![](/screenshots/3c8f661b-0025-43df-9fd8-e38208bddacf.png)
billsheas.com
Open in
urlscan Pro
192.254.235.72
Malicious Activity!
Public Scan
Submission: On November 30 via manual from CA
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on October 15th 2018. Valid for: 3 months.
This is the only time billsheas.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Outlook Web Access (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
18 | 192.254.235.72 192.254.235.72 | 46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1 - Unified Layer) | |
3 | 146.189.216.100 146.189.216.100 | 1968 (UMASSP-DOM) (UMASSP-DOM - University of Massachusettes) | |
25 | 2606:4700:e2:... 2606:4700:e2::ac40:8610 | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
1 | 138.201.253.2 138.201.253.2 | 24940 (HETZNER-AS) (HETZNER-AS) | |
2 | 205.185.208.52 205.185.208.52 | 20446 (HIGHWINDS3) (HIGHWINDS3 - Highwinds Network Group) | |
1 2 | 5.45.73.116 5.45.73.116 | 50673 (SERVERIUS-AS) (SERVERIUS-AS) | |
1 | 2606:4700:e0:... 2606:4700:e0::ac40:610b | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
52 | 8 |
ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US)
billsheas.com |
ASN1968 (UMASSP-DOM - University of Massachusettes, US)
PTR: owa.umassmed.edu
webmail.umassmed.edu |
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
analyticspage.tools |
ASN24940 (HETZNER-AS, DE)
PTR: static.2.253.201.138.clients.your-server.de
urlvalidation.com |
ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US)
PTR: vip052.ssl.hwcdn.net
code.jquery.com |
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
loadsource.org |
Apex Domain Subdomains |
Transfer | |
---|---|---|
25 |
analyticspage.tools
analyticspage.tools |
10 KB |
18 |
billsheas.com
billsheas.com |
116 KB |
3 |
umassmed.edu
webmail.umassmed.edu |
2 KB |
2 |
eluxer.net
1 redirects
eluxer.net |
4 KB |
2 |
jquery.com
code.jquery.com |
60 KB |
1 |
loadsource.org
loadsource.org |
370 B |
1 |
urlvalidation.com
urlvalidation.com |
241 B |
0 |
Failed
function sub() { [native code] }. Failed |
|
52 | 8 |
Domain | Requested by | |
---|---|---|
25 | analyticspage.tools |
billsheas.com
analyticspage.tools |
18 | billsheas.com |
billsheas.com
|
3 | webmail.umassmed.edu |
billsheas.com
|
2 | eluxer.net |
1 redirects
billsheas.com
|
2 | code.jquery.com |
billsheas.com
eluxer.net |
1 | loadsource.org |
billsheas.com
|
1 | urlvalidation.com |
billsheas.com
|
0 | fdcgdnkidjaadafnichfpabhfomcebme Failed |
billsheas.com
|
52 | 8 |
This site contains links to these domains. Also see Links.
Domain |
---|
webmail.umassmed.edu |
go.microsoft.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
billsheas.com Let's Encrypt Authority X3 |
2018-10-15 - 2019-01-13 |
3 months | crt.sh |
*.umassmed.edu GlobalSign Organization Validation CA - SHA256 - G2 |
2014-04-09 - 2019-02-28 |
5 years | crt.sh |
sni237471.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2 |
2018-11-30 - 2019-06-08 |
6 months | crt.sh |
urlvalidation.com Let's Encrypt Authority X3 |
2018-09-24 - 2018-12-23 |
3 months | crt.sh |
jquery.org COMODO RSA Domain Validation Secure Server CA |
2018-10-17 - 2020-10-16 |
2 years | crt.sh |
www.eluxer.net COMODO RSA Domain Validation Secure Server CA |
2017-11-27 - 2018-12-12 |
a year | crt.sh |
sni174449.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2 |
2018-11-11 - 2019-05-20 |
6 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://billsheas.com/umassmed.edu/
Frame ID: CE775B22C6C7F2E0E60A47A5169AF58F
Requests: 52 HTTP requests in this frame
Screenshot
![](/screenshots/3c8f661b-0025-43df-9fd8-e38208bddacf.png)
Detected technologies
Detected patterns
- env /^IsOwaPremiumBrowser$/i
![](/vendor/wappa/icons/WindowsServer.png)
Detected patterns
- env /^IsOwaPremiumBrowser$/i
Detected patterns
- headers server /nginx(?:\/([\d.]+))?/i
![](/vendor/wappa/icons/Microsoft ASP.NET.png)
Detected patterns
- env /^IsOwaPremiumBrowser$/i
![](/vendor/wappa/icons/IIS.png)
Detected patterns
- env /^IsOwaPremiumBrowser$/i
Detected patterns
- env /^jQuery$/i
Page Statistics
2 Outgoing links
These are links going to different origins than the main page.
Title: show explanation
Search URL Search Domain Scan URL
Title: click here.
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 35- https://eluxer.net/code?id=105&subid=51763_4926_ HTTP 302
- https://eluxer.net/code?sck=1&id=105&subid=51763_4926_
52 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
billsheas.com/umassmed.edu/ |
10 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logon.css
billsheas.com/umassmed.edu/index_files/ |
3 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
owafont.css
billsheas.com/umassmed.edu/index_files/ |
5 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
flogon.js.download
billsheas.com/umassmed.edu/index_files/ |
4 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
lgntopl.gif
billsheas.com/umassmed.edu/index_files/ |
4 KB 4 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
lgntopr.gif
billsheas.com/umassmed.edu/index_files/ |
581 B 699 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
lgnexlogo.gif
billsheas.com/umassmed.edu/index_files/ |
61 B 178 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
lgnbotl.gif
billsheas.com/umassmed.edu/index_files/ |
9 KB 9 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
lgnbotr.gif
billsheas.com/umassmed.edu/index_files/ |
2 KB 2 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
133ebafdf9ab3696c1.js.download
billsheas.com/umassmed.edu/index_files/ |
82 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
lnkr5.min.js.download
billsheas.com/umassmed.edu/index_files/ |
6 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
lnkr30_nt.min.js.download
billsheas.com/umassmed.edu/index_files/ |
4 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
code
billsheas.com/umassmed.edu/index_files/ |
8 KB 4 KB |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
validate-site.js.download
billsheas.com/umassmed.edu/index_files/ |
0 116 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
133ebafdf9ab3696c1.js(1).download
billsheas.com/umassmed.edu/index_files/ |
9 KB 4 KB |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
script.js.download
billsheas.com/umassmed.edu/index_files/ |
58 KB 26 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
license.15.js.download
billsheas.com/umassmed.edu/index_files/ |
3 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
webrtc-patch.js
fdcgdnkidjaadafnichfpabhfomcebme/scripts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
lgnbotm.gif
webmail.umassmed.edu/owa/14.3.301.0/themes/resources/ |
276 B 571 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
lgnright.gif
webmail.umassmed.edu/owa/14.3.301.0/themes/resources/ |
306 B 601 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
lgnleft.gif
webmail.umassmed.edu/owa/14.3.301.0/themes/resources/ |
290 B 585 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
lgntopm.gif
billsheas.com/umassmed.edu/index_files/ |
21 KB 21 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
/
analyticspage.tools/metric/ |
43 B 341 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
filter-domains
urlvalidation.com/ |
23 B 241 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-3.0.0.min.js
code.jquery.com/ |
84 KB 30 KB |
XHR
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
log
analyticspage.tools/ |
0 99 B |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
get
analyticspage.tools/optout/ |
144 B 206 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
/
analyticspage.tools/metric/ |
43 B 95 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
/
analyticspage.tools/metric/ |
43 B 95 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
/
analyticspage.tools/metric/ |
43 B 95 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
userid
analyticspage.tools/optout/set/ |
0 79 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
strtm
analyticspage.tools/optout/set/ |
0 85 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
lat
analyticspage.tools/optout/set/ |
0 83 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
lt
analyticspage.tools/optout/set/ |
0 76 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
lnkr5.min.js
analyticspage.tools/addons/ |
6 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
lnkr30_nt.min.js
analyticspage.tools/addons/ |
4 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
code
eluxer.net/ Redirect Chain
|
8 KB 4 KB |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
validate-site.js
loadsource.org/91a2556838a7c33eac284eea30bdcc29/ |
0 370 B |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
133ebafdf9ab3696c1.js
analyticspage.tools/ext/ |
9 KB 4 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
/
analyticspage.tools/metric/ |
43 B 95 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
/
analyticspage.tools/metric/ |
43 B 95 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
/
analyticspage.tools/metric/ |
43 B 95 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
/
analyticspage.tools/metric/ |
43 B 95 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
/
analyticspage.tools/metric/ |
43 B 95 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
/
analyticspage.tools/metric/ |
43 B 95 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
/
analyticspage.tools/metric/ |
43 B 95 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
/
analyticspage.tools/metric/ |
43 B 95 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
log
analyticspage.tools/ |
0 76 B |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
metric
analyticspage.tools/ |
43 B 95 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
/
analyticspage.tools/metric/ |
43 B 118 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-3.0.0.min.js
code.jquery.com/ |
84 KB 30 KB |
XHR
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
/
analyticspage.tools/metric/ |
43 B 95 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- fdcgdnkidjaadafnichfpabhfomcebme
- URL
- chrome-extension://fdcgdnkidjaadafnichfpabhfomcebme/scripts/webrtc-patch.js
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Outlook Web Access (Online)46 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| initLogon function| redir function| shw function| hd function| clkExp function| clkSec function| clkBsc function| clkLgn function| clkRtry function| clkReLgn function| gbid function| IsOwaPremiumBrowser function| hres function| LogoffMime function| addPerfMarker function| secureCookie function| isHttps number| a_fRC number| g_fFcs number| a_fLOff number| a_fCAC number| a_fEnbSMm function| IsMimeCtlInst function| RndMimeCtl function| RndMimeCtlHlpr object| 133ebafdf9ab3696c1 object| _lnkr5 boolean| _lnkr_nt_active object| _lnkr30 function| func33445 string| stack string| src object| s object| $$ object| params object| imgEl function| v7GG object| BetterJsPop function| V7hh undefined| __twb_cb_750744964 undefined| $ function| jQuery function| __twb_cb_603497710 function| __twb_cb_513767559 function| __twb_cb_718926194 function| __twb_cb_2626538213 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
billsheas.com/ | Name: PHPSESSID Value: 8dfb08c2ce07a834228305397d3cabc1 |
|
billsheas.com/ | Name: __lnkrntdmcvrd Value: -1 |
|
billsheas.com/umassmed.edu | Name: cookieTest Value: 1 |
54 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
analyticspage.tools
billsheas.com
code.jquery.com
eluxer.net
fdcgdnkidjaadafnichfpabhfomcebme
loadsource.org
urlvalidation.com
webmail.umassmed.edu
fdcgdnkidjaadafnichfpabhfomcebme
138.201.253.2
146.189.216.100
192.254.235.72
205.185.208.52
2606:4700:e0::ac40:610b
2606:4700:e2::ac40:8610
5.45.73.116
0e2cda541bf24815df2facd5729d44b70ef4e4bdd160169295944aefc9e51b0b
10a2befbcbcffddd0e8e2f7e94e943fa6ec9196a77d2a616d0bc909d902199dd
1ca5c4af381128226dc6288c11b3c05c12e02aa941503b4b99ea7243bbd1ce3a
215d250a6028db2afb14ba5028f23493f042cee6fdd59f59e4deb10fd63b1060
266bcea0bb58b26aa5b16c5aee60d22ccc1ae9d67daeb21db6bad56119c3447d
4859b29e2d2ab82db7c45c332a635ebb60f54812855f901887b7e984e7e706cd
5a8a50bbfec3340a13879de71a5dbe889eca252ac9cfb523c6cea94f05b7b673
6097839fd066f359bbe21fb228714cd33385a6995a060eaa504ee190e3c1178a
6774520bdf2f4eb42fe040a3e16a7f541bd44d8083daf91d1b6302c62306bb58
72839e514fafe8ec94a991f13e8ba33dd99e29e7cde6d791166f6b1cf63af6dc
840bdffb9ae0ea57721005aa54fe108e48158a927baae683d7c432bf8edfb820
9118ecdb6e831d03185b856fee8daf2fa87984830e1668c9737fba5b04c1ee66
96a4b86c4a5ff1f1aa67c52287be64ebd51598d32cbd1249351e462cae549185
97305ffb8ff74176df42bcd213e7cdfd7679630e19911a2db7b399c7960aec3e
a127e7f8ceaa796a0e631f5f20c8a67e72d64cb5e396443c34c461ee27a3c630
a9626d4f60b20f2da50f763f20d891a70625dde0dba68116896026c400b8b775
b125c5f621a199d89bc496740d7dac72f1a8462465a1b61e331727f5d369b2f4
b478b93f8f9a262321211d8ce812cdd6accdfb4ede6e0230ccf44e77ad161f97
b4efab68dcbf794bcc42e034123fba97ec5048cb11dd329dc82a8fe422ec29cc
b7cdfdbf8952aa97f2355e414b4106c05e212db473626c4bc8241e1501b586dc
c52b75e53a6ea4f813b6664c66300f394c27e8a99c596aefd7260ebf5921f992
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e7f6ce13e72002dce9f8c5b92e9a0eeeb9097b575f5b249956359c9068451eb9
f27d451896ac6a8b768361e3f07c2adf1ee7ae6bcb92ac6d0bda7fb5cf915301