Submitted URL: http://4-72co.co/CY76388360EE
Effective URL: https://lasallequito.edu.ec/rooka/
Submission: On September 23 via manual from CY — Scanned from SE

Summary

This website contacted 5 IPs in 4 countries across 5 domains to perform 8 HTTP transactions. The main IP is 34.95.206.133, located in United States and belongs to GOOGLE-CLOUD-PLATFORM, US. The main domain is lasallequito.edu.ec.
TLS certificate: Issued by cPanel, Inc. Certification Authority on July 7th 2022. Valid for: 3 months.
This is the only time lasallequito.edu.ec was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: DHL (Transportation)

Domain & IP information

IP Address AS Autonomous System
2 2 70.34.214.58 20473 (AS-CHOOPA)
1 34.95.206.133 396982 (GOOGLE-CL...)
1 2 188.114.97.12 13335 (CLOUDFLAR...)
1 34.254.43.202 16509 (AMAZON-02)
1 162.0.215.22 22612 (NAMECHEAP...)
8 5
Apex Domain
Subdomains
Transfer
2 zacksource.click
zacksource.click
76 KB
2 4-72co.co
4-72co.co
494 B
1 rootxone.me
rootxone.me
192 B
1 usabilla.com
w.usabilla.com — Cisco Umbrella Rank: 3414
16 KB
1 lasallequito.edu.ec
lasallequito.edu.ec
2 MB
8 5
Domain Requested by
2 zacksource.click 1 redirects lasallequito.edu.ec
2 4-72co.co 2 redirects
1 rootxone.me zacksource.click
1 w.usabilla.com srcdoc
1 lasallequito.edu.ec
8 5
Subject Issuer Validity Valid
lasallequito.edu.ec
cPanel, Inc. Certification Authority
2022-07-07 -
2022-10-05
3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2022-04-26 -
2023-04-26
a year crt.sh
w.usabilla.com
Amazon
2022-02-10 -
2023-03-11
a year crt.sh
rootxone.me
Sectigo RSA Domain Validation Secure Server CA
2022-02-22 -
2023-02-22
a year crt.sh

This page contains 3 frames:

Primary Page: https://lasallequito.edu.ec/rooka/
Frame ID: CFFAE554A2197426D00F9B44AD1CE4D7
Requests: 18 HTTP requests in this frame

Frame: https://zacksource.click/hello/users/eed94/
Frame ID: A0F872A18E2E3C166CA185DEDD4FE94F
Requests: 4 HTTP requests in this frame

Frame: https://w.usabilla.com/b2d2adfa16cf.js?lv=1
Frame ID: AFC9777E44E83534CD64C62A9AC40FC2
Requests: 1 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. http://4-72co.co/CY76388360EE HTTP 301
    http://4-72co.co/CY76388360EE/ HTTP 302
    https://lasallequito.edu.ec/rooka/ Page URL

Page Statistics

8
Requests

50 %
HTTPS

0 %
IPv6

5
Domains

5
Subdomains

5
IPs

4
Countries

2324 kB
Transfer

5596 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://4-72co.co/CY76388360EE HTTP 301
    http://4-72co.co/CY76388360EE/ HTTP 302
    https://lasallequito.edu.ec/rooka/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 4
  • https://zacksource.click/hello/users/ HTTP 302
  • https://zacksource.click/hello/users/eed94/

8 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
lasallequito.edu.ec/rooka/
Redirect Chain
  • http://4-72co.co/CY76388360EE
  • http://4-72co.co/CY76388360EE/
  • https://lasallequito.edu.ec/rooka/
3 MB
2 MB
Document
General
Full URL
https://lasallequito.edu.ec/rooka/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.95.206.133 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
133.206.95.34.bc.googleusercontent.com
Software
LiteSpeed /
Resource Hash
eea0c540652c5b4d64600ee9f9fdbdbc521c04daf79c937e4cca216542858fd6

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language
se-SE,se;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-encoding
br
content-type
text/html; charset=UTF-8
date
Fri, 23 Sep 2022 05:48:49 GMT
server
LiteSpeed
vary
Accept-Encoding,User-Agent

Redirect headers

Connection
keep-alive
Content-Length
0
Content-Type
text/html; charset=UTF-8
Date
Fri, 23 Sep 2022 05:48:48 GMT
Keep-Alive
timeout=60
Location
https://lasallequito.edu.ec/rooka/
Server
nginx
X-Powered-By
PHP/8.1.5
data:truncated
data:truncated
40 KB
40 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
5af5c3746b03792640b9cafdabddfb2c5407f72988e128541a88fa439607d940

Request headers

Referer
Origin
https://lasallequito.edu.ec
accept-language
se-SE,se;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Content-Type
application/font-woff
data:truncated
data:truncated
2 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
362bcaa42090e36611031bec6bdaa0600375ef847092cca195c58d3bae9b4419

Request headers

accept-language
se-SE,se;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Content-Type
image/svg+xml
data:truncated
data:truncated
40 KB
40 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
19d0bda83ecbc986620468801adf000c77c3c38398650903c63fac8dcbac4383

Request headers

Referer
Origin
https://lasallequito.edu.ec
accept-language
se-SE,se;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Content-Type
application/font-woff
data:truncated
data:truncated
41 KB
41 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
28ef8eb4855c358648f24cd9be624f9b9c636a2d9331dece905ce7b58c4b21c9

Request headers

Referer
Origin
https://lasallequito.edu.ec
accept-language
se-SE,se;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Content-Type
application/font-woff
/
zacksource.click/hello/users/eed94/ Frame A0F8
Redirect Chain
  • https://zacksource.click/hello/users/
  • https://zacksource.click/hello/users/eed94/
132 KB
76 KB
Document
General
Full URL
https://zacksource.click/hello/users/eed94/
Requested by
Host: lasallequito.edu.ec
URL: https://lasallequito.edu.ec/rooka/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
188.114.97.12 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/8.1.5
Resource Hash
4ae550cfee6578e2fb498b396f09e442be1e7ec0a256103d1025fbe2df0141b3

Request headers

Referer
https://lasallequito.edu.ec/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language
se-SE,se;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
74f0fe62acc71c06-OSL
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Fri, 23 Sep 2022 05:48:51 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5jjrV8k2ayQM4tzJdxc%2FHoKsc0nWX3F47XXQ8Wd8P1a%2BRKpRqUoSS4lypLu9A5uPOdazfs%2BfFD1oYFT%2F5%2BhaUFPoyzgjFDZp6H2idEKJPtMvAFu54kS%2FybL%2B4O6qDHU2A7Ro"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-powered-by
PHP/8.1.5

Redirect headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
74f0fe61fc521c06-OSL
content-type
text/html; charset=UTF-8
date
Fri, 23 Sep 2022 05:48:50 GMT
location
https://zacksource.click/hello/users/eed94/
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pX2KzbVCbkP4%2B6RiXHGNqAiBv4ydM8%2BRYjaldXbKydPeP%2FXcfIkALsaUzOC%2FRnMFEq7eTqVihBsJHWZCQkd%2FG7GiXZk3%2BPP2O%2FsTBv6Dcxw3f7xS%2BRIrT1UT129ji22DxZgM"}],"group":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
PHP/8.1.5
data:truncated
data:truncated
1 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
7b7e4adb65aa53b1bc731f15511c53d5beb73f187d5c5f35f19ebbfaf0decbbd

Request headers

accept-language
se-SE,se;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Content-Type
image/svg+xml
data:truncated
data:truncated
1 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
0b9219c0bb4070af4eca3f58737b60adf42ed3867bef6fbf9bf935ffa210d02f

Request headers

accept-language
se-SE,se;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Content-Type
image/svg+xml
data:truncated
data:truncated
2 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
fa27d936d088620b27debb4c2a3da24d27346505d247a56d098ae56e3a2da07a

Request headers

accept-language
se-SE,se;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Content-Type
image/svg+xml
data:truncated
data:truncated
2 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b5335e0b117f099169020346db0d11cba41d56ff38935733e6987f09bd7ebbf5

Request headers

accept-language
se-SE,se;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Content-Type
image/svg+xml
data:truncated
data:truncated
1 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
46098468df2bec8cb50790597de30d089ecd7dcc77432b6a08b9e3ff1a7d7802

Request headers

accept-language
se-SE,se;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Content-Type
image/svg+xml
data:truncated
data:truncated
43 KB
43 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
87c40e3961e21f759770615ae67568a3de3ec6e0735f1238a6aae062f4ea15d5

Request headers

Referer
Origin
https://lasallequito.edu.ec
accept-language
se-SE,se;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Content-Type
application/font-woff
b2d2adfa16cf.js?lv=1
w.usabilla.com/ Frame AFC9
68 KB
16 KB
Script
General
Full URL
https://w.usabilla.com/b2d2adfa16cf.js?lv=1
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.254.43.202 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-254-43-202.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
9b821d4f506c5d51b27d483b356c204ede2a099d2d5b316cd8331406753fbd95

Request headers

accept-language
se-SE,se;q=0.9
Referer
https://lasallequito.edu.ec/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 23 Sep 2022 05:48:50 GMT
content-encoding
gzip
x-widget-server
2.1
etag
"dc4655548422681bc6c6e863dfcc29a7"
content-type
text/javascript
cache-control
public,max-age=0
content-length
15906
data:truncated
data:truncated
74 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
be97b87d38cc8e03e82e4a73ccef3ce4997dbdc0e5ef7259bbe2db9402522a1c

Request headers

accept-language
se-SE,se;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Content-Type
image/jpeg
data:truncated
data:truncated
99 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a18c4e93c1519e4d37cf87403af638a6eadb55a88d6930998d766f6e8a8c5020

Request headers

accept-language
se-SE,se;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Content-Type
image/jpeg
data:truncated
data:truncated
71 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d2414cce6ee6e5ce602c45e4bfa7aea3c7ceaa03819987aae136a93253ab344c

Request headers

accept-language
se-SE,se;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Content-Type
image/jpeg
LZN4ifnnK5wcVrrq
rootxone.me/pixel/ Frame A0F8
0
192 B
Script
General
Full URL
https://rootxone.me/pixel/LZN4ifnnK5wcVrrq
Requested by
Host: zacksource.click
URL: https://zacksource.click/hello/users/eed94/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.0.215.22 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
premium184-1.web-hosting.com
Software
LiteSpeed / PHP/7.4.30
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
se-SE,se;q=0.9
Referer
https://zacksource.click/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma
cache
date
Fri, 23 Sep 2022 05:48:51 GMT
server
LiteSpeed
x-powered-by
PHP/7.4.30
content-type
application/javascript
cache-control
max-age=300
x-turbo-charged-by
LiteSpeed
content-length
0
expires
Fri, 23 Sep 2022 05:53:51 GMT
data:truncated
data:truncated Frame A0F8
19 KB
19 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
369602c7e55e19dbb5974b9f3dfb1efe8ba1f0e0822142f5790ee7be8c02a679

Request headers

Referer
Origin
https://zacksource.click
accept-language
se-SE,se;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Content-Type
application/font-woff2
data:truncated
data:truncated Frame A0F8
19 KB
19 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6c219f0268f9f338fc7341899f441e030e8c60a273fc211d9d9f7aae12611fe3

Request headers

Referer
Origin
https://zacksource.click
accept-language
se-SE,se;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Content-Type
application/font-woff2
data:truncated
data:truncated
511 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
5aa9a388b209895cda1b780f1a8a6c0293c5ac859c4a0d766b5a39d9ea000fcc

Request headers

accept-language
se-SE,se;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Content-Type
image/jpeg
data:truncated
data:truncated
226 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d71854e46da18172ed3b345fd5aea960da910e6bb0a39dd12e57ee1d792b1d26

Request headers

accept-language
se-SE,se;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Content-Type
image/jpeg
data:truncated
data:truncated
399 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
9b0e62097bfb5f146ba1203b0664e0831a8db3df26dbb437210934c7e131650b

Request headers

accept-language
se-SE,se;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Content-Type
image/jpeg
data:truncated
data:truncated
300 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
3a00c72d097a4ab9b0c5f078ef128cf63b39fbbe72c298f3c46b842ce0b5770d

Request headers

accept-language
se-SE,se;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Content-Type
image/jpeg

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: DHL (Transportation)

15 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| savepage_ShadowLoader

0 Cookies

6 Console Messages

Source Level URL
Text
other warning URL: https://lasallequito.edu.ec/rooka/(Line 9)
Message:
<link rel=preload> has an invalid `href` value
other warning URL: https://lasallequito.edu.ec/rooka/(Line 9)
Message:
<link rel=preload> has an invalid `href` value
other warning URL: https://lasallequito.edu.ec/rooka/(Line 10)
Message:
<link rel=preload> has an invalid `href` value
other warning URL: https://lasallequito.edu.ec/rooka/(Line 11)
Message:
<link rel=preload> has an invalid `href` value
other warning URL: https://lasallequito.edu.ec/rooka/(Line 12)
Message:
<link rel=preload> has an invalid `href` value
other warning URL: https://lasallequito.edu.ec/rooka/(Line 13)
Message:
<link rel=preload> has an invalid `href` value

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

4-72co.co
lasallequito.edu.ec
rootxone.me
w.usabilla.com
zacksource.click
162.0.215.22
188.114.97.12
34.254.43.202
34.95.206.133
70.34.214.58
0b9219c0bb4070af4eca3f58737b60adf42ed3867bef6fbf9bf935ffa210d02f
19d0bda83ecbc986620468801adf000c77c3c38398650903c63fac8dcbac4383
28ef8eb4855c358648f24cd9be624f9b9c636a2d9331dece905ce7b58c4b21c9
362bcaa42090e36611031bec6bdaa0600375ef847092cca195c58d3bae9b4419
369602c7e55e19dbb5974b9f3dfb1efe8ba1f0e0822142f5790ee7be8c02a679
3a00c72d097a4ab9b0c5f078ef128cf63b39fbbe72c298f3c46b842ce0b5770d
46098468df2bec8cb50790597de30d089ecd7dcc77432b6a08b9e3ff1a7d7802
4ae550cfee6578e2fb498b396f09e442be1e7ec0a256103d1025fbe2df0141b3
5aa9a388b209895cda1b780f1a8a6c0293c5ac859c4a0d766b5a39d9ea000fcc
5af5c3746b03792640b9cafdabddfb2c5407f72988e128541a88fa439607d940
651b675695363ea33cfb24fc05c6b22b9eb862bed3b1ba3f02eb26ba6c685c5b
6c219f0268f9f338fc7341899f441e030e8c60a273fc211d9d9f7aae12611fe3
7b7e4adb65aa53b1bc731f15511c53d5beb73f187d5c5f35f19ebbfaf0decbbd
87c40e3961e21f759770615ae67568a3de3ec6e0735f1238a6aae062f4ea15d5
8c6a5dc163115fa86582734510a28061e3f7746033d5d5ddba3224bcdba1ffa8
9b0e62097bfb5f146ba1203b0664e0831a8db3df26dbb437210934c7e131650b
9b821d4f506c5d51b27d483b356c204ede2a099d2d5b316cd8331406753fbd95
a18c4e93c1519e4d37cf87403af638a6eadb55a88d6930998d766f6e8a8c5020
a234843f5eeb37a67b57b5419d76dd938e2546f79619147f439fbef2199eb5af
b5335e0b117f099169020346db0d11cba41d56ff38935733e6987f09bd7ebbf5
be97b87d38cc8e03e82e4a73ccef3ce4997dbdc0e5ef7259bbe2db9402522a1c
d2414cce6ee6e5ce602c45e4bfa7aea3c7ceaa03819987aae136a93253ab344c
d71854e46da18172ed3b345fd5aea960da910e6bb0a39dd12e57ee1d792b1d26
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eea0c540652c5b4d64600ee9f9fdbdbc521c04daf79c937e4cca216542858fd6
f83d5a4f7f47132b22bd006c11b5240dff2e24239aad5669efb7162db6a9481b
fa27d936d088620b27debb4c2a3da24d27346505d247a56d098ae56e3a2da07a