travelbaliyes.com
Open in
urlscan Pro
103.28.14.42
Malicious Activity!
Public Scan
Submission: On January 28 via automatic, source openphish
Summary
This is the only time travelbaliyes.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: AT&T (Telecommunication)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 | 103.28.14.42 103.28.14.42 | 58404 (QWORDS-AS...) (QWORDS-AS-ID PT Qwords Company International) | |
1 2 | 2a02:26f0:eb:... 2a02:26f0:eb:187::2db1 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
2 | 2a02:26f0:eb:... 2a02:26f0:eb:195::2db1 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
11 | 144.160.149.126 144.160.149.126 | 797 (AMERITECH-AS) (AMERITECH-AS - AT&T Services) | |
1 | 69.168.106.86 69.168.106.86 | 36271 (SYNACOR-C...) (SYNACOR-CLUSTER - Synacor) | |
1 | 54.194.25.183 54.194.25.183 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
2 | 2a00:1450:400... 2a00:1450:4001:81c::2002 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
1 | 2a00:1450:400... 2a00:1450:4001:819::2002 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
1 | 2a00:1450:400... 2a00:1450:4001:820::2002 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
4 | 216.58.205.226 216.58.205.226 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
1 | 2a00:1450:400... 2a00:1450:4001:821::2002 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
4 | 2a00:1450:400... 2a00:1450:4001:815::2001 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
1 | 2a00:1450:400... 2a00:1450:4001:825::2002 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
1 | 2a00:1450:400... 2a00:1450:4001:81b::2002 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
34 | 15 |
ASN58404 (QWORDS-AS-ID PT Qwords Company International, ID)
PTR: esxi2.excellent.co.id
travelbaliyes.com |
ASN797 (AMERITECH-AS - AT&T Services, Inc., US)
home.secureapp.att.net |
ASN36271 (SYNACOR-CLUSTER - Synacor, Inc., US)
sadlib.static-app.synacor.com |
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-54-194-25-183.eu-west-1.compute.amazonaws.com
dpm.demdex.net |
ASN15169 (GOOGLE - Google LLC, US)
PTR: fra15s24-in-f2.1e100.net
securepubads.g.doubleclick.net |
ASN15169 (GOOGLE - Google LLC, US)
pagead2.googlesyndication.com |
ASN15169 (GOOGLE - Google LLC, US)
pagead2.googlesyndication.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
11 |
att.net
home.secureapp.att.net |
182 KB |
6 |
googlesyndication.com
pagead2.googlesyndication.com tpc.googlesyndication.com |
263 KB |
4 |
doubleclick.net
securepubads.g.doubleclick.net |
95 KB |
4 |
att.com
1 redirects
www.att.com metrics.att.com |
23 KB |
3 |
googletagservices.com
www.googletagservices.com |
66 KB |
2 |
travelbaliyes.com
travelbaliyes.com |
8 KB |
1 |
google.com
adservice.google.com |
171 B |
1 |
google.de
adservice.google.de |
171 B |
1 |
demdex.net
dpm.demdex.net |
964 B |
1 |
synacor.com
sadlib.static-app.synacor.com |
19 KB |
34 | 10 |
Domain | Requested by | |
---|---|---|
11 | home.secureapp.att.net |
travelbaliyes.com
home.secureapp.att.net |
4 | tpc.googlesyndication.com |
securepubads.g.doubleclick.net
|
4 | securepubads.g.doubleclick.net |
www.googletagservices.com
securepubads.g.doubleclick.net travelbaliyes.com |
3 | www.googletagservices.com |
sadlib.static-app.synacor.com
securepubads.g.doubleclick.net |
3 | www.att.com |
1 redirects
travelbaliyes.com
|
2 | pagead2.googlesyndication.com |
securepubads.g.doubleclick.net
|
2 | travelbaliyes.com |
travelbaliyes.com
|
1 | adservice.google.com |
www.googletagservices.com
|
1 | adservice.google.de |
www.googletagservices.com
|
1 | metrics.att.com |
www.att.com
|
1 | dpm.demdex.net |
www.att.com
|
1 | sadlib.static-app.synacor.com |
travelbaliyes.com
|
34 | 12 |
This site contains links to these domains. Also see Links.
Domain |
---|
home.secureapp.att.net |
login.yahoo.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.att.com DigiCert SHA2 Secure Server CA |
2019-01-09 - 2020-02-05 |
a year | crt.sh |
home.secureapp.att.net DigiCert SHA2 Secure Server CA |
2018-03-08 - 2019-03-08 |
a year | crt.sh |
*.google.com Google Internet Authority G3 |
2018-12-19 - 2019-03-13 |
3 months | crt.sh |
*.g.doubleclick.net Google Internet Authority G3 |
2018-12-19 - 2019-03-13 |
3 months | crt.sh |
tpc.googlesyndication.com Google Internet Authority G3 |
2018-12-19 - 2019-03-13 |
3 months | crt.sh |
This page contains 2 frames:
Primary Page:
http://travelbaliyes.com/scsc/attlogin.htm
Frame ID: 38C46F3C2F305191D73D2470071FF0AE
Requests: 28 HTTP requests in this frame
Frame:
https://tpc.googlesyndication.com/pagead/js/r20190122/r20110914/abg_lite.js
Frame ID: 99248211118C1E3FCA2ADF7FADEE0920
Requests: 7 HTTP requests in this frame
Screenshot
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
DoubleClick for Publishers (DFP) (Advertising Networks) Expand
Detected patterns
- script /googletagservices\.com\/tag\/js\/gpt(?:_mobile)?\.js/i
Google AdSense (Advertising Networks) Expand
Detected patterns
- script /googlesyndication\.com\//i
- env /^google_ad_/i
- env /^__google_ad_/i
- env /^Goog_AdSense_/i
Google Analytics (Analytics) Expand
Detected patterns
- env /^gaGlobal$/i
Google Tag Manager (Tag Managers) Expand
Detected patterns
- env /^googletag$/i
Webtrends (Analytics) Expand
Detected patterns
- html /<img[^>]+id="DCSIMG"[^>]+webtrends/i
- env /^(?:WTOptimize|WebTrends)/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery(?:\-|\.)([\d.]*\d)[^\/]*\.js/i
- script /jquery.*\.js/i
- env /^jQuery$/i
Page Statistics
2 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://www.att.com/scripts/adobe/prod/detm-container-hdr.js HTTP 301
- https://www.att.com/scripts/adobe/prod/detm-container-hdr.js
- http://www.att.com/scripts/adobe/prod/detm-container-ftr.js HTTP 307
- https://www.att.com/scripts/adobe/prod/detm-container-ftr.js
- https://home.secureapp.att.net/attportal/s/context.dll?id=9002001&type=clickthru&name=cgate.signIn.Pageviews.www-att-net&redirecturl=/i/s.gif?nocache=9182 HTTP 302
- http://home.secureapp.att.net/i/s.gif?nocache=9182
34 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
attlogin.htm
travelbaliyes.com/scsc/ |
8 KB 8 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
detm-container-hdr.js
www.att.com/scripts/adobe/prod/ Redirect Chain
|
72 KB 22 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.0 |
_fontface.css
home.secureapp.att.net/css/sso/slid/1201/ |
0 223 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.0 |
main.css
home.secureapp.att.net/css/sso/slid/1201/ |
28 KB 28 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.0 |
jquery-1.5.1.min.js
home.secureapp.att.net/js/jquery/ |
83 KB 84 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.0 |
jquery.simplemodal.js
home.secureapp.att.net/js/jquery/simplemodal/ |
9 KB 10 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.0 |
script.js
home.secureapp.att.net/js/sso/slid/1201/ |
47 KB 48 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
att.js
sadlib.static-app.synacor.com/client/att/ |
69 KB 19 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.0 |
Button.png
home.secureapp.att.net/design/CDLS10/img/logos/ |
2 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.0 |
AT&T_logo.png
home.secureapp.att.net/design/CDLS10/img/logos/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
detm-container-ftr.js
www.att.com/scripts/adobe/prod/ Redirect Chain
|
540 B 553 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
id
dpm.demdex.net/ |
212 B 964 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.0 |
mobile.css
home.secureapp.att.net/css/sso/slid/1201/ |
4 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
id
metrics.att.com/ |
49 B 513 B |
XHR
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Cookie set
webtrends.min.js
travelbaliyes.com/commonLogin/igate_edam/staticContent/images/SLID/js/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
gpt.js
www.googletagservices.com/tag/js/ |
30 KB 10 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.0 |
pageBg.png
home.secureapp.att.net/design/cdls10/img/ui/ |
169 B 396 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.0 |
btnSumbit.png
home.secureapp.att.net/img/sso/slid/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.0 |
footerBg.png
home.secureapp.att.net/design/CDLS10/img/ui/ |
560 B 788 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
integrator.js
adservice.google.de/adsid/ |
109 B 171 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
integrator.js
adservice.google.com/adsid/ |
109 B 171 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pubads_impl_295.js
securepubads.g.doubleclick.net/gpt/ |
182 KB 62 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
s.gif
home.secureapp.att.net/i/ Redirect Chain
|
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
show_companion_ad.js
pagead2.googlesyndication.com/pagead/ |
160 KB 60 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ads
securepubads.g.doubleclick.net/gampad/ |
26 KB 9 KB |
XHR
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pubads_impl_rendering_295.js
securepubads.g.doubleclick.net/gpt/ |
61 KB 23 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
container.html
tpc.googlesyndication.com/safeframe/1-0-31/html/ |
0 0 |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
abg_lite.js
tpc.googlesyndication.com/pagead/js/r20190122/r20110914/ Frame 9924 |
32 KB 12 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
m_window_focus_non_hydra.js
tpc.googlesyndication.com/pagead/js/r20190122/r20110914/client/ext/ Frame 9924 |
2 KB 1 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
osd_listener.js
www.googletagservices.com/activeview/js/current/ Frame 9924 |
76 KB 28 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
13229860764101051268
tpc.googlesyndication.com/simgad/ Frame 9924 |
190 KB 190 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
osd.js
www.googletagservices.com/activeview/js/current/ |
75 KB 28 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
view
securepubads.g.doubleclick.net/pcs/ Frame 9924 |
0 269 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame 9924 |
213 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headersResponse headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
activeview
pagead2.googlesyndication.com/pcs/ Frame 9924 |
42 B 291 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- home.secureapp.att.net
- URL
- http://home.secureapp.att.net/i/s.gif?nocache=9182
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: AT&T (Telecommunication)102 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask string| mid string| adobe_mc string| href undefined| analytics_app_visitor_id undefined| ts undefined| newurl object| visitor function| isIE object| DataMappingInterface string| detm_tag_notification_key object| scripts object| script string| src function| satelliteDetector function| scriptExecutor undefined| detmScriptLoaderConfig function| detmScriptLoader undefined| detmLoader undefined| AllowDelayedLoad function| Visitor object| s_c_il number| s_c_in object| detmScriptExecutor function| detmDomainMapper object| detmTagControls object| antiClickjack undefined| noFrameBusting function| $ function| jQuery string| agent undefined| ORIGINATION_POINT_URL undefined| RETURN_URL undefined| CANCEL_URL function| getWindowWidth function| getWindowHeight function| setRegURL function| logPgvw function| refer function| submitForm function| trimAll function| chkTick function| unchkTick function| getElementsByClassName function| btnChange function| acctSelBtnEnable function| ie6Img function| getYadContents function| init undefined| countdownElement function| overlay function| cancelLoad function| Redirecturl string| focusableElementsString function| trapTabKey function| supportRedirect function| webtrendsAsyncInit object| Sadlib_Config object| TN8 object| SW_Config object| rubicontag object| googletag object| sadlib function| detmExecuteFooter object| closure_memoize_cache_ object| googleToken object| googleIMState object| google_js_reporting_queue function| processGoogleToken object| GPT_jstiming undefined| google_measure_js_timing object| google_reactive_ads_global_state boolean| google_noFetch boolean| google_DisableInitialLoad number| __google_ad_urls_id function| Goog_AdSense_getAdAdapterInstance function| Goog_AdSense_OsdAdapter function| googleCompanionsServicePresent function| googleGetCompanionAdSlots function| googleSetCompanionAdContents function| google_show_companion_ad function| google_show_companion_ad_in_slot function| google_get_companion_slot_params function| google_companion_error function| google_companion_loaded function| google_increment_num_ad_mouseovers string| google_ad_output string| google_ad_client string| google_flash_version boolean| google_webgl_support string| google_ad_section string| google_country number| google_unique_id object| gaGlobal object| __google_ad_urls boolean| google_osd_loaded boolean| google_onload_fired function| Goog_Osd_UnloadAdBlock function| Goog_Osd_UpdateElementToMeasure function| google_osd_amcb4 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.travelbaliyes.com/ | Name: currency Value: EUR |
|
.travelbaliyes.com/ | Name: language Value: en |
|
travelbaliyes.com/ | Name: PHPSESSID Value: 3bjr1endjluorh43e8op1giua6 |
|
travelbaliyes.com/ | Name: IV_JCT Value: %2FcommonLogin |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
adservice.google.com
adservice.google.de
dpm.demdex.net
home.secureapp.att.net
metrics.att.com
pagead2.googlesyndication.com
sadlib.static-app.synacor.com
securepubads.g.doubleclick.net
tpc.googlesyndication.com
travelbaliyes.com
www.att.com
www.googletagservices.com
home.secureapp.att.net
103.28.14.42
144.160.149.126
216.58.205.226
2a00:1450:4001:815::2001
2a00:1450:4001:819::2002
2a00:1450:4001:81b::2002
2a00:1450:4001:81c::2002
2a00:1450:4001:820::2002
2a00:1450:4001:821::2002
2a00:1450:4001:825::2002
2a02:26f0:eb:187::2db1
2a02:26f0:eb:195::2db1
54.194.25.183
69.168.106.86
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
27da51ec2023f96407f92161ddda0e290b0661a765822ff03e5d61f3aecf8aa0
30a949cc26cd4f709fa897313f8d448b2cb724a40a170c4b8e8ce6b3aa890fd1
37f94e55401f3507982b95b35887afadf0c0e289219edb3cf118e41cf3a91c41
3c8e05393a13e35cc44fa807446698953fdd5e6d2e104e98ba957529eee0a4b6
487b38bdff1549543e90f9ab1542d72f6af5572ec78468ded3b6bc14df8ed17a
4b8dd46b048b118e7d0e9e492eeeba9ba8c720468a1f6d84bdc03fa8af962f56
4dd51e6b250e15946ca0af835e0511093c82c5678115aac3055645d889a1681a
5759da4219228ce1f92cca409b7ac6dd426fa49e189c970d01ecabb1f989d4e6
5d5d27c8bcd7e354c7ac360c6b292efd73b5d83fe5fce3b7f6eb19afe248265f
61e91515aaf72cba3014a136331a138eca6b27831c8f2e6b0c128825243f5263
764b9e9f3ad386aaa5cdeae9368353994de61c0bede087c8f7e3579cb443de3b
8b3d8030a866ee16010b791d19cd984db3eb2dc747740d01e46ede6ff8bb1c18
8e6ec1efd720fba57823309829b05bb57ebb5716c813c88b3c88cf36ab9aa5e9
984a88847ddf3e7f71d95a6a1eda6ceab590880cc4e8e2255444af02493ee533
9e0db7af94ee7bd2d325475edb564226b87d4a0c528f4b69a112f8769ed52ab0
a8c89bb3937cdc4a70b3568eae5a390d918433be78f89deba07846932ae7c695
b5016432d46b6b11e1c947d37135b280326a8774805051cf85e31c2008e72ce0
b6b2eb0a3fa36c198258be57acde34c6f5d1297a8069b5293a287b23332a400e
b6ceb8e75bc1599c2480b14011337aadd5a19161be86e20a48c1181ff9b59035
c537cf7e2770d1b4953255dfccff8e0bdbfd4adb4e88d868e353208ae7ff13c1
ccd94beaf41f80fab69cabbcb2085871a4c77374bebe9a09c3746b1688e04439
da0f28b0d18d448b29cb3ee6e742952e7247c627d3800d045ba1573ca1fc07f4
db2a3260d580716fb8dae973b1b994f799f545d520b7a1636d473ecbdbdd2223
dfa2be020e3374a4b1c871c88ada990120fb198d4e8ff685ad35cfae88ad3466
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e9e1d9ba22f5b449beba17fb26ffb864b68c611674b718786152afa0b4425a53
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f09d560ddd19c437d8001660575fa51d5c7126776f0357b4b5b86295c65e39ae
f14ef16b60389ca877bdf962c084ec1dc9d7162e25e77665437784e1885d4127