ofmyoffer.com
Open in
urlscan Pro
91.220.101.99
Public Scan
Effective URL: https://ofmyoffer.com/visitor_us_br_n/index_12_d.php?device_name=Desktop&browser_name=Chrome&language=en-US&city=Miami...
Submission: On March 18 via manual from US — Scanned from US
Summary
TLS certificate: Issued by R3 on January 11th 2024. Valid for: 3 months.
This is the only time ofmyoffer.com was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 2606:4700:303... 2606:4700:3033::6815:5acc | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 1 | 216.107.139.70 216.107.139.70 | 21769 (AS-COLOAM) (AS-COLOAM) | |
1 1 | 91.220.101.74 91.220.101.74 | 34259 (HIGHLOADS...) (HIGHLOADSYSTEMS) | |
13 | 91.220.101.99 91.220.101.99 | 34259 (HIGHLOADS...) (HIGHLOADSYSTEMS) | |
1 | 2a04:4e42:600... 2a04:4e42:600::649 | 54113 (FASTLY) (FASTLY) | |
3 | 2607:f8b0:400... 2607:f8b0:4004:c09::5f | 15169 (GOOGLE) (GOOGLE) | |
7 | 2600:9000:24f... 2600:9000:24f3:c800:b:4623:cac0:21 | 16509 (AMAZON-02) (AMAZON-02) | |
4 | 2607:f8b0:400... 2607:f8b0:4004:c1d::5e | 15169 (GOOGLE) (GOOGLE) | |
28 | 5 |
ASN16509 (AMAZON-02, US)
d3e1y4kxkqljcb.cloudfront.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
13 |
ofmyoffer.com
ofmyoffer.com |
32 KB |
7 |
cloudfront.net
d3e1y4kxkqljcb.cloudfront.net |
308 KB |
4 |
gstatic.com
fonts.gstatic.com |
70 KB |
3 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 110 |
2 KB |
1 |
jquery.com
code.jquery.com — Cisco Umbrella Rank: 1217 |
33 KB |
1 |
fluxtok.com
1 redirects
fluxtok.com |
1 KB |
1 |
whtenvlpe.com
1 redirects
www.whtenvlpe.com |
375 B |
1 |
ln.run
1 redirects
ln.run — Cisco Umbrella Rank: 386862 |
667 B |
28 | 8 |
Domain | Requested by | |
---|---|---|
13 | ofmyoffer.com |
ofmyoffer.com
code.jquery.com |
7 | d3e1y4kxkqljcb.cloudfront.net |
ofmyoffer.com
code.jquery.com |
4 | fonts.gstatic.com |
fonts.googleapis.com
|
3 | fonts.googleapis.com |
ofmyoffer.com
|
1 | code.jquery.com |
ofmyoffer.com
|
1 | fluxtok.com | 1 redirects |
1 | www.whtenvlpe.com | 1 redirects |
1 | ln.run | 1 redirects |
28 | 8 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
ofmyoffer.com R3 |
2024-01-11 - 2024-04-10 |
3 months | crt.sh |
*.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2023-07-11 - 2024-07-14 |
a year | crt.sh |
upload.video.google.com GTS CA 1C3 |
2024-02-19 - 2024-05-13 |
3 months | crt.sh |
*.cloudfront.net Amazon RSA 2048 M01 |
2023-10-10 - 2024-09-19 |
a year | crt.sh |
*.gstatic.com GTS CA 1C3 |
2024-02-19 - 2024-05-13 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://ofmyoffer.com/visitor_us_br_n/index_12_d.php?device_name=Desktop&browser_name=Chrome&language=en-US&city=Miami&clickid=a526dgxk2bgqq26a&campaign=2117&user_id=1&clickcost=0&lander=2025&time=1710767942&browser_version=122.0.6261.128&device_model=Desktop&device_brand=Desktop&resolution=Desktop&os_name=Windows&os_version=10.0&country=United%20States&country_code=US&isp=Cogent%20Communications&ip=38.132.118.71&user_agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/122.0.6261.128%20Safari/537.36&lpkey=1706108478c5628d42&target=aa&device=DESKTOP&country=US&ts={t9}&trafficsource=113&domain=fluxtok.com&uclick=gxk2bgqq&uclickhash=gxk2bgqq-gxk2bgqq-7vxs-16vr-gxj26o-uoe8vr-uoe8fe-4a8690
Frame ID: C88BE07BBD70C88293B75C9559FEEAB9
Requests: 28 HTTP requests in this frame
Screenshot
Page Title
[1] Reward Pending!Page URL History Show full URLs
-
https://ln.run/QrRux
HTTP 301
https://www.whtenvlpe.com/acTcl2kTmPSJi_Ld_mhpL_azk_0S74Cjr5CcRMulJCfgpWURl5NcD7GPD1T9zKzCviMUDzuTx5Je... HTTP 302
https://fluxtok.com/click.php?key=g69xqpiluflvfvwrrren&clickid=755568419&subid=822225&target=aa HTTP 302
https://ofmyoffer.com/visitor_us_br_n/index_12_d.php?device_name=Desktop&browser_name=Chrome&langu... Page URL
- https://ofmyoffer.com/visitor_us_br_n/index_12_d.php?device_name=Desktop&browser_name=Chrome&langu... Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://ln.run/QrRux
HTTP 301
https://www.whtenvlpe.com/acTcl2kTmPSJi_Ld_mhpL_azk_0S74Cjr5CcRMulJCfgpWURl5NcD7GPD1T9zKzCviMUDzuTx5JexIjtJDAdCA~~/17 HTTP 302
https://fluxtok.com/click.php?key=g69xqpiluflvfvwrrren&clickid=755568419&subid=822225&target=aa HTTP 302
https://ofmyoffer.com/visitor_us_br_n/index_12_d.php?device_name=Desktop&browser_name=Chrome&language=en-US&city=Miami&clickid=a526dgxk2bgqq26a&campaign=2117&user_id=1&clickcost=0&lander=2025&time=1710767942&browser_version=122.0.6261.128&device_model=Desktop&device_brand=Desktop&resolution=Desktop&os_name=Windows&os_version=10.0&country=United%20States&country_code=US&isp=Cogent%20Communications&ip=38.132.118.71&user_agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/122.0.6261.128%20Safari/537.36&lpkey=1706108478c5628d42&target=aa&device=DESKTOP&country=US&ts={t9}&trafficsource=113&domain=fluxtok.com&uclick=gxk2bgqq&uclickhash=gxk2bgqq-gxk2bgqq-7vxs-16vr-gxj26o-uoe8vr-uoe8fe-4a8690 Page URL
- https://ofmyoffer.com/visitor_us_br_n/index_12_d.php?device_name=Desktop&browser_name=Chrome&language=en-US&city=Miami&clickid=a526dgxk2bgqq26a&campaign=2117&user_id=1&clickcost=0&lander=2025&time=1710767942&browser_version=122.0.6261.128&device_model=Desktop&device_brand=Desktop&resolution=Desktop&os_name=Windows&os_version=10.0&country=United%20States&country_code=US&isp=Cogent%20Communications&ip=38.132.118.71&user_agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/122.0.6261.128%20Safari/537.36&lpkey=1706108478c5628d42&target=aa&device=DESKTOP&country=US&ts={t9}&trafficsource=113&domain=fluxtok.com&uclick=gxk2bgqq&uclickhash=gxk2bgqq-gxk2bgqq-7vxs-16vr-gxj26o-uoe8vr-uoe8fe-4a8690 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://ln.run/QrRux HTTP 301
- https://www.whtenvlpe.com/acTcl2kTmPSJi_Ld_mhpL_azk_0S74Cjr5CcRMulJCfgpWURl5NcD7GPD1T9zKzCviMUDzuTx5JexIjtJDAdCA~~/17 HTTP 302
- https://fluxtok.com/click.php?key=g69xqpiluflvfvwrrren&clickid=755568419&subid=822225&target=aa HTTP 302
- https://ofmyoffer.com/visitor_us_br_n/index_12_d.php?device_name=Desktop&browser_name=Chrome&language=en-US&city=Miami&clickid=a526dgxk2bgqq26a&campaign=2117&user_id=1&clickcost=0&lander=2025&time=1710767942&browser_version=122.0.6261.128&device_model=Desktop&device_brand=Desktop&resolution=Desktop&os_name=Windows&os_version=10.0&country=United%20States&country_code=US&isp=Cogent%20Communications&ip=38.132.118.71&user_agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/122.0.6261.128%20Safari/537.36&lpkey=1706108478c5628d42&target=aa&device=DESKTOP&country=US&ts={t9}&trafficsource=113&domain=fluxtok.com&uclick=gxk2bgqq&uclickhash=gxk2bgqq-gxk2bgqq-7vxs-16vr-gxj26o-uoe8vr-uoe8fe-4a8690
28 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
index_12_d.php
ofmyoffer.com/visitor_us_br_n/ Redirect Chain
|
1 KB 972 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
check.page
ofmyoffer.com/ |
1 B 259 B |
XHR
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
index_12_d.php
ofmyoffer.com/visitor_us_br_n/ |
26 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
style_library_2.css
ofmyoffer.com/visitor_us_br_n/css/ |
30 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-1.11.1.min.js
code.jquery.com/ |
94 KB 33 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
script_14_d.js
ofmyoffer.com/visitor_us_br_n/js/ |
40 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css2
fonts.googleapis.com/ |
3 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
redirect_bin.js
ofmyoffer.com/ |
4 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
desktop_offers.js
ofmyoffer.com/ |
2 KB 955 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css2
fonts.googleapis.com/ |
9 KB 898 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css2
fonts.googleapis.com/ |
2 KB 579 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
banner_valentineday_02.png
d3e1y4kxkqljcb.cloudfront.net/survey_us_d/ |
146 KB 147 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
flag_best_ql_new.jpg
d3e1y4kxkqljcb.cloudfront.net/survey_us_d/ |
5 KB 5 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
line_background4.png
d3e1y4kxkqljcb.cloudfront.net/survey_us_d/ |
61 KB 62 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sprite_40.png
d3e1y4kxkqljcb.cloudfront.net/survey_us_d/ |
57 KB 58 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
new_footer3_new.png
d3e1y4kxkqljcb.cloudfront.net/survey_us_d/ |
9 KB 9 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ |
15 KB 16 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ |
15 KB 15 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
7cHqv4kjgoGqM7E3t-4s51os.woff2
fonts.gstatic.com/s/barlow/v12/ |
21 KB 21 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icomoon.ttf
ofmyoffer.com/visitor_us_br_n/fonts/ |
1 KB 2 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
KFOjCnqEu92Fr1Mu51TjASc6CsQ.woff2
fonts.gstatic.com/s/roboto/v30/ |
17 KB 17 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
gold_gift.css
ofmyoffer.com/visitor_us_br_n/css/ |
805 B 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
aa.css
ofmyoffer.com/visitor_us_br_n/css/ |
2 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
aa.json
ofmyoffer.com/visitor_us_br_n/datas/ |
1 KB 690 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
halloween_sweeps.css
ofmyoffer.com/ |
6 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gold_box_aa.png
d3e1y4kxkqljcb.cloudfront.net/survey_us_d/ |
23 KB 24 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
conf.js
d3e1y4kxkqljcb.cloudfront.net/survey_us_d/ |
3 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icomoonMain.ttf
ofmyoffer.com/ |
2 KB 2 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
37 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery function| $_GET object| months object| days object| time object| d string| dateNow object| now string| targets string| gift string| css function| loadingData function| PopUpShow function| PopUpHide function| drawszlider function| timer string| target object| jQuery111106741109444468332 string| dmn string| redirect_url string| back_url_link object| el function| timer1 function| isIE object| comments function| startTimer number| slidewhere number| holvanszlider function| loadingOffers object| mydate number| year number| day number| month number| daym string| titleOut boolean| onlyOnKonami4 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
ofmyoffer.com/visitor_us_br_n | Name: referrer Value: |
|
.whtenvlpe.com/ | Name: uid10709 Value: 755568419-20240318141902-dd56ef845d6e0dddf8c24e4abea039c3- |
|
fluxtok.com/ | Name: uclick Value: gxk2bgqq |
|
fluxtok.com/ | Name: uclickhash Value: gxk2bgqq-gxk2bgqq-7vxs-16vr-gxj26o-uoe8vr-uoe8fe-4a8690 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
code.jquery.com
d3e1y4kxkqljcb.cloudfront.net
fluxtok.com
fonts.googleapis.com
fonts.gstatic.com
ln.run
ofmyoffer.com
www.whtenvlpe.com
216.107.139.70
2600:9000:24f3:c800:b:4623:cac0:21
2606:4700:3033::6815:5acc
2607:f8b0:4004:c09::5f
2607:f8b0:4004:c1d::5e
2a04:4e42:600::649
91.220.101.74
91.220.101.99
2197bc073d766bb095e629c4a0f31e47eb67b7727268f291cbf9c687e22daa33
40ebfa03e4f45c2c9b7ebbe9aedbef5d517f33d17022fbaa2dfc8c2384ff465e
42da9dad635a8b08b5a345d30667fa7df29bbc8a4efe23504b0fbc1c1ecc65e5
42e28faecbd583a937b8480ba3bacb276eb243609f4f1e8c92c804879efa2e29
478ef005ca37bc27bf87c87c345044f72d4cb4a197980c97639b96e276333583
4a7dfeb02175e74b851387144918421927ea4d646b2a6736778034cfb1aaf5e6
4ac18ce9dd50403ef42cedc8bc65eb3b415131d6c6c2b667c425bebae2f3d08c
4c16d83db6d4969de7d5f9fc8f9a846ecb0dbf54bc31d890312b5f3fa7ff6db9
4ce25c7ba986ad577f168f0b515b62c88ced06432c4dc45af766505fd65c76ad
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441
58988d2af8c5b89695eb74dfb1fac7c9820550c94ca8d906e47690add04b19c5
65a47caa5183b035bf78d0f93adbe5cea500333410259c54abf2de356740df7e
65c91f5dbf7f3681ae5b7f449887c5aa299cc323d86b9567316378848a4efdf7
6e3be5ef84c52eb0cfade8eed6201d22158622ce389a791bc824d8cd5b672d8b
71814105001732d3edb373504d80dee3c6d155d3feb52deb297d886452ed9c5c
7f52d8610e5e23681c3820cbd7edb3502d25ab1fcc19db73a53b3eda86323480
9144afcf99db928e2f67372c78684c5e4d37352700f47abb00992fe60155fae7
b7499a8b20d0fd3d90f29b343d351b60b66bcce35de5092eb378099b5b37b3dc
bb8007225d94a099cddbade7ea904667c0dd0b68d5e30778e5c6257589ab94d1
ca96dc233bbd7cff69199d9d3b8eab23b7c1a41af7f7c35b10023c50b9f7c110
d582fc572fcd358cc801fbdf70e64c4382ea51bd1fc99da523d15ea6a8a96da5
db5e4ee93c7b86d11f61d0e9ef1269f0c28013a828fb59efc79610a161131314
e4fdd7ac61625aa75e3f51d703a222a51b1c9be1f843a0c5b95a82105dd77cb4
e99003f5d746f15741333c91e9553fa75c9d9e56a501d26fe5fb5a303c5c56f9
f1d1e7f1aeb83ed0ea404c301db110a0d1d41692de63ba8ed813cfd8d2661c4f
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615