www.welivesecurity.com
Open in
urlscan Pro
95.100.146.42
Public Scan
URL:
https://www.welivesecurity.com/en/eset-research/moon-backdoors-lunar-landing-diplomatic-missions/
Submission: On May 19 via api from IL — Scanned from IL
Submission: On May 19 via api from IL — Scanned from IL
Summary
This website contacted 8 IPs
in 3 countries
across 6 domains to perform 47 HTTP transactions.
The main IP is 95.100.146.42, located in
Prague, Czech Republic and
belongs to AKAMAI-ASN1, NL.
The main domain is www.welivesecurity.com.
The Cisco Umbrella rank of the primary domain is 364913.
TLS certificate: Issued by Thawte TLS RSA CA G1 on January 19th 2024. Valid for: a year.
This is the only time www.welivesecurity.com was scanned on urlscan.io!
TLS certificate: Issued by Thawte TLS RSA CA G1 on January 19th 2024. Valid for: a year.
This is the only time www.welivesecurity.com was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 1 19 | 95.100.146.42 95.100.146.42 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
| 15 | 52.178.190.83 52.178.190.83 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
| 3 | 199.232.192.134 199.232.192.134 | 54113 (FASTLY) (FASTLY) | |
| 2 | 142.250.186.104 142.250.186.104 | 15169 (GOOGLE) (GOOGLE) | |
| 1 | 151.101.128.134 151.101.128.134 | 54113 (FASTLY) (FASTLY) | |
| 4 | 142.250.185.110 142.250.185.110 | 15169 (GOOGLE) (GOOGLE) | |
| 2 | 13.107.246.45 13.107.246.45 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
| 47 | 8 |
19
95.100.146.42
(Prague, Czech Republic)
ASN20940 (AKAMAI-ASN1, NL)
PTR: a95-100-146-42.deploy.static.akamaitechnologies.com
ASN20940 (AKAMAI-ASN1, NL)
PTR: a95-100-146-42.deploy.static.akamaitechnologies.com
| www.welivesecurity.com |
15
52.178.190.83
(Dublin, Ireland)
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
| web-assets.esetstatic.com |
3
199.232.192.134
(United States)
ASN54113 (FASTLY, US)
ASN54113 (FASTLY, US)
| welivesecurity.disqus.com | |
| referrer.disqus.com |
2
142.250.186.104
(United States)
ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f8.1e100.net
ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f8.1e100.net
| www.googletagmanager.com |
4
142.250.185.110
(United States)
ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f14.1e100.net
ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f14.1e100.net
| www.google-analytics.com |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 19 |
welivesecurity.com
1 redirects
www.welivesecurity.com — Cisco Umbrella Rank: 364913 |
1 MB |
| 17 |
esetstatic.com
web-assets.esetstatic.com cdn.esetstatic.com — Cisco Umbrella Rank: 760012 |
836 KB |
| 4 |
google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 32 |
21 KB |
| 4 |
disqus.com
welivesecurity.disqus.com disqus.com — Cisco Umbrella Rank: 1229 referrer.disqus.com — Cisco Umbrella Rank: 8643 |
27 KB |
| 2 |
googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 39 |
207 KB |
| 0 |
go-mpulse.net
Failed
s.go-mpulse.net Failed |
|
| 47 | 6 |
| Domain | Requested by | |
|---|---|---|
| 19 | www.welivesecurity.com |
1 redirects
www.welivesecurity.com
|
| 15 | web-assets.esetstatic.com |
www.welivesecurity.com
|
| 4 | www.google-analytics.com |
www.googletagmanager.com
www.google-analytics.com www.welivesecurity.com |
| 2 | cdn.esetstatic.com |
www.googletagmanager.com
|
| 2 | referrer.disqus.com |
www.welivesecurity.com
|
| 2 | www.googletagmanager.com |
www.welivesecurity.com
www.googletagmanager.com |
| 1 | disqus.com |
welivesecurity.disqus.com
|
| 1 | welivesecurity.disqus.com |
www.welivesecurity.com
|
| 0 | s.go-mpulse.net Failed |
www.welivesecurity.com
|
| 47 | 9 |
This site contains links to these domains. Also see Links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| www.welivesecurity.com Thawte TLS RSA CA G1 |
2024-01-19 - 2025-01-18 |
a year | crt.sh |
| api.cms.eset.com R3 |
2024-04-08 - 2024-07-07 |
3 months | crt.sh |
| *.disqus.com Sectigo RSA Domain Validation Secure Server CA |
2024-04-16 - 2025-04-16 |
a year | crt.sh |
| *.google-analytics.com WR2 |
2024-05-06 - 2024-07-29 |
3 months | crt.sh |
| cdn.esetstatic.com Thawte TLS RSA CA G1 |
2023-11-06 - 2024-11-05 |
a year | crt.sh |
This page contains 5 frames:
Primary Page:
https://www.welivesecurity.com/en/eset-research/moon-backdoors-lunar-landing-diplomatic-missions/
Frame ID: 58D32A7B4B644B0055B56C9AB6339B7F
Requests: 46 HTTP requests in this frame
Frame:
https://s.go-mpulse.net/boomerang/7R9SM-QGSYF-QDLJK-UETXR-SPM6B
Frame ID: 76BF4A055FF0CB5F3EE412C42B6214DC
Requests: 1 HTTP requests in this frame
Frame:
https://disqus.com/embed/comments/?base=default&f=welivesecurity&t_i=To%20the%20Moon%20and%20back(doors)%3A%20Lunar%20landing%20in%20diplomatic%20missions&t_u=https%3A%2F%2Fwww.welivesecurity.com%2Fen%2Feset-research%2Fmoon-backdoors-lunar-landing-diplomatic-missions%2F&t_e=30424&t_d=To%20the%20Moon%20and%20back(doors)%3A%20Lunar%20landing%20in%20diplomatic%20missions&t_t=30424&s_o=default&l=en
Frame ID: 6A599A96D6A7EC1BB127A22E466E19F1
Requests: 1 HTTP requests in this frame
Frame:
data://truncated
Frame ID: 0FAE42A7E9353A2E9FB536C360851563
Requests: 3 HTTP requests in this frame
Frame:
data://truncated
Frame ID: BB6909DA18C9E628DD4B3D9DFFCC4478
Requests: 3 HTTP requests in this frame
Screenshot
Page Title
To the Moon and back(doors): Lunar landing in diplomatic missionsPage URL History Show full URLs
-
https://www.welivesecurity.com/en/eset-research/moon-backdoors-lunar-landing-diplomatic-missions
HTTP 301
https://www.welivesecurity.com/en/eset-research/moon-backdoors-lunar-landing-diplomatic-missions/ Page URL
Detected technologies
Vue.js
(JavaScript Frameworks)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- <[^>]+\sdata-v(?:ue)?-
Google Analytics
(Analytics)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- google-analytics\.com/(?:ga|urchin|analytics)\.js
Google Tag Manager
(Tag Managers)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- googletagmanager\.com/ns\.html[^>]+></iframe>
- <!-- (?:End )?Google Tag Manager -->
- googletagmanager\.com/gtm\.js
- googletagmanager\.com/gtag/js
Page Statistics
81 Outgoing links
These are links going to different origins than the main page.
URL: https://interaktiv.br.de/elite-hacker-fsb/en/index.html
Title: FSB
Title: FSB
Search URL Search Domain Scan URL
URL: https://www.zabbix.com/
Title: Zabbix
Title: Zabbix
Search URL Search Domain Scan URL
URL: https://news.sophos.com/en-us/2021/03/05/hafnium-advice-about-the-new-nation-state-attack/
Title: known IoC
Title: known IoC
Search URL Search Domain Scan URL
URL: https://gpg4win.org/
Title: Gpg4win’s
Title: Gpg4win’s
Search URL Search Domain Scan URL
URL: https://learn.microsoft.com/en-us/windows/win32/ipc/about-mailslots
Title: mailslot
Title: mailslot
Search URL Search Domain Scan URL
URL: https://attack.mitre.org/techniques/T1620/
Title: reflective loader
Title: reflective loader
Search URL Search Domain Scan URL
URL: https://github.com/GreyCorbel/admpwd
Title: AdmPwd
Title: AdmPwd
Search URL Search Domain Scan URL
URL: https://giflib.sourceforge.net/
Title: giflib
Title: giflib
Search URL Search Domain Scan URL
URL: https://ctf101.org/forensics/what-is-stegonagraphy/#lsb-steganography
Title: LSB steganography
Title: LSB steganography
Search URL Search Domain Scan URL
URL: https://github.com/Mbed-TLS/mbedtls
Title: Mbed TLS
Title: Mbed TLS
Search URL Search Domain Scan URL
URL: https://github.com/eset/malware-ioc/tree/master/turla#to-the-moon-and-back-doors-lunar-landing-in-diplomatic-missions-indicators-of-compromise
Title: GitHub repository
Title: GitHub repository
Search URL Search Domain Scan URL
URL: https://en.wikipedia.org/wiki/HMAC
Title: HMAC
Title: HMAC
Search URL Search Domain Scan URL
URL: https://en.wikipedia.org/wiki/PBKDF2
Title: PBKDF
Title: PBKDF
Search URL Search Domain Scan URL
URL: https://github.com/Mbed-TLS/mbedtls/blob/995c66f702db3a004be1e3d822ffad64b2ad125f/programs/aes/aescrypt2.c
Title: sample program
Title: sample program
Search URL Search Domain Scan URL
URL: https://www.lua.org/
Title: Lua
Title: Lua
Search URL Search Domain Scan URL
URL: https://github.com/davidm/luacom
Title: LuaCOM
Title: LuaCOM
Search URL Search Domain Scan URL
URL: https://github.com/sebastiandev/zipper
Title: Zipper
Title: Zipper
Search URL Search Domain Scan URL
URL: https://web-assets.esetstatic.com/wls/2019/05/ESET-LightNeuron.pdf
Title: LightNeuron
Title: LightNeuron
Search URL Search Domain Scan URL
URL: https://web-assets.esetstatic.com/wls/2018/08/Eset-Turla-Outlook-Backdoor.pdf
Title: Outlook backdoor
Title: Outlook backdoor
Search URL Search Domain Scan URL
URL: https://learn.microsoft.com/en-us/office/client-developer/outlook/mapi/outlook-mapi-reference
Title: Outlook Messaging API (MAPI)
Title: Outlook Messaging API (MAPI)
Search URL Search Domain Scan URL
URL: https://learn.microsoft.com/en-us/windows/win32/gdiplus/-gdiplus-gdi-start
Title: GDI+ API
Title: GDI+ API
Search URL Search Domain Scan URL
URL: https://learn.microsoft.com/en-us/office/client-developer/outlook/mapi/processing-a-sent-message
Title: PR_DELETE_AFTER_SUBMIT
Title: PR_DELETE_AFTER_SUBMIT
Search URL Search Domain Scan URL
URL: https://github.com/eset/malware-ioc/tree/master/turla#to-the-moon-and-backdoors-lunar-landing-in-diplomatic-missionsindicators-of-compromise
Title: GitHub repository
Title: GitHub repository
Search URL Search Domain Scan URL
URL: https://attack.mitre.org/resources/versions/
Title: version 15
Title: version 15
Search URL Search Domain Scan URL
URL: https://attack.mitre.org/versions/v15/techniques/T1591
Title: T1591
Title: T1591
Search URL Search Domain Scan URL
URL: https://attack.mitre.org/versions/v15/techniques/T1583/002
Title: T1583.002
Title: T1583.002
Search URL Search Domain Scan URL
URL: https://attack.mitre.org/versions/v15/techniques/T1583/003
Title: T1583.003
Title: T1583.003
Search URL Search Domain Scan URL
URL: https://attack.mitre.org/versions/v15/techniques/T1584/003
Title: T1584.003
Title: T1584.003
Search URL Search Domain Scan URL
URL: https://attack.mitre.org/versions/v15/techniques/T1586/002
Title: T1586.002
Title: T1586.002
Search URL Search Domain Scan URL
URL: https://attack.mitre.org/versions/v15/techniques/T1587/001
Title: T1587.001
Title: T1587.001
Search URL Search Domain Scan URL
URL: https://attack.mitre.org/versions/v15/techniques/T1047
Title: T1047
Title: T1047
Search URL Search Domain Scan URL
URL: https://attack.mitre.org/versions/v15/techniques/T1059
Title: T1059
Title: T1059
Search URL Search Domain Scan URL
URL: https://attack.mitre.org/versions/v15/techniques/T1059/001
Title: T1059.001
Title: T1059.001
Search URL Search Domain Scan URL
URL: https://attack.mitre.org/versions/v15/techniques/T1059/003
Title: T1059.003
Title: T1059.003
Search URL Search Domain Scan URL
URL: https://attack.mitre.org/versions/v15/techniques/T1059/005
Title: T1059.005
Title: T1059.005
Search URL Search Domain Scan URL
URL: https://attack.mitre.org/versions/v15/techniques/T1106
Title: T1106
Title: T1106
Search URL Search Domain Scan URL
URL: https://attack.mitre.org/versions/v15/techniques/T1204/002
Title: T1204.002
Title: T1204.002
Search URL Search Domain Scan URL
URL: https://attack.mitre.org/versions/v15/techniques/T1137/006
Title: T1137.006
Title: T1137.006
Search URL Search Domain Scan URL
URL: https://attack.mitre.org/versions/v15/techniques/T1547
Title: T1547
Title: T1547
Search URL Search Domain Scan URL
URL: https://attack.mitre.org/versions/v15/techniques/T1574
Title: T1574
Title: T1574
Search URL Search Domain Scan URL
URL: https://attack.mitre.org/versions/v15/techniques/T1027
Title: T1027
Title: T1027
Search URL Search Domain Scan URL
URL: https://attack.mitre.org/versions/v15/techniques/T1027/003
Title: T1027.003
Title: T1027.003
Search URL Search Domain Scan URL
URL: https://attack.mitre.org/versions/v15/techniques/T1027/007
Title: T1027.007
Title: T1027.007
Search URL Search Domain Scan URL
URL: https://attack.mitre.org/versions/v15/techniques/T1027/009
Title: T1027.009
Title: T1027.009
Search URL Search Domain Scan URL
URL: https://attack.mitre.org/versions/v15/techniques/T1036/005
Title: T1036.005
Title: T1036.005
Search URL Search Domain Scan URL
URL: https://attack.mitre.org/versions/v15/techniques/T1070/004
Title: T1070.004
Title: T1070.004
Search URL Search Domain Scan URL
URL: https://attack.mitre.org/versions/v15/techniques/T1070/008
Title: T1070.008
Title: T1070.008
Search URL Search Domain Scan URL
URL: https://attack.mitre.org/versions/v15/techniques/T1140
Title: T1140
Title: T1140
Search URL Search Domain Scan URL
URL: https://attack.mitre.org/versions/v15/techniques/T1480/001
Title: T1480.001
Title: T1480.001
Search URL Search Domain Scan URL
URL: https://attack.mitre.org/versions/v15/techniques/T1620
Title: T1620
Title: T1620
Search URL Search Domain Scan URL
URL: https://attack.mitre.org/versions/v15/techniques/T1007
Title: T1007
Title: T1007
Search URL Search Domain Scan URL
URL: https://attack.mitre.org/versions/v15/techniques/T1016
Title: T1016
Title: T1016
Search URL Search Domain Scan URL
URL: https://attack.mitre.org/versions/v15/techniques/T1057
Title: T1057
Title: T1057
Search URL Search Domain Scan URL
URL: https://attack.mitre.org/versions/v15/techniques/T1082
Title: T1082
Title: T1082
Search URL Search Domain Scan URL
URL: https://attack.mitre.org/versions/v15/techniques/T1518/001
Title: T1518.001
Title: T1518.001
Search URL Search Domain Scan URL
URL: https://attack.mitre.org/versions/v15/techniques/T1005
Title: T1005
Title: T1005
Search URL Search Domain Scan URL
URL: https://attack.mitre.org/versions/v15/techniques/T1074/001
Title: T1074.001
Title: T1074.001
Search URL Search Domain Scan URL
URL: https://attack.mitre.org/versions/v15/techniques/T1113
Title: T1113
Title: T1113
Search URL Search Domain Scan URL
URL: https://attack.mitre.org/versions/v15/techniques/T1114/001
Title: T1114.001
Title: T1114.001
Search URL Search Domain Scan URL
URL: https://attack.mitre.org/versions/v15/techniques/T1560/002
Title: T1560.002
Title: T1560.002
Search URL Search Domain Scan URL
URL: https://attack.mitre.org/versions/v15/techniques/T1001/002
Title: T1001.002
Title: T1001.002
Search URL Search Domain Scan URL
URL: https://attack.mitre.org/versions/v15/techniques/T1001/003
Title: T1001.003
Title: T1001.003
Search URL Search Domain Scan URL
URL: https://attack.mitre.org/versions/v15/techniques/T1071/001
Title: T1071.001
Title: T1071.001
Search URL Search Domain Scan URL
URL: https://attack.mitre.org/versions/v15/techniques/T1071/003
Title: T1071.003
Title: T1071.003
Search URL Search Domain Scan URL
URL: https://attack.mitre.org/versions/v15/techniques/T1090/001
Title: T1090.001
Title: T1090.001
Search URL Search Domain Scan URL
URL: https://attack.mitre.org/versions/v15/techniques/T1095
Title: T1095
Title: T1095
Search URL Search Domain Scan URL
URL: https://attack.mitre.org/versions/v15/techniques/T1132/001
Title: T1132.001
Title: T1132.001
Search URL Search Domain Scan URL
URL: https://attack.mitre.org/versions/v15/techniques/T1573/001
Title: T1573.001
Title: T1573.001
Search URL Search Domain Scan URL
URL: https://attack.mitre.org/versions/v15/techniques/T1573/002
Title: T1573.002
Title: T1573.002
Search URL Search Domain Scan URL
URL: https://attack.mitre.org/versions/v15/techniques/T1020
Title: T1020
Title: T1020
Search URL Search Domain Scan URL
URL: https://attack.mitre.org/versions/v15/techniques/T1030
Title: T1030
Title: T1030
Search URL Search Domain Scan URL
URL: https://attack.mitre.org/versions/v15/techniques/T1041
Title: T1041
Title: T1041
Search URL Search Domain Scan URL
URL: https://www.eset.com/int/business/services/threat-intelligence/?utm_source=welivesecurity.com&utm_medium=referral&utm_campaign=wls-research&utm_content=moon-backdoors-lunar-landing-diplomatic-missions&sfdccampaignid=7011n0000017htTAAQ
Search URL Search Domain Scan URL
URL: https://www.facebook.com/sharer/sharer.php?u=https://www.welivesecurity.com/en/eset-research/moon-backdoors-lunar-landing-diplomatic-missions/
Search URL Search Domain Scan URL
URL: https://www.linkedin.com/shareArticle?mini=true&url=https://www.welivesecurity.com/en/eset-research/moon-backdoors-lunar-landing-diplomatic-missions/
Search URL Search Domain Scan URL
URL: https://twitter.com/intent/tweet?url=https://www.welivesecurity.com/en/eset-research/moon-backdoors-lunar-landing-diplomatic-missions/
Search URL Search Domain Scan URL
URL: https://www.eset.com/?utm_source=welivesecurity.com&utm_medium=referral&utm_campaign=autotagging&utm_content=eset-research&utm_term=en
Title: ESET
Title: ESET
Search URL Search Domain Scan URL
URL: https://www.facebook.com/eset/
Search URL Search Domain Scan URL
URL: https://youtube.com/esetglobal
Search URL Search Domain Scan URL
URL: https://twitter.com/ESET
Search URL Search Domain Scan URL
URL: https://www.linkedin.com/company/eset
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://www.welivesecurity.com/en/eset-research/moon-backdoors-lunar-landing-diplomatic-missions
HTTP 301
https://www.welivesecurity.com/en/eset-research/moon-backdoors-lunar-landing-diplomatic-missions/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
47 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
Primary Request
/
www.welivesecurity.com/en/eset-research/moon-backdoors-lunar-landing-diplomatic-missions/ Redirect Chain
|
152 KB 42 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
FedraSansAltPro-BookLF-405f3258.woff
www.welivesecurity.com/build/assets/ |
163 KB 167 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
FedraSansAltPro-BoldLF-31f4bc72.woff
www.welivesecurity.com/build/assets/ |
162 KB 166 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
FedraSansAltPro-DemiLF-8885b886.woff
www.welivesecurity.com/build/assets/ |
164 KB 168 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
eset-research-lunar-toolset-turla-apt-lunarweb-lunarmail.jpeg
web-assets.esetstatic.com/tn/-x425/wls/2024/5-2024/ |
61 KB 62 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
article-header-995fa639.js
www.welivesecurity.com/build/assets/ |
442 B 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
app-aea1be27.css
www.welivesecurity.com/build/assets/ |
298 KB 36 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
filip_jurcacko.jpg
web-assets.esetstatic.com/tn/-x45/wls/2021/04/ |
1 KB 3 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
eset-research-lunar-toolset-turla-apt-lunarweb-lunarmail.jpeg
web-assets.esetstatic.com/tn/-x700/wls/2024/5-2024/ |
161 KB 163 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
figure-1-malicious-outlook-add-in.png
web-assets.esetstatic.com/wls/2024/5-2024/lunar-toolset/ |
59 KB 60 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
figure-2-the-two-observed-lunar-toolset-compromise-chains.png
web-assets.esetstatic.com/wls/2024/5-2024/lunar-toolset/ |
102 KB 103 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
figure-3-decoded-version-of-the-string-which-contains-a-message.png
web-assets.esetstatic.com/wls/2024/5-2024/lunar-toolset/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
figure-4-hex-rays-decompilation-showing-state-retrieval.png
web-assets.esetstatic.com/wls/2024/5-2024/lunar-toolset/ |
32 KB 32 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
figure-5-lunarmail-operation.png
web-assets.esetstatic.com/wls/2024/5-2024/lunar-toolset/ |
85 KB 86 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
figure-6-example-of-a-redacted-and-translated-exfiltration-email-with-data-hidden-in-image.jpeg
web-assets.esetstatic.com/wls/2024/5-2024/lunar-toolset/ |
68 KB 69 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
welivesecurity-eset-threat-intelligence.jpeg
web-assets.esetstatic.com/wls/2023/2023-12/ |
72 KB 73 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
shutterstock_1254740023-1920-resized.jpg
web-assets.esetstatic.com/tn/-x82/wls/2019/05/ |
5 KB 6 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
turla-armenian-websites-watering-holes.jpg
web-assets.esetstatic.com/tn/-x82/wls/2020/03/ |
4 KB 6 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
shutterstock_154547867-1.jpg
web-assets.esetstatic.com/tn/-x82/wls/2019/05/ |
9 KB 10 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
dazzlespy-macos-malware.jpg
web-assets.esetstatic.com/tn/-x82/wls/2022/01/ |
5 KB 6 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
turla-crutch-apt-backdoor.jpg
web-assets.esetstatic.com/tn/-x82/wls/2020/12/ |
7 KB 8 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
eset-threat-report-h2-2023-3941fe0b.webp
www.welivesecurity.com/build/assets/ |
30 KB 34 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
app-7a4ecde0.js
www.welivesecurity.com/build/assets/ |
80 KB 25 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
search-7d9f58b7.js
www.welivesecurity.com/build/assets/ |
276 KB 88 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
_commonjsHelpers-042e6b4d.js
www.welivesecurity.com/build/assets/ |
725 B 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
prism-40494b65.css
www.welivesecurity.com/build/assets/ |
2 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
prism-40d1b0a4.js
www.welivesecurity.com/build/assets/ |
66 KB 24 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
article-e3625c4c.css
www.welivesecurity.com/build/assets/ |
23 KB 8 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
article-fd027339.js
www.welivesecurity.com/build/assets/ |
140 KB 39 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
7R9SM-QGSYF-QDLJK-UETXR-SPM6B
s.go-mpulse.net/boomerang/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
7R9SM-QGSYF-QDLJK-UETXR-SPM6B
s.go-mpulse.net/boomerang/ Frame 76BF |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
embed.js
welivesecurity.disqus.com/ |
80 KB 26 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
671 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
FedraSansAltPro-MediumLF-261e3ac5.woff
www.welivesecurity.com/build/assets/ |
166 KB 170 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
FedraSansAltPro-BookItalicLF-4cad214a.woff
www.welivesecurity.com/build/assets/ |
162 KB 166 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
FedraSansAltPro-LightLF-ec800a5b.woff
www.welivesecurity.com/build/assets/ |
159 KB 163 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
gtm.js
www.googletagmanager.com/ |
368 KB 117 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
/
disqus.com/embed/comments/ Frame 6A59 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
event.gif
referrer.disqus.com/juggler/ |
43 B 339 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
event.gif
referrer.disqus.com/juggler/ |
43 B 339 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ Frame 0FAE |
3 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ Frame 0FAE |
5 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ Frame 0FAE |
155 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ Frame BB69 |
3 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ Frame BB69 |
5 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ Frame BB69 |
155 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
js
www.googletagmanager.com/gtag/ |
255 KB 90 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
analytics.js
www.google-analytics.com/ |
52 KB 21 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
app.min.css
cdn.esetstatic.com/cookie-consent/v3/ |
21 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
app.min.js
cdn.esetstatic.com/cookie-consent/v3/ |
381 KB 140 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST H2 |
collect
www.google-analytics.com/g/ |
0 167 B |
Ping
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST H2 |
collect
www.google-analytics.com/j/ |
3 B 93 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
collect
www.google-analytics.com/ |
35 B 131 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
favicon.ico
www.welivesecurity.com/ |
1 KB 5 KB |
Other
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- s.go-mpulse.net
- URL
- https://s.go-mpulse.net/boomerang/7R9SM-QGSYF-QDLJK-UETXR-SPM6B
- Domain
- s.go-mpulse.net
- URL
- https://s.go-mpulse.net/boomerang/7R9SM-QGSYF-QDLJK-UETXR-SPM6B
Verdicts & Comments Add Verdict or Comment
34 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 object| 2 object| 3 object| 4 object| $current_language object| BOOMR_mq string| BOOMR_API_key object| BOOMR number| BOOMR_lstart function| disqus_config object| dataLayer number| uidEvent object| __VUE_INSTANCE_SETTERS__ boolean| __INTLIFY_PROD_DEVTOOLS__ boolean| __VUE_I18N_FULL_INSTALL__ boolean| __VUE_I18N_LEGACY_API__ boolean| __VUE__ object| Prism object| DISQUS object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga function| onYouTubeIframeAPIReady string| myDomain object| links object| gaGlobal object| gaplugins object| gaData object| regeneratorRuntime boolean| cookie_debug object| $cookiebar number| BOOMR_onload13 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| .welivesecurity.com/ | Name: AKA_A2 Value: A |
|
| .welivesecurity.com/ | Name: _ga Value: GA1.2.161589584.1716121149 |
|
| .welivesecurity.com/ | Name: _gid Value: GA1.2.173679528.1716121149 |
|
| .welivesecurity.com/ | Name: _ga_FBY6B30C4M Value: GS1.1.1716121148.1.0.1716121148.0.0.0 |
|
| .disqus.com/ | Name: disqus_unique Value: 5kvq15a2sf7nvm |
|
| disqus.com/ | Name: __jid Value: 5l1knmv3f0tlb2 |
|
| .pippio.com/ | Name: did Value: noBWU2VUg96BGTq6 |
|
| .pippio.com/ | Name: didts Value: 1716121152 |
|
| .pippio.com/ | Name: nnls Value: |
|
| .pippio.com/ | Name: pxrc Value: CMDcp7IGEgUIlCkQABIFCNVDEAA= |
|
| io.narrative.io/ | Name: io.narrative.guid.v2 Value: 003657f0-15da-11ef-9ac4-063b9a7afa69 |
|
| .rlcdn.com/ | Name: rlas3 Value: qCjwpkMFNKvXO25ajZrev5Sv8tUpe2+a7OFA6tz7sQA= |
|
| .rlcdn.com/ | Name: pxrc Value: CAA= |
115 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
| Source | Level | URL Text |
|---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
| Header | Value |
|---|---|
| Content-Security-Policy | default-src 'none'; child-src https://disqus.com https://vars.hotjar.com; connect-src 'self' http://ad.doubleclick.net https://*.akamaihd.net https://*.akstat.io https://*.eset.com https://*.hotjar.com https://*.hotjar.io https://adservice.google.com https://captcha.eset.com https://captcha.welivesecurity.com https://cc.welivesecurity.com https://cdn.esetstatic.com https://cdn.linkedin.oribi.io https://in.hotjar.com https://px.ads.linkedin.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://vc.hotjar.io https://ws22.hotjar.com https://ws32.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.opinionstage.com wss://*.hotjar.com wss://ws1.hotjar.com; font-src 'self' data: https://script.hotjar.com; frame-src 'self' https://*.slideshare.net https://bid.g.doubleclick.net https://c.disquscdn.com https://disqus.com https://m.facebook.com https://open.spotify.com/ https://platform.twitter.com https://player.vimeo.com https://share.transistor.fm https://tpc.googlesyndication.com https://vars.hotjar.com https://www.facebook.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.podbean.com https://www.screencast.com https://www.slideshare.net https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://*.ads.linkedin.com https://*.esetstatic.com https://adservice.google.com https://analytics.twitter.com https://c.disquscdn.com https://captcha.welivesecurity.com https://connect.facebook.net https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://referrer.disqus.com https://region1.google-analytics.com https://script.hotjar.com https://secure.eset.com https://syndication.twitter.com https://t.co https://twitter.com https://www.facebook.com https://www.google-analytics.com https://www.google.al https://www.google.ba https://www.google.bf https://www.google.bg https://www.google.by https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.co.ao https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ls https://www.google.co.ma https://www.google.co.tz https://www.google.co.za https://www.google.com.af https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.br https://www.google.com.co https://www.google.com.do https://www.google.com.eg https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kw https://www.google.com.ly https://www.google.com.mx https://www.google.com.ni https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sa https://www.google.com.sl https://www.google.com.tr https://www.google.com.tw https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.es https://www.google.fi https://www.google.ge https://www.google.gm https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ie https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.mw https://www.google.no https://www.google.ps https://www.google.rs https://www.google.sk https://www.google.tg https://www.google.tn https://www.googletagmanager.com https://www.hotjar.com https://www.linkedin.com https://www.youtube.com; manifest-src 'none'; media-src 'self' https://web-assets.esetstatic.com; object-src 'self' https://content.screencast.com; prefetch-src https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a.disquscdn.com https://assets.esetstatic.com https://cdn.esetstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://script.hotjar.com https://snap.licdn.com https://static.ads-twitter.com https://static.hotjar.com https://tpc.googlesyndication.com https://welivesecurity.disqus.com https://www.google-analytics.com https://www.google.ie https://www.google.nl https://www.googleadservices.com https://www.googletagmanager.com https://www.instagram.com https://www.opinionstage.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://assets.esetstatic.com https://c.disquscdn.com https://cdn.esetstatic.com; worker-src 'none'; report-uri https://www-welivesecurity-com.api.cspconsole.com/v1/csp/report; report-to default; |
| Strict-Transport-Security | max-age=15724800 |
| X-Content-Type-Options | nosniff |
| X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdn.esetstatic.com
disqus.com
referrer.disqus.com
s.go-mpulse.net
web-assets.esetstatic.com
welivesecurity.disqus.com
www.google-analytics.com
www.googletagmanager.com
www.welivesecurity.com
s.go-mpulse.net
13.107.246.45
142.250.185.110
142.250.186.104
151.101.128.134
199.232.192.134
52.178.190.83
95.100.146.42
04d05978fdb111358073ab0524e5c1fafc0826615c206987618416b8bd8a4747
061bfc7d1e3538d9fe3b470ef7a91e4983baf234dba8b04a612648336cd6a236
06d4793872942785be4a2c1f4f3336f89e092d61a5380dfc991b115545e2a881
13d1a190e6a23400b5547645f6f047e82b37c0edbadc1bc65616e3bbe245c4e8
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
261e3ac5dbb4ba8069ecba539a13b971d2e147981f4573e993410d8bd6de0037
2f0d0d858bf9cc115ae66c68725deaa6adb40c6e9b837c2253dbd328febd31a3
31f4bc726f2849a3c8f77f8432b635d2d4529a3ff80b669fc9e21b0ed1c81ea7
3941fe0bdd066c522eed233271a57f7733f25fce5f4fe88fb4530166bd560279
40494b653a0f9485c88432191eaace18e7dff8646f45114d6007fe19da129e34
405f32580b4440f0ddf2af9fcfd37fc9a863fde26b57b5623a9b188d61d47166
46c528478413a6fe1e9ff68fdb0e2f7b20ac71977e88f89c35348b4b94321f69
4cad214a2eeb48599ea314d32d2685f6554fe548be21add2f606db059530506e
4e8106cfb3d73176436f6337967b30404b1b3616ddb3b7091d9c6a7869e82d2d
5179618cbd049a8179afb46817db18c9dd8b72c174502b0f531724a3e8081c2f
523712255f68cd1e71efebb0488c78797418492d5789c69a05959aaf440d86f2
606ea62b1a8a1e2b24b9e0eafef0757cea22f73f3956d6548611f7c26c4551b5
62e72ab1c32c7526b319499e51909eb8d359d65ef6f5bc5372c4ab9cbdbb2c08
644fbb688b94c602990a4988d379d439a5151ea782e06496cb6347cbbb64e49d
6572478fbf8e29ee8109a22286fd9f82330fae739c518b58d5f37df25e17ea37
77bcc54b817355b7e01008e07475b0220a5746eceb1ac8e0c401654889b0b861
7808605ddd1f0eaa454aa444293d2f0260943e51e53838fca46506e6a69fe521
81b0b9aa30ff74d6e8eb03dc1ac3399d5374e3bf6d0cea7dae97de1d607d5bf3
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8885b88667beb8538140ecc550853e59d12e85fbd73dd70d4487b6cc757d8a2b
8b67a0820b92ad626dd7204b203736274c68fa2cb1a107077d571e60f6dedf96
8bd39c6cb37bd4b879f1afaf6b773558ff9eab99c76fc07bf2777ea5b5c8481b
92052c2563570919fbf0f9118060ddcf69c86a9260a8055e9cba0f07aafb8df2
956f61e41e263b6074a58cbcb2eb181014e8c8e277388ebd98cc0d59921577f4
99a74bd8b13e7cdfbbfd4cf85a0b627116bc0e5e9e96dd405584df52221b4b45
a7def1fa0223f6d52a8d16be0dfde290883e9e2aa7911d0bfd46141eae8beabe
aea1be27444d0da39e0f45d0fddd87dceeae48562d78cf9e38f4151b9a45a451
aee148a642a638b6f01785649c3c783fe3b54d45ff44b7da61dc57b455a8e41c
c78c12a0aa71dcbee05e3136101f5b2358d79189ef4866028da7dfefed075fef
cd0d58f44280b8df79e41fe70e7cb7b7f7e771ade65f2ab44a93489282bbd181
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d7cfd32c8599291d21831ac1a7a29dca7f06c5ea8a1828979e4759a732a6089c
ddc5ff006590260ddf62b7c89622c47a9e9011d197ca2c5131c804060736d922
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e3625c4c1b10a8e8b5fb271f45549d6d68e0a9c462062fc927709ea7ab285ca5
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4222715b556e7d99622c83e620d2f8e090047e56adb07923047f95828d561f2
e4ab8846a010a322bd6696b8f3574dea01aa8f9a7ececf23de52740b5e7b1ff8
e9d5fa7dbd42331253c178a9fb1ce2aaac7543c8667326489b58d4ab3a51abfd
ec800a5bcb2d4e57adcc0c7ec3d69427ac3e392d4a0302891dd76fb80ffd0bfd
ed915d2176566b841f0e01e7632ce7a20b023cbcb4f5976a6015284fccd8a865
f6c3282679ac34a4775c19479c47edd588b4e9da084551e5bbe675ea51cd49ba