carousell.bankway.space
Open in
urlscan Pro
2606:4700:3033::ac43:a717
Malicious Activity!
Public Scan
Submission: On March 06 via manual from HK — Scanned from DE
Summary
TLS certificate: Issued by E1 on February 19th 2024. Valid for: 3 months.
This is the only time carousell.bankway.space was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: HSBC (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
16 | 2606:4700:303... 2606:4700:3033::ac43:a717 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
5 | 23.192.250.218 23.192.250.218 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
1 8 | 23.1.254.81 23.1.254.81 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
1 | 13.32.27.50 13.32.27.50 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 2a04:4e42:200... 2a04:4e42:200::649 | 54113 (FASTLY) (FASTLY) | |
1 | 2606:4700::68... 2606:4700::6811:190e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 2 | 2606:4700::68... 2606:4700::6810:7caf | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
3 | 2a00:1450:400... 2a00:1450:4001:812::2004 | 15169 (GOOGLE) (GOOGLE) | |
1 | 34.120.154.120 34.120.154.120 | 396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM) | |
2 | 2a00:1450:400... 2a00:1450:4001:806::2003 | 15169 (GOOGLE) (GOOGLE) | |
38 | 10 |
ASN16625 (AKAMAI-AS, US)
PTR: a23-192-250-218.deploy.static.akamaitechnologies.com
cdn.walkme.com |
ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-1-254-81.deploy.static.akamaitechnologies.com
cdn.hsbc.com.hk |
ASN16509 (AMAZON-02, US)
PTR: server-13-32-27-50.fra56.r.cloudfront.net
www.hsbc.com.hk |
ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 120.154.120.34.bc.googleusercontent.com
lpcdn.lpsnmedia.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
16 |
bankway.space
carousell.bankway.space |
122 KB |
9 |
hsbc.com.hk
1 redirects
cdn.hsbc.com.hk — Cisco Umbrella Rank: 484350 www.hsbc.com.hk — Cisco Umbrella Rank: 164667 |
297 KB |
5 |
walkme.com
cdn.walkme.com — Cisco Umbrella Rank: 1491 |
514 KB |
3 |
google.com
www.google.com — Cisco Umbrella Rank: 2 |
36 KB |
2 |
gstatic.com
www.gstatic.com |
515 KB |
2 |
unpkg.com
1 redirects
unpkg.com — Cisco Umbrella Rank: 709 |
12 KB |
1 |
lpsnmedia.net
lpcdn.lpsnmedia.net — Cisco Umbrella Rank: 4249 |
16 KB |
1 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 228 |
5 KB |
1 |
jquery.com
code.jquery.com — Cisco Umbrella Rank: 760 |
30 KB |
38 | 9 |
Domain | Requested by | |
---|---|---|
16 | carousell.bankway.space |
carousell.bankway.space
code.jquery.com |
8 | cdn.hsbc.com.hk |
1 redirects
carousell.bankway.space
cdn.hsbc.com.hk |
5 | cdn.walkme.com |
carousell.bankway.space
|
3 | www.google.com |
carousell.bankway.space
www.gstatic.com www.google.com |
2 | www.gstatic.com |
www.google.com
|
2 | unpkg.com |
1 redirects
carousell.bankway.space
|
1 | lpcdn.lpsnmedia.net |
carousell.bankway.space
|
1 | cdnjs.cloudflare.com |
carousell.bankway.space
|
1 | code.jquery.com |
carousell.bankway.space
|
1 | www.hsbc.com.hk |
carousell.bankway.space
|
38 | 10 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.hsbc.com.hk |
Subject Issuer | Validity | Valid | |
---|---|---|---|
bankway.space E1 |
2024-02-19 - 2024-05-19 |
3 months | crt.sh |
walkme.com DigiCert TLS RSA SHA256 2020 CA1 |
2023-12-04 - 2024-12-03 |
a year | crt.sh |
cdn.hsbc.com.hk DigiCert Global G2 TLS RSA SHA256 2020 CA1 |
2024-02-25 - 2025-03-26 |
a year | crt.sh |
*.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2023-07-11 - 2024-07-14 |
a year | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2023-07-03 - 2024-07-02 |
a year | crt.sh |
www.google.com GTS CA 1C3 |
2024-02-19 - 2024-05-13 |
3 months | crt.sh |
*.lpsnmedia.net Sectigo RSA Organization Validation Secure Server CA |
2023-11-15 - 2024-11-14 |
a year | crt.sh |
*.gstatic.com GTS CA 1C3 |
2024-02-19 - 2024-05-13 |
3 months | crt.sh |
This page contains 4 frames:
Primary Page:
https://carousell.bankway.space/personal/176573816?refer=3&bank=6
Frame ID: B4B85B9181BF7A271C2C41D7989BCA53
Requests: 25 HTTP requests in this frame
Frame:
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Les888ZAAAAAOHLgqVrsJyhzrLFZsG2rUPj9_15&co=aHR0cHM6Ly93d3cuaHNiYy5jb20uaGs6NDQz&hl=en&v=x5WWoE57Fv0d6ATKsLDIAKnt&size=invisible&cb=uq9plu2tr1a7
Frame ID: FFDA0DA0D9DCCEEECE9EBD75AE5A28DB
Requests: 5 HTTP requests in this frame
Frame:
https://lpcdn.lpsnmedia.net/le_secure_storage/3.24.1.1-release_5109/storage.secure.min.html?loc=https%3A%2F%2Fwww.hsbc.com.hk&site=78938340&ist=sessionStorage&env=prod&accdn=accdn.lpsnmedia.net
Frame ID: 71B43CA9C479838190ACF57AFFFBBD25
Requests: 1 HTTP requests in this frame
Frame:
https://carousell.bankway.space/supportChatFrame/176573816
Frame ID: D403BEC37F9809B08FA770B6A2D425AB
Requests: 7 HTTP requests in this frame
Screenshot
Page Title
Username | Log on | HSBCDetected technologies
Adobe Experience Manager (CMS) ExpandDetected patterns
- /etc/designs/
Axios (JavaScript libraries) Expand
Detected patterns
- /axios(@|/)([\d.]+)(?:/[a-z]+)?/axios(?:.min)?\.js
SweetAlert (JavaScript Libraries) Expand
Detected patterns
- sweet(?:-)?alert(?:\.min)?\.js
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
8 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Title: Log on
Search URL Search Domain Scan URL
Title: Maintenance schedule
Search URL Search Domain Scan URL
Title: Online security
Search URL Search Domain Scan URL
Title: Terms & Conditions
Search URL Search Domain Scan URL
Title: Disclaimer & Internet Privacy Statement
Search URL Search Domain Scan URL
Title: Not registered for Personal Internet Banking?
Search URL Search Domain Scan URL
Title: Cross border disclosure Opens in new window
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 7- https://cdn.hsbc.com.hk/content/dam/hsbc/hk/images/webauth/HSBC_MASTERBRAND_LOGO.svg HTTP 301
- https://www.hsbc.com.hk/content/dam/hsbc/hk/images/webauth/HSBC_MASTERBRAND_LOGO.svg
- https://unpkg.com/sweetalert/dist/sweetalert.min.js HTTP 302
- https://unpkg.com/sweetalert@2.1.2/dist/sweetalert.min.js
38 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
176573816
carousell.bankway.space/personal/ |
172 KB 81 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
support_parent.css
carousell.bankway.space/css/ |
4 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
prelib-plugin-e2d9d95f-9c46-36d7-8eb1-fe3ffb766487.js
cdn.walkme.com/users/ed30a4375b7b4f9b8d9d8fd5bda693ad/scripts/ |
121 KB 41 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
walkme_lib_20220731-162001-a355eed0-b4242287.br.js
cdn.walkme.com/player/lib/ |
2 MB 453 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
walkme_config_d46e39e4fc574f42a9111f5a2880fed2.js
cdn.walkme.com/users/ed30a4375b7b4f9b8d9d8fd5bda693ad/ |
3 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
data_294d59dbe5fa4250bf311914facfa261.br.js
cdn.walkme.com/users/ed30a4375b7b4f9b8d9d8fd5bda693ad/ |
64 KB 12 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
custom_css_294d59dbe5fa4250bf311914facfa261.css
cdn.walkme.com/users/ed30a4375b7b4f9b8d9d8fd5bda693ad/ |
32 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
clientlib-all.min.d5b2187e9c840dd357fb9549e6baaf62.css
cdn.hsbc.com.hk/etc/designs/dspwebauth-headerfooter/ |
120 KB 78 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
HSBC_MASTERBRAND_LOGO.svg
www.hsbc.com.hk/content/dam/hsbc/hk/images/webauth/ Redirect Chain
|
4 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Transmitmain.min.e0b19721c3473004e230.css
cdn.hsbc.com.hk/etc/designs/DSP_SaaS_Milestone-Global/js-files/ |
260 KB 44 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
clientlib-all.min.5c23575dd2a45b73c671a7797acc5d2d.css
cdn.hsbc.com.hk/etc/designs/DSP_SaaS_Milestone-Global/ |
112 KB 76 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.6.0.min.js
code.jquery.com/ |
87 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
axios.min.js
cdnjs.cloudflare.com/ajax/libs/axios/0.21.1/ |
14 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sweetalert.min.js
unpkg.com/sweetalert@2.1.2/dist/ Redirect Chain
|
40 KB 12 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
lk.js
carousell.bankway.space/js/ |
12 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
UniversNextforHSBC-Regular.woff
cdn.hsbc.com.hk/etc/designs/dspwebauth-headerfooter/assets/fonts/UniversNextforHSBC-Regular/ |
26 KB 26 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
HSBCIcon-Font.woff
cdn.hsbc.com.hk/etc/designs/dspwebauth-headerfooter/assets/fonts/HSBCIcon-Font/ |
23 KB 23 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
anchor
www.google.com/recaptcha/api2/ Frame FFDA |
45 KB 29 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
time.svg
carousell.bankway.space/assets/banks/hsbc/images/ |
682 B 935 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
security_secure.svg
carousell.bankway.space/assets/banks/hsbc/images/ |
1 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
UniversNextforHSBC-Regular.woff
cdn.hsbc.com.hk/etc/designs/DSP_SaaS_Milestone-Global/assets/fonts/UniversNextforHSBC-Regular/ |
26 KB 26 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
HSBCIcon-Font.woff
cdn.hsbc.com.hk/etc/designs/DSP_SaaS_Milestone-Global/assets/fonts/HSBCIcon-Font/ |
23 KB 23 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
storage.secure.min.html
lpcdn.lpsnmedia.net/le_secure_storage/3.24.1.1-release_5109/ Frame 71B4 |
46 KB 16 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
176573816
carousell.bankway.space/supportChatFrame/ Frame D403 |
23 KB 7 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
supportIcon.svg
carousell.bankway.space/img/ |
1 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
checkStatus
carousell.bankway.space/api/ |
15 B 495 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
styles__ltr.css
www.gstatic.com/recaptcha/releases/x5WWoE57Fv0d6ATKsLDIAKnt/ Frame FFDA |
55 KB 25 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
recaptcha__en.js
www.gstatic.com/recaptcha/releases/x5WWoE57Fv0d6ATKsLDIAKnt/ Frame FFDA |
490 KB 490 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
support_chat.css
carousell.bankway.space/css/ Frame D403 |
101 KB 17 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
axios.min.js
carousell.bankway.space/js/ Frame D403 |
14 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
support.js
carousell.bankway.space/js/ Frame D403 |
5 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
IDLZ5bdCrEGdGR5FKKZfiIWvV7rMSlbAHUEzxUIOBQg.js
www.google.com/js/bg/ Frame FFDA |
17 KB 7 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
webworker.js
www.google.com/recaptcha/api2/ Frame FFDA |
102 B 289 B |
Other
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
getMessages
carousell.bankway.space/api/support/ Frame D403 |
15 B 497 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
checkStatus
carousell.bankway.space/api/ |
15 B 493 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
getMessages
carousell.bankway.space/api/support/ Frame D403 |
15 B 497 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
checkStatus
carousell.bankway.space/api/ |
15 B 505 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
getMessages
carousell.bankway.space/api/support/ Frame D403 |
15 B 493 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: HSBC (Banking)13 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 object| 2 object| 3 object| 4 function| $ function| jQuery function| axios function| setImmediate function| clearImmediate function| swal function| sweetAlert function| init1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
carousell.bankway.space/ | Name: connect.sid Value: s%3A1EaK-WCGS9YGfoxvyZSKOe2AxMc7IspR.uVnf3DT7%2B%2Bn%2FQOzO8ucSXG2ukb%2Bb%2FNePU8qMIttq5Ig |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
carousell.bankway.space
cdn.hsbc.com.hk
cdn.walkme.com
cdnjs.cloudflare.com
code.jquery.com
lpcdn.lpsnmedia.net
unpkg.com
www.google.com
www.gstatic.com
www.hsbc.com.hk
13.32.27.50
23.1.254.81
23.192.250.218
2606:4700:3033::ac43:a717
2606:4700::6810:7caf
2606:4700::6811:190e
2a00:1450:4001:806::2003
2a00:1450:4001:812::2004
2a04:4e42:200::649
34.120.154.120
0d9e97528d972063f9f9a22accaf21284ea8216008bddea7ab16428e098d47b2
103003a6f545842190e66469ca7548c01a8fd008841eff34f8598bb461b49e71
2032d9e5b742ac419d191e4528a65f8885af57bacc4a56c01d4133c5420e0508
2241a4b4857f316f8132fac76b63c8e70fe515f2358d406d06ce157f12d07e05
24b9a49d375465e659dbaecb3fda81fbf0d3eedbf138e29cb5229e502d8a4fa1
2ac46ebee46d515be86deeba385b4e41f8cff160364b362c9a6e153df327c66b
2ca32d461e4105aa8337ce1559b9f399527acb7be62124bae03a0106dc2d9a4b
3b918b6cef39462c9fed66b7ce89d8fd5fe04984c12f689e88327a703d738a0a
5aa02ad9ec4550065de8002ea1108be5d10bbb1173d2f3447f88ce1af317d4bd
5d15f9723ea3442c211f18565e32e53f014bd3a89736b1dcee4f6dbf0f77e1b3
5e4ce7b36ba37b78a5d5f9fd08e6b7b54ba6879d651aa46ec9e1d6fa24ebe30a
6fc2cfc62b3b2aac1231142913ec431ccd158b2a5bd978fd46761c92f25b698e
7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050
78bb9def9a72e745928a135a10ba32931988a3525345f322b57ba58261032535
7b9875e001c1bd5b8e28c829f00757e4ac0cc2ab94266e9c45b899ca2a7227a0
81966f32e7dc1603f92a9e3ebb1b90d2e0761c946d56cc29063a3ff74aec361c
8d5ddf9a1d0da03b8404b9ee4fc635fb2ff44e94bf6b6b17ccd8ff338e3d2de2
90dc2caa3120d76a9be08f7df29b012b195db647088e6a9bbe5065e74edae414
937c84900267b6b690579cf739922558dd457ab8de64ce9fec84656ab9e023b1
a4391ddecefac77f7652e5a966f3509959354beb8b6c90bab2d890d076d7b63d
b1001bce53cdab061fd0b549cdd3e451adbcd3413c227f032880edfddb56fcd5
baaa0e604618d6c368bb402beaf245a1d55ef80b4875c7987130c5bbff9da6ea
bef9554124d08539a99e1c8016d82359f5f6561c206ccb172521cac277d3d62e
ca544ba85d60287eb39676d0e471681332bf82921a7f8149c73823cb7d7e9893
d35e73edc030e667b728e2e626c782ec2b4d3b0a3044730c02b9a25dbf46be59
d40c636c6f5df8e97ce5d56c336a9c1379bfa2b963053386d670b6865be2913f
d45a6fcf975da20a9f76220b3e8b8a0d88c992eac53833acf0fe417ae018bbc2
e9a3b36151838b0f414f746033f07a79989e9b4bbe327190e395ffe631ff7a31
ea52c2604519304144d7267cf90f912ee6b092b2c5505576948568fe653dcac0
f2c9f8279b2f7f4864ff4a2685306c9d978a30b82d0c396ed20752f22374c82f
fc306ad03e79f14ca1a1a484d4e790b839ac0661246015e05c9ae575ec1b09f7
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e