clicks4freedom.com
Open in
urlscan Pro
2606:4700:3032::6815:4bee
Malicious Activity!
Public Scan
Effective URL: https://clicks4freedom.com/?encoded_value=24QSBG&source_id=2655&sub1=bfa5c71ccfb2404eaa8e4f1c079d481f&sub2=&sub3=&sub4=&sub5=
Submission: On August 19 via api from BE — Scanned from US
Summary
TLS certificate: Issued by E1 on August 1st 2022. Valid for: 3 months.
This is the only time clicks4freedom.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Scam (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 52.92.161.184 52.92.161.184 | 16509 (AMAZON-02) (AMAZON-02) | |
1 1 | 161.129.69.48 161.129.69.48 | 55154 (MADGEN-01) (MADGEN-01) | |
1 1 | 181.214.242.99 181.214.242.99 | 61317 (ASDETUK w...) (ASDETUK www.heficed.com) | |
1 1 | 34.117.79.165 34.117.79.165 | 396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM) | |
1 33 | 2606:4700:303... 2606:4700:3032::6815:4bee | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2607:f8b0:400... 2607:f8b0:4006:824::200a | 15169 (GOOGLE) (GOOGLE) | |
5 | 2606:4700:303... 2606:4700:3037::6815:1725 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
39 | 4 |
ASN16509 (AMAZON-02, US)
PTR: s3-us-west-2.amazonaws.com
s3-us-west-2.amazonaws.com |
ASN55154 (MADGEN-01, US)
PTR: johnson-espinoza.carolinaslings.com
esprithouse.com |
ASN61317 (ASDETUK www.heficed.com, GB)
PTR: ohone.guyagents.com
www.obetincloud.com |
ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 165.79.117.34.bc.googleusercontent.com
www.lpredirect.com |
ASN13335 (CLOUDFLARENET, US)
trk-consulatu.com | |
event.trk-consulatu.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
33 |
clicks4freedom.com
1 redirects
clicks4freedom.com |
4 MB |
5 |
trk-consulatu.com
trk-consulatu.com — Cisco Umbrella Rank: 29936 event.trk-consulatu.com — Cisco Umbrella Rank: 89231 |
3 KB |
1 |
googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 286 |
31 KB |
1 |
lpredirect.com
1 redirects
www.lpredirect.com — Cisco Umbrella Rank: 799328 |
470 B |
1 |
obetincloud.com
1 redirects
www.obetincloud.com — Cisco Umbrella Rank: 720748 |
580 B |
1 |
esprithouse.com
1 redirects
esprithouse.com — Cisco Umbrella Rank: 309122 |
290 B |
1 |
amazonaws.com
s3-us-west-2.amazonaws.com |
801 B |
39 | 7 |
Domain | Requested by | |
---|---|---|
33 | clicks4freedom.com |
1 redirects
s3-us-west-2.amazonaws.com
clicks4freedom.com |
4 | event.trk-consulatu.com |
trk-consulatu.com
|
1 | trk-consulatu.com |
clicks4freedom.com
|
1 | ajax.googleapis.com |
clicks4freedom.com
|
1 | www.lpredirect.com | 1 redirects |
1 | www.obetincloud.com | 1 redirects |
1 | esprithouse.com | 1 redirects |
1 | s3-us-west-2.amazonaws.com | |
39 | 8 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.megatr4ffic.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.s3-us-west-2.amazonaws.com Amazon |
2021-12-17 - 2022-11-29 |
a year | crt.sh |
*.clicks4freedom.com E1 |
2022-08-01 - 2022-10-30 |
3 months | crt.sh |
upload.video.google.com GTS CA 1C3 |
2022-08-01 - 2022-10-24 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-08-01 - 2023-08-01 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://clicks4freedom.com/?encoded_value=24QSBG&source_id=2655&sub1=bfa5c71ccfb2404eaa8e4f1c079d481f&sub2=&sub3=&sub4=&sub5=
Frame ID: 2EBEBEFA0EC52BE75AEEF4977C497331
Requests: 37 HTTP requests in this frame
Screenshot
Page Title
Survey RewardsPage URL History Show full URLs
- https://s3-us-west-2.amazonaws.com/q7s4b6m9cb3zv1h8/tp1n5y3u87opazcy/afad2d9.html Page URL
-
http://esprithouse.com/NSzs0K5i.cfml?dtjRv0ccNLgpcxL4ccdcC0c8c43tqgJjgcbbb4T
HTTP 302
https://www.obetincloud.com/59j19w4/wj3686r/?sub1=2_522188_2637701&sub2=1685_5870603_3580888_29&sub3=490... HTTP 302
https://www.lpredirect.com/24QSBG/C36MNMM/?source_id=2655&sub1=bfa5c71ccfb2404eaa8e4f1c079d481f HTTP 302
https://clicks4freedom.com/Y9WT7UFWIZ/?encoded_value=24QSBG&source_id=2655&sub1=bfa5c71ccfb2404eaa8e4f1... HTTP 302
https://clicks4freedom.com/?encoded_value=24QSBG&source_id=2655&sub1=bfa5c71ccfb2404eaa8e4f1c079d481f&s... Page URL
Detected technologies
jQuery (JavaScript Libraries) ExpandDetected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Title: Continue
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://s3-us-west-2.amazonaws.com/q7s4b6m9cb3zv1h8/tp1n5y3u87opazcy/afad2d9.html Page URL
-
http://esprithouse.com/NSzs0K5i.cfml?dtjRv0ccNLgpcxL4ccdcC0c8c43tqgJjgcbbb4T
HTTP 302
https://www.obetincloud.com/59j19w4/wj3686r/?sub1=2_522188_2637701&sub2=1685_5870603_3580888_29&sub3=490841749_104-237-193-28 HTTP 302
https://www.lpredirect.com/24QSBG/C36MNMM/?source_id=2655&sub1=bfa5c71ccfb2404eaa8e4f1c079d481f HTTP 302
https://clicks4freedom.com/Y9WT7UFWIZ/?encoded_value=24QSBG&source_id=2655&sub1=bfa5c71ccfb2404eaa8e4f1c079d481f&sub2=&sub3=&sub4=&sub5= HTTP 302
https://clicks4freedom.com/?encoded_value=24QSBG&source_id=2655&sub1=bfa5c71ccfb2404eaa8e4f1c079d481f&sub2=&sub3=&sub4=&sub5= Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
39 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
afad2d9.html
s3-us-west-2.amazonaws.com/q7s4b6m9cb3zv1h8/tp1n5y3u87opazcy/ |
445 B 801 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
/
clicks4freedom.com/ Redirect Chain
|
47 KB 9 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.5.1/ |
87 KB 31 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
customredisp2.css
clicks4freedom.com/css/ |
23 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
pub.min.js
clicks4freedom.com/js/ |
3 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
logo.png
clicks4freedom.com/img/ |
14 KB 15 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
flaglogo.png
clicks4freedom.com/img/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
zfold.png
clicks4freedom.com/img/ |
955 KB 956 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
loading.gif
clicks4freedom.com/img/ |
1 KB 2 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
fb-check.jpg
clicks4freedom.com/img/ |
646 B 1 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
rayb.jpg
clicks4freedom.com/img/ |
60 KB 60 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
5.png
clicks4freedom.com/img/ |
2 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
cart.png
clicks4freedom.com/img/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
cartblack.png
clicks4freedom.com/img/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
flash.jpg
clicks4freedom.com/img/ |
130 KB 130 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
ava.png
clicks4freedom.com/img/ |
341 B 341 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
1.jpg
clicks4freedom.com/img/ |
49 KB 50 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
like.png
clicks4freedom.com/img/ |
51 KB 52 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
heart.png
clicks4freedom.com/img/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
2.jpg
clicks4freedom.com/img/ |
53 KB 54 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
ispv1-t-1.jpg
clicks4freedom.com/img/ |
102 KB 102 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
sad.png
clicks4freedom.com/img/ |
341 B 341 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
yay.png
clicks4freedom.com/img/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
3.jpg
clicks4freedom.com/img/ |
48 KB 48 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
x2.jpg
clicks4freedom.com/img/ |
341 B 341 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
4.jpg
clicks4freedom.com/img/ |
50 KB 51 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
iphone_fr_test_1.jpg
clicks4freedom.com/img/ |
78 KB 79 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
wow.png
clicks4freedom.com/img/ |
2 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
5.jpg
clicks4freedom.com/img/ |
46 KB 47 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
f_guarantee.png
clicks4freedom.com/img/ |
6 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
f_secure_1.png
clicks4freedom.com/img/ |
10 KB 10 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
timer.js
clicks4freedom.com/js/ |
784 B 855 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
logo_black.png
clicks4freedom.com/img/ |
14 KB 15 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
64d5p99gj0
trk-consulatu.com/scripts/push/script/ |
7 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
banner.jpg
clicks4freedom.com/img/ |
2 MB 2 MB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H2 |
oldw1rx6gz
event.trk-consulatu.com/register/event_log/ |
0 0 |
Preflight
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
oldw1rx6gz
event.trk-consulatu.com/register/event_log/ |
0 0 |
Fetch
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H2 |
oldw1rx6gz
event.trk-consulatu.com/register/event_log/ |
0 0 |
Preflight
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
oldw1rx6gz
event.trk-consulatu.com/register/event_log/ |
0 0 |
Fetch
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Scam (Online)48 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation object| months object| days object| time object| d string| dateNow undefined| c1 function| socle function| $ function| jQuery function| Loadotheroffer function| getURLParameter string| pm_tag string| pm_delay string| pm_pid function| startTimer function| hidpopu function| exit5minslayer function| closeexitlayer function| nextQuestion function| drawszlider function| startLoad function| selectReward function| showModal object| comments number| slidewhere number| holvanszlider function| urlBase64ToUint8Array function| pullUrlParams function| push_subscribe function| push_subscribe_promise function| setIfNull function| logPushEvent function| push_unsubscribe function| push_init function| setSessionId function| setUtm function| getSessionId function| getUrlVars function| getDomainName function| getStore3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
www.lpredirect.com/ | Name: uniqueClick_C36MNMM Value: 22e8c44e-c65c-4619-a848-398040446e93:1660940583 |
|
www.lpredirect.com/ | Name: transaction_id Value: 0e6c2867e4ca46a880c184c63c41371f |
|
clicks4freedom.com/ | Name: SESSIONIDS Value: Y9WT7UFWIZ |
4 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
clicks4freedom.com
esprithouse.com
event.trk-consulatu.com
s3-us-west-2.amazonaws.com
trk-consulatu.com
www.lpredirect.com
www.obetincloud.com
161.129.69.48
181.214.242.99
2606:4700:3032::6815:4bee
2606:4700:3037::6815:1725
2607:f8b0:4006:824::200a
34.117.79.165
52.92.161.184
0c2c4e5d34b502f1dadc324847956c1775165dec3b5383828536713c1fd9406f
316a6975de3078b71f6d0c0f92ac22b0f4586e6d048ed7808339e6b5e3cface2
3ad41cb6cc140f2799fb0b61dfd5fcbece1f0bc2c132b1062209101b09a683ea
3b4112d018aa51d02571af877208328bddb900b01aab55d881daf0e37b9248a6
3dc08e38fdf43aacbddfd66aa1296477ca8debc634f4d046b968bef1f1422ec0
52c947bf15495b69d0b2bb9ea339beed7b88ca3100a32c34d3bfebe164c1c669
55c68db1c402f37e1cc4b91eec434684e67c23a76628408f7fb276449f2d3ae2
59cc1d4bffd1ff0dc79947be1723f97ab0e32018791c0981b096cd2b60351231
5f802d314b51ab2b5d692ee180db50de925778f5b8b1e4aa99e03ebbcc22b3f6
63538636408d694425020b341235e224b91a191cd704704649e00b970c91bdf2
664f2b1654c363a6348b688d5d475ed9ec0e7ef3c72f6f315f37fe97a2fe63eb
6d894003d6071be103ca497c54461c500d2656e88003dd0afed8cdc0ed7bffe3
735ee02711d4d62d8cfba0c075237f227491a044441540d39f8c8203ccd54cea
7ca149b3cceff96e46271c81bc29cb4ecc52e44ee015e539a67dbdc55a41b90a
89c620db5c942f519d01f1fb1a8af66d054e0389e325540158c60b7a1bd3fe33
8c76748729ce1fc56232fed6a8aff3fef2f9b947f4e0e3ffd6a50d2f6828d1a7
8fccb5c96c54856548fbad584f0e41f72313b94b33ec32d328985b3267f4035e
abd9792cbf8616eff5f3d6fd5451f5a224b665bbc0b20cc6f75918bea91a4aab
b0a79f2bd09a605d906f23c84884ecaf4cf9fee5f0286040e9a0f889d6790ca0
ba1ca1f5946be5d7901bc3167808211a24036f1a0a56f7dafcc2aaca0c8d8ced
bb640067b5d233f221c2a280bb5be089cc087a872941ae5f588f8230b60bee40
bf97443d681d2bc0ca04b707d0d3d443bcf99b1bf4fc0af84ac51286d0b4e02b
c3401ff0b047bd896a0f6e22c032b6b5d01bf6e18381db39d5ed3678fc913cab
c6c896e27ff1f1d6cb22ce652dcca916946ce9f003bcb4fe30d1265fcb531a95
d8c52e741d2269191bf4d7350e1b46ce419515da20bfee8a7230561862027269
df5c4cd2d92ba6a95e1ad788f59d132c1bedd8c11d0d8518af285f4dbde68cb3
e1d8f589dad2ab64f0e60915a1a97bc84ecbd7987281d4f5e9d7983e6baae196
eb97f1ceb86cf65febe6fc09278d503747f140e18297b6da6ee4bdcd41479f43
f0a8753fcb15ca3c5cdaf3c64928c0e3ff9fdb7e23d2555c8e6dcca6839d2b34
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
f9126e64a8d1dcd29b78e78a1526f96c1c700fbae3eb73cfa30894abcf292db9