yardlandssnow.com
Open in
urlscan Pro
2606:4700:3033::6815:39af
Malicious Activity!
Public Scan
Effective URL: https://yardlandssnow.com/?s1=350563&s2=816325793&s3=1782&s4=1710&ow=&s10=739
Submission: On September 30 via api from BE — Scanned from US
Summary
TLS certificate: Issued by E1 on September 19th 2022. Valid for: 3 months.
This is the only time yardlandssnow.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Customer Survey Spam (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 52.219.117.154 52.219.117.154 | 16509 (AMAZON-02) (AMAZON-02) | |
1 1 | 47.254.144.66 47.254.144.66 | 45102 (ALIBABA-C...) (ALIBABA-CN-NET Alibaba US Technology Co.) | |
1 | 62.192.152.245 62.192.152.245 | 209889 (LIBERTY-C...) (LIBERTY-CHISINAU) | |
27 | 2606:4700:303... 2606:4700:3033::6815:39af | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 2607:f8b0:400... 2607:f8b0:4006:824::2008 | 15169 (GOOGLE) (GOOGLE) | |
1 | 2607:f8b0:400... 2607:f8b0:4006:808::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 2607:f8b0:400... 2607:f8b0:4006:81d::2003 | 15169 (GOOGLE) (GOOGLE) | |
2 | 2607:f8b0:400... 2607:f8b0:4006:81f::200e | 15169 (GOOGLE) (GOOGLE) | |
35 | 7 |
ASN16509 (AMAZON-02, US)
PTR: s3-us-west-1-r-w.amazonaws.com
tester02zer.s3.us-west-1.amazonaws.com |
ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN)
pac.consultingskills.org |
ASN15169 (GOOGLE, US)
www.googletagmanager.com |
ASN15169 (GOOGLE, US)
www.google-analytics.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
27 |
yardlandssnow.com
yardlandssnow.com |
6 MB |
2 |
google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 28 |
365 B |
2 |
googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 64 |
113 KB |
1 |
gstatic.com
fonts.gstatic.com |
18 KB |
1 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 41 |
1 KB |
1 |
balistacllys.com
balistacllys.com |
394 B |
1 |
consultingskills.org
1 redirects
pac.consultingskills.org |
367 B |
1 |
amazonaws.com
tester02zer.s3.us-west-1.amazonaws.com |
998 B |
35 | 8 |
Domain | Requested by | |
---|---|---|
27 | yardlandssnow.com |
balistacllys.com
yardlandssnow.com |
2 | www.google-analytics.com |
www.googletagmanager.com
|
2 | www.googletagmanager.com |
tester02zer.s3.us-west-1.amazonaws.com
www.googletagmanager.com |
1 | fonts.gstatic.com |
fonts.googleapis.com
|
1 | fonts.googleapis.com |
yardlandssnow.com
|
1 | balistacllys.com |
tester02zer.s3.us-west-1.amazonaws.com
|
1 | pac.consultingskills.org | 1 redirects |
1 | tester02zer.s3.us-west-1.amazonaws.com | |
35 | 8 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.s3-us-west-1.amazonaws.com Amazon |
2021-12-17 - 2022-12-16 |
a year | crt.sh |
balistacllys.com R3 |
2022-08-05 - 2022-11-03 |
3 months | crt.sh |
*.yardlandssnow.com E1 |
2022-09-19 - 2022-12-18 |
3 months | crt.sh |
*.google-analytics.com GTS CA 1C3 |
2022-09-05 - 2022-11-28 |
3 months | crt.sh |
upload.video.google.com GTS CA 1C3 |
2022-09-12 - 2022-12-05 |
3 months | crt.sh |
*.gstatic.com GTS CA 1C3 |
2022-09-12 - 2022-12-05 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://yardlandssnow.com/?s1=350563&s2=816325793&s3=1782&s4=1710&ow=&s10=739
Frame ID: 51D3730914C2CA7F458B2165BE574531
Requests: 35 HTTP requests in this frame
Screenshot
Page Title
[1] Reward Pending - Online Survey - We Want Your Opinion!Page URL History Show full URLs
- https://tester02zer.s3.us-west-1.amazonaws.com/index.html?utm_source=22196&utm_campaign=c&utm_medium=92067475 Page URL
-
http://pac.consultingskills.org/?utm_source=22196&utm_campaign=c&utm_medium=92067475
HTTP 302
https://balistacllys.com/0/0/0/2e58a125564121d86d0b955710c3ac2d/119/22196_0_5/92067475 Page URL
- https://yardlandssnow.com/?s1=350563&s2=816325793&s3=1782&s4=1710&ow=&s10=739 Page URL
Detected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Font Awesome (Font Scripts) Expand
Detected patterns
- <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Google Analytics (Analytics) Expand
Detected patterns
Google Tag Manager (Tag Managers) Expand
Detected patterns
- googletagmanager\.com/ns\.html[^>]+></iframe>
- <!-- (?:End )?Google Tag Manager -->
- googletagmanager\.com/gtm\.js
- googletagmanager\.com/gtag/js
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://tester02zer.s3.us-west-1.amazonaws.com/index.html?utm_source=22196&utm_campaign=c&utm_medium=92067475 Page URL
-
http://pac.consultingskills.org/?utm_source=22196&utm_campaign=c&utm_medium=92067475
HTTP 302
https://balistacllys.com/0/0/0/2e58a125564121d86d0b955710c3ac2d/119/22196_0_5/92067475 Page URL
- https://yardlandssnow.com/?s1=350563&s2=816325793&s3=1782&s4=1710&ow=&s10=739 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 1- http://pac.consultingskills.org/?utm_source=22196&utm_campaign=c&utm_medium=92067475 HTTP 302
- https://balistacllys.com/0/0/0/2e58a125564121d86d0b955710c3ac2d/119/22196_0_5/92067475
35 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
index.html
tester02zer.s3.us-west-1.amazonaws.com/ |
642 B 998 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
92067475
balistacllys.com/0/0/0/2e58a125564121d86d0b955710c3ac2d/119/22196_0_5/ Redirect Chain
|
140 B 394 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
/
yardlandssnow.com/ |
2 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
0ffc563c9f931f2e1ee1349a9d03fc73
yardlandssnow.com/ |
242 KB 34 KB |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bootstrap.min.css
yardlandssnow.com/assets/js/vendor/bootstrap/css/ |
141 KB 22 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
all.css
yardlandssnow.com/assets/vendors/fontawesome/css/ |
72 KB 13 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
common-hybrid.css
yardlandssnow.com/assets/css/legacy/dist/ |
24 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
1.3-hybrid.css
yardlandssnow.com/assets/css/legacy/ |
3 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
jquery-3.4.1.min.js
yardlandssnow.com/assets/js/vendor/ |
86 KB 31 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bootstrap.min.js
yardlandssnow.com/assets/js/vendor/bootstrap/js/ |
48 KB 14 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
functions.js
yardlandssnow.com/assets/js/ |
495 B 764 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
common-hybrid.js
yardlandssnow.com/assets/js/legacy/dist/ |
91 KB 20 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gtm.js
www.googletagmanager.com/ |
103 KB 40 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css2
fonts.googleapis.com/ |
5 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
js
www.googletagmanager.com/gtag/ |
209 KB 73 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
7da5f2699c2bc5c6ccc9eb897f70d83f.png
yardlandssnow.com/fim/739-US/ |
41 KB 41 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
a4cfc27bab75e7b9bd1e6369d38bae94.png
yardlandssnow.com/fim/739-US/ |
18 KB 19 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
97db2f7f4a78e01ab1131535bea1ce47.gif
yardlandssnow.com/fim/739-US/ |
15 KB 16 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
3d93e174836e353a5f4a8a40151c2760.png
yardlandssnow.com/fim/739-US/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
efbcfa859f92589f8c2518c03959e951.png
yardlandssnow.com/fim/739-US/ |
2 MB 2 MB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
6a386e820de5a70a17f2f299e2c60496.png
yardlandssnow.com/fim/739-US/ |
8 KB 8 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
59aeeaa9114931ff47b5418351f4c7bd.png
yardlandssnow.com/fim/739-US/ |
384 KB 385 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
9d324f7e3acb5bb12fb0e85a5599c383.png
yardlandssnow.com/fim/739-US/ |
1 MB 1 MB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
aa03ad1fff3b5f8c12ff5f48bd04fbdd.png
yardlandssnow.com/fim/739-US/ |
407 KB 407 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
1af77e6107ef3483a645251b7d56a1a4.png
yardlandssnow.com/fim/739-US/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
e7c17517cfac65e80d0f80b1e6d333de.png
yardlandssnow.com/fim/739-US/ |
538 KB 539 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
f70da7b8da8dc7943f87bf405c55bb21.png
yardlandssnow.com/fim/739-US/ |
472 KB 473 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
b54c6820496f807055ccbbd2814fa7b3.png
yardlandssnow.com/fim/739-US/ |
575 KB 576 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
5e87bdfb9f8c3f9480d1dec2102939b0.png
yardlandssnow.com/fim/739-US/ |
5 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
0ffc563c9f931f2e1ee1349a9d03fc73
yardlandssnow.com/ |
2 KB 2 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
P5sMzZCDf9_T_10ZxCE.woff2
fonts.gstatic.com/s/arimo/v27/ |
18 KB 18 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
fa-solid-900.woff2
yardlandssnow.com/assets/vendors/fontawesome/webfonts/ |
78 KB 79 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
fa-regular-400.woff2
yardlandssnow.com/assets/vendors/fontawesome/webfonts/ |
13 KB 14 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
collect
www.google-analytics.com/g/ |
0 348 B |
Ping
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
collect
www.google-analytics.com/g/ |
0 17 B |
Ping
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Customer Survey Spam (Consumer)108 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| _0x1732 function| _0xc10f object| dataLayer object| google_tag_manager object| google_tag_data object| _0xc22e function| _0xe45c function| $ function| jQuery object| bootstrap function| startTimer number| duration object| _0xc75e function| _0xe42c string| LNG string| CMP string| CNT string| BID string| API_URL object| _0xc94e function| _0xe1c object| currentdate object| months function| a0_0x32831c string| attrChoices string| domain string| pipeline string| zipcode string| state_selected object| states function| birthdayFill function| a0_0x5d89 function| beforeShowQuestion function| a0_0x299f function| showOfferWall function| createQuestion function| sendOf function| popunder function| runT function| replaceUrlParam function| startsurvey function| nextQuestion function| formatPhoneNumber function| overflowP function| switchTypeQuestions function| validatePhone function| validateEmail function| validateZip function| sendZipIp function| validateHeightF function| validateHeightI function| validateWeight function| validateAll function| validateName function| validateLName function| validateBirthday function| days function| daysInMonth function| dashedNumber function| alpha function| validateKeyStrokes function| showStreetState function| leadgenForm function| startSurveyU function| switchTypeQuestionsU function| nextQuestionU function| showOfferWallU function| validateData function| showStreetStateU function| showDisclaimer function| preventS string| aff_id string| click_id string| Brand string| lpid string| lpow object| prepop string| emailURL string| phoneURL string| zipcodeURL string| cityURL string| stateURL string| languageCode string| countryCode string| popUrl function| putVarCommon object| _0xc19e function| _0xe66c object| _0xc54e function| _0xe49c number| answered number| prevProgress number| stepsTotal number| progress string| cheerstx string| txt function| cheers function| onYouTubeIframeAPIReady object| gaGlobal4 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
balistacllys.com/ | Name: uid1782 Value: 816325793-20220929214658-ee809792704c82c663e429f8abd94a21-0 |
|
yardlandssnow.com/ | Name: PHPSESSID Value: e026fc7df0061b8ccf07d1bd75ab6910 |
|
.yardlandssnow.com/ | Name: _ga_DKB9VH2QW4 Value: GS1.1.1664502420.1.0.1664502420.0.0.0 |
|
.yardlandssnow.com/ | Name: _ga Value: GA1.1.1105674289.1664502420 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
balistacllys.com
fonts.googleapis.com
fonts.gstatic.com
pac.consultingskills.org
tester02zer.s3.us-west-1.amazonaws.com
www.google-analytics.com
www.googletagmanager.com
yardlandssnow.com
2606:4700:3033::6815:39af
2607:f8b0:4006:808::200a
2607:f8b0:4006:81d::2003
2607:f8b0:4006:81f::200e
2607:f8b0:4006:824::2008
47.254.144.66
52.219.117.154
62.192.152.245
0ad0615765bf17bdb85ae307eb8f9eee2e1fb0b600117bdd991a1efe9c834078
0d79ca3b13098126f0c0fc76aed54a8acf6e645e62eb5f0ff90571141dfe24b2
1889b6974dcdd299f94f8fbf28ac3b73ec7fc5be2dc1686bca0eef1aa0716eac
1ff84f1e03eb15dedc4668f0817372b734934076bc936e12c5c0bd3944dab0c0
2c0f3dcfe93d7e380c290fe4ab838ed8cadff1596d62697f5444be460d1f876d
425425b82cca3a97f01ee4f7365801a5a4a3f2d35b303d288fbafc464243b65e
4494c69afed09e8bb02dc10d4be3adaed00aa6479d838bd8ed1bf3119132004d
462beb0c8ecb2abb15685c31875f268d166313581df110401c2483fab24a46df
4c24dfd28784ad2befb3dafaac6bf1ed4e7cd58cce713d9a0b228d426e812baf
4dee2521ff4144bacd2281f0c2af63b21ee6315db9a628535175db473c1ce0e2
6659b4426a9dba95133c0e3b27b5d952d6cc1e574b88640a7e7bcec354d902c1
6c916669cf923b4f1b2db5c5107c83b6ca205e7ad0dcd840b251e63f0c8d28a2
6f2de36054525c7a25f6b4ca1447f762169a97d0f11593cf0f8f254880f4c2bc
7e7ba5d8ae40ea9013f05ee70b64c93e23b7e0b28aa27aa4aff4692b62ba6535
83602f26c287c101e62fef786f32e06d444cb3a138a089a90c4158a22c10a577
9747e77e06adfb183ca4a57b9be822881c6bfe9093bf703a3ec1fd5e087abd85
9ba6662bdb40bb1a731890fe8a7612ab1724363831a0342e36c2fc4bddd4a7a1
a29f24c3d2069cc3551aa1c3f1eaabbe01cf96e051c283cf09e72dce334e9a80
aed9a834086d8f1fb1823805551f65fe589f0b4bf690ed1eb4f5765ff317272f
b3b8c21edfe6c5e402fdc607366fd8d15949a65914f58134733dc68922bc8d61
b43098832442c6027864b7499262e1042635c8ad74995404f3d132aa265154b3
b513e00f3fe11e63631cc40e84d7db2e6b6ff367efed2ac5eaf8717de4e6b49c
bc4ba5ab1f79419e5c8a06db6d5ed27f78b026617608d8513bdf476bf78e1120
bd5f85edb4ab2e4e4cdb7a8e8d632789153f396b75991b4bb233dffaf7078727
c0109e9747e94335267d540104b0b256bc507882206be853bfbd6b13ddb1c277
d45ef76c282cc4ffb05707e1f3e26c532deceab24ca20ca40b7507a499fe8f15
d507ae69641b247961e3f1b94b1288f9e3ec0714944c7b1f63a74aafd9ed0afe
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b
f8f312054de522489129b95a3630cf1ad4fe7314e3d0a01a43e51a6b42405042
fb4713e7b7d754088b15afa907f5713d6a5865e05114487ce253f767c9b0d26a