roatalt.com
Open in
urlscan Pro
2a06:98c1:3121::3
Malicious Activity!
Public Scan
Effective URL: https://roatalt.com/sf/tpl9/?logo=total&item=ARFC&sub1=6JQU&sub2=470447&sub3=d0700243-878c-48eb-a807-86a231e44d03
Submission: On November 10 via manual from FR — Scanned from DK
Summary
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on August 17th 2022. Valid for: a year.
This is the only time roatalt.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Scam (Online)Domain & IP information
ASN30083 (AS-30083-GO-DADDY-COM-LLC, US)
PTR: barton-blake.mistrustfuldevastate.org.uk
fax.hilti.at |
ASN396362 (LEASEWEB-USA-NYC, US)
PTR: vps14307.ua-hosting.company
loundee.com |
ASN15169 (GOOGLE, US)
www.googletagmanager.com |
ASN15169 (GOOGLE, US)
www.google-analytics.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
22 |
roatalt.com
3 redirects
roatalt.com beacon.roatalt.com |
607 KB |
5 |
google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 97 |
20 KB |
4 |
fontawesome.com
kit.fontawesome.com — Cisco Umbrella Rank: 3084 ka-f.fontawesome.com — Cisco Umbrella Rank: 5936 |
23 KB |
2 |
pushserve.xyz
pushserve.xyz — Cisco Umbrella Rank: 227708 |
2 KB |
2 |
virtualpushplatform.com
virtualpushplatform.com — Cisco Umbrella Rank: 497684 |
5 KB |
2 |
kngarie.com
1 redirects
kngarie.com |
1 KB |
1 |
google.dk
www.google.dk — Cisco Umbrella Rank: 19581 |
501 B |
1 |
google.com
www.google.com — Cisco Umbrella Rank: 17 |
501 B |
1 |
doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 166 |
439 B |
1 |
googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 121 |
43 KB |
1 |
loundee.com
loundee.com |
449 B |
1 |
hilti.at
1 redirects
fax.hilti.at |
262 B |
39 | 12 |
Domain | Requested by | |
---|---|---|
19 | roatalt.com |
2 redirects
kngarie.com
roatalt.com |
5 | www.google-analytics.com |
www.googletagmanager.com
www.google-analytics.com roatalt.com |
3 | beacon.roatalt.com |
1 redirects
roatalt.com
|
3 | ka-f.fontawesome.com |
kit.fontawesome.com
|
2 | pushserve.xyz |
virtualpushplatform.com
|
2 | virtualpushplatform.com |
roatalt.com
virtualpushplatform.com |
2 | kngarie.com |
1 redirects
loundee.com
|
1 | www.google.dk | |
1 | www.google.com | |
1 | stats.g.doubleclick.net |
www.google-analytics.com
|
1 | www.googletagmanager.com |
roatalt.com
|
1 | kit.fontawesome.com |
roatalt.com
|
1 | loundee.com | |
1 | fax.hilti.at | 1 redirects |
39 | 14 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
loundee.com Sectigo RSA Domain Validation Secure Server CA |
2022-10-19 - 2023-10-19 |
a year | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-08-17 - 2023-08-17 |
a year | crt.sh |
*.fontawesome.com DigiCert TLS RSA SHA256 2020 CA1 |
2021-12-01 - 2023-01-01 |
a year | crt.sh |
*.google-analytics.com GTS CA 1C3 |
2022-10-17 - 2023-01-09 |
3 months | crt.sh |
*.virtualpushplatform.com E1 |
2022-10-19 - 2023-01-17 |
3 months | crt.sh |
beacon.roatalt.com R3 |
2022-09-17 - 2022-12-16 |
3 months | crt.sh |
pushserve.xyz Sectigo RSA Domain Validation Secure Server CA |
2022-08-01 - 2023-08-01 |
a year | crt.sh |
*.g.doubleclick.net GTS CA 1C3 |
2022-10-25 - 2023-01-17 |
3 months | crt.sh |
www.google.com GTS CA 1C3 |
2022-10-25 - 2023-01-17 |
3 months | crt.sh |
*.google.dk GTS CA 1C3 |
2022-10-17 - 2023-01-09 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://roatalt.com/sf/tpl9/?logo=total&item=ARFC&sub1=6JQU&sub2=470447&sub3=d0700243-878c-48eb-a807-86a231e44d03
Frame ID: E93F81908AAC5F7BCA3B63EC5AEAA161
Requests: 38 HTTP requests in this frame
Screenshot
Page Title
TotalPage URL History Show full URLs
-
http://fax.hilti.at/file.html?cbbbbccczjZKcxKxZcGcHJctc8p8nckzFcbbbbc
HTTP 302
https://loundee.com/ff07aac7d0d608e000/35_20002_2634683/1909_2831074_4108894_15/1_185-236-203-124 Page URL
- http://kngarie.com/r/88689171-7af5-4a57-ac68-14935a740c06/470447/1286698826/35_20002_2634683 Page URL
-
http://kngarie.com/r2/88689171-7af5-4a57-ac68-14935a740c06/470447/1286698826/35_20002_2634683/d...
HTTP 302
https://roatalt.com/sf/tpl9?logo=total&item=ARFC&sub1=6JQU&sub2=470447&sub3=d0700243-878c-48eb-a... HTTP 301
http://roatalt.com/sf/tpl9/?logo=total&item=ARFC&sub1=6JQU&sub2=470447&sub3=d0700243-878c-48eb-... HTTP 301
https://roatalt.com/sf/tpl9/?logo=total&item=ARFC&sub1=6JQU&sub2=470447&sub3=d0700243-878c-48eb-... Page URL
Detected technologies
Font Awesome (Font Scripts) ExpandDetected patterns
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- kit\.fontawesome\.com/([0-9a-z]+).js
Google Analytics (Analytics) Expand
Detected patterns
- google-analytics\.com/(?:ga|urchin|analytics)\.js
Google Tag Manager (Tag Managers) Expand
Detected patterns
- googletagmanager\.com/gtag/js
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://fax.hilti.at/file.html?cbbbbccczjZKcxKxZcGcHJctc8p8nckzFcbbbbc
HTTP 302
https://loundee.com/ff07aac7d0d608e000/35_20002_2634683/1909_2831074_4108894_15/1_185-236-203-124 Page URL
- http://kngarie.com/r/88689171-7af5-4a57-ac68-14935a740c06/470447/1286698826/35_20002_2634683 Page URL
-
http://kngarie.com/r2/88689171-7af5-4a57-ac68-14935a740c06/470447/1286698826/35_20002_2634683/d0700243-878c-48eb-a807-86a231e44d03/?fctr=0
HTTP 302
https://roatalt.com/sf/tpl9?logo=total&item=ARFC&sub1=6JQU&sub2=470447&sub3=d0700243-878c-48eb-a807-86a231e44d03 HTTP 301
http://roatalt.com/sf/tpl9/?logo=total&item=ARFC&sub1=6JQU&sub2=470447&sub3=d0700243-878c-48eb-a807-86a231e44d03 HTTP 301
https://roatalt.com/sf/tpl9/?logo=total&item=ARFC&sub1=6JQU&sub2=470447&sub3=d0700243-878c-48eb-a807-86a231e44d03 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://fax.hilti.at/file.html?cbbbbccczjZKcxKxZcGcHJctc8p8nckzFcbbbbc HTTP 302
- https://loundee.com/ff07aac7d0d608e000/35_20002_2634683/1909_2831074_4108894_15/1_185-236-203-124
- https://beacon.roatalt.com/g2/e0caed8f-1761-4470-9a8b-afa091237d91?item=ARFC&logo=total&sub1=6JQU&sub2=470447&sub3=d0700243-878c-48eb-a807-86a231e44d03 HTTP 302
- https://beacon.roatalt.com/s/957dd2e9-89fb-4fa9-b683-c42d58cbbde4?&requestid=CFll4H4jHo&destinationid=495645087&item=ARFC&logo=total&sub1=6JQU&sub2=470447&sub3=d0700243-878c-48eb-a807-86a231e44d03
39 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
1_185-236-203-124
loundee.com/ff07aac7d0d608e000/35_20002_2634683/1909_2831074_4108894_15/ Redirect Chain
|
155 B 449 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
35_20002_2634683
kngarie.com/r/88689171-7af5-4a57-ac68-14935a740c06/470447/1286698826/ |
708 B 863 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
/
roatalt.com/sf/tpl9/ Redirect Chain
|
14 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
268a7048dd.js
kit.fontawesome.com/ |
11 KB 4 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
www.googletagmanager.com/gtag/ |
109 KB 43 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bundle.7f78845e1b13708eb4e9.css
roatalt.com/sf/tpl9/ |
490 KB 63 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
img-3.png
roatalt.com/sf/tpl9/public/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
like.png
roatalt.com/sf/tpl9/public/ |
466 B 979 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
img-4.png
roatalt.com/sf/tpl9/public/ |
2 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
img-5.png
roatalt.com/sf/tpl9/public/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
img-6.png
roatalt.com/sf/tpl9/public/ |
2 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
img-7.png
roatalt.com/sf/tpl9/public/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
img-8.png
roatalt.com/sf/tpl9/public/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
img-9.png
roatalt.com/sf/tpl9/public/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
img-10.png
roatalt.com/sf/tpl9/public/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
img-11.png
roatalt.com/sf/tpl9/public/ |
2 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
img-12.png
roatalt.com/sf/tpl9/public/ |
875 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
8.f2527a54.chunk.js
roatalt.com/sf/tpl9/js/ |
327 KB 108 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
app.f0944f7c.js
roatalt.com/sf/tpl9/js/ |
603 KB 112 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
free.min.css
ka-f.fontawesome.com/releases/v5.15.4/css/ |
59 KB 13 KB |
Fetch
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
free-v4-shims.min.css
ka-f.fontawesome.com/releases/v5.15.4/css/ |
26 KB 4 KB |
Fetch
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
free-v4-font-face.min.css
ka-f.fontawesome.com/releases/v5.15.4/css/ |
3 KB 2 KB |
Fetch
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ace-push.js
virtualpushplatform.com/ |
13 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
summary
beacon.roatalt.com/geo/ |
129 B 584 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
total.png
roatalt.com/sf/tpl9/public/total/ |
55 KB 56 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
cart.png
roatalt.com/sf/tpl9/public/total/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
957dd2e9-89fb-4fa9-b683-c42d58cbbde4
beacon.roatalt.com/s/ Redirect Chain
|
302 KB 231 KB |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
analytics.js
www.google-analytics.com/ |
49 KB 20 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
collect
www.google-analytics.com/j/ |
2 B 22 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
collect
www.google-analytics.com/ |
35 B 55 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
visit
pushserve.xyz/api/v1/ |
1 KB 2 KB |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H2 |
visit
pushserve.xyz/api/v1/ |
0 0 |
Preflight
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
collect
stats.g.doubleclick.net/j/ |
4 B 439 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ga-audiences
www.google.com/ads/ |
42 B 501 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ga-audiences
www.google.dk/ads/ |
42 B 501 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
222 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
collect
www.google-analytics.com/ |
35 B 55 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
collect
www.google-analytics.com/ |
35 B 55 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST |
log-client-error
virtualpushplatform.com/api/v1/visit/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H3 |
log-client-error
virtualpushplatform.com/api/v1/visit/ |
0 0 |
Preflight
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- virtualpushplatform.com
- URL
- https://virtualpushplatform.com/api/v1/visit/log-client-error
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Scam (Online)29 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| gtag object| dataLayer object| FontAwesomeKitConfig object| webpackJsonp object| regeneratorRuntime function| _ object| core function| ScratchCard object| SCRATCH_TYPE object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga object| gaplugins object| gaGlobal object| gaData function| initializeAcePush function| setBaseUrl function| getLocation function| registerServiceWorker7 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
loundee.com/ | Name: uid22124 Value: 1286698826-20221109184201-df4c4c4f049bb0ec639965ed621cacd1- |
|
.kngarie.com/ | Name: 20c0b1dd-30ac-4d22-9719-d9b3ad790930-check Value: d0700243-878c-48eb-a807-86a231e44d03 |
|
.virtualpushplatform.com/ | Name: TiPMix Value: 11.976589871691246 |
|
.virtualpushplatform.com/ | Name: x-ms-routing-name Value: self |
|
.roatalt.com/ | Name: _ga Value: GA1.2.1922919538.1668040924 |
|
.roatalt.com/ | Name: _gid Value: GA1.2.334694228.1668040924 |
|
.roatalt.com/ | Name: _gat_gtag_UA_148357412_1 Value: 1 |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
beacon.roatalt.com
fax.hilti.at
ka-f.fontawesome.com
kit.fontawesome.com
kngarie.com
loundee.com
pushserve.xyz
roatalt.com
stats.g.doubleclick.net
virtualpushplatform.com
www.google-analytics.com
www.google.com
www.google.dk
www.googletagmanager.com
virtualpushplatform.com
176.223.109.114
199.217.116.70
20.50.64.3
2606:4700:3032::ac43:b158
2606:4700::6812:1734
2606:4700:e6::ac40:cb1c
2a00:1450:4001:810::200e
2a00:1450:4001:813::2003
2a00:1450:4001:813::2008
2a00:1450:4001:830::2004
2a00:1450:400c:c08::9b
2a06:98c1:3120::3
2a06:98c1:3121::3
45.55.126.207
94.23.179.205
01ff0a6dfebce308d517e495941065eb38cc8b37a7b2bf67df272aea25f69c40
0ca3bcdc244a011cff113f873678ee9de68479a7f6c7f360b171c3edbc96dd1a
149476ac2535eb87b112c0aaeca8c89dd7f363368b9a8eca3dfe772a79aaa6fe
182600ef12499261e2e971331530eb1caacd6c2106c4c864d158ac9c4a9a2327
18f551911c68e079ef629648f47ad743c99d47e9d5c0d5a475c7392a1f0ab248
1b95e45995da85bd1ba2c58965e1d99212ce2136806f3b29a7752eaf6dba07d6
1da5faaf501c546a81abcdce240475f09ea476dda9289c3d75efdd06c7adf35a
2de71078a09c67bf1b8dd1c8636e6d4dc63099ac947089d4add3db1206154170
2e17c79e1b4d86ddba5a9d2104902942db44f856a9fd63a137cf5deb35f56366
32aecc3fac7b5024a4dfef289a2ca8b890167a2fdacff6bf0a887a9c1e3b1ccc
4ba90609efbf3e11565b8b9005e57d80f53a8837ce693c9023ccb0626461d212
6dea47458a4cd7cd7312cc780a53c62e0c8b3ccc8d0b13c1ac0ea6e3dfcecea8
6e12c838f79e572b5d5cf1d6789fb4096c2a0ecd9dabda99c700bba7b3dfde75
73cb358bf47ed149f8fd7e3eada678166cfab77538c313ba72cb6e38d13253fa
754a17e6b2226214fe74ac6e0d0ee0311e59803b2592af7a83c6c7931767dd17
7adac1888791ad42f547c97c9c9dad37faee15dfb5e76f20eabc8a0a0b6168e9
7f8b63bff49fba3c5bae30f4eb39f2fd6d088fbe9d7292bdf37b0ef4a1ec68d6
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
845a5200eb01a02833e74b09ab84d6ec2aab5ee16211ee1a31b7eb6a4bb61ecc
90d74b1fd4ab2e63c48188d1e5b865a6390ac75718aa470f0781ca8f97885312
9b17d1bc53a49edcab5f29c232dde056d8ad18b6c948ad908134b64130eb2606
a07624449d64fd5fc81e2a512d1ff804fc4291362c3b1a42abaf943edba52b32
acbdfa1d8253dd6d097df60b37a5c64653a03f6f4418385a321fb1a6afba5d57
b0c40a3ef77aea7e48c710fa701af1d074224846ebf30cd9d82b7596c15da2c1
b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719
c7dde70c88be224c3f7c9e23b58ca2bd7fa0c344248ba851c2979b564e376cd8
d8edb60184023ad15f26531585b7d9b19589cab284514767c24cc2e198ae50bb
dc7862e88f500d502f5472a4e3b23cd3ae9c1888a7bf4291c1aeb8bc8148dc37
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
fba1dafda080b2bf2c0074fc8eb29203c48f2afa916065df41a0a76e48f63987
fc5128dfdcdfa0c3a9967a6d2f19399d7bf1aaae6ad7571b96b03915a1f30dda