trackrpaltforms.com
Open in
urlscan Pro
2606:4700:3035::681b:9887
Malicious Activity!
Public Scan
Effective URL: https://trackrpaltforms.com/bitcoinevolutionde/pre/de?sid=qndmedia&oid=31&tid=O7LOTTIPKWH6YTUQTE2X&aid=8
Submission: On June 18 via api from BE
Summary
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on June 5th 2020. Valid for: a year.
This is the only time trackrpaltforms.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Investment Scam (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 67.199.248.10 67.199.248.10 | 396982 (GOOGLE-PR...) (GOOGLE-PRIVATE-CLOUD) | |
1 2 | 212.83.185.18 212.83.185.18 | 12876 (Online SAS) (Online SAS) | |
1 | 205.251.155.58 205.251.155.58 | 11042 (NTHL) (NTHL) | |
1 1 | 2606:4700:303... 2606:4700:3034::ac43:b25f | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2606:4700:303... 2606:4700:3035::681b:9887 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
29 | 2606:4700:20:... 2606:4700:20::681a:198 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a00:1450:400... 2a00:1450:4001:816::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:1450:400... 2a00:1450:4001:814::200a | 15169 (GOOGLE) (GOOGLE) | |
4 | 2a00:1450:400... 2a00:1450:4001:809::2003 | 15169 (GOOGLE) (GOOGLE) | |
38 | 7 |
ASN12876 (Online SAS, FR)
PTR: 212-83-185-18.rev.abacf.org
212-83-185-18.rev.abacf.org |
Apex Domain Subdomains |
Transfer | |
---|---|---|
29 |
dolly.media
cdn.dolly.media |
2 MB |
4 |
gstatic.com
fonts.gstatic.com |
37 KB |
2 |
googleapis.com
ajax.googleapis.com fonts.googleapis.com |
32 KB |
2 |
abacf.org
1 redirects
212-83-185-18.rev.abacf.org |
630 B |
1 |
trackrpaltforms.com
trackrpaltforms.com |
10 KB |
1 |
dbgclick.com
1 redirects
qndmedia.dbgclick.com |
419 B |
1 |
leftoverseffective.com
leftoverseffective.com |
453 B |
1 |
bit.ly
1 redirects
bit.ly |
172 B |
38 | 8 |
Domain | Requested by | |
---|---|---|
29 | cdn.dolly.media |
trackrpaltforms.com
|
4 | fonts.gstatic.com |
trackrpaltforms.com
|
2 | 212-83-185-18.rev.abacf.org | 1 redirects |
1 | fonts.googleapis.com |
trackrpaltforms.com
|
1 | ajax.googleapis.com |
trackrpaltforms.com
|
1 | trackrpaltforms.com |
leftoverseffective.com
|
1 | qndmedia.dbgclick.com | 1 redirects |
1 | leftoverseffective.com |
212-83-185-18.rev.abacf.org
|
1 | bit.ly | 1 redirects |
38 | 9 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
leftoverseffective.com Sectigo RSA Domain Validation Secure Server CA |
2019-11-18 - 2020-12-16 |
a year | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2020-06-05 - 2021-06-05 |
a year | crt.sh |
upload.video.google.com GTS CA 1O1 |
2020-05-26 - 2020-08-18 |
3 months | crt.sh |
*.gstatic.com GTS CA 1O1 |
2020-05-26 - 2020-08-18 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://trackrpaltforms.com/bitcoinevolutionde/pre/de?sid=qndmedia&oid=31&tid=O7LOTTIPKWH6YTUQTE2X&aid=8
Frame ID: 965E84AC9CF47DFA6116E13C81A9057B
Requests: 38 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://bit.ly/2Y77lmJ
HTTP 301
http://212-83-185-18.rev.abacf.org/1606838pL1793336UP0wk0Xs24IMr89371Fjsh Page URL
-
http://212-83-185-18.rev.abacf.org/1606838pL1793336UP0wk0Xs24IMr89371Fjsh?inf=417615272a2097970a13954
HTTP 302
https://leftoverseffective.com/1763baabb7b53132800/9b-1606838-2097970-89371-13954-/417615272 Page URL
-
https://qndmedia.dbgclick.com/track/smart?aid=8&bid=6&p1=690338&p2=1023401503
HTTP 302
https://trackrpaltforms.com/bitcoinevolutionde/pre/de?sid=qndmedia&oid=31&tid=O7LOTTIPKWH6YTUQTE2X&aid=8 Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://bit.ly/2Y77lmJ
HTTP 301
http://212-83-185-18.rev.abacf.org/1606838pL1793336UP0wk0Xs24IMr89371Fjsh Page URL
-
http://212-83-185-18.rev.abacf.org/1606838pL1793336UP0wk0Xs24IMr89371Fjsh?inf=417615272a2097970a13954
HTTP 302
https://leftoverseffective.com/1763baabb7b53132800/9b-1606838-2097970-89371-13954-/417615272 Page URL
-
https://qndmedia.dbgclick.com/track/smart?aid=8&bid=6&p1=690338&p2=1023401503
HTTP 302
https://trackrpaltforms.com/bitcoinevolutionde/pre/de?sid=qndmedia&oid=31&tid=O7LOTTIPKWH6YTUQTE2X&aid=8 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://bit.ly/2Y77lmJ HTTP 301
- http://212-83-185-18.rev.abacf.org/1606838pL1793336UP0wk0Xs24IMr89371Fjsh
- http://212-83-185-18.rev.abacf.org/1606838pL1793336UP0wk0Xs24IMr89371Fjsh?inf=417615272a2097970a13954 HTTP 302
- https://leftoverseffective.com/1763baabb7b53132800/9b-1606838-2097970-89371-13954-/417615272
38 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
1606838pL1793336UP0wk0Xs24IMr89371Fjsh
212-83-185-18.rev.abacf.org/ Redirect Chain
|
214 B 373 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Cookie set
417615272
leftoverseffective.com/1763baabb7b53132800/9b-1606838-2097970-89371-13954-/ Redirect Chain
|
140 B 453 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
de
trackrpaltforms.com/bitcoinevolutionde/pre/ Redirect Chain
|
28 KB 10 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
8IWK09TS0713.css
cdn.dolly.media/149a2a209e14d83f04e0ad254830ebd6/ |
12 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
0VMH8T114VCN.css
cdn.dolly.media/149a2a209e14d83f04e0ad254830ebd6/ |
4 KB 932 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
EGEPSXGHGRBH.css
cdn.dolly.media/149a2a209e14d83f04e0ad254830ebd6/ |
8 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.4.1/ |
86 KB 30 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
31 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
EBJ0EHX055RO.png
cdn.dolly.media/149a2a209e14d83f04e0ad254830ebd6/ |
7 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
QN26NZ67IZ7E.png
cdn.dolly.media/149a2a209e14d83f04e0ad254830ebd6/ |
118 B 313 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
0YJTV1OWSMH8.jpg
cdn.dolly.media/149a2a209e14d83f04e0ad254830ebd6/ |
21 KB 21 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
J456OYBA9RWA.jpg
cdn.dolly.media/149a2a209e14d83f04e0ad254830ebd6/ |
63 KB 63 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
5BHX5JIU87LP.jpg
cdn.dolly.media/149a2a209e14d83f04e0ad254830ebd6/ |
54 KB 54 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
0BJWHG3METSX.jpg
cdn.dolly.media/149a2a209e14d83f04e0ad254830ebd6/ |
53 KB 54 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1WVG39YRAAQK.jpg
cdn.dolly.media/149a2a209e14d83f04e0ad254830ebd6/ |
53 KB 53 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
S3CMEO86BFO7.jpg
cdn.dolly.media/149a2a209e14d83f04e0ad254830ebd6/ |
169 KB 169 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
XTI5BTFOCYMQ.jpg
cdn.dolly.media/149a2a209e14d83f04e0ad254830ebd6/ |
166 KB 166 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
YUBAU7S6GKAS.jpg
cdn.dolly.media/149a2a209e14d83f04e0ad254830ebd6/ |
256 KB 257 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
XT8LLJLCV4I2.jpg
cdn.dolly.media/149a2a209e14d83f04e0ad254830ebd6/ |
17 KB 17 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
NNVUFFR0P6YS.jpg
cdn.dolly.media/149a2a209e14d83f04e0ad254830ebd6/ |
342 KB 343 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
PLGWEWY9TZCV.jpg
cdn.dolly.media/149a2a209e14d83f04e0ad254830ebd6/ |
124 KB 124 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
81MJ471W1R40.jpg
cdn.dolly.media/149a2a209e14d83f04e0ad254830ebd6/ |
53 KB 53 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
FBHJWI3RM7VT.jpg
cdn.dolly.media/149a2a209e14d83f04e0ad254830ebd6/ |
40 KB 40 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
C2PJWVFL5IKH.png
cdn.dolly.media/149a2a209e14d83f04e0ad254830ebd6/ |
39 KB 40 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
3DNQPBFPZ5D7.png
cdn.dolly.media/149a2a209e14d83f04e0ad254830ebd6/ |
102 KB 102 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
FKYGKFDGZ8DA.png
cdn.dolly.media/149a2a209e14d83f04e0ad254830ebd6/ |
41 KB 41 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
O6B8A2IAHUNS.png
cdn.dolly.media/149a2a209e14d83f04e0ad254830ebd6/ |
27 KB 27 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
UPR07VPAYK93.png
cdn.dolly.media/149a2a209e14d83f04e0ad254830ebd6/ |
88 KB 89 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
AB4Y3ACXDUWV.png
cdn.dolly.media/149a2a209e14d83f04e0ad254830ebd6/ |
35 KB 35 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
H3UJNW09QRLE.png
cdn.dolly.media/149a2a209e14d83f04e0ad254830ebd6/ |
125 KB 126 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
W7REDR1M5C99.jpg
cdn.dolly.media/149a2a209e14d83f04e0ad254830ebd6/ |
65 KB 66 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
38E9WWGZ9ZTL.jpg
cdn.dolly.media/149a2a209e14d83f04e0ad254830ebd6/ |
44 KB 44 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
P67Q3JA14BFD.jpg
cdn.dolly.media/149a2a209e14d83f04e0ad254830ebd6/ |
66 KB 67 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
U82ZPCTEZL0A.png
cdn.dolly.media/149a2a209e14d83f04e0ad254830ebd6/ |
341 B 706 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
mem5YaGs126MiZpBA-UN7rgOUuhpKKSTjw.woff2
fonts.gstatic.com/s/opensans/v17/ |
9 KB 9 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
mem6YaGs126MiZpBA-UFUK0Zdc1GAK6b.woff2
fonts.gstatic.com/s/opensans/v17/ |
10 KB 10 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2
fonts.gstatic.com/s/opensans/v17/ |
9 KB 9 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
memnYaGs126MiZpBA-UFUKWiUNhrIqOxjaPX.woff2
fonts.gstatic.com/s/opensans/v17/ |
9 KB 9 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Investment Scam (Online)6 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate function| $ function| jQuery object| butns object| menucont1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.trackrpaltforms.com/ | Name: __cfduid Value: d856800f40f77471769d693e5f59f76511592443173 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
212-83-185-18.rev.abacf.org
ajax.googleapis.com
bit.ly
cdn.dolly.media
fonts.googleapis.com
fonts.gstatic.com
leftoverseffective.com
qndmedia.dbgclick.com
trackrpaltforms.com
205.251.155.58
212.83.185.18
2606:4700:20::681a:198
2606:4700:3034::ac43:b25f
2606:4700:3035::681b:9887
2a00:1450:4001:809::2003
2a00:1450:4001:814::200a
2a00:1450:4001:816::200a
67.199.248.10
02c5902386a5b38c954dfff9f1c9b858be6c3d59c61180567fbf9ffc751f8cb6
07073dedce4f21d960d01fe1a84971986d54c88a8c649fc0bfe8fa548e57f15e
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
0baa2625178bc5ebc538f20e295742058efc73cbb6e517717d6bfa4ce6cc820e
0d6762417b3b91c64f1d9c9689deb17a1120dfaf507b547b6bf5a11fdf0968a8
0d698e6bb12bbc6cc702ae7c0b29520d1f3a578128a07771769e5411d5281ec0
0f178e2de7c7428a43b21e17f141258b856d955fd9210eab861451c903331443
1c02f5e2a46fec4e7b05a675fe648e9e1ab36adf92efaef54967e017ab2e71c9
2109e66624be3cc03ab0ea9c36fce2fe45bf1030d2c0ed9c18150b97f26fbba4
26f77b987ed56fb60f2d47cd511ebdf5dd0dda67b56a59e1eca28536844df0a7
38c978465d162a190f893fa8a6059de793bf5c68aa1b10e68e8494ce6a1b1f37
3d9e93607280429d480c9ee12d07be575794a0592ff5a59429d475a16bde6398
3dab8ce34c5f35382f6e3946515ddb6a4b9a758f1e906dc81015cef891092f6d
42be6ddf7d9e513b7859352331a215c632dc209b33f96e68750ed2b18cae9ded
4759f34cdb39b8b05f41e9b1bbe7dcd6b8363be85d6fb5b3143c6ba12779ca9b
4a3a9fa8534d10affc898cb3c3ae88f66ef3d81c3ea03f6bf1c5b47b4c09b88e
501e2f7da3d6356b2fff239416491710086becfe24ed5102027ef9375a1b7eae
532ac5212597742e1d5d141a7500fdafe96edaa9449c8f3fbe0519fd954aef34
54c64f3c66372027154f01fc9f24b4e25fdfe405b70d1994c79abbc2576ff775
56ddbcb66588a53ae2477c1e1be8f3dde0b511ec763a2c4e66e75059b7f668b9
5a57584e48b7f79e6d8ce8745d7c85b2d6951ea34d1cc63d32c00cd36dd3738a
61df8965e6b76d4a7b78b91c2735fcd015a0f7769210db8c8e1ed38f9e3d0373
63627bb0c663b3b228100c22d4b5849bfabef0bee10b5e7cc47fbe6014564048
885ace98481807a02ed42f048b1ce8982e987ed563826fc550620492cd134d3d
a1db66db27df4328a8b8bf4ee3af8854f2e1d89fe8acae9bf13503b18f555000
a48a6e4b14fe55f750c0a3dfb5a6f4941bdc06af0aa542b90de25c30c2b4625c
b03b1d83e3b3ef284c915b2a112ac6d89d139c5e8a171674a6a6acecf11b0a60
cb3969c2e43150e61f9b75321383f7a0c567903fd7a91cb6dbbace1b5c3b9cc0
d7f6ea27eba9e5668319ed52c6dfce424346a9d8c8ff32392f9cf9a2e1fa7f77
e189e8e8294a5e245815b7e77d0969240eb24ea240949a021928894f4ed10e8d
e380a9c48e709e2a3d0834ac4710e4d640bb6c0131e6687b5d07cb48aac9232b
e66056dee606e20d1d7e627b3ee47a3593926699a134e115eb0d001104a8c047
e8f6cc3cf32132eb703d291f762a91c4fce1c025afb8613c1756bd4b72bc4e52
ed6e72c33e7b39a34911563fc82c8824bc349f4aa0c3772a1e6e5687eebf0bf7
ee6bc1e14747ff524898505441099ced3a7977a2a80e9982a4e950fcbd4c1f29
ef3ddca9ce03b6018267eab887b158251f9be00524c28a14c55cf11ca466bd14
f3708dfc00f0830d8b8bf23d5dceb5e2e409eaa69f23a03f8f7e47e316a701fb
ffcde34efda55a63cb66dbec4bf10acb531014d581e2d8e511836b84e08c2305