orlentankowanie.online
Open in
urlscan Pro
66.29.132.128
Malicious Activity!
Public Scan
Submission: On August 10 via manual from PL
Summary
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on August 9th 2021. Valid for: a year.
This is the only time orlentankowanie.online was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: PKN Orlen (Extraction)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 66.29.132.128 66.29.132.128 | 22612 (NAMECHEAP...) (NAMECHEAP-NET) | |
27 | 104.21.22.232 104.21.22.232 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 2a04:4e42:3::485 2a04:4e42:3::485 | 54113 (FASTLY) (FASTLY) | |
1 | 2a02:6ea0:c70... 2a02:6ea0:c700::2 | 60068 (CDN77 ^_^) (CDN77 ^_^) | |
3 | 2606:4700:303... 2606:4700:3035::ac43:a2a6 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2606:4700:20:... 2606:4700:20::681a:64 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3 | 32934 (FACEBOOK) (FACEBOOK) | |
1 | 2a03:2880:f11... 2a03:2880:f11c:8083:face:b00c:0:25de | 32934 (FACEBOOK) (FACEBOOK) | |
38 | 9 |
ASN22612 (NAMECHEAP-NET, US)
PTR: business141-5.web-hosting.com
orlentankowanie.online |
ASN32934 (FACEBOOK, US)
connect.facebook.net |
ASN32934 (FACEBOOK, US)
www.facebook.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
27 |
nuserikingjetpitch.cf
nuserikingjetpitch.cf |
7 MB |
3 |
showoffer.ru
video.showoffer.ru |
|
2 |
jsdelivr.net
cdn.jsdelivr.net |
11 KB |
1 |
facebook.com
www.facebook.com |
297 B |
1 |
facebook.net
connect.facebook.net |
26 KB |
1 |
geojs.io
get.geojs.io |
834 B |
1 |
smartlook.com
rec.smartlook.com |
8 KB |
1 |
orlentankowanie.online
orlentankowanie.online |
75 KB |
38 | 8 |
Domain | Requested by | |
---|---|---|
27 | nuserikingjetpitch.cf |
orlentankowanie.online
nuserikingjetpitch.cf |
3 | video.showoffer.ru |
orlentankowanie.online
|
2 | cdn.jsdelivr.net |
orlentankowanie.online
|
1 | www.facebook.com |
orlentankowanie.online
|
1 | connect.facebook.net |
orlentankowanie.online
|
1 | get.geojs.io |
nuserikingjetpitch.cf
|
1 | rec.smartlook.com |
orlentankowanie.online
|
1 | orlentankowanie.online | |
38 | 8 |
This site contains links to these domains. Also see Links.
Domain |
---|
nuserikingjetpitch.cf |
Subject Issuer | Validity | Valid | |
---|---|---|---|
orlentankowanie.online Sectigo RSA Domain Validation Secure Server CA |
2021-08-09 - 2022-08-09 |
a year | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2021-07-25 - 2022-07-24 |
a year | crt.sh |
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2020 |
2021-04-30 - 2022-06-01 |
a year | crt.sh |
1610534878.rsc.cdn77.org R3 |
2021-06-29 - 2021-09-27 |
3 months | crt.sh |
*.showoffer.ru R3 |
2021-07-21 - 2021-10-19 |
3 months | crt.sh |
*.facebook.com DigiCert SHA2 High Assurance Server CA |
2021-07-20 - 2021-10-18 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://orlentankowanie.online/
Frame ID: 28F564915FA9BAB93F2741DB8D90A28D
Requests: 39 HTTP requests in this frame
Screenshot
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Facebook (Widgets) Expand
Detected patterns
- script /\/\/connect\.facebook\.net\/[^/]*\/[a-z]*\.js/i
FancyBox (JavaScript Libraries) Expand
Detected patterns
- script /jquery\.fancybox(?:\.pack|\.min)?\.js(?:\?v=([\d.]+))?$/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
- script /jquery\.fancybox(?:\.pack|\.min)?\.js(?:\?v=([\d.]+))?$/i
Essential JS 2 () Expand
Detected patterns
- html /<[^<]+class="[^"]*[^-](?:e-control|e-lib)/i
Page Statistics
6 Outgoing links
These are links going to different origins than the main page.
Title:
Search URL Search Domain Scan URL
Title: Inwestuj z Orlenem
Search URL Search Domain Scan URL
Title:
Search URL Search Domain Scan URL
Title:
Search URL Search Domain Scan URL
Title:
Search URL Search Domain Scan URL
Title:
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
38 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
orlentankowanie.online/ |
256 KB 75 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fonts.css
nuserikingjetpitch.cf/lander/orlen/site/orlen-pl/css/ |
3 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
app.css
nuserikingjetpitch.cf/lander/orlen/site/orlen-pl/css/ |
828 KB 75 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
slick.css
cdn.jsdelivr.net/npm/slick-carousel/slick/ |
2 KB 936 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ion.rangeSlider.min.css
nuserikingjetpitch.cf/lander/orlen/site/orlen-pl/css/ |
11 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.fancybox.min.css
nuserikingjetpitch.cf/lander/orlen/site/orlen-pl/css/ |
12 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
nuserikingjetpitch.cf/lander/orlen/site/orlen-pl/js/ |
86 KB 32 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
video-js.css
nuserikingjetpitch.cf/lander/orlen/site/orlen-pl/js/videoJS/ |
40 KB 10 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
video.js
nuserikingjetpitch.cf/lander/orlen/site/orlen-pl/js/videoJS/ |
1 MB 334 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ion.rangeSlider.min.js
nuserikingjetpitch.cf/lander/orlen/site/orlen-pl/js/ |
40 KB 9 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.fancybox.min.js
nuserikingjetpitch.cf/lander/orlen/site/orlen-pl/js/ |
67 KB 22 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
intlTelInput.css
nuserikingjetpitch.cf/lander/orlen/site/orlen-pl/js/registerForm/intlTelInput/css/ |
26 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
registerForm.css
nuserikingjetpitch.cf/lander/orlen/site/orlen-pl/js/registerForm/ |
2 KB 858 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
9.svg
nuserikingjetpitch.cf/lander/orlen/site/orlen-pl/img/ |
2 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
gerb.png
nuserikingjetpitch.cf/lander/orlen/site/orlen-pl/img/ |
25 KB 26 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
preloader.gif
nuserikingjetpitch.cf/lander/orlen/site/orlen-pl/img/ |
9 KB 9 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
recorder.js
rec.smartlook.com/ |
28 KB 8 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
10.jpg
nuserikingjetpitch.cf/lander/orlen/site/orlen-pl/img/ |
77 KB 77 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
11.png
nuserikingjetpitch.cf/lander/orlen/site/orlen-pl/img/ |
1 MB 1 MB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
12.png
nuserikingjetpitch.cf/lander/orlen/site/orlen-pl/img/ |
577 KB 578 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
13.png
nuserikingjetpitch.cf/lander/orlen/site/orlen-pl/img/ |
617 KB 618 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
14.png
nuserikingjetpitch.cf/lander/orlen/site/orlen-pl/img/ |
1 MB 1 MB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
15.jpg
nuserikingjetpitch.cf/lander/orlen/site/orlen-pl/img/ |
3 MB 3 MB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
16.jpg
nuserikingjetpitch.cf/lander/orlen/site/orlen-pl/img/ |
57 KB 57 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
slick.min.js
cdn.jsdelivr.net/npm/slick-carousel/slick/ |
42 KB 10 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
intlTelInput.js
nuserikingjetpitch.cf/lander/orlen/site/orlen-pl/js/registerForm/intlTelInput/js/ |
88 KB 21 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
registerForm.js
nuserikingjetpitch.cf/lander/orlen/site/orlen-pl/js/registerForm/ |
10 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET BLOB |
09e54420-ad67-43c7-90fa-e014381d7217
https://orlentankowanie.online/ |
31 B 0 |
Other
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
STRATEGIA.mp4
video.showoffer.ru/orlen/ |
320 KB 0 |
Media
video/mp4 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
arrow.png
nuserikingjetpitch.cf/lander/orlen/site/orlen-pl/img/ |
2 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
arrow1.png
nuserikingjetpitch.cf/lander/orlen/site/orlen-pl/img/ |
2 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
4 KB 4 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
country.json
get.geojs.io/v1/ip/ |
80 B 834 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fbevents.js
connect.facebook.net/en_US/ |
98 KB 26 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
tr
www.facebook.com/ |
44 B 297 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
flags.png
nuserikingjetpitch.cf/lander/orlen/site/orlen-pl/js/registerForm/intlTelInput/img/ |
69 KB 70 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
STRATEGIA.mp4
video.showoffer.ru/orlen/ |
199 KB 0 |
Media
video/mp4 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
STRATEGIA.mp4
video.showoffer.ru/orlen/ |
132 KB 0 |
Media
video/mp4 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-29 |
utils.js
nuserikingjetpitch.cf/lander/orlen/site/orlen-pl/js/registerForm/intlTelInput/js/ |
241 KB 57 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: PKN Orlen (Extraction)33 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated function| smartlook function| $ function| jQuery object| vttjs function| WebVTT function| videojs function| randomPlace function| randomInteger function| getURLParameter object| intlTelInputGlobals function| intlTelInput function| checkValidation function| check function| validInput function| invalidInput function| getUrlParameter undefined| pix function| fbq function| _fbq object| input string| value object| intlTelInputUtils4 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.orlentankowanie.online/ | Name: 72e8a Value: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjNcIjoxNjI4NTc3NzczfSxcImNhbXBhaWduc1wiOntcIjNcIjoxNjI4NTc3NzczfSxcInRpbWVcIjoxNjI4NTc3NzczfSJ9.gp6Jpq6l6StE8i67gHDhbvlqMTzr-ghyxJrxcxoeVh8 |
|
.orlentankowanie.online/ | Name: _token Value: uuid_1pfilpmraj_1pfilpmraj61121fed732ea8.10964001 |
|
.orlentankowanie.online/ | Name: _subid Value: 1pfilpmraj |
|
orlentankowanie.online/ | Name: PHPSESSID Value: 00c2d23eea9861ea672fbb19532ddfe2 |
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=31536000; includeSubDomains; preload; |
X-Content-Type-Options | nosniff |
X-Frame-Options | SAMEORIGIN |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdn.jsdelivr.net
connect.facebook.net
get.geojs.io
nuserikingjetpitch.cf
orlentankowanie.online
rec.smartlook.com
video.showoffer.ru
www.facebook.com
104.21.22.232
2606:4700:20::681a:64
2606:4700:3035::ac43:a2a6
2a02:6ea0:c700::2
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8083:face:b00c:0:25de
2a04:4e42:3::485
66.29.132.128
029f62dc5e23f6683887a718e7061799807ee68d89d7a8d36aeb767322e9af4e
0a012cf808a24573168308916092d2d4bd3f2b4af8e16b59167013cc77acee55
0c7178cc6ca34fb18e30f070a5e7a1c287b2d7ccfcba2cfdf06e0f46eda55740
0e3c841c28188727d5c05b06175884d9331ab32bf6b179c16e20ffaf6e89e7cb
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
114d4e772fcb300487ff941a9c7898ff2a4cae5a118d7f81bd8ad27d59aed7b9
14e1001118a4f9c12416a62abd82bf27297f63e0155220f0c7515e23ae43610a
18a0e0421eaef34110d9fd15e6ea428cf97b7c8de3fc4e2dcb05e3a05d8c8d44
1c02caf2a0f16318965676fd4b265265728d64fba2794a20b07151a4e891fca6
28efaa05a0266f7dc51cd185d0bb5a2e7c807efe0f3f5c031d49abdd4bccb931
412b8ff9c5ab32b9019fcd84bcd4a54c0e265a14528474f4ee45b27a20abeaeb
4e76177722cff7661c6bf7cc77b62223a75a62b8238d029001b6a5c25e78a417
5736e3eec0c34bfc288854b7b8d2a8f1e22e9e2e7dae3c8d1ad5dfb2d4734ad0
5e1af272e19a4e8bc389478e7acbb3210362aaf7032ea5b8e40d47dfc9d4410d
6185c4ecfedfdb5e9b9e84c20e9b080c3700fb643d50898020fb5fef9e119a3a
6a47586f8967de7e9e530eddc3e6e5b8a977f217d03bd89ec065765a590ad062
72ddd8bcbe91e9697cf7b20767f8bfbb24aed465fc381d11b367db067be3f9f7
7725538fe2f71147bffeba7452b434c826aef9009666cb4360c605d0b2a91d1d
82a3ec7fe8e0ea7fe1eb2624f0707244f8086f9cd06fef732e995d7973d8dd5c
83b1e0a0cc92672a27b8fc074ce45ffae18711e3a6ed5448da47d75979499dca
9138db58347179730b3b457bd9fdb545b9c50b04cbbbd68dcb791d1a574ae0de
a1892b05f4dd7fa1157024b692046399c3e7e22feb05c6f57f5f43039f2feec4
a45ead96c27aab89cca6d435e9a1a601f8428db328c7079584a08a84738effc0
a93c846be3b67641e934001d40a28b572fa7fb93d9cb2cd2f61cef4222daa135
b53ccd8222f1d0d4d9e319920771ee9bc13b5a90e50d8598135fc05504e03996
b8219db78d5db06a830f306f6b6e3cf4762d6fe2e7e3a5f5e726cd2c6893b6e4
b90a83b5da88f7aedfa00b49bcdec40681a297a9967b4fb56955ad68bd382b66
bd4797ff17cf151c8be084dad9fe9d2835a017d4fdd58111913012fe4cc466be
c4243f7f5aa95631ca62fab376c3804859e808b66d373d07270872d23b8b081b
c9cc57e3297605c9c6c2005da874e1309d15c9c70d8576eb29d3ff101fef5ea9
cd9603ca964bc0cc45314f6906cdb9f58ce78b1386a51cafe27aefc79f5c697a
cf9c6377d906fced868ff9de0166087d1c428f7f5de6000837d13ebb3c64626c
d645c0ce08af9538f2ee909785e6bd6fd19c314fc28f2e58435d0af82d04cd23
dc171b08542a14b6fc5ff79d0004dcadba97c71868b3ded665038fbe78633c1e
de1e399b07289f3b0a8d35142e363e128124a1185770e214e25e58030dad48e5
fe425a4f92df6dac0628adfbd3c931fc75988842caad39f3745a109e4a9f459e