![](/screenshots/d14a5e10-93f3-45c4-857e-0a3cba397147.png)
rewardsgetgifts.com
Open in
urlscan Pro
2606:4700:3030::6815:4007
Malicious Activity!
Public Scan
Effective URL: https://rewardsgetgifts.com/es-amz-ct/?s1=17S&s2=e237262e-8ad1-452e-997d-725a6beca744&s3=472912&s4=1034023273
Submission: On April 10 via manual from IT
Summary
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on February 16th 2021. Valid for: a year.
This is the only time rewardsgetgifts.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Customer Survey Spam (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 2 | 23.239.7.160 23.239.7.160 | 63949 (LINODE-AP...) (LINODE-AP Linode) | |
1 | 178.159.36.139 178.159.36.139 | 213058 (PIHL-AS) (PIHL-AS) | |
1 2 | 199.217.119.7 199.217.119.7 | 30083 (AS-30083-...) (AS-30083-GO-DADDY-COM-LLC) | |
2 23 | 2606:4700:303... 2606:4700:3030::6815:4007 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2606:4700::68... 2606:4700::6812:e134 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a00:1450:400... 2a00:1450:4001:82a::2008 | 15169 (GOOGLE) (GOOGLE) | |
1 2 | 45.55.126.207 45.55.126.207 | 14061 (DIGITALOC...) (DIGITALOCEAN-ASN) | |
3 | 2a00:1450:400... 2a00:1450:4001:80f::200e | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:1450:400... 2a00:1450:400c:c1b::9b | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:1450:400... 2a00:1450:4001:828::2004 | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:1450:400... 2a00:1450:4001:801::2003 | 15169 (GOOGLE) (GOOGLE) | |
33 | 11 |
ASN63949 (LINODE-AP Linode, LLC, US)
PTR: li718-160.members.linode.com
livemarkket.duckdns.org |
ASN30083 (AS-30083-GO-DADDY-COM-LLC, US)
PTR: eagle1142.dedicatedpanel.com
omrixml.com |
ASN15169 (GOOGLE, US)
www.googletagmanager.com |
ASN15169 (GOOGLE, US)
www.google-analytics.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
25 |
rewardsgetgifts.com
3 redirects
rewardsgetgifts.com beacon.rewardsgetgifts.com |
462 KB |
3 |
google-analytics.com
www.google-analytics.com |
20 KB |
2 |
omrixml.com
1 redirects
omrixml.com |
1 KB |
2 |
duckdns.org
1 redirects
livemarkket.duckdns.org |
524 B |
1 |
google.de
www.google.de |
505 B |
1 |
google.com
www.google.com |
505 B |
1 |
doubleclick.net
stats.g.doubleclick.net |
448 B |
1 |
googletagmanager.com
www.googletagmanager.com |
38 KB |
1 |
onesignal.com
cdn.onesignal.com |
3 KB |
1 |
laudypauty.com
laudypauty.com |
434 B |
33 | 10 |
Domain | Requested by | |
---|---|---|
23 | rewardsgetgifts.com |
2 redirects
omrixml.com
rewardsgetgifts.com |
3 | www.google-analytics.com |
www.googletagmanager.com
www.google-analytics.com |
2 | beacon.rewardsgetgifts.com | 1 redirects |
2 | omrixml.com |
1 redirects
laudypauty.com
|
2 | livemarkket.duckdns.org | 1 redirects |
1 | www.google.de | |
1 | www.google.com | |
1 | stats.g.doubleclick.net |
www.google-analytics.com
|
1 | www.googletagmanager.com |
rewardsgetgifts.com
|
1 | cdn.onesignal.com |
rewardsgetgifts.com
|
1 | laudypauty.com |
livemarkket.duckdns.org
|
33 | 11 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
www.laudypauty.com Go Daddy Secure Certificate Authority - G2 |
2020-06-29 - 2021-06-29 |
a year | crt.sh |
omrixml.com R3 |
2021-03-19 - 2021-06-17 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2021-02-16 - 2022-02-15 |
a year | crt.sh |
*.google-analytics.com GTS CA 1O1 |
2021-03-16 - 2021-06-08 |
3 months | crt.sh |
beacon.rewardsgetgifts.com R3 |
2021-02-17 - 2021-05-18 |
3 months | crt.sh |
*.g.doubleclick.net GTS CA 1O1 |
2021-03-16 - 2021-06-08 |
3 months | crt.sh |
www.google.com GTS CA 1O1 |
2021-03-16 - 2021-06-08 |
3 months | crt.sh |
www.google.de GTS CA 1O1 |
2021-03-16 - 2021-06-08 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://rewardsgetgifts.com/es-amz-ct/?s1=17S&s2=e237262e-8ad1-452e-997d-725a6beca744&s3=472912&s4=1034023273
Frame ID: 4AB4CD12C72E8B17924424A54C72D242
Requests: 33 HTTP requests in this frame
Screenshot
![](/screenshots/d14a5e10-93f3-45c4-857e-0a3cba397147.png)
Page URL History Show full URLs
- http://livemarkket.duckdns.org/rd/c41ASLfU2195KwzC465611pww50KXFu27 Page URL
-
http://livemarkket.duckdns.org/track/c41ASLfU2195KwzC465611pww50KXFu27
HTTP 302
https://laudypauty.com/1005dbe7ce8c97a5f34/ Page URL
- https://omrixml.com/r/4cd06493-fbb4-47d3-ab5d-8184f91ea7d2/472912/1034023273/ Page URL
-
https://omrixml.com/r2/4cd06493-fbb4-47d3-ab5d-8184f91ea7d2/472912/1034023273//e237262e-8ad1-452...
HTTP 302
https://rewardsgetgifts.com/es-amz-ct?s1=17S&s2=e237262e-8ad1-452e-997d-725a6beca744&s3=472912&s4=103402... HTTP 301
http://rewardsgetgifts.com/es-amz-ct/?s1=17S&s2=e237262e-8ad1-452e-997d-725a6beca744&s3=472912&s4=10340... HTTP 301
https://rewardsgetgifts.com/es-amz-ct/?s1=17S&s2=e237262e-8ad1-452e-997d-725a6beca744&s3=472912&s4=10340... Page URL
Detected technologies
Detected patterns
- script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://livemarkket.duckdns.org/rd/c41ASLfU2195KwzC465611pww50KXFu27 Page URL
-
http://livemarkket.duckdns.org/track/c41ASLfU2195KwzC465611pww50KXFu27
HTTP 302
https://laudypauty.com/1005dbe7ce8c97a5f34/ Page URL
- https://omrixml.com/r/4cd06493-fbb4-47d3-ab5d-8184f91ea7d2/472912/1034023273/ Page URL
-
https://omrixml.com/r2/4cd06493-fbb4-47d3-ab5d-8184f91ea7d2/472912/1034023273//e237262e-8ad1-452e-997d-725a6beca744/?red_param_1=https%3A%2F%2Flaudypauty.com%2F&fctr=0
HTTP 302
https://rewardsgetgifts.com/es-amz-ct?s1=17S&s2=e237262e-8ad1-452e-997d-725a6beca744&s3=472912&s4=1034023273 HTTP 301
http://rewardsgetgifts.com/es-amz-ct/?s1=17S&s2=e237262e-8ad1-452e-997d-725a6beca744&s3=472912&s4=1034023273 HTTP 301
https://rewardsgetgifts.com/es-amz-ct/?s1=17S&s2=e237262e-8ad1-452e-997d-725a6beca744&s3=472912&s4=1034023273 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 1- http://livemarkket.duckdns.org/track/c41ASLfU2195KwzC465611pww50KXFu27 HTTP 302
- https://laudypauty.com/1005dbe7ce8c97a5f34/
- https://beacon.rewardsgetgifts.com/g2/7b4ad06b-cbfd-45fa-900a-5bea99e4a97b?s1=17S&s2=e237262e-8ad1-452e-997d-725a6beca744&s3=472912&s4=1034023273 HTTP 302
- https://beacon.rewardsgetgifts.com/s/5f61bca3-c10d-4dd3-9721-0ab84ad51d22?&requestid=vxdAbsu829&destinationid=1317866230&s1=17S&s2=e237262e-8ad1-452e-997d-725a6beca744&s3=472912&s4=1034023273
33 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
c41ASLfU2195KwzC465611pww50KXFu27
livemarkket.duckdns.org/rd/ |
233 B 350 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
![]() laudypauty.com/1005dbe7ce8c97a5f34/ Redirect Chain
|
140 B 434 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
omrixml.com/r/4cd06493-fbb4-47d3-ab5d-8184f91ea7d2/472912/1034023273/ |
737 B 888 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
/
rewardsgetgifts.com/es-amz-ct/ Redirect Chain
|
9 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
OneSignalSDK.js
cdn.onesignal.com/sdks/ |
9 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bundle.aa0dc7a4b2b23cdb159a.css
rewardsgetgifts.com/es-amz-ct/ |
19 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
www.googletagmanager.com/gtag/ |
97 KB 38 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1.5231f9e4.chunk.js
rewardsgetgifts.com/es-amz-ct/js/ |
258 KB 79 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
app.b93c7962.js
rewardsgetgifts.com/es-amz-ct/js/ |
236 KB 32 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
christmas-lights.png
rewardsgetgifts.com/es-amz-ct/src/companies/eu/es-amz-ct/public/ |
83 KB 83 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
reviews.json
rewardsgetgifts.com/es-amz-ct/public/ |
1 KB 831 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
badges.min.png
rewardsgetgifts.com/es-amz-ct/public/ |
38 KB 38 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
5f61bca3-c10d-4dd3-9721-0ab84ad51d22
beacon.rewardsgetgifts.com/s/ Redirect Chain
|
9 KB 2 KB |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
snow-hill.png
rewardsgetgifts.com/es-amz-ct/src/companies/eu/es-amz-ct/public/ |
98 KB 99 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
analytics.js
www.google-analytics.com/ |
48 KB 19 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
star--filled.min.png
rewardsgetgifts.com/es-amz-ct/public/ |
373 B 723 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
star--empty.min.png
rewardsgetgifts.com/es-amz-ct/public/ |
368 B 672 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
collect
www.google-analytics.com/j/ |
2 B 147 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
collect
www.google-analytics.com/ |
35 B 194 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
collect
stats.g.doubleclick.net/j/ |
4 B 448 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ga-audiences
www.google.com/ads/ |
42 B 505 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ga-audiences
www.google.de/ads/ |
42 B 505 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo.png
rewardsgetgifts.com/es-amz-ct/public/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
es.png
rewardsgetgifts.com/es-amz-ct/public/ |
603 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
comments.json
rewardsgetgifts.com/es-amz-ct/public/ |
1 KB 894 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ribbon.png
rewardsgetgifts.com/es-amz-ct/public/ |
8 KB 8 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
snow-flakes.png
rewardsgetgifts.com/es-amz-ct/src/companies/eu/es-amz-ct/public/ |
30 KB 30 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
SeabVon-Jones.png
rewardsgetgifts.com/es-amz-ct/public/ |
11 KB 12 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
AntonRousseau.png
rewardsgetgifts.com/es-amz-ct/public/ |
11 KB 12 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ChristinaGomez.png
rewardsgetgifts.com/es-amz-ct/public/ |
11 KB 11 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
genevaross.png
rewardsgetgifts.com/es-amz-ct/public/ |
12 KB 12 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
L%C3%A9aLefebvre.png
rewardsgetgifts.com/es-amz-ct/public/ |
12 KB 13 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
StacyWoods.png
rewardsgetgifts.com/es-amz-ct/public/ |
12 KB 13 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Customer Survey Spam (Consumer)37 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated object| OneSignal function| gtag object| dataLayer object| snowflakes number| browserWidth number| browserHeight number| numberOfSnowflakes boolean| resetPosition boolean| enableAnimations object| reduceMotionQuery function| setAccessibilityState function| setup function| Snowflake function| setTransform function| generateSnowflakes function| moveSnowflakes function| getPosition function| setResetFlag object| webpackJsonp object| regeneratorRuntime function| _ object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga object| gaplugins object| gaGlobal object| gaData1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.rewardsgetgifts.com/ | Name: __cfduid Value: dd26e763f999508bccb18413fa4dca6041618030341 |
4 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
beacon.rewardsgetgifts.com
cdn.onesignal.com
laudypauty.com
livemarkket.duckdns.org
omrixml.com
rewardsgetgifts.com
stats.g.doubleclick.net
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
178.159.36.139
199.217.119.7
23.239.7.160
2606:4700:3030::6815:4007
2606:4700::6812:e134
2a00:1450:4001:801::2003
2a00:1450:4001:80f::200e
2a00:1450:4001:828::2004
2a00:1450:4001:82a::2008
2a00:1450:400c:c1b::9b
45.55.126.207
0fe87411a2d4bc54eadba8dc993569d4a8ff817f87d141cc5fce157ae0bb8c17
13628ec501190b1b2f77f180b307e758df4f118fe57a759e9a93a92423c087d2
1ca302c25521ebc25db282f66693e4d8a8befe5a09ba5c490838ca9348d01e78
1dcc7d01a314a366ffbbeca0178f7a50ea3ec9be7e56c71eb7d7ddec31bbfd09
2162f4e5f99099140450019790816b0b1c93cbdb9da7b49ae7ae2f1172c79f24
5114cc1b22f456f4a0e2d2d07a2fbea966d4feb39f2e28ec2598bff139e46084
51c2bebdeea6f8ceef52f78655b5037a865a2c65097d8ffcf42a67e50d3fa3d2
5aa59df44e57b2a6d067752f263519beec72c383039d242cf0cf7d9eef23e039
608b94b009425d5d0983f284ef4261c999480d2acfbe12b858e769285109e920
69fe12af18e3fa60a18f5cb47d0e089063613228aea8a106591f39d9259f2ddf
76f399c318602cbf763bea558a4d09d804e1e599714263066d245356e26698a5
77f67f87164694c3dd1ea09026de9adede729620356f55c7fb2d5a00bb5704ac
7f0b401615e4e7deea4229742fed404a884ce660a710e1a01526f8345e3a09f4
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
912919a62239947a65629300cbe5316164e74322b3b6024bf1e30ed986fa2a9f
96dfc7de1ba4a1fc9f1f82122fab6900fe10fc2643502aed504d9bd833cb33d1
b54641f47c1f47c54c27bd3690a4edc83846a62ddc9c74d567cb211161bed320
bef77cfdbfbfef2309ff4153b2a56fc522134069b77a594c4e5526c565b85b27
c684a9d9d91770dc8e9821e96f912e56db943195a34f76c76f208dd802aafa08
cfd853b577b6b7f0de1de788363614c52b047d5014e8da978420fd4de0ac1bd5
d0fd8c3355f52f2c827d729f721af1fb5260977758fb0d34e0934542a34684d8
daf99dcaabac8bb5292a529111b7fa29c596acbe034df5aa56dab18662f1f75a
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
e0437abb0d5ad997879f1036f73de4854226809b6c1713b565db1e71f7b9bd13
ee1f63ac38123da3ee5fa1cbe162db867422c43f24741a24f051eaa7ea5cdb46
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f3cf0b46fb46213518ad3dd68e1190f3c7a2a0c80e5719a521b6599bb3c7bfcc
f749ecbb16ec0a9ffa9cfd011bbd640aa81768ef96f7ed70b0f9edccaf6d2e43
f79723478f4c48501cd49ac52b81d6244a6562b9d3f08ce8ab208a8b8878d4c4
f877a798b0af17fb62564cc4a3b2c8f1fb76398c7e3156eae984fafe175bf4c3
fc520cc0b9a0dd2d7115659cefc8d3fdc3e8ae7490733f67a09e5255cccc481f