shoplifemedia.com
Open in
urlscan Pro
91.220.101.49
Malicious Activity!
Public Scan
Effective URL: https://shoplifemedia.com/visitor_us_st/index_1_d.php?device_name=Desktop&browser_name=Chrome&language=en-US&city=Chicago&...
Submission: On July 13 via manual from US — Scanned from US
Summary
TLS certificate: Issued by R3 on June 23rd 2023. Valid for: 3 months.
This is the only time shoplifemedia.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Customer Survey Spam (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 2606:4700:303... 2606:4700:3031::ac43:8f56 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 1 | 2606:4700:303... 2606:4700:3035::6815:5f3a | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 1 | 193.29.63.221 193.29.63.221 | 63473 (HOSTHATCH) (HOSTHATCH) | |
1 1 | 103.147.122.142 103.147.122.142 | 135932 (VNDATA-AS...) (VNDATA-AS-VN Viet Storage Technology Joint Stock Company) | |
21 | 91.220.101.49 91.220.101.49 | 34259 (HIGHLOADS...) (HIGHLOADSYSTEMS) | |
1 | 2001:4de0:ac1... 2001:4de0:ac18::1:a:1a | 20446 (STACKPATH...) (STACKPATH-CDN) | |
1 | 2607:f8b0:402... 2607:f8b0:4020:805::200a | 15169 (GOOGLE) (GOOGLE) | |
4 | 2600:9000:220... 2600:9000:2209:1a00:b:4623:cac0:21 | 16509 (AMAZON-02) (AMAZON-02) | |
27 | 4 |
ASN135932 (VNDATA-AS-VN Viet Storage Technology Joint Stock Company, VN)
shoptrkk.com |
ASN34259 (HIGHLOADSYSTEMS, UA)
PTR: srv-s49.antiddos.eu
shoplifemedia.com |
ASN16509 (AMAZON-02, US)
d3e1y4kxkqljcb.cloudfront.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
21 |
shoplifemedia.com
shoplifemedia.com |
366 KB |
4 |
cloudfront.net
d3e1y4kxkqljcb.cloudfront.net |
372 KB |
2 |
shorturl.at
2 redirects
shorturl.at — Cisco Umbrella Rank: 62356 www.shorturl.at — Cisco Umbrella Rank: 70421 |
1 KB |
1 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 88 |
1 KB |
1 |
jquery.com
code.jquery.com — Cisco Umbrella Rank: 749 |
33 KB |
1 |
shoptrkk.com
1 redirects
shoptrkk.com |
1 KB |
1 |
kystnesybl.com
1 redirects
www.kystnesybl.com |
377 B |
27 | 7 |
Domain | Requested by | |
---|---|---|
21 | shoplifemedia.com |
shoplifemedia.com
code.jquery.com |
4 | d3e1y4kxkqljcb.cloudfront.net |
shoplifemedia.com
code.jquery.com |
1 | fonts.googleapis.com |
shoplifemedia.com
|
1 | code.jquery.com |
shoplifemedia.com
|
1 | shoptrkk.com | 1 redirects |
1 | www.kystnesybl.com | 1 redirects |
1 | www.shorturl.at | 1 redirects |
1 | shorturl.at | 1 redirects |
27 | 8 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
shoplifemedia.com R3 |
2023-06-23 - 2023-09-21 |
3 months | crt.sh |
*.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2023-07-11 - 2024-07-14 |
a year | crt.sh |
upload.video.google.com GTS CA 1C3 |
2023-06-19 - 2023-09-11 |
3 months | crt.sh |
*.cloudfront.net Amazon RSA 2048 M01 |
2022-12-08 - 2023-12-07 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://shoplifemedia.com/visitor_us_st/index_1_d.php?device_name=Desktop&browser_name=Chrome&language=en-US&city=Chicago&clickid=65c8axs2tlpvrebd&campaign=2850&user_id=1&clickcost=0&lander=2033&time=1689220875&browser_version=114.0.5735.198&device_model=Desktop&device_brand=Desktop&resolution=Desktop&os_name=Windows&os_version=10.0&country=United%20States&country_code=US&isp=Nexeon%20Technologies&ip=104.237.193.28&user_agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/114.0.5735.198%20Safari/537.36&lpkey=168f89f123a4918475&target=sf&device=DESKTOP&country=US&ts={t9}&trafficsource=97&domain=shoptrkk.com&uclick=xs2tlpvr&uclickhash=xs2tlpvr-xs2tlpvr-gmft-uqwj-8pg5-9lbzdz-vc17dz-70610f
Frame ID: F4FCC538BC1CA1569164F23A5985AD21
Requests: 27 HTTP requests in this frame
Screenshot
Page Title
[1] Reward Pending - We Want Your Opinion!Page URL History Show full URLs
-
https://shorturl.at/ezM25
HTTP 301
https://www.shorturl.at/ezM25 HTTP 302
https://www.kystnesybl.com/Bi-xK4XnfVWmTCkjrA7p5aV47_H_38RDekIl1UGUDIzuVaUc6L4l1GjgSmrgLln-CC8CaI80OwRT... HTTP 302
https://shoptrkk.com/click.php?key=estn1cn3h9q5nf92esl7&clickid=732659536&target=sf&subid=823253 HTTP 302
https://shoplifemedia.com/visitor_us_st/index_1_d.php?device_name=Desktop&browser_name=Chrome&language... Page URL
- https://shoplifemedia.com/visitor_us_st/index_1_d.php?device_name=Desktop&browser_name=Chrome&language... Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
Bootstrap (Web Frameworks) Expand
Detected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://shorturl.at/ezM25
HTTP 301
https://www.shorturl.at/ezM25 HTTP 302
https://www.kystnesybl.com/Bi-xK4XnfVWmTCkjrA7p5aV47_H_38RDekIl1UGUDIzuVaUc6L4l1GjgSmrgLln-CC8CaI80OwRTsCJJEKKvmA~~/FRETO/GMIITO HTTP 302
https://shoptrkk.com/click.php?key=estn1cn3h9q5nf92esl7&clickid=732659536&target=sf&subid=823253 HTTP 302
https://shoplifemedia.com/visitor_us_st/index_1_d.php?device_name=Desktop&browser_name=Chrome&language=en-US&city=Chicago&clickid=65c8axs2tlpvrebd&campaign=2850&user_id=1&clickcost=0&lander=2033&time=1689220875&browser_version=114.0.5735.198&device_model=Desktop&device_brand=Desktop&resolution=Desktop&os_name=Windows&os_version=10.0&country=United%20States&country_code=US&isp=Nexeon%20Technologies&ip=104.237.193.28&user_agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/114.0.5735.198%20Safari/537.36&lpkey=168f89f123a4918475&target=sf&device=DESKTOP&country=US&ts={t9}&trafficsource=97&domain=shoptrkk.com&uclick=xs2tlpvr&uclickhash=xs2tlpvr-xs2tlpvr-gmft-uqwj-8pg5-9lbzdz-vc17dz-70610f Page URL
- https://shoplifemedia.com/visitor_us_st/index_1_d.php?device_name=Desktop&browser_name=Chrome&language=en-US&city=Chicago&clickid=65c8axs2tlpvrebd&campaign=2850&user_id=1&clickcost=0&lander=2033&time=1689220875&browser_version=114.0.5735.198&device_model=Desktop&device_brand=Desktop&resolution=Desktop&os_name=Windows&os_version=10.0&country=United%20States&country_code=US&isp=Nexeon%20Technologies&ip=104.237.193.28&user_agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/114.0.5735.198%20Safari/537.36&lpkey=168f89f123a4918475&target=sf&device=DESKTOP&country=US&ts={t9}&trafficsource=97&domain=shoptrkk.com&uclick=xs2tlpvr&uclickhash=xs2tlpvr-xs2tlpvr-gmft-uqwj-8pg5-9lbzdz-vc17dz-70610f Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://shorturl.at/ezM25 HTTP 301
- https://www.shorturl.at/ezM25 HTTP 302
- https://www.kystnesybl.com/Bi-xK4XnfVWmTCkjrA7p5aV47_H_38RDekIl1UGUDIzuVaUc6L4l1GjgSmrgLln-CC8CaI80OwRTsCJJEKKvmA~~/FRETO/GMIITO HTTP 302
- https://shoptrkk.com/click.php?key=estn1cn3h9q5nf92esl7&clickid=732659536&target=sf&subid=823253 HTTP 302
- https://shoplifemedia.com/visitor_us_st/index_1_d.php?device_name=Desktop&browser_name=Chrome&language=en-US&city=Chicago&clickid=65c8axs2tlpvrebd&campaign=2850&user_id=1&clickcost=0&lander=2033&time=1689220875&browser_version=114.0.5735.198&device_model=Desktop&device_brand=Desktop&resolution=Desktop&os_name=Windows&os_version=10.0&country=United%20States&country_code=US&isp=Nexeon%20Technologies&ip=104.237.193.28&user_agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/114.0.5735.198%20Safari/537.36&lpkey=168f89f123a4918475&target=sf&device=DESKTOP&country=US&ts={t9}&trafficsource=97&domain=shoptrkk.com&uclick=xs2tlpvr&uclickhash=xs2tlpvr-xs2tlpvr-gmft-uqwj-8pg5-9lbzdz-vc17dz-70610f
27 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
index_1_d.php
shoplifemedia.com/visitor_us_st/ Redirect Chain
|
1 KB 972 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
check.page
shoplifemedia.com/ |
1 B 259 B |
XHR
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
index_1_d.php
shoplifemedia.com/visitor_us_st/ |
70 KB 16 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrap.min.css
shoplifemedia.com/visitor_us_st/assets/ |
157 KB 24 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
all.css
shoplifemedia.com/visitor_us_st/assets/ |
72 KB 13 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
common.css
shoplifemedia.com/visitor_us_st/assets/ |
49 KB 11 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-1.11.1.min.js
code.jquery.com/ |
94 KB 33 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrap.min.js
shoplifemedia.com/visitor_us_st/assets/ |
62 KB 15 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
myscript_2.js
shoplifemedia.com/visitor_us_st/assets/ |
10 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
02831ab02f02782d9c47fffcfd5eadc4.png
shoplifemedia.com/visitor_us_st/assets/ |
18 KB 18 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
applause_right.png
shoplifemedia.com/visitor_us_st/assets/ |
77 KB 78 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
9b69072b6bef17360bbbbcd759320927.png
shoplifemedia.com/visitor_us_st/assets/ |
8 KB 8 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
279132e34471a44f9e9c889082127894.png
shoplifemedia.com/visitor_us_st/assets/ |
5 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
redirect_bin_withoutcomm.js
shoplifemedia.com/ |
538 B 875 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
common.js
shoplifemedia.com/visitor_us_st/assets/ |
6 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css2
fonts.googleapis.com/ |
5 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
sf.css
shoplifemedia.com/visitor_us_st/css/ |
2 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
sf.json
shoplifemedia.com/visitor_us_st/datas/ |
994 B 1 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
sf.json
shoplifemedia.com/visitor_us_st/datas/ |
994 B 1 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
addstyle.css
shoplifemedia.com/ |
2 KB 921 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gold_gift_new.png
d3e1y4kxkqljcb.cloudfront.net/survey_us_d/gold_gift/ |
153 KB 153 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
index_1_d.php
shoplifemedia.com/visitor_us_st/ |
70 KB 70 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sprite_40.png
d3e1y4kxkqljcb.cloudfront.net/survey_us_d/ |
57 KB 58 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icomoon.ttf
shoplifemedia.com/visitor_us_st/assets/fonts/ |
1 KB 2 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fa-solid-900.woff2
shoplifemedia.com/visitor_us_st/assets/fonts/ |
93 KB 93 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
0707_banner_summerspecial_01.jpg
d3e1y4kxkqljcb.cloudfront.net/survey_us_d/ |
156 KB 157 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
conf.js
d3e1y4kxkqljcb.cloudfront.net/survey_us_d/ |
3 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Customer Survey Spam (Consumer)38 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless object| onbeforetoggle object| onscrollend function| $ function| jQuery object| bootstrap object| jQuery111108264435436514366 function| $_GET object| months function| days object| time object| d string| dateNow object| now string| targets undefined| gift function| loadingData function| timer string| target string| dmn string| redirect_url string| back_url_link object| $curr object| data boolean| processing function| showOfferWall function| daysInMonth function| overflowP function| showDisclaimer function| preventS function| comment function| showModal function| showOfferWallU function| startTimer function| loadingOffers function| timer1 string| titleOut boolean| onlyOnKonami4 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
shoplifemedia.com/visitor_us_st | Name: referrer Value: |
|
.kystnesybl.com/ | Name: uid11153 Value: 732659536-20230713050115-91e81806c32b447f0d2b05187ac0ea88- |
|
shoptrkk.com/ | Name: uclick Value: xs2tlpvr |
|
shoptrkk.com/ | Name: uclickhash Value: xs2tlpvr-xs2tlpvr-gmft-uqwj-8pg5-9lbzdz-vc17dz-70610f |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
code.jquery.com
d3e1y4kxkqljcb.cloudfront.net
fonts.googleapis.com
shoplifemedia.com
shoptrkk.com
shorturl.at
www.kystnesybl.com
www.shorturl.at
103.147.122.142
193.29.63.221
2001:4de0:ac18::1:a:1a
2600:9000:2209:1a00:b:4623:cac0:21
2606:4700:3031::ac43:8f56
2606:4700:3035::6815:5f3a
2607:f8b0:4020:805::200a
91.220.101.49
0460c73243a3523e18d6a0e30e272e4107d462d54ea8fbd6667190724e5b8447
05c983ed393cf3e307c3deb93dd13e2ba12c32ca0a2ebee3fb723dd9e655aaf6
0bbf5c8ae8a1f305b863742906601a75a0ca12719da237328634a93a759af2fe
0d79ca3b13098126f0c0fc76aed54a8acf6e645e62eb5f0ff90571141dfe24b2
0ff21e9fbc2032b3b99fbdeb7aa92a8141a7043310e213fb56f049a452bf07a6
35d7a7b057af7a715b5aea6c9ca4fabdcdd3aeca6e74598f1491a806c3106e4f
36d0b3552e3921a6af29a164f7f2b19de78c916ff06bfd1697c8411543c045ed
4ac18ce9dd50403ef42cedc8bc65eb3b415131d6c6c2b667c425bebae2f3d08c
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441
612de5e4bc98dc2c2460fd0968abe15ab356576e663da9d22157918beb2de815
77b87560981b39bdf11f584eb12bb0aa59d72b32fe1c3313510744917cc97acf
7f436075f0a6abd34dafeb7489ff439f470051d146e1e48484d97d7f4628069b
8a4b73d0f18889c8be9a1e37edb8807f5d35d09581900d3165fe88a42ba6000e
8f1b88e498af929419d42f28d1b0aaaad090f45d4696babc2c4b767682495084
9ab4f4c2fbb7f22fd22e510a5797ecb47fb1c05c60c9c7ddc578d3841adaf33f
af566e9942b95a32f33b4a6c6b1d8bcd84165f64b731321683014d13cad161d1
bc4ba5ab1f79419e5c8a06db6d5ed27f78b026617608d8513bdf476bf78e1120
c0109e9747e94335267d540104b0b256bc507882206be853bfbd6b13ddb1c277
c889fb1af64cceab36a53b3d6e622710e0880b0ed4b38be7730561105b3c5bcc
d8968086f7509df34c3278563dab87399da4f9dcdfb419818e3a309eedc70b88
db5e4ee93c7b86d11f61d0e9ef1269f0c28013a828fb59efc79610a161131314
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4fdd7ac61625aa75e3f51d703a222a51b1c9be1f843a0c5b95a82105dd77cb4
f2789e02383a7f9c7310d30a63a5bf346cc4db4718cdf149a5aa87cb731e57cd
f77c0d1739b618edc4a01ca3f6b2990b01a3009030af49ee8cf68e83052df194