![](/screenshots/873594a3-8946-4109-acb2-d4ce8fa9d16f.png)
vancechurch.org
Open in
urlscan Pro
162.144.205.136
Malicious Activity!
Public Scan
Effective URL: https://vancechurch.org/link-add.php?url=https://mimprotect.web.app/yH05Q3blz07x5kZ2vTQ3bR3wtrunZ1-dynanZ1iR3w5kZd0TR3wH...
Submission Tags: falconsandbox
Submission: On February 20 via api from US — Scanned from DE
Summary
TLS certificate: Issued by R3 on February 4th 2023. Valid for: 3 months.
This is the only time vancechurch.org was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 2620:0:890::100 2620:0:890::100 | 54113 (FASTLY) (FASTLY) | |
8 | 152.199.23.37 152.199.23.37 | 15133 (EDGECAST) (EDGECAST) | |
2 | 20.190.159.70 20.190.159.70 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
21 | 162.144.205.136 162.144.205.136 | 46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1) | |
1 | 2a00:1450:400... 2a00:1450:4001:827::200a | 15169 (GOOGLE) (GOOGLE) | |
2 2 | 2400:52e0:1e0... 2400:52e0:1e00::1081:1 | () () | |
2 | 2a00:1450:400... 2a00:1450:4001:80b::200e | () () | |
1 | 2a00:1450:400... 2a00:1450:400d:80d::2003 | () () | |
38 | 8 |
ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: server.mi-host.com
vancechurch.org |
Apex Domain Subdomains |
Transfer | |
---|---|---|
21 |
vancechurch.org
vancechurch.org |
290 KB |
8 |
msftauth.net
aadcdn.msftauth.net — Cisco Umbrella Rank: 1182 |
222 KB |
2 |
google-analytics.com
www.google-analytics.com |
20 KB |
2 |
shortpixel.ai
2 redirects
sp-ao.shortpixel.ai |
1 KB |
2 |
live.com
login.live.com — Cisco Umbrella Rank: 90 |
2 KB |
1 |
gstatic.com
fonts.gstatic.com |
44 KB |
1 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 43 |
1 KB |
1 |
web.app
mimprotect.web.app |
9 KB |
38 | 8 |
Domain | Requested by | |
---|---|---|
21 | vancechurch.org |
mimprotect.web.app
vancechurch.org |
8 | aadcdn.msftauth.net |
mimprotect.web.app
|
2 | www.google-analytics.com |
vancechurch.org
www.google-analytics.com |
2 | sp-ao.shortpixel.ai | 2 redirects |
2 | login.live.com |
mimprotect.web.app
|
1 | fonts.gstatic.com |
fonts.googleapis.com
|
1 | fonts.googleapis.com |
vancechurch.org
|
1 | mimprotect.web.app | |
38 | 8 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
web.app GTS CA 1D4 |
2022-12-19 - 2023-03-19 |
3 months | crt.sh |
aadcdn.msftauth.net DigiCert SHA2 Secure Server CA |
2022-04-01 - 2023-04-01 |
a year | crt.sh |
login.live.com DigiCert SHA2 Secure Server CA |
2022-12-30 - 2023-12-30 |
a year | crt.sh |
vancechurch.org R3 |
2023-02-04 - 2023-05-05 |
3 months | crt.sh |
upload.video.google.com GTS CA 1C3 |
2023-02-01 - 2023-04-26 |
3 months | crt.sh |
*.google-analytics.com GTS CA 1C3 |
2023-02-01 - 2023-04-26 |
3 months | crt.sh |
*.gstatic.com GTS CA 1C3 |
2023-02-01 - 2023-04-26 |
3 months | crt.sh |
This page contains 2 frames:
Primary Page:
https://vancechurch.org/link-add.php?url=https://mimprotect.web.app/yH05Q3blz07x5kZ2vTQ3bR3wtrunZ1-dynanZ1iR3w5kZd0TR3wH05nZ1?campid=Affiliates_HC_AWIN_Default_NA
Frame ID: 617E4D1C6CBAD9697862F68AD7F238E2
Requests: 42 HTTP requests in this frame
Frame:
https://login.live.com/Me.htm?v=3
Frame ID: AD7C28ECD7B5C709B07B9299E4D4C824
Requests: 1 HTTP requests in this frame
Screenshot
![](/screenshots/873594a3-8946-4109-acb2-d4ce8fa9d16f.png)
Page URL History Show full URLs
- https://mimprotect.web.app/yH05Q3blz07x5kZ2vTQ3bR3wtrunZ1-dynanZ1iR3w5kZd0TR3wH05nZ1?campid=Affiliates_... Page URL
- https://vancechurch.org/link-add.php?url=https://mimprotect.web.app/yH05Q3blz07x5kZ2vTQ3bR3wtrunZ1-d... Page URL
Detected technologies
Detected patterns
- /wp-(?:content|includes)/
Detected patterns
- \.php(?:$|\?)
Detected patterns
- google-analytics\.com/(?:ga|urchin|analytics)\.js
Detected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Detected patterns
- jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://mimprotect.web.app/yH05Q3blz07x5kZ2vTQ3bR3wtrunZ1-dynanZ1iR3w5kZd0TR3wH05nZ1?campid=Affiliates_HC_AWIN_Default_NA Page URL
- https://vancechurch.org/link-add.php?url=https://mimprotect.web.app/yH05Q3blz07x5kZ2vTQ3bR3wtrunZ1-dynanZ1iR3w5kZd0TR3wH05nZ1?campid=Affiliates_HC_AWIN_Default_NA Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 24- https://sp-ao.shortpixel.ai/client/to_webp,q_glossy,ret_img/https://vancechurch.org/wp-content/themes/vance/resources/header-logo.png HTTP 302
- https://vancechurch.org/wp-content/themes/vance/resources/header-logo.png
- https://sp-ao.shortpixel.ai/client/to_webp,q_glossy,ret_img/https://vancechurch.org/wp-content/themes/vance/resources/white-presbyterian-cross.png HTTP 302
- https://vancechurch.org/wp-content/themes/vance/resources/white-presbyterian-cross.png
- https://sp-ao.shortpixel.ai/client/to_webp,q_glossy,ret_img/https://vancechurch.org/wp-content/themes/vance/resources/facebook.png HTTP 302
- https://vancechurch.org/wp-content/themes/vance/resources/facebook.png
38 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
yH05Q3blz07x5kZ2vTQ3bR3wtrunZ1-dynanZ1iR3w5kZd0TR3wH05nZ1
mimprotect.web.app/ |
29 KB 9 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
converged.v2.login.min_kfhrfyfy-sm2tmkm5ficcw2.css
aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ |
108 KB 20 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ConvergedLogin_PCore_a6PeIgafSneuouox-qU5OA2.js
aadcdn.msftauth.net/shared/1.0/content/js/ |
459 KB 126 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ux.converged.login.strings-en-gb.min_-hjcgqxfzfu0cwzblacdqq2.js
aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ |
42 KB 12 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
oneDs_472fa3a12b65cf387ccd.js
aadcdn.msftauth.net/shared/1.0/content/js/ |
78 KB 26 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
convergedlogin_pfetchsessionsprogress_12dabd9245715d165757.js
aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/ |
15 KB 5 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Me.htm
login.live.com/ |
0 0 |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
converged.v2.login.min_kfhrfyfy-sm2tmkm5ficcw2.css
aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ |
0 20 KB |
Other
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ux.converged.login.strings-en-gb.min_-hjcgqxfzfu0cwzblacdqq2.js
aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ |
0 12 KB |
Other
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
2_bc3d32a696895f78c19df6c717586a5d.svg
aadcdn.msftauth.net/shared/1.0/content/images/backgrounds/ |
2 KB 836 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Me.htm
login.live.com/ Frame AD7C |
2 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
link-add.php
vancechurch.org/ |
31 KB 31 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
tribe-events-pro-mini-calendar-block.min.css
vancechurch.org/wp-content/plugins/events-calendar-pro/src/resources/css/ |
655 B 968 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
style.min.css
vancechurch.org/wp-includes/css/dist/block-library/ |
87 KB 87 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
autoptimize_single_719ad577243d6dbf7dc86c661e089228.css
vancechurch.org/wp-content/cache/autoptimize/css/ |
135 B 510 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
autoptimize_single_e6fae855021a88a0067fcc58121c594f.css
vancechurch.org/wp-content/cache/autoptimize/css/ |
2 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
autoptimize_single_74b7f7336f59937b471fcad8eee650cd.css
vancechurch.org/wp-content/cache/autoptimize/css/ |
26 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
autoptimize_single_212bd57b03f77e355005026b368cb56f.css
vancechurch.org/wp-content/cache/autoptimize/css/ |
7 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
17 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.fancybox.min.css
vancechurch.org/wp-content/plugins/easy-fancybox/css/ |
4 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
autoptimize_single_887315451eda616d6191b7bbeb16c149.js
vancechurch.org/wp-content/cache/autoptimize/js/ |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
autoptimize_single_744261598344d2e28b473500e81378b6.js
vancechurch.org/wp-content/cache/autoptimize/js/ |
3 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.min.js
vancechurch.org/wp-includes/js/jquery/ |
87 KB 88 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-migrate.min.js
vancechurch.org/wp-includes/js/jquery/ |
11 KB 11 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
header-logo.png
vancechurch.org/wp-content/themes/vance/resources/ Redirect Chain
|
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
white-presbyterian-cross.png
vancechurch.org/wp-content/themes/vance/resources/ Redirect Chain
|
8 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
facebook.png
vancechurch.org/wp-content/themes/vance/resources/ Redirect Chain
|
8 KB 8 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
autoptimize_single_490c29d6776fc430c23403fd845b34b0.js
vancechurch.org/wp-content/cache/autoptimize/js/ |
9 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
autoptimize_single_3f3fc23f477a3849aa5677c585b2a2b4.js
vancechurch.org/wp-content/cache/autoptimize/js/ |
12 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.fancybox.min.js
vancechurch.org/wp-content/plugins/easy-fancybox/js/ |
19 KB 20 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.mousewheel.min.js
vancechurch.org/wp-content/plugins/easy-fancybox/js/ |
3 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
analytics.js
www.google-analytics.com/ |
49 KB 20 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
breadcrumb-arrow.png
vancechurch.org/wp-content/themes/vance/resources/ |
19 KB 19 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
red-presbyterian-cross.png
vancechurch.org/wp-content/themes/vance/resources/ |
8 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v34/ |
44 KB 44 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Aver-Italic.woff
vancechurch.org/wp-content/themes/vance/resources/fonts/ |
47 KB 0 |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
145 B 0 |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
1 KB 0 |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
129 B 0 |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
wp-emoji-release.min.js
vancechurch.org/wp-includes/js/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
collect
www.google-analytics.com/j/ |
3 B 208 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- vancechurch.org
- URL
- https://vancechurch.org/wp-content/themes/vance/resources/header-logo.png
- Domain
- vancechurch.org
- URL
- https://vancechurch.org/wp-includes/js/wp-emoji-release.min.js?ver=6.0.3
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)2 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless object| oncontentvisibilityautostatechange2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.login.live.com/ | Name: MSPRequ Value: id=N<=1676896367&co=1 |
|
.login.live.com/ | Name: uaid Value: 52efeae4de1d4f1bb1538c9e6dfc6a75 |
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=31556926; includeSubDomains; preload |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
aadcdn.msftauth.net
fonts.googleapis.com
fonts.gstatic.com
login.live.com
mimprotect.web.app
sp-ao.shortpixel.ai
vancechurch.org
www.google-analytics.com
vancechurch.org
152.199.23.37
162.144.205.136
20.190.159.70
2400:52e0:1e00::1081:1
2620:0:890::100
2a00:1450:4001:80b::200e
2a00:1450:4001:827::200a
2a00:1450:400d:80d::2003
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68
188def1affd6995bbce35d41dd9a96e6ecc0e5c0bc30330cfbcabe7a1bbfb21b
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
235b558b77ab36f63c1439a68ac2410aaf8f42f7b9c93c0bfdc9af662abab8b6
29e8de26576208c07ba0845f604e65c9273b93f9f4d1d66214eb4c586f9938c4
2b3df4d53882fba74216d365e7344c782145f2faf8e08a2d69c548f5fbc7fbf5
3410242720de50b090d07a23aee2dad879b31d36f2615732962ec4cfa8a9d458
49117ca60d8aeb4aa478d3541e09db31ce6fe2608ff7f96e9409239390e6b1bc
49ab568ff85802cf9e7ca423f63aa5d62349f145d4fadb5c7293bee28090189e
5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de
5cbd1e6f8692c20af140e39f420c7bb89b34b9d11d086ce3d628e229add48032
5dafd9cb2f27f260e7d7d5f2654ecbcc80ea9d5759a43dffabd53596de2d7d44
69533ad5d487783e19c1f034e9ddb042a7faf987e37545e6514bbd451ea10328
733e4b78861f6271207d7eeeb7e8448afb18e5d843190fca49867f63889a67d1
7dcdc35a1e0a5810855ae8b3379ed260dbd6c6fff21dce334a14a460028b7cf9
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
8b6a3b17737161e5fe8c29e401372a94b8e650226cf0cd17b4c3c4de5b380b11
948f0c154ad97428bc1d1dee456f2e20ec4e0e302b0d3189e08a4573cb63cdb3
94fbac7eb1ba3392adb3cbf1e0a044f7afe0fc55652b88e7bd9eec42d4a334c5
985fdd42398281348ca133a44750a56fe4909a806b9c075c9443a5d0bd6d2e51
a423ac7e2310bc44a1defeb1f6df180cab8a59442e7f41d093f21649fcc86e69
a854feeb7f6e759fe7fa0b8044b7528f44fe21a2d0c0d9a4ebfb986619a2d9bd
b1ca7d7b71463513dde5ce5c2b61c2fb288529eb1dd70552331d18de4bd28ddb
b534bf8d48d5d2746a9421e2fdb586375197abd08dae148f3093da8d49b04edb
bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea
cb3c8399a15e6e6e07fb579bfb01fa5bf3ca14b6797fde0843c666b2dc41eb07
ce768e83be373f5303ce3117cba6e60874a328c5fb740fb4dbc14989105e0a0d
d0120d4e646384b61408ae8921ec6cb5a5120b9321e591fd52929ecdfffffdd4
d2d330f53cdfd25a188faebfc07535a76190bcc529946b09c74d0971e84b53cd
d7705700d24d5919255576642ad2c28bfc790390b7183a369038ff5c1e814d51
d81a9dc0c33559bfacc014a5216f454c40183312addc9623d3da987650cd56f3
dd9bfe5f04d4e393463f42b4f503763c36693306dffef16d481e0c071b61ae64
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f34bb7d9c8f2db0e78e5d7b226bc169182f8c22e7cd1a3e7b5767519b709c1bc