956e3b94.ngrok.io
Open in
urlscan Pro
52.15.72.79
Malicious Activity!
Public Scan
Submission: On June 09 via manual from DO
Summary
TLS certificate: Issued by RapidSSL RSA CA 2018 on March 12th 2018. Valid for: a year.
This is the only time 956e3b94.ngrok.io was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Facebook (Social Network)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
3 | 52.15.72.79 52.15.72.79 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
33 | 185.60.216.19 185.60.216.19 | 32934 (FACEBOOK) (FACEBOOK - Facebook) | |
3 4 | 185.60.216.35 185.60.216.35 | 32934 (FACEBOOK) (FACEBOOK - Facebook) | |
1 2 | 185.60.216.6 185.60.216.6 | 32934 (FACEBOOK) (FACEBOOK - Facebook) | |
1 | 185.60.216.38 185.60.216.38 | 32934 (FACEBOOK) (FACEBOOK - Facebook) | |
39 | 6 |
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: 03.edge.prod.oh.ngrok.com
956e3b94.ngrok.io |
ASN32934 (FACEBOOK - Facebook, Inc., US)
static.xx.fbcdn.net | |
connect.facebook.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
33 |
fbcdn.net
1 redirects
static.xx.fbcdn.net fbcdn.net |
905 KB |
3 |
ngrok.io
956e3b94.ngrok.io |
467 KB |
2 |
atdmt.com
1 redirects
cx.atdmt.com |
641 B |
2 |
fbsbx.com
1 redirects
fbsbx.com |
147 B |
2 |
facebook.com
1 redirects
facebook.com www.facebook.com |
1 KB |
1 |
facebook.net
connect.facebook.net |
223 B |
39 | 6 |
Domain | Requested by | |
---|---|---|
32 | static.xx.fbcdn.net |
956e3b94.ngrok.io
static.xx.fbcdn.net |
3 | 956e3b94.ngrok.io |
static.xx.fbcdn.net
|
2 | cx.atdmt.com |
1 redirects
956e3b94.ngrok.io
|
2 | fbsbx.com |
1 redirects
956e3b94.ngrok.io
|
1 | www.facebook.com | |
1 | connect.facebook.net |
956e3b94.ngrok.io
|
1 | fbcdn.net | 1 redirects |
1 | facebook.com | 1 redirects |
39 | 8 |
This site contains links to these domains. Also see Links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.ngrok.io RapidSSL RSA CA 2018 |
2018-03-12 - 2019-03-12 |
a year | crt.sh |
fbcdn.net DigiCert SHA2 High Assurance Server CA |
2018-05-17 - 2019-08-23 |
a year | crt.sh |
This page contains 3 frames:
Primary Page:
https://956e3b94.ngrok.io/
Frame ID: AB078E41C7AB8CFCF7447E5E7802C2DC
Requests: 37 HTTP requests in this frame
Frame:
https://956e3b94.ngrok.io/intern/common/referer_frame.php
Frame ID: 685E1B069F8DF2DEFCDF74D37A980393
Requests: 2 HTTP requests in this frame
Frame:
https://fbsbx.com/captcha/recaptcha/iframe/?referer=https%3A%2F%2Fwww.facebook.com
Frame ID: 350AC8DB58008BFACEB48762D643A0A6
Requests: 2 HTTP requests in this frame
16 Outgoing links
These are links going to different origins than the main page.
Title: Facebook
Search URL Search Domain Scan URL
Title: ¿Olvidaste tu cuenta?
Search URL Search Domain Scan URL
Title: Français (France)
Search URL Search Domain Scan URL
Title: Italiano
Search URL Search Domain Scan URL
Title: Deutsch
Search URL Search Domain Scan URL
Title: Português (Brasil)
Search URL Search Domain Scan URL
Title: Русский
Search URL Search Domain Scan URL
Title: العربية
Search URL Search Domain Scan URL
Title: हिन्दी
Search URL Search Domain Scan URL
Title: 中文(简体)
Search URL Search Domain Scan URL
Title: 日本語
Search URL Search Domain Scan URL
Title: Messenger
Search URL Search Domain Scan URL
Title: Moments
Search URL Search Domain Scan URL
Title: Instagram
Search URL Search Domain Scan URL
Title: Desarrolladores
Search URL Search Domain Scan URL
Title: Opciones de anuncios
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 13- https://facebook.com/security/hsts-pixel.gif?c=3.2.5 HTTP 302
- https://fbcdn.net/security/hsts-pixel.gif?c=2.5 HTTP 302
- https://fbsbx.com/security/hsts-pixel.gif?c=5 HTTP 302
- https://connect.facebook.net/security/hsts-pixel.gif
- https://cx.atdmt.com/?f=AYzRY-vwd4e7yLFZLKKajak1mgClUF1EBcoQiUnH-eicKih1UWYb3Wx2zcf0vs7Z8UuHrLqNt5CELTTUoVlkP05m&c=662606645&v=1&l=2 HTTP 302
- https://cx.atdmt.com/?f=AYzRY-vwd4e7yLFZLKKajak1mgClUF1EBcoQiUnH-eicKih1UWYb3Wx2zcf0vs7Z8UuHrLqNt5CELTTUoVlkP05m&c=662606645&l=2
39 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.0 |
Primary Request
/
956e3b94.ngrok.io/ |
466 KB 467 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
GWp6RkflHzx.css
static.xx.fbcdn.net/rsrc.php/v3/yF/l/0,cross/ |
202 KB 48 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
Sp7ONDyvKIn.css
static.xx.fbcdn.net/rsrc.php/v3/yt/l/0,cross/ |
234 KB 42 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
2SGpQeVTo43.css
static.xx.fbcdn.net/rsrc.php/v3/y2/l/0,cross/ |
22 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
Q9D1U8-dDEM.css
static.xx.fbcdn.net/rsrc.php/v3/yT/l/0,cross/ |
81 KB 14 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
K5dWA9Ifxdl.css
static.xx.fbcdn.net/rsrc.php/v3/yx/l/0,cross/ |
38 KB 8 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
qPUWK3RNT5O.css
static.xx.fbcdn.net/rsrc.php/v3/y-/l/0,cross/ |
27 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
lZ86cv9aR90.css
static.xx.fbcdn.net/rsrc.php/v3/y2/l/0,cross/ |
40 KB 26 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
qnH7Y-GRBkc.js
static.xx.fbcdn.net/rsrc.php/v3/yH/r/ |
284 KB 80 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
GwFs3_KxNjS.png
static.xx.fbcdn.net/rsrc.php/v3/yc/r/ |
18 KB 19 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
M2JXa_LXYz_.png
static.xx.fbcdn.net/rsrc.php/v3/y2/r/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
IgomD5huaIK.png
static.xx.fbcdn.net/rsrc.php/v3/y5/r/ |
4 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
GsNJNwuI-UM.gif
static.xx.fbcdn.net/rsrc.php/v3/yb/r/ |
522 B 718 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
15 KB 0 |
Font
font/opentype |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
hsts-pixel.gif
connect.facebook.net/security/ Redirect Chain
|
43 B 223 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
1fQg2jcF2iG.png
static.xx.fbcdn.net/rsrc.php/v3/yq/r/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
74 B 0 |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headersResponse headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
-ffSVi5vpHO.js
static.xx.fbcdn.net/rsrc.php/v3i-ny4/yi/l/es_LA/ |
1 MB 328 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
u2jc_XCtAO4.js
static.xx.fbcdn.net/rsrc.php/v3i48X4/y3/l/es_LA/ |
110 KB 48 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
voAvQybYsqF.js
static.xx.fbcdn.net/rsrc.php/v3iR7u4/yo/l/es_LA/ |
65 KB 23 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
_cHtjcQBHpq.js
static.xx.fbcdn.net/rsrc.php/v3iH6v4/y_/l/es_LA/ |
39 KB 11 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
MZ0ip81-W8R.js
static.xx.fbcdn.net/rsrc.php/v3/yf/r/ |
419 KB 94 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
NPUHnFcUZwO.js
static.xx.fbcdn.net/rsrc.php/v3iWhr4/yA/l/es_LA/ |
120 KB 28 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
mObBi8PVMDb.js
static.xx.fbcdn.net/rsrc.php/v3/yS/r/ |
9 KB 3 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
lbTWk4o9IIg.js
static.xx.fbcdn.net/rsrc.php/v3ilof4/yw/l/es_LA/ |
76 KB 19 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
l8JgawLg_ZE.js
static.xx.fbcdn.net/rsrc.php/v3imzE4/y-/l/es_LA/ |
55 KB 14 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
x_yUjGwU5QQ.js
static.xx.fbcdn.net/rsrc.php/v3irtd4/yw/l/es_LA/ |
137 KB 34 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
NlgQdDLb7xg.js
static.xx.fbcdn.net/rsrc.php/v3/yM/r/ |
7 KB 2 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
0Cj4PYw15sQ.js
static.xx.fbcdn.net/rsrc.php/v3iRR64/yU/l/es_LA/ |
44 KB 12 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
LrOcBHCCQe4.js
static.xx.fbcdn.net/rsrc.php/v3/y-/r/ |
10 KB 3 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
84-uNbs2GAQ.js
static.xx.fbcdn.net/rsrc.php/v3/yp/r/ |
6 KB 3 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
apO8oxs0n1H.js
static.xx.fbcdn.net/rsrc.php/v3/y3/r/ |
11 KB 3 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
5UQXSs5IgPs.js
static.xx.fbcdn.net/rsrc.php/v3iEfs4/yz/l/es_LA/ |
49 KB 15 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
LqMiRipdJAD.js
static.xx.fbcdn.net/rsrc.php/v3/yc/r/ |
8 KB 3 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
Ilm1TuLsvhw.js
static.xx.fbcdn.net/rsrc.php/v3/y_/r/ |
1 KB 948 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.0 |
referer_frame.php
956e3b94.ngrok.io/intern/common/ Frame 685E |
195 B 330 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
-PAXP-deijE.gif
static.xx.fbcdn.net/rsrc.php/v3/y4/r/ |
43 B 206 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.0 |
referer_frame.php
956e3b94.ngrok.io/intern/common/ Frame 350A |
195 B 330 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
/
cx.atdmt.com/ Frame 685E Redirect Chain
|
42 B 196 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
fbsbx.com/captcha/recaptcha/iframe/ Frame 350A |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
ua_callback.php
www.facebook.com/ajax/ |
43 B 870 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Facebook (Social Network)65 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
number| _cstart function| envFlush object| Env number| __DEV__ function| CavalryLogger undefined| __p function| __annotator function| __bodyWrapper function| __t function| __w function| FB_enumerate function| __m object| babelHelpers function| define function| require function| requireDynamic function| requireLazy function| __d object| ErrorUtils object| TimeSlice function| Arbiter object| JSCC function| $ function| ge function| emptyFunction function| goURI object| Parent object| Bootloader function| ProfilingCounters object| PageEvents function| _domcontentready function| onloadRegister_DEPRECATED function| onloadRegister function| onafterloadRegister_DEPRECATED function| onafterloadRegister function| onleaveRegister function| onbeforeunloadRegister function| onunloadRegister function| wait_for_load function| $E object| domreadyhooks object| onloadhooks string| _script_path object| bigPipe object| onbeforeunloadhooks object| onunloadhooks object| __FB_STORE function| intl_set_xmode function| intl_set_amode function| intl_set_rmode function| intl_set_locale object| PageHooks function| _domreadyHook function| _onloadHook function| runHook function| runHooks function| keep_window_set_as_loaded function| AsyncRequest object| ErrorSignal object| onafterunloadhooks function| captchaRefresh function| useragentcm object| onleavehooks object| PageTransitions boolean| domready4 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.956e3b94.ngrok.io/ | Name: _js_reg_fb_ref Value: https%3A%2F%2Fwww.facebook.com%2F |
|
.956e3b94.ngrok.io/ | Name: wd Value: 1600x1200 |
|
.956e3b94.ngrok.io/ | Name: _js_reg_fb_gate Value: https%3A%2F%2Fwww.facebook.com%2F |
|
.956e3b94.ngrok.io/ | Name: _js_datr Value: n0cbWzqfnaH4kV0YD__jxune |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
956e3b94.ngrok.io
connect.facebook.net
cx.atdmt.com
facebook.com
fbcdn.net
fbsbx.com
static.xx.fbcdn.net
www.facebook.com
185.60.216.19
185.60.216.35
185.60.216.38
185.60.216.6
52.15.72.79
14d1c0dcecc4e4dbd51431d69f153c270071696e7476a7cf8c3a157719f20ff1
1dd1f5dbeacbd0ad1d77d75e414b60b8061186f329d1427d571a5c44de56b7b0
2bbe00ea145f04c62b86414a60d953adf5e1ef500eb8b4a82a81da9a78a539bc
2d04e5a76922e342dbd9cbd9b2c99ec7992f440f13ea89b8cbf7149beb6b49e4
35ccb99e40ed7b35c5857afc5491b7fb89d181008024bf9a82d93652408f8514
3bff650dcf698f17d71d17d9280c024604e023569f77efe06e483d2938b44592
3d65d47efca679c33d145a0ff1a3121fac36123b5164c18fe4638d442c3ba362
43de3fa5b93b5600e192796a7f84b847d8065a0a4bf6880dab5d9da25ade13ad
44c1c9ae7d53ff7b15b20e4682961bfb5ebf82f47601bfe7e5c21923c609599e
4ae486a4cfd8ca260b63111dcaad81b4aad50d0dbf5f49eae6bf35388fea3371
50d67e78f4c9fd5e086aa33488371d19fed7eecc22b4f29a3e49636a964d0a8e
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
58680a84ee49734c1680200515e89d85ae02dcd2de655a9013b88073e47d141d
5a52dbaf980be015c37ea658dc83e753f345ecb7c48a7dafd71bf1ed67e8b4bd
5e5cb5f601756fc9f30b810f6ead73343b499ebb4f884acc9fe2d326f0bf9927
5f6713dca4899cf1e81305d91633dafc0321e2f5cee2474e70e1e81c63686ee8
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
76f1784a1b358793e2aafd470223520c4738475f9cb56cf9e2cee0298756d2da
787ddf68e5c70807e29eae2c8c418482a0ce27cce83fe0221ed7e65fd945c85c
7bb10cd6ebb3a1791962ee88593f63c10ab84a29317ed09729bce28b87877520
7f4fbb61e5a1226b421109d4bfeb68b371b240bb6a0131c54581b777cb649908
7fe4d89fa87903ddf2f9be4897114c6bc6655e95e65226da73f0de68afabdbda
8627d83666e5f29db4f5ddfba459bf17a542a4b20569815b8055223dbe6d3f75
88f17185f5ede9c909f770e88a4ef87b9e42bff0c48fd12aab35703b597ae31d
91ed43cdc5e6ab23e800aa1dad7c2bef1eb0f46e745f73004355d0025a731cad
9a67fc4a7b9baa639b319f162a9a17f982d7e1b653aa12b08ec7a2ab74275773
9aef181152b395107b175a6106324bba504e3b4e55bd75b25b106698316f6d4d
a06b06bfd56146e73e9449e238215e76825c51b18a1dddefbc13dff192c64b4f
a64784265cf837d4d6bfdac19b041a0038edecac2db060532bd5b7577c588f5a
a6540f4fd739c586cc4b400be04b2c8092f76a7af8c8663517705ae04c68ca75
aab78646f69fe7166bb526fa0fb66b4409579dd30c325fed1ae9829c766b045e
b637e55259bc745d76c7c9c60f70f997a65fdc223d066241049fae62f087497b
b7305b42717b15e2d2cb1d9fb4ec20874b3ca6c8992d80bb0b38b3de94d3377c
bb8b1624adf4c4015f8ae4c988fc3eb41565d0ec71131c61ce2e7c5f2cd9fc98
c63295b9a226783c80c36bf2a99a04ec4bf0a7c996df04fad43bb198c6aa193b
c863c3db05911ad23bc22750aaa839cf59818a7163306181656ced1877bd8fdd
d5ae781ceeb35fdddbf84f4908d162cfcf6294540f584907a6e17ccd21dcdf0e
f2ad0c775c285910942fb955bcbc850ef7609480779ac6c64a865188f507fcdb