reliantpath.cfd
Open in
urlscan Pro
2a06:98c1:3121::3
Malicious Activity!
Public Scan
Effective URL: https://reliantpath.cfd/?s1=350582&s2=1136866702&s3=2275&s4=GIZA&ow=&s10=3595
Submission: On February 05 via api from BE — Scanned from DE
Summary
TLS certificate: Issued by E1 on February 2nd 2024. Valid for: 3 months.
This is the only time reliantpath.cfd was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Customer Survey Spam (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 107.174.146.130 107.174.146.130 | 36352 (AS-COLOCR...) (AS-COLOCROSSING) | |
1 | 45.141.233.104 45.141.233.104 | 25211 (EUROCRYPT-AS) (EUROCRYPT-AS) | |
29 | 2a06:98c1:312... 2a06:98c1:3121::3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
5 | 2a06:98c1:312... 2a06:98c1:3120::3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 2a00:1450:400... 2a00:1450:4001:811::2008 | 15169 (GOOGLE) (GOOGLE) | |
1 | 2001:4860:480... 2001:4860:4802:34::36 | 15169 (GOOGLE) (GOOGLE) | |
38 | 5 |
ASN36352 (AS-COLOCROSSING, CA)
PTR: 107-174-146-130-host.colocrossing.com
jenkins-sfib2vnp.vinsolutions.com |
ASN13335 (CLOUDFLARENET, US)
trk-adulvion.com | |
event.trk-adulvion.com |
ASN15169 (GOOGLE, US)
www.googletagmanager.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
29 |
reliantpath.cfd
reliantpath.cfd |
407 KB |
5 |
trk-adulvion.com
trk-adulvion.com — Cisco Umbrella Rank: 300281 event.trk-adulvion.com — Cisco Umbrella Rank: 317955 |
3 KB |
2 |
googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 37 |
150 KB |
1 |
google-analytics.com
region1.google-analytics.com — Cisco Umbrella Rank: 2029 |
254 B |
1 |
paintedbrushe.com
paintedbrushe.com |
437 B |
1 |
vinsolutions.com
1 redirects
jenkins-sfib2vnp.vinsolutions.com |
295 B |
38 | 6 |
Domain | Requested by | |
---|---|---|
29 | reliantpath.cfd |
paintedbrushe.com
reliantpath.cfd |
4 | event.trk-adulvion.com |
trk-adulvion.com
|
2 | www.googletagmanager.com |
reliantpath.cfd
www.googletagmanager.com |
1 | region1.google-analytics.com |
www.googletagmanager.com
|
1 | trk-adulvion.com |
reliantpath.cfd
|
1 | paintedbrushe.com | |
1 | jenkins-sfib2vnp.vinsolutions.com | 1 redirects |
38 | 7 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
paintedbrushe.com R3 |
2024-01-30 - 2024-04-29 |
3 months | crt.sh |
reliantpath.cfd E1 |
2024-02-02 - 2024-05-02 |
3 months | crt.sh |
trk-adulvion.com GTS CA 1P5 |
2023-12-17 - 2024-03-16 |
3 months | crt.sh |
*.google-analytics.com GTS CA 1C3 |
2024-01-09 - 2024-04-02 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://reliantpath.cfd/?s1=350582&s2=1136866702&s3=2275&s4=GIZA&ow=&s10=3595
Frame ID: ABA914C0D9D1F6AD04F0E8D9E33CE52E
Requests: 36 HTTP requests in this frame
Screenshot
Page Title
[1] Prämie ausstehend - Online Survey - Wir wollen Ihre Meinung!Page URL History Show full URLs
-
http://jenkins-sfib2vnp.vinsolutions.com/JpMfnzQqRhycN=YPWZjnrjWfSFn18n52s601ubb001ntde0z1v80e0t3jolrni5g
HTTP 302
https://paintedbrushe.com/0/0/0/c6f3d6e9aa41a73ba23ddd0e5e4961c6/35_1096612_2790770/2420_3093948_0t3jo... Page URL
- https://reliantpath.cfd/?s1=350582&s2=1136866702&s3=2275&s4=GIZA&ow=&s10=3595 Page URL
Detected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Font Awesome (Font Scripts) Expand
Detected patterns
- <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Google Analytics (Analytics) Expand
Detected patterns
Google Tag Manager (Tag Managers) Expand
Detected patterns
- googletagmanager\.com/ns\.html[^>]+></iframe>
- <!-- (?:End )?Google Tag Manager -->
- googletagmanager\.com/gtm\.js
- googletagmanager\.com/gtag/js
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://jenkins-sfib2vnp.vinsolutions.com/JpMfnzQqRhycN=YPWZjnrjWfSFn18n52s601ubb001ntde0z1v80e0t3jolrni5g
HTTP 302
https://paintedbrushe.com/0/0/0/c6f3d6e9aa41a73ba23ddd0e5e4961c6/35_1096612_2790770/2420_3093948_0t3jolr_14/522597462_80-255-7-103 Page URL
- https://reliantpath.cfd/?s1=350582&s2=1136866702&s3=2275&s4=GIZA&ow=&s10=3595 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://jenkins-sfib2vnp.vinsolutions.com/JpMfnzQqRhycN=YPWZjnrjWfSFn18n52s601ubb001ntde0z1v80e0t3jolrni5g HTTP 302
- https://paintedbrushe.com/0/0/0/c6f3d6e9aa41a73ba23ddd0e5e4961c6/35_1096612_2790770/2420_3093948_0t3jolr_14/522597462_80-255-7-103
38 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
522597462_80-255-7-103
paintedbrushe.com/0/0/0/c6f3d6e9aa41a73ba23ddd0e5e4961c6/35_1096612_2790770/2420_3093948_0t3jolr_14/ Redirect Chain
|
140 B 437 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
/
reliantpath.cfd/ |
2 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
3acff07e611b53917e04f9470a6b3dee
reliantpath.cfd/ |
57 KB 19 KB |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bootstrap.min.css
reliantpath.cfd/assets/js/vendor/bootstrap/css/ |
141 KB 22 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
all.css
reliantpath.cfd/assets/vendors/fontawesome/css/ |
72 KB 13 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
common-hybrid.css
reliantpath.cfd/assets/css/giza/dist/ |
31 KB 8 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
msg.v3.js
reliantpath.cfd/inc/ |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
EWxsJTLWkAQoIrd.png
reliantpath.cfd/uploads/archive/company/753/images/ |
146 KB 147 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
flag-de.png
reliantpath.cfd/assets/images/flags/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
check.svg
reliantpath.cfd/assets/images/ |
1 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
ci18.jpg
reliantpath.cfd/assets/images/ |
2 KB 2 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
vicon.png
reliantpath.cfd/assets/images/ |
972 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
ci6.jpg
reliantpath.cfd/assets/images/ |
2 KB 3 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
ci26.jpg
reliantpath.cfd/assets/images/ |
2 KB 3 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
ci34.jpg
reliantpath.cfd/assets/images/ |
2 KB 2 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
ci14.jpg
reliantpath.cfd/assets/images/ |
2 KB 2 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
ci36.jpg
reliantpath.cfd/assets/images/ |
2 KB 2 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
ci22.jpg
reliantpath.cfd/assets/images/ |
2 KB 3 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
ci1.jpg
reliantpath.cfd/assets/images/ |
2 KB 2 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
x.png
reliantpath.cfd/assets/images/common/ |
5 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
email-decode.min.js
reliantpath.cfd/cdn-cgi/scripts/5c5dd728/cloudflare-static/ |
1 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
jquery-3.4.1.min.js
reliantpath.cfd/assets/js/vendor/ |
86 KB 31 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bootstrap.min.js
reliantpath.cfd/assets/js/vendor/bootstrap/js/ |
48 KB 14 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
functions.js
reliantpath.cfd/assets/js/ |
814 B 879 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
intl_functions.js
reliantpath.cfd/assets/js/ |
4 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
common-hybrid.js
reliantpath.cfd/assets/js/giza/dist/ |
100 KB 22 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
v9e118mez8
trk-adulvion.com/scripts/push/ |
7 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gtm.js
www.googletagmanager.com/ |
184 KB 66 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
RubikMonoOne.ttf
reliantpath.cfd/assets/css/giza/dist/ |
2 KB 1 KB |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
fa-solid-900.woff2
reliantpath.cfd/assets/vendors/fontawesome/webfonts/ |
78 KB 79 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
fa-regular-400.woff2
reliantpath.cfd/assets/vendors/fontawesome/webfonts/ |
13 KB 14 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
3acff07e611b53917e04f9470a6b3dee
reliantpath.cfd/ |
25 B 541 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
www.googletagmanager.com/gtag/ |
244 KB 85 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
collect
region1.google-analytics.com/g/ |
0 254 B |
Ping
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
v9e118mez8
event.trk-adulvion.com/register/event_log/ |
0 0 |
Fetch
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H2 |
v9e118mez8
event.trk-adulvion.com/register/event_log/ |
0 0 |
Preflight
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H2 |
v9e118mez8
event.trk-adulvion.com/register/event_log/ |
0 0 |
Preflight
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
v9e118mez8
event.trk-adulvion.com/register/event_log/ |
0 0 |
Fetch
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Customer Survey Spam (Consumer)131 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| _0x4eba function| _0x3ccf function| pushCount object| MYCALL string| s1 string| s2 string| fp string| esource string| pshpub string| pshdomain string| pshfingerprint object| dataLayer function| $ function| jQuery object| bootstrap number| refresh_page function| startTimer number| duration undefined| time undefined| refresh function| startINTSurvey function| startQuestion function| startSurveyDub function| showSurveyDub function| callPushNotify string| LNG string| CMP string| CNT string| BID string| FNP string| CMPID string| API_URL object| currentdate object| months function| a0_0xae18cc string| attrChoices string| domain string| pipeline string| zipcode string| state_selected boolean| skip_modal_email boolean| email_send_modal object| states function| birthdayFill function| beforeShowQuestion function| showOfferWall function| createQuestion function| sendOf function| runT function| replaceUrlParam function| startsurvey function| a0_0x1880 function| nextQuestion function| formatPhoneNumber function| overflowP function| switchTypeQuestions function| validatePhone function| validateEmail function| validateZip function| sendZipIp function| validateHeightF function| validateHeightI function| validateWeight function| validateAll function| validateName function| validateLName function| validateBirthday function| days function| daysInMonth function| dashedNumber function| alpha function| validateKeyStrokes function| showStreetState function| leadgenForm function| a0_0x11e0 function| emailPixel function| startSurveyU function| switchTypeQuestionsU function| nextQuestionU function| showOfferWallU function| validateData function| showStreetStateU function| showDisclaimer function| preventS string| aff_id string| click_id string| Brand string| lpid string| lpow object| prepop string| emailURL string| phoneURL string| zipcodeURL string| cityURL string| stateURL string| languageCode string| countryCode string| popUrl function| putVarCommon function| count_p function| mfq_tags function| showEmailModal function| hideM number| advEmail number| email_pixel string| prod_var number| answered number| prevProgress number| stepsTotal number| progress string| cheerstx string| txt function| cheers function| urlBase64ToUint8Array function| pullUrlParams function| push_subscribe function| push_subscribe_promise function| setIfNull function| logPushEvent function| push_unsubscribe function| push_init function| setSessionId function| setUtm function| getSessionId function| getUrlVars function| getDomainName function| getStore object| google_tag_manager object| google_tag_data function| onYouTubeIframeAPIReady object| gaGlobal4 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
paintedbrushe.com/ | Name: uid2275 Value: 1136866702-20240204195141-f66892ec193f071981709bdea5a73879-3646 |
|
reliantpath.cfd/ | Name: PHPSESSID Value: 6f0fa03dd80df283c90f8aa7e493a277 |
|
.reliantpath.cfd/ | Name: _ga_DKB9VH2QW4 Value: GS1.1.1707094304.1.0.1707094304.0.0.0 |
|
.reliantpath.cfd/ | Name: _ga Value: GA1.1.1105381738.1707094304 |
3 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
event.trk-adulvion.com
jenkins-sfib2vnp.vinsolutions.com
paintedbrushe.com
region1.google-analytics.com
reliantpath.cfd
trk-adulvion.com
www.googletagmanager.com
107.174.146.130
2001:4860:4802:34::36
2a00:1450:4001:811::2008
2a06:98c1:3120::3
2a06:98c1:3121::3
45.141.233.104
017340e629175dbd707d31be94c707731fe6f51be004f85e3d50b960f34ea081
11c1ca79b0c58eb32236c8cdfd0cb4465efb5d03744efdc53fa4418beccb626d
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
26677cca262a783e761f614675543451e828931ba6b4dff58ba24aaa58ed7a7a
2c0f3dcfe93d7e380c290fe4ab838ed8cadff1596d62697f5444be460d1f876d
2db4a30686167f451311bbf0791f3b0224c03ee161e82354c760fa5bb0cb4dfc
2e0651724826112ac4a7ae16df7fa46f5aaf603184acd6f161d98ad348a1ac32
40a4a7e1e3b6806e9eb4b719dcdd56c7f3dec5c4991bc15b56193c7e99f719f8
462beb0c8ecb2abb15685c31875f268d166313581df110401c2483fab24a46df
4c24dfd28784ad2befb3dafaac6bf1ed4e7cd58cce713d9a0b228d426e812baf
612c58d05c6097b07b839936cd1c605a42165861422f23914b30f09aab06c949
6b3771113ea2c584837a3b4036f7f8f810c11e8b02f78e98eed712c82618077a
6c916669cf923b4f1b2db5c5107c83b6ca205e7ad0dcd840b251e63f0c8d28a2
6d8f8b38ca3a12a773d850945bfdb5d0d6a89b9ca30f7a6dc5c728101f508636
72b629cd526729bd25e6091b21e3e3ed6e16e17fb549a700f029f0c5693b0f4f
8c17435e1a09ed89d29dab00015da616c16e39da1c5daf5f8c8026dcbcf5836a
91caebaa07e970b9566eb195570097c03616d933955113dbfb1eced337a5f8b5
9437d87812b34d91f53e5421eeed60dd3aa108b42cb34f4a8dbb855a0531a55b
9c89114bec273dd4c523580dd837ee83b096c31ea4e55e96a00156986a9cacde
9f2dcc8d291e930f294c0b96fda36589f0b412848578c396b981e62ac9d4aca9
a23a8c2504b233c065a7db062a764cb5f3874018b9ffdb6515c5b513802ef08b
b3b8c21edfe6c5e402fdc607366fd8d15949a65914f58134733dc68922bc8d61
b7d826bf62262fb8d66325774d1cefd98501ab9e70d614f2c140e5762edcea08
bba8f9db54ccf37520888d62fc42c11c612c45e25feac44395e9ab42b2f966b8
bc4ba5ab1f79419e5c8a06db6d5ed27f78b026617608d8513bdf476bf78e1120
c86fc6524af3fab1567a1206ea20eca001d2b8eaa06b1fef573a7319f45c467c
d6527358ec1fd52efb776e60c0c3ed8c485dffa6989a07cff3f29430b7cc978f
e2bcb3c46151d0003ad90e7ba5637d2d97061ee754c4bd2418288159e6b5176f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e76803c59c910dabc01ef803f9064c86bc4128de152874796a1f3947c4b25662
e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b
ec006ed8744a3d28521058de2dcf88a3b2b6675af4c094410bdc7026db636d23