world-wide-new.com
Open in
urlscan Pro
2606:4700:30::6818:64aa
Malicious Activity!
Public Scan
Effective URL: https://world-wide-new.com/winners/klatten/?country=Germany®ion=&city=&campid=10008&offerid=1021&sxid=bo7t6m2cg6fb&place...
Submission: On November 21 via manual from RO
Summary
TLS certificate: Issued by CloudFlare Inc ECC CA-2 on August 11th 2019. Valid for: a year.
This is the only time world-wide-new.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Investment Scam (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 52.201.45.32 52.201.45.32 | 14618 (AMAZON-AES) (AMAZON-AES - Amazon.com) | |
1 2 | 2606:4700:30:... 2606:4700:30::6818:64aa | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
1 1 | 3.120.45.148 3.120.45.148 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
1 | 2a00:1450:400... 2a00:1450:4001:81e::200a | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
39 | 2606:4700:20:... 2606:4700:20::681a:cc4 | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
49 | 4 |
ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-52-201-45-32.compute-1.amazonaws.com
forgethenar.info |
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
www.world-wide-new.com | |
world-wide-new.com |
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-3-120-45-148.eu-central-1.compute.amazonaws.com
autqxwl.com |
ASN15169 (GOOGLE - Google LLC, US)
ajax.googleapis.com |
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
tamashy.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
39 |
tamashy.com
tamashy.com |
3 MB |
2 |
world-wide-new.com
1 redirects
www.world-wide-new.com world-wide-new.com |
16 KB |
1 |
googleapis.com
ajax.googleapis.com |
33 KB |
1 |
autqxwl.com
1 redirects
autqxwl.com |
4 KB |
1 |
forgethenar.info
1 redirects
forgethenar.info |
426 B |
49 | 5 |
Domain | Requested by | |
---|---|---|
39 | tamashy.com |
world-wide-new.com
|
1 | ajax.googleapis.com |
world-wide-new.com
|
1 | world-wide-new.com | |
1 | autqxwl.com | 1 redirects |
1 | www.world-wide-new.com | 1 redirects |
1 | forgethenar.info | 1 redirects |
49 | 6 |
This site contains links to these domains. Also see Links.
Domain |
---|
autqxwl.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni.cloudflaressl.com CloudFlare Inc ECC CA-2 |
2019-08-11 - 2020-08-10 |
a year | crt.sh |
*.googleapis.com GTS CA 1O1 |
2019-11-05 - 2020-01-28 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://world-wide-new.com/winners/klatten/?country=Germany®ion=&city=&campid=10008&offerid=1021&sxid=bo7t6m2cg6fb&placement=%7Bpubfeed%7D&campaignid=%7Bcampaign%7D&subid=787272&campname=pop-cpl&extcid=5992126640159819856
Frame ID: 9D72BB4F3B4F5C09F3C89941A263497E
Requests: 49 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://forgethenar.info/?tid=787272&noocp=1&subid=2650895&hop=7&geo=DE
HTTP 302
http://www.world-wide-new.com/p-ads/admaven-pop1.php?&placement={pubfeed}&campaignid={campaign}&subid=7872... HTTP 301
http://autqxwl.com/path/lp.php?trvid=10008&trvx=c1808050&&placement={pubfeed}&campaignid={campa... HTTP 302
https://world-wide-new.com/winners/klatten/?country=Germany®ion=&city=&campid=10008&offerid=1021&sxi... Page URL
Detected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i
CloudFlare (CDN) Expand
Detected patterns
- headers server /^cloudflare$/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Title: Jetzt spielen
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://forgethenar.info/?tid=787272&noocp=1&subid=2650895&hop=7&geo=DE
HTTP 302
http://www.world-wide-new.com/p-ads/admaven-pop1.php?&placement={pubfeed}&campaignid={campaign}&subid=787272&campname=pop-cpl&extcid=5992126640159819856 HTTP 301
http://autqxwl.com/path/lp.php?trvid=10008&trvx=c1808050&&placement={pubfeed}&campaignid={campaign}&subid=787272&campname=pop-cpl&extcid=5992126640159819856 HTTP 302
https://world-wide-new.com/winners/klatten/?country=Germany®ion=&city=&campid=10008&offerid=1021&sxid=bo7t6m2cg6fb&placement=%7Bpubfeed%7D&campaignid=%7Bcampaign%7D&subid=787272&campname=pop-cpl&extcid=5992126640159819856 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
49 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
world-wide-new.com/winners/klatten/ Redirect Chain
|
85 KB 15 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.12.4/ |
95 KB 33 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.css
tamashy.com/southwind/btc/de/susanne/ |
100 KB 15 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
all.css
tamashy.com/southwind/btc/de/susanne/ |
54 KB 11 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
styles.min.css
tamashy.com/southwind/btc/de/susanne/ |
842 KB 99 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.js
tamashy.com/southwind/btc/de/susanne/ |
94 KB 32 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ouibounce.css
tamashy.com/southwind/btc/de/susanne/exit-popup/popup-assets/css/ |
5 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ouibounce.js
tamashy.com/southwind/btc/de/susanne/exit-popup/popup-assets/js/ |
5 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo2.png
tamashy.com/southwind/btc/de/susanne/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Schmandkuchen.jpg
tamashy.com/southwind/btc/de/susanne/ |
13 KB 13 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Penne-Alfredo.jpg
tamashy.com/southwind/btc/de/susanne/ |
22 KB 22 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
top1.jpg
tamashy.com/southwind/btc/de/susanne/ |
259 KB 259 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
susanne1.jpg
tamashy.com/southwind/btc/de/susanne/bitcoin-profit/ |
257 KB 257 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
susanne2.jpg
tamashy.com/southwind/btc/de/susanne/ |
474 KB 474 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
muskbranson.jpg
tamashy.com/southwind/btc/de/susanne/ |
160 KB 160 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
dreamcar.jpg
tamashy.com/southwind/btc/de/susanne/ |
160 KB 160 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
tisdale.jpg
tamashy.com/southwind/btc/de/susanne/ |
271 KB 271 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
everydayprofit_euro.gif
tamashy.com/southwind/btc/de/susanne/ |
571 KB 572 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cheque.jpg
tamashy.com/southwind/btc/de/susanne/ |
311 KB 311 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
step4-german.jpg
tamashy.com/southwind/btc/de/susanne/ |
67 KB 67 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
step2-german.jpg
tamashy.com/southwind/btc/de/susanne/ |
121 KB 122 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
step3-german.jpg
tamashy.com/southwind/btc/de/susanne/ |
124 KB 124 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
top.png
tamashy.com/southwind/btc/de/susanne/ |
630 B 765 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
home.svg
tamashy.com/southwind/btc/de/susanne/img/icons_menu/ |
1 KB 672 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
facebook.png
tamashy.com/southwind/btc/de/susanne/img/article-socialbar/ |
770 B 877 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pinterest.png
tamashy.com/southwind/btc/de/susanne/img/article-socialbar/ |
4 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
twitter.png
tamashy.com/southwind/btc/de/susanne/img/article-socialbar/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
email.png
tamashy.com/southwind/btc/de/susanne/img/article-socialbar/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
print.png
tamashy.com/southwind/btc/de/susanne/img/article-socialbar/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
Lato-Regular.woff
tamashy.com/southwind/btc/de/susanne/fonts/lato/lato-regular/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
Vollkorn-Italic.woff
tamashy.com/southwind/btc/de/susanne/fonts/vollkorn/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
Lato-BoldItalic.woff
tamashy.com/southwind/btc/de/susanne/fonts/lato/lato-bold-italic/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
scandi-male(1).jpg
tamashy.com/southwind/btc/de/susanne/ |
36 KB 36 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
scandi-male(2).jpg
tamashy.com/southwind/btc/de/susanne/ |
42 KB 42 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
side3.png
tamashy.com/southwind/btc/de/susanne/ |
38 KB 38 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
side4.png
tamashy.com/southwind/btc/de/susanne/ |
25 KB 25 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
scandi-female(4).jpg
tamashy.com/southwind/btc/de/susanne/ |
34 KB 34 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
side6.png
tamashy.com/southwind/btc/de/susanne/ |
34 KB 34 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
side7.png
tamashy.com/southwind/btc/de/susanne/ |
30 KB 31 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
checkmark.png
tamashy.com/southwind/btc/de/susanne/ |
341 B 455 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
s4.jpg
tamashy.com/southwind/btc/de/susanne/ |
94 KB 94 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
s2.jpg
tamashy.com/southwind/btc/de/susanne/ |
148 KB 148 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
s3.jpg
tamashy.com/southwind/btc/de/susanne/ |
89 KB 89 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ouibounce.js
tamashy.com/southwind/btc/de/susanne/ |
2 KB 935 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
LatoIta.woff
tamashy.com/southwind/btc/de/susanne/fonts/lato/lato-regular-italic/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
Vollkorn-Italic.ttf
tamashy.com/southwind/btc/de/susanne/fonts/vollkorn/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
Lato-Regular.ttf
tamashy.com/southwind/btc/de/susanne/fonts/lato/lato-regular/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
Lato-BoldItalic.ttf
tamashy.com/southwind/btc/de/susanne/fonts/lato/lato-bold-italic/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
LatoIta.ttf
tamashy.com/southwind/btc/de/susanne/fonts/lato/lato-regular-italic/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- tamashy.com
- URL
- https://tamashy.com/southwind/btc/de/susanne/fonts/lato/lato-regular/Lato-Regular.woff
- Domain
- tamashy.com
- URL
- https://tamashy.com/southwind/btc/de/susanne/fonts/vollkorn/Vollkorn-Italic.woff
- Domain
- tamashy.com
- URL
- https://tamashy.com/southwind/btc/de/susanne/fonts/lato/lato-bold-italic/Lato-BoldItalic.woff
- Domain
- tamashy.com
- URL
- https://tamashy.com/southwind/btc/de/susanne/fonts/lato/lato-regular-italic/LatoIta.woff
- Domain
- tamashy.com
- URL
- https://tamashy.com/southwind/btc/de/susanne/fonts/vollkorn/Vollkorn-Italic.ttf
- Domain
- tamashy.com
- URL
- https://tamashy.com/southwind/btc/de/susanne/fonts/lato/lato-regular/Lato-Regular.ttf
- Domain
- tamashy.com
- URL
- https://tamashy.com/southwind/btc/de/susanne/fonts/lato/lato-bold-italic/Lato-BoldItalic.ttf
- Domain
- tamashy.com
- URL
- https://tamashy.com/southwind/btc/de/susanne/fonts/lato/lato-regular-italic/LatoIta.ttf
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Investment Scam (Online)12 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate function| $ function| jQuery function| ouibounce object| _ouibounce function| getHeaderHeight function| setHeaderSimulationHeight object| dayNames object| monthNames object| now number| dayOfTheWeek1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.world-wide-new.com/ | Name: __cfduid Value: d3f7144b72e2a6586f2acf4b739a85f801574374784 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
autqxwl.com
forgethenar.info
tamashy.com
world-wide-new.com
www.world-wide-new.com
tamashy.com
2606:4700:20::681a:cc4
2606:4700:30::6818:64aa
2a00:1450:4001:81e::200a
3.120.45.148
52.201.45.32
007673099a51d59c18449878bc6661fdf46b75cc2d43e45791205166637edc31
0fa1faef1ad967eb5ce3c4c63df5545fe51c8fec2ce3a055aa6b123ac2fcef89
0fbd1f2736070fa06246acd09fc84050eee5a14ad1e2de107cc8379422f1ea3c
1677d5e7ce20df25d6a1069757f4cfcc8a40fd1c250daf028c68f54fa83d06e8
1b7e0a2736aeb5f656f8b9cc2fda4b3eb2ea212d2f344dae9b7792136c9c5562
1b869885b1049f575842e45bb2b3e6efdca2b9d364f07640ef9615c2a22c353e
1d36b6e6da45d37d41f41c7b94b85691380fba3d8b9d455c3bde5ebe487ad823
1e3b05336944dc8257502af3b9d063bd66295c799afe9ae1368eddfb4db6e250
22d0cf39229e9768c529651a007a807990761a96524028eb24227c69350bc37c
25fd3050bdb8816268559385b44589785a05d866b865463a6e9f4517ae23a0d4
276ff208d4d9d9a24fcbfe8823f554322f7c2fbb5f5b243c1a4761c1daeafc18
27f7b5ca02ba9f0a71cca4c6de5c7dba58d8632cba7667c39bbb3d9419f60edf
4037bbf27025cc8c2d9fcb8ce541da87ed10952c094583232c95c9c1a827635e
50b0010a63d5ede70e4e7c8e005892248e19117182e7634f89c956bbc23ac69b
54b51d9dd522a8eb4666e339bb0c9d04faf4c86085e9338f0b439e92ec042d23
54e408290bafacaad2eaf0b17ec04ecf29ae7333a69784730a1af7d749b3c4a9
553054ef200b9bc2f815246a8f7c0b67cbded3e9eab47cf5d3dc554bf5365079
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404
66a48e4345c45bd8b580ea3dffb9118b35a87835f420c4489f07a3d6284d9573
8bc6b914954175d0d7aaca2a3de756a112a229947b87c1e41ed7a3d2389b7e69
97e8ce172a07e372edae6f120e0d6141112d0f44cec5eaad1685a50e03117518
a02c86d015fe07811b3c247c1fc8934a1ab62ad74817084ce9dc5ba340907eca
a3525ffd53596d03588ff1bceb57b5571395e10dae94c39a9cb1db4dcaf3d31b
b0c6873da51669d806f0fb0d7a44c8a3b9aef2376c269aeaff4ba594e27a74f3
b436c6f59b05c9493d99a1a39337085d290b346949fe1f7c7ced5d7120e2114f
b74c3b8c5f786bcc4aa29f55ca0b178a0e2b5fcc6da3057a121bececc1b572ea
b8ff47c69f9495e6ea65471b668c7d0145a9b2122aa780087cd59ca4ef8644b5
beefcea5f7dc1a37b1ce8ec60f5ee6d7a009abb1c73708e56a3c53143a996e33
c8fff99ae13a43da8bd719d49491517551f618f2e542d53a0822500ed18a8b83
ced2e6be429b52552fd9f0764a624127ae604c4a8fd4d4efc54aa226ed951f35
cf37b91d225ab9e135d65a0a6c70ddc08973e372b86c5701f7167d053042bfd5
d4ec583c7604001f87233d1fe0076cbd909f15a5f8c6b4c3f5dd81b462d79d32
dde2ee4081a1d54ae30c15a82d14363748a00297cdec91d10223442ca711983c
e5f99941f717ee56ec795c58e4c73d8f72d15494deb92d94894e2f0ea0f47b7e
e8534f5335522037c03fe544db314033fe5f05d847c5356b8ebe7f3f79beb6f5
e9d04e4fbd1f7c6a052cccf0588ed2c6ea41af104c59c70baaa10d8e0f5715a8
eeb17a45a48aca1d7adbcf04de155dcd0b47cb36ad036310446bb471fea9aaa3
f4cd3aafbcd39299de3a7b2fbf85d8bffdc035eb40a4f27228ed2166aee4b324
f5044f15709ed60171ba35c2eb5e2ed4c88fad7c705db2ebfa625c5731b725b9
fd052ca4cc7a11451668e8ca89ae857734064f2a6e990a22c280f51a04cceb23
fd4840d55d7b3f883241249b3ed2adacc0ffb687af5812960949b8af91e0793f