t06k1tb.goesrootbaby.live
Open in
urlscan Pro
185.155.184.55
Malicious Activity!
Public Scan
Effective URL: https://t06k1tb.goesrootbaby.live/dkpvrpel/?u=bt1k60t&o=xqt63qn&t=cid%3A10926&cid=10926-14330-2024082321223601a1&f=1&sid=t3~ebkzje...
Submission: On August 23 via api from US — Scanned from US
Summary
TLS certificate: Issued by E5 on August 23rd 2024. Valid for: 3 months.
This is the only time t06k1tb.goesrootbaby.live was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Google (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 31.184.200.202 31.184.200.202 | 210756 (EDGECENTE...) (EDGECENTERLLC) | |
1 | 5.23.51.236 5.23.51.236 | 9123 (TIMEWEB-AS) (TIMEWEB-AS) | |
1 1 | 2606:4700:303... 2606:4700:3032::ac43:acdf | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 185.155.186.33 185.155.186.33 | 203639 (TEKNOLOGY) (TEKNOLOGY) | |
29 | 185.155.184.55 185.155.184.55 | 6898 (AS-6898 C...) (AS-6898 C41.CH SAGL - LUGANO Data Center) | |
1 | 136.243.216.235 136.243.216.235 | 24940 (HETZNER-AS) (HETZNER-AS) | |
34 | 5 |
ASN210756 (EDGECENTERLLC, RU)
PTR: us21.besteml.com
us21.besteml.com |
ASN9123 (TIMEWEB-AS, RU)
PTR: vh360.timeweb.ru
himprom-group.ru |
ASN6898 (AS-6898 C41.CH SAGL - LUGANO Data Center, CH)
t06k1tb.goesrootbaby.live |
ASN24940 (HETZNER-AS, DE)
PTR: static.235.216.243.136.clients.your-server.de
jsontdsexit2.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
29 |
goesrootbaby.live
t06k1tb.goesrootbaby.live |
347 KB |
2 |
enhancemalenew.life
enhancemalenew.life |
62 KB |
1 |
jsontdsexit2.com
jsontdsexit2.com — Cisco Umbrella Rank: 410365 |
515 B |
1 |
cataler.shop
celestial.cataler.shop Failed |
754 B |
1 |
himprom-group.ru
himprom-group.ru |
599 B |
1 |
besteml.com
1 redirects
us21.besteml.com |
188 B |
34 | 6 |
Domain | Requested by | |
---|---|---|
29 | t06k1tb.goesrootbaby.live |
enhancemalenew.life
t06k1tb.goesrootbaby.live |
2 | enhancemalenew.life |
himprom-group.ru
|
1 | jsontdsexit2.com |
t06k1tb.goesrootbaby.live
|
1 | celestial.cataler.shop |
himprom-group.ru
|
1 | himprom-group.ru | |
1 | us21.besteml.com | 1 redirects |
34 | 6 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
himprom-group.ru R10 |
2024-06-09 - 2024-09-07 |
3 months | crt.sh |
enhancemalenew.life R11 |
2024-07-07 - 2024-10-05 |
3 months | crt.sh |
goesrootbaby.live E5 |
2024-08-23 - 2024-11-21 |
3 months | crt.sh |
jsontdsexit2.com E5 |
2024-07-19 - 2024-10-17 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://t06k1tb.goesrootbaby.live/dkpvrpel/?u=bt1k60t&o=xqt63qn&t=cid%3A10926&cid=10926-14330-2024082321223601a1&f=1&sid=t3~ebkzjej2taa2cuoby3a2b4h4&fp=084UHjVLoSpuSg6yhwcNKg%3D%3D
Frame ID: D7CBA3ABA3C9C0D52EDDFDDBC9EEABEC
Requests: 34 HTTP requests in this frame
Screenshot
Page Title
2024 Annual Visitor SurveyPage URL History Show full URLs
-
https://us21.besteml.com/ru/mail_link_tracker?hash=6e39yx55d15tnp8k6nknijbebg56obmknqhbshi9jzkns9m9kg...
HTTP 307
https://himprom-group.ru/ Page URL
-
https://celestial.cataler.shop/help/?31751723727147
HTTP 302
https://enhancemalenew.life//?u=bt1k60t&o=xqt63qn&t=cid:10926&cid=10926-14330-2024082321223601a1 Page URL
- https://t06k1tb.goesrootbaby.live/dkpvrpel/?u=bt1k60t&o=xqt63qn&t=cid%3A10926&cid=10926-14330-2024082321223601... Page URL
Detected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Font Awesome (Font Scripts) Expand
Detected patterns
- <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://us21.besteml.com/ru/mail_link_tracker?hash=6e39yx55d15tnp8k6nknijbebg56obmknqhbshi9jzkns9m9kgy9w3dc6d1iua5be3sdt6tnehozxoewmpiqr4sfxj8gquam1qruifsy&url=aHR0cHM6Ly9oaW1wcm9tLWdyb3VwLnJ1&uid=NTA2Njk4MQ~~&ucs=32b6761356430d678b8b3f9389fedac5
HTTP 307
https://himprom-group.ru/ Page URL
-
https://celestial.cataler.shop/help/?31751723727147
HTTP 302
https://enhancemalenew.life//?u=bt1k60t&o=xqt63qn&t=cid:10926&cid=10926-14330-2024082321223601a1 Page URL
- https://t06k1tb.goesrootbaby.live/dkpvrpel/?u=bt1k60t&o=xqt63qn&t=cid%3A10926&cid=10926-14330-2024082321223601a1&f=1&sid=t3~ebkzjej2taa2cuoby3a2b4h4&fp=084UHjVLoSpuSg6yhwcNKg%3D%3D Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://us21.besteml.com/ru/mail_link_tracker?hash=6e39yx55d15tnp8k6nknijbebg56obmknqhbshi9jzkns9m9kgy9w3dc6d1iua5be3sdt6tnehozxoewmpiqr4sfxj8gquam1qruifsy&url=aHR0cHM6Ly9oaW1wcm9tLWdyb3VwLnJ1&uid=NTA2Njk4MQ~~&ucs=32b6761356430d678b8b3f9389fedac5 HTTP 307
- https://himprom-group.ru/
- https://celestial.cataler.shop/help/?31751723727147 HTTP 302
- https://enhancemalenew.life//?u=bt1k60t&o=xqt63qn&t=cid:10926&cid=10926-14330-2024082321223601a1
34 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
himprom-group.ru/ Redirect Chain
|
1 KB 599 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
/
celestial.cataler.shop/help/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
enhancemalenew.life// Redirect Chain
|
62 KB 62 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
/
t06k1tb.goesrootbaby.live/dkpvrpel/ |
17 KB 17 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
favicon.ico
enhancemalenew.life/ |
0 136 B |
Other
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrap-mini.css
t06k1tb.goesrootbaby.live/media/mainstream/all/mb/ |
10 KB 11 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
font-awesome-mini.css
t06k1tb.goesrootbaby.live/media/mainstream/all/mb/ |
2 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main-like.css
t06k1tb.goesrootbaby.live/media/mainstream/all/mb/ |
7 KB 8 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.min.js
t06k1tb.goesrootbaby.live/media/mainstream/all/mb/ |
85 KB 85 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
1.js
t06k1tb.goesrootbaby.live/media/mainstream/all/mb/ |
12 KB 13 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
8.js
t06k1tb.goesrootbaby.live/media/mainstream/all/mb/ |
6 KB 6 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
u.js
t06k1tb.goesrootbaby.live/media/mainstream/ |
23 KB 24 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo_f01.png
t06k1tb.goesrootbaby.live/media/mainstream/all/mb/ |
7 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
2.js
t06k1tb.goesrootbaby.live/media/mainstream/all/mb/ |
15 KB 16 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
3.js
t06k1tb.goesrootbaby.live/media/mainstream/all/mb/ |
15 KB 15 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
iphone15pro.png
t06k1tb.goesrootbaby.live/media/mainstream/all/mb/ |
45 KB 46 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
img1.jpg
t06k1tb.goesrootbaby.live/media/mainstream/all/mb/ |
1 KB 2 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
img2.jpg
t06k1tb.goesrootbaby.live/media/mainstream/all/mb/ |
1 KB 2 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
yWwCB4c.jpg
t06k1tb.goesrootbaby.live/media/mainstream/all/mb/ |
2 KB 3 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
3temv7e.jpg
t06k1tb.goesrootbaby.live/media/mainstream/all/mb/ |
1 KB 2 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
7wSpKDu.jpg
t06k1tb.goesrootbaby.live/media/mainstream/all/mb/ |
2 KB 3 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
9PH2QqX.jpg
t06k1tb.goesrootbaby.live/media/mainstream/all/mb/ |
2 KB 3 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
EKZrmbS.jpg
t06k1tb.goesrootbaby.live/media/mainstream/all/mb/ |
2 KB 3 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
yEUMY3v.jpg
t06k1tb.goesrootbaby.live/media/mainstream/all/mb/ |
2 KB 2 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
KqX499j.png
t06k1tb.goesrootbaby.live/media/mainstream/all/mb/ |
2 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
DsrKpkj.jpg
t06k1tb.goesrootbaby.live/media/mainstream/all/mb/ |
1 KB 2 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
plR22yu.jpg
t06k1tb.goesrootbaby.live/media/mainstream/all/mb/ |
1017 B 2 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
4.js
t06k1tb.goesrootbaby.live/media/mainstream/all/mb/ |
679 B 1 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
5.js
t06k1tb.goesrootbaby.live/media/mainstream/all/mb/ |
12 KB 12 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
6.js
t06k1tb.goesrootbaby.live/media/mainstream/all/mb/ |
28 KB 29 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
7.js
t06k1tb.goesrootbaby.live/media/mainstream/all/mb/ |
8 KB 9 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
getextparams
jsontdsexit2.com/ExtService.svc/ |
647 B 515 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
chrome58x58.png
t06k1tb.goesrootbaby.live/media/mainstream/us/wap/mobsurvey/ |
8 KB 9 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
alert.mp3
t06k1tb.goesrootbaby.live/media/mainstream/ |
9 KB 9 KB |
XHR
audio/mpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- celestial.cataler.shop
- URL
- https://celestial.cataler.shop/help/?31751723727147
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Google (Online)90 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| requestLink function| $ function| jQuery function| _0xc564 function| _0x1ac3e6 function| _0x1b24 function| detect_language function| faviconPulse function| geoip_city function| loadJSON function| loadTextFileAjaxSync object| locationJSON string| city string| sMobile string| sDesktop function| isMobileDevice string| sound function| _0x2716 function| _0x1281 function| returnDate function| _0x58f5f8 function| getCookie function| getBackendParamsByName function| addSessionId function| returnSessionId number| exDays function| wireUpEvents function| getUrlParameter function| _0x220e string| exitsplashpage function| _0x474f function| getUrlWithParam function| DisplayExitSplash function| addLoadEvent function| addClickEvent function| disablelinksfunc function| disableformsfunc function| prevent function| getParameterByName function| languageDetection function| writeLocation function| showLocation function| docReady function| Cookies function| _0x49ff33 function| _0x41af string| nAgt string| browserName number| verOffset function| _0xc3b8 function| _0xf2f28d function| _0x546c function| _0xe019 function| FBcom function| handleIntersection object| observer object| targetElement function| _0x510a23 object| canvas1 object| ctx number| W number| H number| mp number| animationHandler object| particles number| angle number| tiltAngle boolean| confettiActive object| particleColors function| confettiParticle function| InitializeButton function| SetGlobals function| InitializeConfetti function| Draw function| RandomFromTo function| _0x5186 function| Update function| CheckForReposition function| _0x9e7e function| stepParticle function| repositionParticle function| StartConfetti function| ClearTimers function| DeactivateConfetti function| StopConfetti function| RestartConfetti function| requestAnimFrame function| _0x59ea function| _0x4b9a08 function| _0x42205 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
himprom-group.ru/ | Name: ht_rr Value: 1 |
|
.celestial.cataler.shop/ | Name: 00831 Value: %7B%22streams%22%3A%7B%2214330%22%3A1724437356%7D%2C%22campaigns%22%3A%7B%2210926%22%3A1724437356%7D%2C%22time%22%3A1724437356%7D |
|
enhancemalenew.life/ | Name: sid Value: t3~ebkzjej2taa2cuoby3a2b4h4 |
|
enhancemalenew.life/ | Name: p1 Value: https://goesrootbaby.live/dkpvrpel/ |
|
enhancemalenew.life/ | Name: s1 Value: e22gmzbtaqdptqs7 |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
celestial.cataler.shop
enhancemalenew.life
himprom-group.ru
jsontdsexit2.com
t06k1tb.goesrootbaby.live
us21.besteml.com
celestial.cataler.shop
136.243.216.235
185.155.184.55
185.155.186.33
2606:4700:3032::ac43:acdf
31.184.200.202
5.23.51.236
03764aa86cdd3dde4d2441b90a813d055e9f8af852d849ff18bc148b9554549b
3219e9b5673785cb942331858ef7eee4924ac34c885f2f11533c52b2ec622784
388e1eb0cb648490ea1c4913f4ea3128f3fbfbda0608bf85e471d947db905302
45f901bd7a281c73db028f014eb9196ad0297d6eaede94151bf2832946eb8f07
4a38335b55379462b766727785b7505320bcc608f7c9c8890b7bf70513570624
6fe53a5e470262d7257f695b771b3ed6cbb637165fe5d2dfa4d8e3c5bc7685e8
740952c4d21a71432b2bdf727ba7568e23a58b26656857acbb9196b34a073a6c
7a94681a57ec6c39e857fcaa26418de63c5e93b827f0fa1e44d3da3b7d3c2a7d
84d7f0648aeba8d80bb0f47e781cba8955b8fa7425748d9830c7a8c9bc35e5e9
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
898d05a17f2cfc5120ddcdba47a885c378c0b466f30f0700e502757e24b403a1
91e5c1968eee9298437a097fd47978a077d667e086593ab0fd7988ef60d2ddf4
9545948eefe774be5121de01ef9c14207891c35116bba14056471a59e4c212a1
9d3497a2d77fdd3eeeca1fa511771f641dd2cf62380a65513c1c9c81ffa0c856
a7c86ca5470f7d68b4c5f1c87f29f7daf816d1bd95353091bba8753341bb6f5f
aa05de326a8afd2a7b16c253d8c10fc41857b474f23a814ffa7684d4ef17c1a9
aea3443ffa2df4454daac365b37a61f9b9b1ba24dc0899ff3afca9f770765ce0
b2134512608af652a98e1fa0528865c9ed7bfbc0776865fbbbf3ea552260ff46
b31317c3e7816470c11e8c1060d770b0c79f84c65f800512a83062d69f80caed
ba858c8ecc8f498253509a9251e5070ce3b3ad9950b704a22a9a1fb1efc62541
d79bc81189750262716692ade6cc4d6fb6c4fbc4aa01c2b9d0aa67e5788821fc
da6b9222d60f021de37dbcfb23d67a505271716c8105a3507e94160a51db8a14
df13515853ed2541b20a4ff5dc48ed81abc416f3633de894e6e685d54dcf634f
e157b45ed9a28fe95914f413692e496fc0a04a4191f22492ff3a8296fbaeda47
e3da7d20be42da6e260d3085d2a3f3965a549065345ee2d139e28625104e2393
e7eb3ba41e31f5d9710bb64a87a5e9e7664143a95f68d0f357fe0d4252bb58d5
eb9fe798331b592bd8fc54d5ede3ac19e961b5aa7c2dffb3dbb17ce5fcb88e01
f2ead250f003ad44fad41af0a1554922e31ab930fa86d90a8f2df62c048c2843
f30ac8920f3a3ab6621abad202e015353d46b61233549dfabe927234a9a5b3c5
fa07d78345204bf48b255523990b544e1b28f9a7810aaf2b8a5a356d05575205