www.hethongquanly.org
Open in
urlscan Pro
14.160.51.50
Malicious Activity!
Public Scan
Submission: On October 30 via automatic, source openphish
Summary
This is the only time www.hethongquanly.org was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Impots Gouv (Government)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
46 | 14.160.51.50 14.160.51.50 | 45899 (VNPT-AS-V...) (VNPT-AS-VN VNPT Corp) | |
1 | 145.242.11.27 145.242.11.27 | 25186 (TRANSIT-V...) (TRANSIT-VPN-AS France Telecom Transpac_s Transit VPN network) | |
3 3 | 37.252.172.42 37.252.172.42 | 29990 (ASN-APPNEXUS) (ASN-APPNEXUS - AppNexus) | |
2 2 | 172.217.16.194 172.217.16.194 | 15169 (GOOGLE) (GOOGLE - Google Inc.) | |
1 | 37.252.172.40 37.252.172.40 | 29990 (ASN-APPNEXUS) (ASN-APPNEXUS - AppNexus) | |
1 | 2606:2800:133... 2606:2800:133:206e:1315:22a5:2006:24fd | 15133 (EDGECAST) (EDGECAST - MCI Communications Services) | |
1 2 | 62.161.94.220 62.161.94.220 | 49030 (AT-INTERNET) (AT-INTERNET) | |
4 | 2400:cb00:204... 2400:cb00:2048:1::6819:ba66 | 13335 (CLOUDFLAR...) (CLOUDFLARENET - CloudFlare) | |
1 | 2400:cb00:204... 2400:cb00:2048:1::681f:bac | 13335 (CLOUDFLAR...) (CLOUDFLARENET - CloudFlare) | |
3 | 2400:cb00:204... 2400:cb00:2048:1::6818:6117 | 13335 (CLOUDFLAR...) (CLOUDFLARENET - CloudFlare) | |
1 1 | 185.62.216.152 185.62.216.152 | 204000 (YAHOO-LOB) (YAHOO-LOB) | |
1 | 52.85.177.173 52.85.177.173 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
1 | 13.32.176.126 13.32.176.126 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
1 | 5.153.20.138 5.153.20.138 | 36351 (SOFTLAYER) (SOFTLAYER - SoftLayer Technologies Inc.) | |
1 | 2400:cb00:204... 2400:cb00:2048:1::6818:6017 | 13335 (CLOUDFLAR...) (CLOUDFLARENET - CloudFlare) | |
7 | 52.70.152.172 52.70.152.172 | 14618 (AMAZON-AES) (AMAZON-AES - Amazon.com) | |
1 | 108.161.189.121 108.161.189.121 | 54104 (AS-NETDNA) (AS-NETDNA - netDNA) | |
72 | 15 |
ASN45899 (VNPT-AS-VN VNPT Corp, VN)
PTR: static.vnpt.vn
www.hethongquanly.org |
ASN25186 (TRANSIT-VPN-AS France Telecom Transpac_s Transit VPN network, FR)
cfspart.impots.gouv.fr |
ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US)
PTR: 247.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
secure.adnxs.com |
ASN15169 (GOOGLE - Google Inc., US)
PTR: fra16s08-in-f194.1e100.net
cm.g.doubleclick.net |
ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US)
PTR: 155.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
ib.adnxs.com |
ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US)
ajax.microsoft.com |
ASN13335 (CLOUDFLARENET - CloudFlare, Inc., US)
www.comparinggenie.com |
ASN13335 (CLOUDFLARENET - CloudFlare, Inc., US)
freegeoip.net |
ASN13335 (CLOUDFLARENET - CloudFlare, Inc., US)
pstatic.eshopcomp.com |
ASN204000 (YAHOO-LOB, GB)
PTR: cserv-um-v01-22d.ams2.btrll.com
geo-um.btrll.com |
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-52-85-177-173.fra6.r.cloudfront.net
cache.btrll.com |
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-13-32-176-126.zrh50.r.cloudfront.net
app.eshopcomp.com |
ASN36351 (SOFTLAYER - SoftLayer Technologies Inc., US)
PTR: 8a.14.9905.ip4.static.sl-reverse.com
i.simpli.fi |
ASN13335 (CLOUDFLARENET - CloudFlare, Inc., US)
pstatic.eshopcomp.com |
ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-52-70-152-172.compute-1.amazonaws.com
hethongquanly_org.comparinggenie.com | |
hethongquanly-org.comparinggenie.com |
ASN54104 (AS-NETDNA - netDNA, US)
maxcdn.bootstrapcdn.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
46 |
hethongquanly.org
www.hethongquanly.org |
312 KB |
11 |
comparinggenie.com
www.comparinggenie.com hethongquanly_org.comparinggenie.com hethongquanly-org.comparinggenie.com |
150 KB |
5 |
eshopcomp.com
pstatic.eshopcomp.com app.eshopcomp.com |
62 B |
4 |
adnxs.com
3 redirects
secure.adnxs.com ib.adnxs.com |
3 KB |
2 |
btrll.com
1 redirects
geo-um.btrll.com cache.btrll.com |
519 B |
2 |
xiti.com
1 redirects
logc20.xiti.com |
443 B |
2 |
doubleclick.net
2 redirects
cm.g.doubleclick.net |
437 B |
1 |
bootstrapcdn.com
maxcdn.bootstrapcdn.com |
7 KB |
1 |
simpli.fi
i.simpli.fi |
35 B |
1 |
freegeoip.net
freegeoip.net |
194 B |
1 |
microsoft.com
ajax.microsoft.com |
33 KB |
1 |
impots.gouv.fr
cfspart.impots.gouv.fr |
|
0 |
starvard.net
Failed
mnh.starvard.net Failed |
|
72 | 13 |
Domain | Requested by | |
---|---|---|
46 | www.hethongquanly.org |
www.hethongquanly.org
|
4 | hethongquanly-org.comparinggenie.com |
hethongquanly_org.comparinggenie.com
www.hethongquanly.org |
4 | pstatic.eshopcomp.com |
www.hethongquanly.org
|
4 | www.comparinggenie.com |
www.hethongquanly.org
www.comparinggenie.com |
3 | hethongquanly_org.comparinggenie.com |
www.comparinggenie.com
www.hethongquanly.org |
3 | secure.adnxs.com | 3 redirects |
2 | logc20.xiti.com |
1 redirects
www.hethongquanly.org
|
2 | cm.g.doubleclick.net | 2 redirects |
1 | maxcdn.bootstrapcdn.com |
www.hethongquanly.org
|
1 | i.simpli.fi |
www.hethongquanly.org
|
1 | app.eshopcomp.com |
www.hethongquanly.org
|
1 | cache.btrll.com |
www.hethongquanly.org
|
1 | geo-um.btrll.com | 1 redirects |
1 | freegeoip.net |
www.hethongquanly.org
|
1 | ajax.microsoft.com |
www.hethongquanly.org
|
1 | ib.adnxs.com |
www.hethongquanly.org
|
1 | cfspart.impots.gouv.fr |
www.hethongquanly.org
|
0 | mnh.starvard.net Failed |
www.hethongquanly.org
|
72 | 18 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
cfspart.impots.gouv.fr Certigna Services CA |
2016-03-07 - 2019-03-07 |
3 years | crt.sh |
*.adnxs.com Symantec Class 3 ECC 256 bit SSL CA - G2 |
2017-01-25 - 2019-01-25 |
2 years | crt.sh |
*.btrll.com DigiCert SHA2 High Assurance Server CA |
2017-10-09 - 2018-04-08 |
6 months | crt.sh |
*.bootstrapcdn.com COMODO RSA Domain Validation Secure Server CA |
2017-10-03 - 2018-10-13 |
a year | crt.sh |
This page contains 4 frames:
Primary Page:
http://www.hethongquanly.org/cli/impotsgouv/portail/Connexion/monespace/Authentification/Impots.client/file/9c491e1b3dc65dea29b7db5a6870bd43NDg0N2RiMjBmZTI2NzIxYjVjZmMyNjllOTNmN2U3NGM=/
Frame ID: 14496.1
Requests: 66 HTTP requests in this frame
Frame:
http://www.hethongquanly.org/cli/impotsgouv/portail/Connexion/monespace/Authentification/Impots.client/file/9c491e1b3dc65dea29b7db5a6870bd43NDg0N2RiMjBmZTI2NzIxYjVjZmMyNjllOTNmN2U3NGM=/Impots.gouv.fr%20-%20Particuliers_files/Store.html
Frame ID: 14496.2
Requests: 2 HTTP requests in this frame
Frame:
http://www.hethongquanly.org/cli/impotsgouv/portail/Connexion/monespace/Authentification/Impots.client/file/9c491e1b3dc65dea29b7db5a6870bd43NDg0N2RiMjBmZTI2NzIxYjVjZmMyNjllOTNmN2U3NGM=/Impots.gouv.fr%20-%20Particuliers_files/Store.html
Frame ID: 14496.3
Requests: 2 HTTP requests in this frame
Frame:
http://www.hethongquanly.org/cli/impotsgouv/portail/Connexion/monespace/Authentification/Impots.client/file/9c491e1b3dc65dea29b7db5a6870bd43NDg0N2RiMjBmZTI2NzIxYjVjZmMyNjllOTNmN2U3NGM=/Impots.gouv.fr%20-%20Particuliers_files/Store.html
Frame ID: 14496.4
Requests: 2 HTTP requests in this frame
Screenshot
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
OWL Carousel (Widgets) Expand
Detected patterns
- script /owl.carousel.*\.js/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery(?:\-|\.)([\d.]*\d)[^\/]*\.js/i
- script /jquery.*\.js/i
- script /owl.carousel.*\.js/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 29- https://secure.adnxs.com/seg?add=2735784&t=2? HTTP 302
- https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D2735784%26t%3D2%3F HTTP 302
- https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_sc&uid=1496313526850662455 HTTP 302
- https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm=&google_sc=&uid=1496313526850662455&google_tc= HTTP 302
- https://ib.adnxs.com/setuid?entity=101&uid=1496313526850662455&code=CAESEAmWrU7MvN1vE84fb1OS0Ws&google_cver=1
- http://logc20.xiti.com/hit.xiti?s=244754&s2=6&p=particuliers&hl=19x25x28&r=1600x1200x24x24&ref= HTTP 302
- http://logc20.xiti.com/hit.xiti?s=244754&s2=6&p=particuliers&hl=19x25x28&r=1600x1200x24x24&ref=&Rdt=On
- https://secure.adnxs.com/seg?add=2735784&t=2? HTTP 302
- https://geo-um.btrll.com/v1/map/68e4318f0f7098c3/1496313526850662455/ HTTP 302
- https://cache.btrll.com/default/Pix-1x1.gif
72 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
www.hethongquanly.org/cli/impotsgouv/portail/Connexion/monespace/Authentification/Impots.client/file/9c491e1b3dc65dea29b7db5a6870bd43NDg0N2RiMjBmZTI2NzIxYjVjZmMyNjllOTNmN2U3NGM=/ |
68 KB 15 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
styles.css
www.hethongquanly.org/cli/impotsgouv/portail/Connexion/monespace/Authentification/Impots.client/file/9c491e1b3dc65dea29b7db5a6870bd43NDg0N2RiMjBmZTI2NzIxYjVjZmMyNjllOTNmN2U3NGM=/Impots.gouv.fr%20-%... |
38 KB 8 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
wysiwyg.css
www.hethongquanly.org/cli/impotsgouv/portail/Connexion/monespace/Authentification/Impots.client/file/9c491e1b3dc65dea29b7db5a6870bd43NDg0N2RiMjBmZTI2NzIxYjVjZmMyNjllOTNmN2U3NGM=/Impots.gouv.fr%20-%... |
16 B 16 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-1.10.2.min.js
www.hethongquanly.org/cli/impotsgouv/portail/Connexion/monespace/Authentification/Impots.client/file/9c491e1b3dc65dea29b7db5a6870bd43NDg0N2RiMjBmZTI2NzIxYjVjZmMyNjllOTNmN2U3NGM=/Impots.gouv.fr%20-%... |
91 KB 32 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
owl.carousel.min.js
www.hethongquanly.org/cli/impotsgouv/portail/Connexion/monespace/Authentification/Impots.client/file/9c491e1b3dc65dea29b7db5a6870bd43NDg0N2RiMjBmZTI2NzIxYjVjZmMyNjllOTNmN2U3NGM=/Impots.gouv.fr%20-%... |
15 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
script_divers.js
www.hethongquanly.org/cli/impotsgouv/portail/Connexion/monespace/Authentification/Impots.client/file/9c491e1b3dc65dea29b7db5a6870bd43NDg0N2RiMjBmZTI2NzIxYjVjZmMyNjllOTNmN2U3NGM=/Impots.gouv.fr%20-%... |
3 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
wp.js
www.hethongquanly.org/cli/impotsgouv/portail/Connexion/monespace/Authentification/Impots.client/file/9c491e1b3dc65dea29b7db5a6870bd43NDg0N2RiMjBmZTI2NzIxYjVjZmMyNjllOTNmN2U3NGM=/Impots.gouv.fr%20-%... |
10 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
wpnewbs.js
www.hethongquanly.org/cli/impotsgouv/portail/Connexion/monespace/Authentification/Impots.client/file/9c491e1b3dc65dea29b7db5a6870bd43NDg0N2RiMjBmZTI2NzIxYjVjZmMyNjllOTNmN2U3NGM=/Impots.gouv.fr%20-%... |
9 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
wpgb.js
www.hethongquanly.org/cli/impotsgouv/portail/Connexion/monespace/Authentification/Impots.client/file/9c491e1b3dc65dea29b7db5a6870bd43NDg0N2RiMjBmZTI2NzIxYjVjZmMyNjllOTNmN2U3NGM=/Impots.gouv.fr%20-%... |
9 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
services.js
www.hethongquanly.org/cli/impotsgouv/portail/Connexion/monespace/Authentification/Impots.client/file/9c491e1b3dc65dea29b7db5a6870bd43NDg0N2RiMjBmZTI2NzIxYjVjZmMyNjllOTNmN2U3NGM=/Impots.gouv.fr%20-%... |
112 KB 38 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
serviceset.js
www.hethongquanly.org/cli/impotsgouv/portail/Connexion/monespace/Authentification/Impots.client/file/9c491e1b3dc65dea29b7db5a6870bd43NDg0N2RiMjBmZTI2NzIxYjVjZmMyNjllOTNmN2U3NGM=/Impots.gouv.fr%20-%... |
112 KB 38 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
traffic.js
www.hethongquanly.org/cli/impotsgouv/portail/Connexion/monespace/Authentification/Impots.client/file/9c491e1b3dc65dea29b7db5a6870bd43NDg0N2RiMjBmZTI2NzIxYjVjZmMyNjllOTNmN2U3NGM=/Impots.gouv.fr%20-%... |
123 KB 42 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-1.7.2.min.js
www.hethongquanly.org/cli/impotsgouv/portail/Connexion/monespace/Authentification/Impots.client/file/9c491e1b3dc65dea29b7db5a6870bd43NDg0N2RiMjBmZTI2NzIxYjVjZmMyNjllOTNmN2U3NGM=/Impots.gouv.fr%20-%... |
93 KB 33 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
swfstore.js
www.hethongquanly.org/cli/impotsgouv/portail/Connexion/monespace/Authentification/Impots.client/file/9c491e1b3dc65dea29b7db5a6870bd43NDg0N2RiMjBmZTI2NzIxYjVjZmMyNjllOTNmN2U3NGM=/Impots.gouv.fr%20-%... |
12 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
dpx.js
www.hethongquanly.org/cli/impotsgouv/portail/Connexion/monespace/Authentification/Impots.client/file/9c491e1b3dc65dea29b7db5a6870bd43NDg0N2RiMjBmZTI2NzIxYjVjZmMyNjllOTNmN2U3NGM=/Impots.gouv.fr%20-%... |
4 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
itn.js
www.hethongquanly.org/cli/impotsgouv/portail/Connexion/monespace/Authentification/Impots.client/file/9c491e1b3dc65dea29b7db5a6870bd43NDg0N2RiMjBmZTI2NzIxYjVjZmMyNjllOTNmN2U3NGM=/Impots.gouv.fr%20-%... |
20 KB 9 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
z7b85.js
www.hethongquanly.org/cli/impotsgouv/portail/Connexion/monespace/Authentification/Impots.client/file/9c491e1b3dc65dea29b7db5a6870bd43NDg0N2RiMjBmZTI2NzIxYjVjZmMyNjllOTNmN2U3NGM=/Impots.gouv.fr%20-%... |
10 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
kw.js
www.hethongquanly.org/cli/impotsgouv/portail/Connexion/monespace/Authentification/Impots.client/file/9c491e1b3dc65dea29b7db5a6870bd43NDg0N2RiMjBmZTI2NzIxYjVjZmMyNjllOTNmN2U3NGM=/Impots.gouv.fr%20-%... |
4 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
impot_logo.jpg
www.hethongquanly.org/cli/impotsgouv/portail/Connexion/monespace/Authentification/Impots.client/file/9c491e1b3dc65dea29b7db5a6870bd43NDg0N2RiMjBmZTI2NzIxYjVjZmMyNjllOTNmN2U3NGM=/ |
21 KB 21 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
pic_alerte.gif
cfspart.impots.gouv.fr/templates/img/IR2015/ |
3 KB 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
valider.png
www.hethongquanly.org/cli/impotsgouv/portail/Connexion/monespace/Authentification/Impots.client/file/9c491e1b3dc65dea29b7db5a6870bd43NDg0N2RiMjBmZTI2NzIxYjVjZmMyNjllOTNmN2U3NGM=/ |
515 B 515 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
crd.png
www.hethongquanly.org/cli/impotsgouv/portail/Connexion/monespace/Authentification/Impots.client/file/9c491e1b3dc65dea29b7db5a6870bd43NDg0N2RiMjBmZTI2NzIxYjVjZmMyNjllOTNmN2U3NGM=/ |
9 KB 9 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cvv.gif
www.hethongquanly.org/cli/impotsgouv/portail/Connexion/monespace/Authentification/Impots.client/file/9c491e1b3dc65dea29b7db5a6870bd43NDg0N2RiMjBmZTI2NzIxYjVjZmMyNjllOTNmN2U3NGM=/ |
509 B 509 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
btn_coldroite_minisite.png
www.hethongquanly.org/cli/impotsgouv/portail/Connexion/monespace/Authentification/Impots.client/file/9c491e1b3dc65dea29b7db5a6870bd43NDg0N2RiMjBmZTI2NzIxYjVjZmMyNjllOTNmN2U3NGM=/Impots.gouv.fr%20-%... |
17 KB 17 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo_sp.gif
www.hethongquanly.org/cli/impotsgouv/portail/Connexion/monespace/Authentification/Impots.client/file/9c491e1b3dc65dea29b7db5a6870bd43NDg0N2RiMjBmZTI2NzIxYjVjZmMyNjllOTNmN2U3NGM=/Impots.gouv.fr%20-%... |
3 KB 3 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo_legifrance.gif
www.hethongquanly.org/cli/impotsgouv/portail/Connexion/monespace/Authentification/Impots.client/file/9c491e1b3dc65dea29b7db5a6870bd43NDg0N2RiMjBmZTI2NzIxYjVjZmMyNjllOTNmN2U3NGM=/Impots.gouv.fr%20-%... |
3 KB 3 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo_gouv.jpg
www.hethongquanly.org/cli/impotsgouv/portail/Connexion/monespace/Authentification/Impots.client/file/9c491e1b3dc65dea29b7db5a6870bd43NDg0N2RiMjBmZTI2NzIxYjVjZmMyNjllOTNmN2U3NGM=/Impots.gouv.fr%20-%... |
7 KB 7 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo_france-fr.gif
www.hethongquanly.org/cli/impotsgouv/portail/Connexion/monespace/Authentification/Impots.client/file/9c491e1b3dc65dea29b7db5a6870bd43NDg0N2RiMjBmZTI2NzIxYjVjZmMyNjllOTNmN2U3NGM=/Impots.gouv.fr%20-%... |
3 KB 3 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo_msp.gif
www.hethongquanly.org/cli/impotsgouv/portail/Connexion/monespace/Authentification/Impots.client/file/9c491e1b3dc65dea29b7db5a6870bd43NDg0N2RiMjBmZTI2NzIxYjVjZmMyNjllOTNmN2U3NGM=/Impots.gouv.fr%20-%... |
2 KB 2 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
hit.xiti
www.hethongquanly.org/cli/impotsgouv/portail/Connexion/monespace/Authentification/Impots.client/file/9c491e1b3dc65dea29b7db5a6870bd43NDg0N2RiMjBmZTI2NzIxYjVjZmMyNjllOTNmN2U3NGM=/Impots.gouv.fr%20-%... |
43 B 43 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
setuid
ib.adnxs.com/ Redirect Chain
|
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
pops
www.hethongquanly.org/cli/impotsgouv/portail/Connexion/monespace/Authentification/Impots.client/file/9c491e1b3dc65dea29b7db5a6870bd43NDg0N2RiMjBmZTI2NzIxYjVjZmMyNjllOTNmN2U3NGM=/Impots.gouv.fr%20-%... |
42 B 42 B |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
p
www.hethongquanly.org/cli/impotsgouv/portail/Connexion/monespace/Authentification/Impots.client/file/9c491e1b3dc65dea29b7db5a6870bd43NDg0N2RiMjBmZTI2NzIxYjVjZmMyNjllOTNmN2U3NGM=/Impots.gouv.fr%20-%... |
29 B 29 B |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
/
mnh.starvard.net/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-1.7.2.min.js
ajax.microsoft.com/ajax/jquery/ |
93 KB 33 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
secure.jpg
www.hethongquanly.org/cli/impotsgouv/portail/Connexion/monespace/Authentification/Impots.client/file/9c491e1b3dc65dea29b7db5a6870bd43NDg0N2RiMjBmZTI2NzIxYjVjZmMyNjllOTNmN2U3NGM=/ |
2 KB 2 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
top_bg_body.jpg
www.hethongquanly.org/cli/impotsgouv/portail/Connexion/monespace/Authentification/Impots.client/file/9c491e1b3dc65dea29b7db5a6870bd43NDg0N2RiMjBmZTI2NzIxYjVjZmMyNjllOTNmN2U3NGM=/img/ |
652 B 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bg_header.gif
www.hethongquanly.org/cli/impotsgouv/portail/Connexion/monespace/Authentification/Impots.client/file/9c491e1b3dc65dea29b7db5a6870bd43NDg0N2RiMjBmZTI2NzIxYjVjZmMyNjllOTNmN2U3NGM=/img/ |
650 B 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
2bis_bg_Connect.gif
www.hethongquanly.org/cli/impotsgouv/portail/Connexion/monespace/Authentification/Impots.client/file/9c491e1b3dc65dea29b7db5a6870bd43NDg0N2RiMjBmZTI2NzIxYjVjZmMyNjllOTNmN2U3NGM=/img/ |
656 B 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cabin-regular-webfont.woff
www.hethongquanly.org/cli/impotsgouv/portail/Connexion/monespace/Authentification/Impots.client/file/9c491e1b3dc65dea29b7db5a6870bd43NDg0N2RiMjBmZTI2NzIxYjVjZmMyNjllOTNmN2U3NGM=/font/cabin/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
sprite.png
www.hethongquanly.org/cli/impotsgouv/portail/Connexion/monespace/Authentification/Impots.client/file/9c491e1b3dc65dea29b7db5a6870bd43NDg0N2RiMjBmZTI2NzIxYjVjZmMyNjllOTNmN2U3NGM=/img/ |
647 B 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bg_button.gif
www.hethongquanly.org/cli/impotsgouv/portail/Connexion/monespace/Authentification/Impots.client/file/9c491e1b3dc65dea29b7db5a6870bd43NDg0N2RiMjBmZTI2NzIxYjVjZmMyNjllOTNmN2U3NGM=/img/ |
650 B 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bg_onglets.gif
www.hethongquanly.org/cli/impotsgouv/portail/Connexion/monespace/Authentification/Impots.client/file/9c491e1b3dc65dea29b7db5a6870bd43NDg0N2RiMjBmZTI2NzIxYjVjZmMyNjllOTNmN2U3NGM=/img/ |
651 B 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bg_internat.png
www.hethongquanly.org/cli/impotsgouv/portail/Connexion/monespace/Authentification/Impots.client/file/9c491e1b3dc65dea29b7db5a6870bd43NDg0N2RiMjBmZTI2NzIxYjVjZmMyNjllOTNmN2U3NGM=/img/ |
652 B 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bg_h3_contact.png
www.hethongquanly.org/cli/impotsgouv/portail/Connexion/monespace/Authentification/Impots.client/file/9c491e1b3dc65dea29b7db5a6870bd43NDg0N2RiMjBmZTI2NzIxYjVjZmMyNjllOTNmN2U3NGM=/img/ |
654 B 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bg_footer.jpg
www.hethongquanly.org/cli/impotsgouv/portail/Connexion/monespace/Authentification/Impots.client/file/9c491e1b3dc65dea29b7db5a6870bd43NDg0N2RiMjBmZTI2NzIxYjVjZmMyNjllOTNmN2U3NGM=/img/ |
650 B 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
hit.xiti
logc20.xiti.com/ Redirect Chain
|
43 B 43 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Store.html
www.hethongquanly.org/cli/impotsgouv/portail/Connexion/monespace/Authentification/Impots.client/file/9c491e1b3dc65dea29b7db5a6870bd43NDg0N2RiMjBmZTI2NzIxYjVjZmMyNjllOTNmN2U3NGM=/Impots.gouv.fr%20-%... Frame 1449 |
1 KB 733 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Store.html
www.hethongquanly.org/cli/impotsgouv/portail/Connexion/monespace/Authentification/Impots.client/file/9c491e1b3dc65dea29b7db5a6870bd43NDg0N2RiMjBmZTI2NzIxYjVjZmMyNjllOTNmN2U3NGM=/Impots.gouv.fr%20-%... Frame 1449 |
1 KB 733 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Store.html
www.hethongquanly.org/cli/impotsgouv/portail/Connexion/monespace/Authentification/Impots.client/file/9c491e1b3dc65dea29b7db5a6870bd43NDg0N2RiMjBmZTI2NzIxYjVjZmMyNjllOTNmN2U3NGM=/Impots.gouv.fr%20-%... Frame 1449 |
1 KB 733 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Cookie set
swfstore.js
www.comparinggenie.com/scripts/ |
12 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Cookie set
/
freegeoip.net/json/ |
232 B 194 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Cookie set
SharedApp.js
pstatic.eshopcomp.com/nwp/v0_0_557/release/Shared/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
services.js
www.comparinggenie.com/ |
727 B 420 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Pix-1x1.gif
cache.btrll.com/default/ Redirect Chain
|
42 B 42 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo.png
app.eshopcomp.com/a/inj/ |
43 B 62 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Cookie set
p
i.simpli.fi/ |
29 B 35 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
serviceset.js
www.comparinggenie.com/ |
1 KB 498 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cabin-regular-webfont.ttf
www.hethongquanly.org/cli/impotsgouv/portail/Connexion/monespace/Authentification/Impots.client/file/9c491e1b3dc65dea29b7db5a6870bd43NDg0N2RiMjBmZTI2NzIxYjVjZmMyNjllOTNmN2U3NGM=/font/cabin/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
IFrameStoreReciever.js
pstatic.eshopcomp.com/nwp/v0_0_557/release/Shared/Extra/ Frame 1449 |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
IFrameStoreReciever.js
pstatic.eshopcomp.com/nwp/v0_0_557/release/Shared/Extra/ Frame 1449 |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
IFrameStoreReciever.js
pstatic.eshopcomp.com/nwp/v0_0_557/release/Shared/Extra/ Frame 1449 |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
traffic.js
hethongquanly_org.comparinggenie.com/ |
99 KB 99 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
style.css
hethongquanly-org.comparinggenie.com/styles/ |
22 KB 22 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
hethongquanly.org.js
hethongquanly-org.comparinggenie.com/scripts/domain/ |
7 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
swfstore.js
hethongquanly_org.comparinggenie.com/scripts/ |
12 KB 12 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.4.0/css/ |
26 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cgfunc.js
hethongquanly_org.comparinggenie.com/ |
3 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
kw.js
www.comparinggenie.com/scripts/ |
9 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
searchkw.php
hethongquanly_org.comparinggenie.com/code/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
plog_c.php
hethongquanly-org.comparinggenie.com/code/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
plog_c.php
hethongquanly-org.comparinggenie.com/code/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- mnh.starvard.net
- URL
- http://mnh.starvard.net/?pid=2356&cc=MA&eid=1337&hid=18076491714403566395&v=0.1.1&ch=10&cid=0&tid=7&adtid=0&smid=0&pbid=0&oh=0&sh=bestwebnutfunblack.net
- Domain
- hethongquanly_org.comparinggenie.com
- URL
- http://hethongquanly_org.comparinggenie.com/code/searchkw.php?uid=null&d=hethongquanly.org&tm=0.009&distr=1&url=http%3A%2F/www.hethongquanly.org/cli/impotsgouv/portail/Connexion/monespace/Authentification/Impots.client/file/9c491e1b3dc65dea29b7db5a6870bd43NDg0N2RiMjBmZTI2NzIxYjVjZmMyNjllOTNmN2U3NGM%3D/
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Impots Gouv (Government)0 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
www.hethongquanly.org/ | Name: freegupc Value: DE |
11 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.microsoft.com
app.eshopcomp.com
cache.btrll.com
cfspart.impots.gouv.fr
cm.g.doubleclick.net
freegeoip.net
geo-um.btrll.com
hethongquanly-org.comparinggenie.com
hethongquanly_org.comparinggenie.com
i.simpli.fi
ib.adnxs.com
logc20.xiti.com
maxcdn.bootstrapcdn.com
mnh.starvard.net
pstatic.eshopcomp.com
secure.adnxs.com
www.comparinggenie.com
www.hethongquanly.org
hethongquanly_org.comparinggenie.com
mnh.starvard.net
108.161.189.121
13.32.176.126
14.160.51.50
145.242.11.27
172.217.16.194
185.62.216.152
2400:cb00:2048:1::6818:6017
2400:cb00:2048:1::6818:6117
2400:cb00:2048:1::6819:ba66
2400:cb00:2048:1::681f:bac
2606:2800:133:206e:1315:22a5:2006:24fd
37.252.172.40
37.252.172.42
5.153.20.138
52.70.152.172
52.85.177.173
62.161.94.220
0a0c4fba36624e4afe1982b3b47ce2048ba747178b2d56fbab7b494c88e7f5c3
0b8fd657a7347fb25ebe184b6a4252bfc49ec6c71cb14cfd6769dcaa901111f9
0ba081f546084bd5097aa8a73c75931d5aa1fc4d6e846e53c21f98e6a1509988
12d71b821dd6175505ba7a6b9db4d6153d137a90f4f6c994911ded59d37a9958
131889e98823555ca5e127771b53e41ab284ad95eb0c0860338e996b1d17554c
19c7d32cf0ede1e4502c134f1d5757c9bb67aa0f46f2938fda9499b809734073
1ab0cd141d27cedf533c404eb256204a5f97b68a105f4b0d00045b0ca57aa6de
234aa1502fbd1e82a8f0873db30a7316ca94f55b3ee38af32d96f7be3c1b6ba2
275b7a867831a923bb2ab17160004afef43973ac2192b04724506608b8255d99
29daaff46360b5d838dd51807afa6bcb4f14c386feaa7e0d0d622d41f26ee36a
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2e3c000bb11b035e1a6bfe511338a7877fdc67f5c51a5ff29394e4d3735b36df
349648b5f3dcee4cad75266f3b0f307dd56c1d1766761129ca472b9ef5d10c9b
3b5b95ee14d3c3e64158175050be929c9fb2612a1c003df388d62af47a4c3e37
3e6e187d4d8ccf26764850b5f0a8189d27bc46080956c13fb511dc2ed0442c92
3f5202d666d2390b8a90131fbfb0a603b4f56004698a2cd7ec42a69258dffb0a
47b68dce8cb6805ad5b3ea4d27af92a241f4e29a5c12a274c852e4346a0500b4
4b18105a346260a3e8359cd02633fd5f8bb244f2d5f43e4375a1efd10e5c865a
58b70b4cdcb982be2ab0d89312bb4b1f8596c2294392983aba048cc046acc7c5
5e3c5804336535a91bde368fc92b05bd43aa2287fceb96d68056d76d25d56352
622278a61c43b12c078762a92879199cf54668a39f3189773922b00d9b9a9565
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
703f610e00a3b7f18e7bc6bfa6212dabfe643db6c81ec73c2e7b924dd81317a7
72b04b2c8e63f7cfda76252398205f6efc4b4da7473864ee0ee5727bb79d23aa
739dbeb56265d8dff72c6a8f2dc72424b5f2d8c668c31e9fa0499a26c1ca00be
7c8c8808aad0cd725ff8cf36710c276545352482b54affc94db873adc6fe3235
7d1df60dfa253e58f054f866a3c46e59648d46757d732632fb349d7a92318d17
8254c9ce56497ac4e9e296b9b8d35cccde8872e5961de17b7b7bb65d8c2cf1db
85a25f4adf4883e5e745bfba817c4589a51d67afb7e482fc7433165c7a6f2603
8bc9ddd890abffccfbaa56f19b36e2789e815a62b6c6bc2b1a5fd5ddfb7c1368
936ffccdc35bc55221e669d0e76034af76ba8c080c1b1149144dbbd3b5311829
9997f31a907d76f82724c1e656ee88147af0a45347a8d5def75a866ea1b50cd7
9d0567e661cf2d5205acaaec1a0c7dfee24f48af2d56a56212c1b4db1ab88b60
9d9b087a84586f65267e0e9843062a4ad6e28bb7a435ee755fa0241540d54bb4
a033bdede0a6db7d3db3bcf4e3c7f65157c530d7f6c5f6cb937b5fca025d0dc5
a2cee451f1ea265309201e4cad209481131a04c9719021a7f6edf3e20787c006
a9114cd3a75322500dbbca9ab92b371b505c42907f317139e02efc84a91f9c3a
abacaaa0e540760aff1e75965820814e7cf0814bc098c90002181b4b3408ceb3
bfac9e74ec793c34b9fa864d4004a2191c95650f385d0ab3dc3d7f1765024fd7
c00425b03f9f4aa5ecf69fbaba6c494881836a6736e3e99b4b99c2b93bd8dd62
c4a8462b6d91f2b00fec6a1e09b30ac1cdbc4a445bdd10651e03f38aef9852cc
cccc925e5d65797c5ce666f73956fa147f9c346da69a0ac512a0858e29b5af40
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d841754163f6d3f7a257af53c78c476857b03f211f41f931204a840770a089bb
d8d9c687090031de9bcd1b6c285c015770514032a72f8e9121ed87decc549021
d9f1b96304e2373249e1d8e92bf8791157d5c00a023c605223f0cd10e388e7f4
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e60ce04d88ce0414bf1e1c4ea463b77789ce739ec32161fd8859ceafaa319931
e632e5a7890e1c2f3eda43054bd7ee93385667d60520d571dd9d4823565cc845
ec69c5708e17e34257cc9e8a3102bff0c8ed64b5bc45211a13a74332238b7637
f12586c797355e9345fabf078d122b5f5de18e98101f2d667e54e8b745d474ec
f26b6ff7066812ec11f1ee810af73acbc7a4acc3a89615b29989fa92187991b8
f4f598b5fc93817de8bdd76013d28b4c092b8f139be116e625d046e3b3b9be30
fbae0ff7c55dfecefc0cfa35d878f2932cc3c2c81b6fb45a8c4f833e79f70518
fc61edb509829d7a11f451caba5084edca34898bf01d4f20c0b569bc1eb278a0