![](/screenshots/f79e9f75-6a19-4fc7-9433-9c4a2f22f55e.png)
nitimech.com
Open in
urlscan Pro
2606:4700:3034::6815:2d5d
Malicious Activity!
Public Scan
Effective URL: https://nitimech.com/sf/tpl9/?logo=media_markt&item=3MS&nw_cid=4e155dae-3375-4dbb-a661-ad318a721f48&nw_pid=6JQX&src=4...
Submission: On April 16 via manual from ES — Scanned from ES
Summary
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on January 7th 2022. Valid for: a year.
This is the only time nitimech.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Scam (Online)Domain & IP information
ASN44493 (CHELYABINSK-SIGNAL-AS, RU)
PTR: lorameullionaak63.pserver.ru
plasix.com |
ASN15169 (GOOGLE, US)
www.googletagmanager.com |
ASN15169 (GOOGLE, US)
www.google-analytics.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
22 |
nitimech.com
3 redirects
nitimech.com beacon.nitimech.com |
395 KB |
5 |
google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 37 |
20 KB |
4 |
fontawesome.com
kit.fontawesome.com — Cisco Umbrella Rank: 1785 ka-f.fontawesome.com — Cisco Umbrella Rank: 3473 |
23 KB |
2 |
virtualpushplatform.com
virtualpushplatform.com — Cisco Umbrella Rank: 200579 |
4 KB |
2 |
flaries.com
1 redirects
flaries.com |
1 KB |
1 |
google.es
www.google.es — Cisco Umbrella Rank: 16447 |
501 B |
1 |
google.com
www.google.com — Cisco Umbrella Rank: 4 |
501 B |
1 |
doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 95 |
439 B |
1 |
googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 71 |
38 KB |
1 |
plasix.com
plasix.com |
434 B |
1 |
geoplugin.net
www.geoplugin.net — Cisco Umbrella Rank: 33757 |
2 KB |
1 |
page.link
1 redirects
merrylink.page.link |
1 KB |
39 | 12 |
Domain | Requested by | |
---|---|---|
19 | nitimech.com |
2 redirects
flaries.com
nitimech.com |
5 | www.google-analytics.com |
www.googletagmanager.com
www.google-analytics.com nitimech.com |
3 | beacon.nitimech.com |
1 redirects
nitimech.com
|
3 | ka-f.fontawesome.com |
kit.fontawesome.com
|
2 | virtualpushplatform.com |
nitimech.com
virtualpushplatform.com |
2 | flaries.com |
1 redirects
plasix.com
|
1 | www.google.es | |
1 | www.google.com | |
1 | stats.g.doubleclick.net |
www.google-analytics.com
|
1 | www.googletagmanager.com |
nitimech.com
|
1 | kit.fontawesome.com |
nitimech.com
|
1 | plasix.com |
20.229.172.147
|
1 | www.geoplugin.net |
20.229.172.147
|
1 | merrylink.page.link | 1 redirects |
39 | 14 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
www.plasix.com Go Daddy Secure Certificate Authority - G2 |
2021-09-08 - 2022-09-08 |
a year | crt.sh |
flaries.com R3 |
2022-04-02 - 2022-07-01 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-01-07 - 2023-01-06 |
a year | crt.sh |
*.fontawesome.com DigiCert TLS RSA SHA256 2020 CA1 |
2021-12-01 - 2023-01-01 |
a year | crt.sh |
*.google-analytics.com GTS CA 1C3 |
2022-03-28 - 2022-06-20 |
3 months | crt.sh |
*.virtualpushplatform.com E1 |
2022-02-25 - 2022-05-26 |
3 months | crt.sh |
beacon.nitimech.com R3 |
2022-03-11 - 2022-06-09 |
3 months | crt.sh |
*.g.doubleclick.net GTS CA 1C3 |
2022-03-28 - 2022-06-20 |
3 months | crt.sh |
www.google.com GTS CA 1C3 |
2022-03-28 - 2022-06-20 |
3 months | crt.sh |
*.google.es GTS CA 1C3 |
2022-03-28 - 2022-06-20 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://nitimech.com/sf/tpl9/?logo=media_markt&item=3MS&nw_cid=4e155dae-3375-4dbb-a661-ad318a721f48&nw_pid=6JQX&src=473325
Frame ID: B2940D891940226E22DC7A071BC263C3
Requests: 39 HTTP requests in this frame
Screenshot
![](/screenshots/f79e9f75-6a19-4fc7-9433-9c4a2f22f55e.png)
Page Title
Media MarktPage URL History Show full URLs
-
https://merrylink.page.link/NLtk
HTTP 302
http://20.229.172.147/21588.html Page URL
- https://plasix.com/1009711b09578d12000 Page URL
- https://flaries.com/r/c1db66c3-9346-488a-8605-e6ae8643c53f/473325/1179015943/ Page URL
-
https://flaries.com/r2/c1db66c3-9346-488a-8605-e6ae8643c53f/473325/1179015943//4e155dae-3375-4db...
HTTP 302
https://nitimech.com/sf/tpl9?logo=media_markt&item=3MS&nw_cid=4e155dae-3375-4dbb-a661-ad318a721f4... HTTP 301
http://nitimech.com/sf/tpl9/?logo=media_markt&item=3MS&nw_cid=4e155dae-3375-4dbb-a661-ad318a721f... HTTP 301
https://nitimech.com/sf/tpl9/?logo=media_markt&item=3MS&nw_cid=4e155dae-3375-4dbb-a661-ad318a721f... Page URL
Detected technologies
![](/vendor/wappa/icons/Font Awesome.png)
Detected patterns
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- kit\.fontawesome\.com/([0-9a-z]+).js
Detected patterns
- google-analytics\.com/(?:ga|urchin|analytics)\.js
![](/vendor/wappa/icons/Google Tag Manager.png)
Detected patterns
- googletagmanager\.com/gtag/js
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://merrylink.page.link/NLtk
HTTP 302
http://20.229.172.147/21588.html Page URL
- https://plasix.com/1009711b09578d12000 Page URL
- https://flaries.com/r/c1db66c3-9346-488a-8605-e6ae8643c53f/473325/1179015943/ Page URL
-
https://flaries.com/r2/c1db66c3-9346-488a-8605-e6ae8643c53f/473325/1179015943//4e155dae-3375-4dbb-a661-ad318a721f48/?red_param_1=https%3A%2F%2Fplasix.com%2F&fctr=0
HTTP 302
https://nitimech.com/sf/tpl9?logo=media_markt&item=3MS&nw_cid=4e155dae-3375-4dbb-a661-ad318a721f48&nw_pid=6JQX&src=473325 HTTP 301
http://nitimech.com/sf/tpl9/?logo=media_markt&item=3MS&nw_cid=4e155dae-3375-4dbb-a661-ad318a721f48&nw_pid=6JQX&src=473325 HTTP 301
https://nitimech.com/sf/tpl9/?logo=media_markt&item=3MS&nw_cid=4e155dae-3375-4dbb-a661-ad318a721f48&nw_pid=6JQX&src=473325 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://merrylink.page.link/NLtk HTTP 302
- http://20.229.172.147/21588.html
- https://beacon.nitimech.com/g2/915a650e-17d2-45ba-8c6a-52924abd931a?item=3MS&logo=media_markt&nw_cid=4e155dae-3375-4dbb-a661-ad318a721f48&nw_pid=6JQX&src=473325 HTTP 302
- https://beacon.nitimech.com/s/ccdcb34e-f069-49c7-8383-ada5ec856773?&requestid=4g4Qo8KZt3&destinationid=2591448522&item=3MS&logo=media_markt&nw_cid=4e155dae-3375-4dbb-a661-ad318a721f48&nw_pid=6JQX&src=473325
39 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
21588.html
20.229.172.147/ Redirect Chain
|
474 B 636 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
javascript.gp
www.geoplugin.net/ |
2 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
1009711b09578d12000
plasix.com/ |
140 B 434 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
flaries.com/r/c1db66c3-9346-488a-8605-e6ae8643c53f/473325/1179015943/ |
733 B 885 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
/
nitimech.com/sf/tpl9/ Redirect Chain
|
14 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
268a7048dd.js
kit.fontawesome.com/ |
11 KB 4 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
www.googletagmanager.com/gtag/ |
97 KB 38 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bundle.1f2b2b8914e1db58454d.css
nitimech.com/sf/tpl9/ |
1 MB 115 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
img-3.png
nitimech.com/sf/tpl9/public/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
like.png
nitimech.com/sf/tpl9/public/ |
466 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
img-4.png
nitimech.com/sf/tpl9/public/ |
2 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
img-5.png
nitimech.com/sf/tpl9/public/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
img-6.png
nitimech.com/sf/tpl9/public/ |
2 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
img-7.png
nitimech.com/sf/tpl9/public/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
img-8.png
nitimech.com/sf/tpl9/public/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
img-9.png
nitimech.com/sf/tpl9/public/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
img-10.png
nitimech.com/sf/tpl9/public/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
img-11.png
nitimech.com/sf/tpl9/public/ |
2 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
img-12.png
nitimech.com/sf/tpl9/public/ |
875 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
7.552c479b.chunk.js
nitimech.com/sf/tpl9/js/ |
307 KB 100 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
app.3172497a.js
nitimech.com/sf/tpl9/js/ |
489 KB 88 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
free.min.css
ka-f.fontawesome.com/releases/v5.15.4/css/ |
59 KB 13 KB |
Fetch
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
free-v4-shims.min.css
ka-f.fontawesome.com/releases/v5.15.4/css/ |
26 KB 5 KB |
Fetch
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
free-v4-font-face.min.css
ka-f.fontawesome.com/releases/v5.15.4/css/ |
3 KB 1 KB |
Fetch
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ace-push.js
virtualpushplatform.com/ |
9 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
summary
beacon.nitimech.com/geo/ |
115 B 564 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
media_markt.png
nitimech.com/sf/tpl9/public/media_markt/ |
4 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
cart.png
nitimech.com/sf/tpl9/public/media_markt/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ccdcb34e-f069-49c7-8383-ada5ec856773
beacon.nitimech.com/s/ Redirect Chain
|
65 KB 48 KB |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
analytics.js
www.google-analytics.com/ |
49 KB 20 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
collect
www.google-analytics.com/j/ |
2 B 22 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
collect
www.google-analytics.com/ |
35 B 55 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST |
visit
virtualpushplatform.com/api/v1/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H3 |
visit
virtualpushplatform.com/api/v1/ |
0 0 |
Preflight
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
collect
stats.g.doubleclick.net/j/ |
4 B 439 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ga-audiences
www.google.com/ads/ |
42 B 501 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ga-audiences
www.google.es/ads/ |
42 B 501 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
45 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
collect
www.google-analytics.com/ |
35 B 55 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
collect
www.google-analytics.com/ |
35 B 55 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- virtualpushplatform.com
- URL
- https://virtualpushplatform.com/api/v1/visit
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Scam (Online)24 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| structuredClone object| oncontextlost object| oncontextrestored function| getScreenDetails function| gtag object| dataLayer object| FontAwesomeKitConfig object| webpackJsonp object| regeneratorRuntime function| _ object| core function| ScratchCard object| SCRATCH_TYPE object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga function| initializeAcePush function| setBaseUrl function| getLocation function| registerServiceWorker object| gaplugins object| gaGlobal object| gaData5 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
plasix.com/ | Name: uid21588 Value: 1179015943-20220416055906-1c6c1b7367b528ae7af5c1780e838b3c- |
|
.flaries.com/ | Name: e86c1f1c-c0b2-42b5-b78c-53aa5debe60e-check Value: 4e155dae-3375-4dbb-a661-ad318a721f48 |
|
.nitimech.com/ | Name: _ga Value: GA1.2.1594722910.1650106749 |
|
.nitimech.com/ | Name: _gid Value: GA1.2.648741383.1650106749 |
|
.nitimech.com/ | Name: _gat_gtag_UA_148357412_1 Value: 1 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
beacon.nitimech.com
flaries.com
ka-f.fontawesome.com
kit.fontawesome.com
merrylink.page.link
nitimech.com
plasix.com
stats.g.doubleclick.net
virtualpushplatform.com
www.geoplugin.net
www.google-analytics.com
www.google.com
www.google.es
www.googletagmanager.com
virtualpushplatform.com
178.237.33.50
185.101.93.85
185.118.165.72
20.229.172.147
2606:4700:3034::6815:2d5d
2606:4700:3037::6815:4392
2606:4700::6812:1734
2a00:1450:4001:808::2003
2a00:1450:4001:812::200e
2a00:1450:4001:82b::2008
2a00:1450:4001:82b::200e
2a00:1450:4001:831::2004
2a00:1450:400c:c00::9a
2a06:98c1:3121::7
45.55.126.207
01ff0a6dfebce308d517e495941065eb38cc8b37a7b2bf67df272aea25f69c40
02111eae1d7ec3ea741a9f80e8a67a7428f62ef6d870809a86d3735454236b4b
027a11a54d2d88d5918eae519cc8d5f3b3f0a32858c41246064a128bb2825779
0ca3bcdc244a011cff113f873678ee9de68479a7f6c7f360b171c3edbc96dd1a
11b1715c0f86f234df9d04d142cfca902744c24e1bf32af4f87c3e6660e71e2a
182600ef12499261e2e971331530eb1caacd6c2106c4c864d158ac9c4a9a2327
18f551911c68e079ef629648f47ad743c99d47e9d5c0d5a475c7392a1f0ab248
28619be5b96ed1ae96d96e2f0ecd42e53248e4d150496dad26f7883fdb940127
28bd8b27c7caefe2e3a4f39cd419f5fa70f45cb9ba4ba19bc0977fad3766129a
2e17c79e1b4d86ddba5a9d2104902942db44f856a9fd63a137cf5deb35f56366
449ef5cfa5c80b3190b9dcdab2ccff5efb7be4f46aa48d4686af9adf6a494cdd
4ba90609efbf3e11565b8b9005e57d80f53a8837ce693c9023ccb0626461d212
6a80661710d0d82b16a3fd62eda811d59b27165ca8fb658e210780397aec4c85
6dea47458a4cd7cd7312cc780a53c62e0c8b3ccc8d0b13c1ac0ea6e3dfcecea8
6f9f33c9f771c1202c736de2ad9b7c57d0c72ce687b2711a7cb88ae554eed068
73cb358bf47ed149f8fd7e3eada678166cfab77538c313ba72cb6e38d13253fa
7adac1888791ad42f547c97c9c9dad37faee15dfb5e76f20eabc8a0a0b6168e9
7f8b63bff49fba3c5bae30f4eb39f2fd6d088fbe9d7292bdf37b0ef4a1ec68d6
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
845a5200eb01a02833e74b09ab84d6ec2aab5ee16211ee1a31b7eb6a4bb61ecc
8e1a96edd8e5beacb64733b33cac976575dca4e6c3260b3389c83be8898d0ff2
94dcf5556e059d9e35d347a9fdd7c295ec5d8001d8c00693dfc2a7d18f9fb0f3
9b17d1bc53a49edcab5f29c232dde056d8ad18b6c948ad908134b64130eb2606
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a3080a2a753b0fec2a2dc171d9f6bb97603d63fbafdc28f367fa61b0ef45b760
b0c40a3ef77aea7e48c710fa701af1d074224846ebf30cd9d82b7596c15da2c1
cc7319d8c59cc77bc7118f4aefbe371d19f2367e2a47af8ac1aedf6c324cbd8f
cf1a5b25481a53debd0a2480efaf5c819ea6ca597d638357fd6a503b747f6755
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
fba1dafda080b2bf2c0074fc8eb29203c48f2afa916065df41a0a76e48f63987
fc5128dfdcdfa0c3a9967a6d2f19399d7bf1aaae6ad7571b96b03915a1f30dda
ff2e4db85d300bf909697a2c22daa12543f04d6030a60c99283b4a53030dec47