
a year | crt.sh |
platform.linkedin.com DigiCert SHA2 Secure Server CA |
2023-02-27 - 2023-08-27 |
6 months | crt.sh |
ponf.linkedin.com DigiCert SHA2 Secure Server CA |
2023-02-21 - 2024-02-20 |
a year | crt.sh |
accounts.google.com GTS CA 1C3 |
2023-04-17 - 2023-07-10 |
3 months | crt.sh |
*.demdex.com DigiCert TLS RSA SHA256 2020 CA1 |
2022-09-26 - 2023-10-27 |
a year | crt.sh |
*.gstatic.com GTS CA 1C3 |
2023-04-17 - 2023-07-10 |
3 months | crt.sh |
ponf.linkedin-ei.com DigiCert SHA2 Secure Server CA |
2023-02-21 - 2024-02-20 |
a year | crt.sh |
*.google.com GTS CA 1C3 |
2023-04-17 - 2023-07-10 |
3 months | crt.sh |
www.linkedin-ei.com DigiCert SHA2 Secure Server CA |
2023-01-05 - 2023-07-05 |
6 months | crt.sh |
This page contains 4 frames:
Primary Page:
https://fromsignintruetrkguesthomepagebasicnavheadersignin.awaaly.com/
Frame ID: 0CDDC6EE08632F33A0C1BC25BBCB0DE5
Requests: 25 HTTP requests in this frame
Frame:
https://accounts.google.com/o/oauth2/iframe
Frame ID: E6D5CF6CCA9CF766048554E03F4E713D
Requests: 3 HTTP requests in this frame
Frame:
https://lnkd.demdex.net/dest5.html?d_nsid=0
Frame ID: 8F3FCA89C6E2206CB37B08D4533118F3
Requests: 1 HTTP requests in this frame
Frame:
https://accounts.google.com/o/oauth2/iframe
Frame ID: EDEBECB003B73A1CF93BAF69E859321B
Requests: 4 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
33 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
fromsignintruetrkguesthomepagebasicnavheadersignin.awaaly.com/ |
38 KB 15 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
5399bjhpt1umdeoroez3rvf5a
static-exp1.licdn.com/sc/h/ |
262 KB 22 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
24h7g4c6r5pwr64prqmw69qsk
static-exp1.licdn.com/sc/h/ |
216 KB 49 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
4kbty60xfri4xjrh2a96iyony
static-exp1.licdn.com/sc/h/ |
86 KB 25 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
5x551rv91h1545imm4yjueanc
static-exp1.licdn.com/sc/h/ |
70 KB 15 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
8mmj7bc03ai8ipd1i6dafs0zy
static-exp1.licdn.com/sc/h/ |
2 KB 770 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
6owgyymfcg8ja8p1pcyn30yy4
static-exp1.licdn.com/sc/h/ |
68 KB 20 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gtag-adwords.js
platform.linkedin.com/litms/vendor/google/ |
78 KB 29 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
8ddascte8uiyhhufy6qlnhw2b
static-exp1.licdn.com/sc/h/ |
218 KB 59 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
84fpq9merojrilm067r9x3jdk
static-exp1.licdn.com/sc/h/ |
106 KB 32 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1gpe377m8n1eq73qveizv5onv
static-exp1.licdn.com/sc/h/ |
38 KB 13 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
utag.js
platform.linkedin.com/litms/utag/checkpoint-frontend/ |
132 KB 42 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
utag.107.js
platform.linkedin.com/litms/utag/checkpoint-frontend/ |
9 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
utag.116.js
platform.linkedin.com/litms/utag/checkpoint-frontend/ |
3 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
utag.117.js
platform.linkedin.com/litms/utag/checkpoint-frontend/ |
9 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
tracking.png
ponf.linkedin.com/pixel/ |
43 B 107 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
iframe
accounts.google.com/o/oauth2/ Frame E6D5 |
280 B 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
dest5.html
lnkd.demdex.net/ Frame 8F3F |
7 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
m=base
www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.IdpIFrameHttp.de.FR-tYpKy5Bw.es5.O/d=1/rs=AOaEmlG7-Sik7L12Pw6yzufDu2wJrYh5uA/ Frame E6D5 |
100 KB 35 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
cspreport
accounts.google.com/_/IdpIFrameHttp/ Frame E6D5 |
2 KB 914 B |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
status
accounts.google.com/gsi/ |
37 B 803 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
iframe
accounts.google.com/o/oauth2/ Frame EDEB |
280 B 441 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
tracking.png
ponf.linkedin-ei.com/pixel/ |
43 B 107 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
track
fromsignintruetrkguesthomepagebasicnavheadersignin.awaaly.com/li/ |
2 KB 1 KB |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
m=base
www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.IdpIFrameHttp.de.FR-tYpKy5Bw.es5.O/d=1/rs=AOaEmlG7-Sik7L12Pw6yzufDu2wJrYh5uA/ Frame EDEB |
100 KB 34 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
cspreport
accounts.google.com/_/IdpIFrameHttp/ Frame EDEB |
2 KB 849 B |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
iframerpc
accounts.google.com/o/oauth2/ Frame EDEB |
50 B 92 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
track
fromsignintruetrkguesthomepagebasicnavheadersignin.awaaly.com/li/ |
2 KB 1 KB |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
user
www.linkedin-ei.com/litms/api/metadata/ |
342 B 3 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
utag.js
platform.linkedin-ei.com/litms/utag/checkpoint-frontend/ |
132 KB 42 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
id
dpm.demdex.net/ |
440 B 1 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
track
fromsignintruetrkguesthomepagebasicnavheadersignin.awaaly.com/li/ |
2 KB 953 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
event
lnkd.demdex.net/ |
518 B 1 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: LinkedIn (Social Network)39 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 object| 2 boolean| credentialless object| gapi object| _ object| gadgets object| osapi object| ___jsl object| oauth2 object| default_gsi object| google function| GooglemKTybQhCsO function| google_trackConversion object| google_tag_manager object| dataLayer object| AppleID object| tealiumDil boolean| utag_condload object| landingPageUrl object| utag boolean| __tealium_twc_switch function| DIL string| gtagRename object| artdeco object| _artdecoBakedCurves undefined| utag_data object| utag_cfg_ovrd object| trackingEventDebugData object| __core-js_shared__ object| _0x31e9 function| _0x23f5 object| closure_lm_442971 object| __G_ID_CLIENT__ object| apfcDf object| adobe function| Visitor object| s_c_il number| s_c_in12 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.awaaly.com/ | Name: utag_main Value: v_id:018800511ef100177a7b7da4dd7803073004606b00b08$_sn:1$_se:1$_ss:1$_st:1683634296370$ses_id:1683632496370%3Bexp-session$_pn:1%3Bexp-session |
|
.fromsignintruetrkguesthomepagebasicnavheadersignin.awaaly.com/ | Name: G_ENABLED_IDPS Value: google |
|
.google.com/ | Name: NID Value: 511=C_jJZv_dV4QF4srBchG6_HrzSIPdRjz_SSPz8_4eD9MvNXJz3QvqdCX5xu-EuifTbbqoOvXp0qAKtx-_6Q6galXC0QdmBn7RJ0HZxJaInX3gBoe1JQGOu4WdRJuBp0-1PJ4KxiPVQN3TldN1Lqb39HtghlltXThp0pnEjiEaxuU |
|
.www.linkedin-ei.com/ | Name: JSESSIONID Value: ajax:7464282401357506205 |
|
.linkedin-ei.com/ | Name: lang Value: v=2&lang=de-de |
|
.linkedin-ei.com/ | Name: bcookie Value: "v=2&f65d0956-f0c9-4047-80d9-a9e4ef233634" |
|
.www.linkedin-ei.com/ | Name: bscookie Value: "v=1&20230509114138d0879976-c6f7-45f5-8f67-a4f0a63c4cceAQF3mQoW7eKHy5azqkdU8ZlFBs4Oi5oV" |
|
.linkedin-ei.com/ | Name: lidc Value: "b=ETGST08:s=ET:r=ET:a=ET:p=ET:g=92:u=1:x=1:i=1683632498:t=1683718898:v=2:sig=AQEmkIFlwbgIzgGMYaOIt0SMkqTGweAI" |
|
.demdex.net/ | Name: demdex Value: 50337919932292994843298937346295766951 |
|
.awaaly.com/ | Name: AMCVS_14215E3D5995C57C0A495C55%40AdobeOrg Value: 1 |
|
.awaaly.com/ | Name: AMCV_14215E3D5995C57C0A495C55%40AdobeOrg Value: -637568504%7CMCIDTS%7C19487%7CMCMID%7C49777971114730938473244563383869533292%7CMCAAMLH-1684237299%7C6%7CMCAAMB-1684237299%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1683639699s%7CNONE%7CvVersion%7C5.1.1 |
|
.fromsignintruetrkguesthomepagebasicnavheadersignin.awaaly.com/ | Name: aam_uuid Value: 50337919932292994843298937346295766951 |
12 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Content-Security-Policy | upgrade-insecure-requests |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
accounts.google.com
dpm.demdex.net
fromsignintruetrkguesthomepagebasicnavheadersignin.awaaly.com
lnkd.demdex.net
platform.linkedin-ei.com
platform.linkedin.com
ponf.linkedin-ei.com
ponf.linkedin.com
static-exp1.licdn.com
www.gstatic.com
www.linkedin-ei.com
144.2.9.1
144.2.9.2
2606:2800:233:6a53:4ac1:3bc8:ee4e:5990
2620:1ec:21::16
2620:1ec:48:1::44
2a00:1450:4001:813::200d
2a00:1450:4001:82a::2003
2a02:26f0:3500:16::215:149b
2a02:4780:b:1057:0:79f:2985:8
34.251.152.95
52.50.220.81
013b4c45c5a0cb7da23d2941ec7d94f323a9dd5306c3d3951223b92109e5dc7f
190472cc8b749d317cc6d4c27a5022d250df931fb04507c307ef640a452200da
298c64c703e4631aee1d9660d83fbc8002e092a7315e7ffea8bf20e35ad3b0e2
2e98c7afb5696bf2b30f59eeb5cf6ccdb6d39c031d34c41b4549ac396e7733c9
32d0aa168767f294b492a214e83bee8b78f32947b1bcb7989bf265c0be797ec9
3bb4e1fc06b4156a81a106043b5c336fd79a0e6492f065aa051bb524eb84ada8
3d70ce95eb1eb78620cc57fe1a6a479e6f2d70508bf813238e573863df000d6e
427653d8b0569e986b88bb7dca1852b627a034f69be1da68b150eb0d2bbacb5d
434ea2405de1471a1498378565866ac1242b32d4342125d6d6e7e4dc31679a1c
5f8d9ac8da41621e19b133f13aae8aa53dcce137155577e9569f0f991ca415be
6cea7a6b2b7bc67c0bf3a4f96c4831edb6483c2ca70b49ee991e890134353534
704c03388d696028b43d5a1c5d4b4b7d6de3305ab5da61f507e552595544b0c0
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
7f5bb28ce3308be6c17f91a29af299a30b56102413c1d8f698a3de95597b4923
83064b75527822eef1facafb12a3a7eab29260778cbbd410839c6efabaa438cf
9e6de70903f4b0f70fc6b57dcc423aae2bd167d5bd5e3c7a4f8f3bc9ad795b24
9fbcf7322ff055060c2331d347f9bd60dd7a40749d087941601f0e8ea550f0ab
c852b1105eb000028e9b27677996f8d4773daa31fa1aaf663cb6ae3a6857a50a
cd776aa311400c90accd07b01cf79a23278d85d536ecccd66b895586be32c23d
ce76a3c4e68d0240a62104fcd2d541d94a3288712e2593fb7c81447b257e480f
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d4187fb85d5e0b719d7b92a36cc69a8b2e0a97e94243852c5ad8dedb5e571b24
da24b61af1e6da7f2389ece9a26cd05be607d766f49f4eb8a78f6d933419fb6a
dfe8afb02af1ba9b78b4ab843c35456fdbc4bc1f9650899ffae81ccdbe8d982e
e21a6ba0c45fe6e628fa581ec675bdc41a4beb85548488bb6498db560718c442
ece4c02b45123d2c7268da6c440e120cbfaed502944ab4d2da52382c5f6de576
f42b7a2cbb2607296976b3374653138109d4b2f05070c52820860ed1a83a98da
f701b64755ab969fb01868e2cfec313cd87960365dc034dee687d9deeeef0c15
ffd26acbe70a1162cc29472412c5a497f7387a49cb54a580c68590b0a12de2b5