7.bdf.lebenscoach-hayriye.de
Open in
urlscan Pro
116.203.253.186
Malicious Activity!
Public Scan
Submission: On October 07 via manual from US
Summary
This is the only time 7.bdf.lebenscoach-hayriye.de was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Banking (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
11 | 116.203.253.186 116.203.253.186 | 24940 (HETZNER-AS) (HETZNER-AS) | |
2 | 2001:4de0:ac1... 2001:4de0:ac19::1:b:3b | 20446 (HIGHWINDS3) (HIGHWINDS3 - Highwinds Network Group) | |
1 | 2a00:1450:400... 2a00:1450:4001:821::200a | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
1 | 2606:4700:30:... 2606:4700:30::681f:4c4e | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
5 | 198.54.121.142 198.54.121.142 | 22612 (NAMECHEAP...) (NAMECHEAP-NET - Namecheap) | |
1 | 2606:4700:30:... 2606:4700:30::6818:7dbc | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
1 | 192.0.77.2 192.0.77.2 | 2635 (AUTOMATTIC) (AUTOMATTIC - Automattic) | |
1 | 198.54.115.237 198.54.115.237 | 22612 (NAMECHEAP...) (NAMECHEAP-NET - Namecheap) | |
1 | 104.109.54.84 104.109.54.84 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
1 | 176.114.1.150 176.114.1.150 | 56485 (THEHOST-AS) (THEHOST-AS) | |
1 | 162.144.200.37 162.144.200.37 | 46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1 - Unified Layer) | |
2 | 2a00:1450:400... 2a00:1450:4001:81c::200e | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
1 | 46.105.201.240 46.105.201.240 | 16276 (OVH) (OVH) | |
1 | 158.69.252.241 158.69.252.241 | 16276 (OVH) (OVH) | |
33 | 15 |
ASN24940 (HETZNER-AS, DE)
PTR: static.186.253.203.116.clients.your-server.de
7.bdf.lebenscoach-hayriye.de | |
116.203.253.186 |
ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US)
maxcdn.bootstrapcdn.com |
ASN15169 (GOOGLE - Google LLC, US)
ajax.googleapis.com |
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
bankingonlinelogin.com |
ASN22612 (NAMECHEAP-NET - Namecheap, Inc., US)
PTR: premium67-3.web-hosting.com
ulumgroup.com |
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
s2.studylib.net |
ASN2635 (AUTOMATTIC - Automattic, Inc, US)
PTR: i1.wp.com
i2.wp.com |
ASN22612 (NAMECHEAP-NET - Namecheap, Inc., US)
PTR: premium36-3.web-hosting.com
usaroutingnumber.com |
ASN20940 (AKAMAI-ASN1, US)
PTR: a104-109-54-84.deploy.static.akamaitechnologies.com
media.heartlandtv.com |
ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US)
PTR: 162-144-200-37.unifiedlayer.com
howtobankonline.org |
ASN15169 (GOOGLE - Google LLC, US)
encrypted-tbn0.gstatic.com |
ASN16276 (OVH, FR)
PTR: ns561403.ip-158-69-252.net
s4.histats.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
5 |
ulumgroup.com
ulumgroup.com |
192 KB |
2 |
histats.com
s10.histats.com s4.histats.com |
5 KB |
2 |
gstatic.com
encrypted-tbn0.gstatic.com |
13 KB |
2 |
bootstrapcdn.com
maxcdn.bootstrapcdn.com |
29 KB |
1 |
howtobankonline.org
howtobankonline.org |
18 KB |
1 |
banksonlinelogin.com
banksonlinelogin.com |
25 KB |
1 |
heartlandtv.com
media.heartlandtv.com |
1 MB |
1 |
usaroutingnumber.com
usaroutingnumber.com |
40 KB |
1 |
wp.com
i2.wp.com |
6 KB |
1 |
studylib.net
s2.studylib.net |
103 KB |
1 |
bankingonlinelogin.com
bankingonlinelogin.com |
85 KB |
1 |
googleapis.com
ajax.googleapis.com |
30 KB |
1 |
lebenscoach-hayriye.de
7.bdf.lebenscoach-hayriye.de |
6 KB |
0 |
Failed
function sub() { [native code] }. Failed |
|
0 |
comerica.com
Failed
www.comerica.com Failed |
|
33 | 15 |
Domain | Requested by | |
---|---|---|
5 | ulumgroup.com |
7.bdf.lebenscoach-hayriye.de
|
2 | encrypted-tbn0.gstatic.com |
7.bdf.lebenscoach-hayriye.de
|
2 | maxcdn.bootstrapcdn.com |
7.bdf.lebenscoach-hayriye.de
|
1 | s4.histats.com |
s10.histats.com
|
1 | s10.histats.com |
7.bdf.lebenscoach-hayriye.de
|
1 | howtobankonline.org |
7.bdf.lebenscoach-hayriye.de
|
1 | banksonlinelogin.com |
7.bdf.lebenscoach-hayriye.de
|
1 | media.heartlandtv.com |
7.bdf.lebenscoach-hayriye.de
|
1 | usaroutingnumber.com |
7.bdf.lebenscoach-hayriye.de
|
1 | i2.wp.com |
7.bdf.lebenscoach-hayriye.de
|
1 | s2.studylib.net |
7.bdf.lebenscoach-hayriye.de
|
1 | bankingonlinelogin.com |
7.bdf.lebenscoach-hayriye.de
|
1 | ajax.googleapis.com |
7.bdf.lebenscoach-hayriye.de
|
1 | 7.bdf.lebenscoach-hayriye.de | |
0 | Failed |
7.bdf.lebenscoach-hayriye.de
|
0 | www.comerica.com Failed |
7.bdf.lebenscoach-hayriye.de
|
33 | 16 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.bootstrapcdn.com Sectigo RSA Domain Validation Secure Server CA |
2019-09-14 - 2020-10-13 |
a year | crt.sh |
*.googleapis.com GTS CA 1O1 |
2019-09-17 - 2019-12-10 |
3 months | crt.sh |
sni.cloudflaressl.com CloudFlare Inc ECC CA-2 |
2019-06-17 - 2020-06-16 |
a year | crt.sh |
sni139399.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2 |
2019-09-05 - 2020-03-13 |
6 months | crt.sh |
*.wp.com Go Daddy Secure Certificate Authority - G2 |
2018-04-10 - 2020-05-11 |
2 years | crt.sh |
usaroutingnumber.com Let's Encrypt Authority X3 |
2019-03-04 - 2019-06-02 |
3 months | crt.sh |
banksonlinelogin.com Let's Encrypt Authority X3 |
2019-09-01 - 2019-11-30 |
3 months | crt.sh |
howtobankonline.org Let's Encrypt Authority X3 |
2019-08-06 - 2019-11-04 |
3 months | crt.sh |
*.google.com GTS CA 1O1 |
2019-09-17 - 2019-12-10 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
http://7.bdf.lebenscoach-hayriye.de/comerica-wiring-instructions.html
Frame ID: 7CDA9F2CB1210DD0816099B78F6608C6
Requests: 33 HTTP requests in this frame
Screenshot
Detected technologies
WordPress (CMS) ExpandDetected patterns
- html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
- script /\/wp-(?:content|includes)\//i
- headers link /rel="https:\/\/api\.w\.org\/"/i
PHP (Programming Languages) Expand
Detected patterns
- html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
- script /\/wp-(?:content|includes)\//i
- headers link /rel="https:\/\/api\.w\.org\/"/i
MySQL (Databases) Expand
Detected patterns
- html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
- script /\/wp-(?:content|includes)\//i
- headers link /rel="https:\/\/api\.w\.org\/"/i
Bootstrap (Web Frameworks) Expand
Detected patterns
- html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i
- script /(?:\/([\d.]+))?(?:\/js)?\/bootstrap(?:\.min)?\.js/i
Nginx (Web Servers) Expand
Detected patterns
- headers server /nginx(?:\/([\d.]+))?/i
FancyBox (JavaScript Libraries) Expand
Detected patterns
- script /jquery\.fancybox(?:\.pack|\.min)?\.js(?:\?v=([\d.]+))?$/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
- script /jquery\.fancybox(?:\.pack|\.min)?\.js(?:\?v=([\d.]+))?$/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
33 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
comerica-wiring-instructions.html
7.bdf.lebenscoach-hayriye.de/ |
21 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.css
maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/ |
118 KB 20 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.1.1/ |
85 KB 30 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.js
maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/ |
36 KB 10 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
style.css
116.203.253.186/wp-content/themes/gn/ |
7 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.mousewheel.pack.js
116.203.253.186/wp-content/themes/gn/images/ |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.fancybox.css
116.203.253.186/wp-content/themes/gn/images/source/ |
5 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.fancybox.pack.js
116.203.253.186/wp-content/themes/gn/images/source/ |
23 KB 9 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.fancybox-buttons.css
116.203.253.186/wp-content/themes/gn/images/source/helpers/ |
2 KB 1019 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.fancybox-buttons.js
116.203.253.186/wp-content/themes/gn/images/source/helpers/ |
3 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.fancybox-media.js
116.203.253.186/wp-content/themes/gn/images/source/helpers/ |
5 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.fancybox-thumbs.css
116.203.253.186/wp-content/themes/gn/images/source/helpers/ |
735 B 584 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.fancybox-thumbs.js
116.203.253.186/wp-content/themes/gn/images/source/helpers/ |
4 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
comerica-bank-online-banking-account-sign-up-2.jpg
bankingonlinelogin.com/wp-content/uploads/2018/05/ |
84 KB 85 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Comerica-Check-1280x720.jpg
ulumgroup.com/wp-content/uploads/2019/03/ |
68 KB 69 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Comerica-Web-Banking-Login.png
ulumgroup.com/wp-content/uploads/2019/03/ |
47 KB 47 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
check_jpg.jpg
www.comerica.com/content/dam/comerica/en/images/misc-images/Personal/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
IBC-check-International-Bank-of-Commerce-300x200.jpg
ulumgroup.com/wp-content/uploads/2019/04/ |
12 KB 13 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
016087947_1-878ad3dacda24f74f69ae0e137a6860c.png
s2.studylib.net/store/data/ |
103 KB 103 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
capital-one-routing-number-and-wiring-instructions-sunflower-bank-check-it.png
i2.wp.com/flowernifty.com/wp-content/uploads/images/ |
5 KB 6 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
HSBC-Sample-check-300x200.jpg
ulumgroup.com/wp-content/uploads/2019/04/ |
9 KB 9 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
heloc-fl.png
www.comerica.com/content/dam/comerica/en/images/personal/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
comerica-bank-routing-number-on-checks-300x147.png
usaroutingnumber.com/wp-content/uploads/2018/03/ |
39 KB 40 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Comerica-244x244.png
ulumgroup.com/wp-content/uploads/2019/03/ |
53 KB 53 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
IMG_0289.JPG
media.heartlandtv.com/images/ |
1 MB 1 MB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
routing-number-icon.png
banksonlinelogin.com/wp-content/uploads/2014/10/ |
25 KB 25 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
66208fa34a61f7483ac94c4f7f0ec65612065759a58297c95f043347de9070a4
/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Comercia-Bank-Routing-Number-on-Check-400x215.png
howtobankonline.org/wp-content/uploads/ |
17 KB 18 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
images
encrypted-tbn0.gstatic.com/ |
8 KB 8 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
secure-icon.png
116.203.253.186/wp-content/themes/gn/images/ |
18 KB 18 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
js15_as.js
s10.histats.com/ |
11 KB 5 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
images
encrypted-tbn0.gstatic.com/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
0.php
s4.histats.com/stats/ |
52 B 323 B |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- www.comerica.com
- URL
- https://www.comerica.com/content/dam/comerica/en/images/misc-images/Personal/check_jpg.jpg
- Domain
- www.comerica.com
- URL
- https://www.comerica.com/content/dam/comerica/en/images/personal/heloc-fl.png
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Banking (Banking)10 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate function| $ function| jQuery object| _Hasync function| chfh function| chfh2 string| _HST_cntval object| Histats object| _HistatsCounterGraphics_0_setValues0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
7.bdf.lebenscoach-hayriye.de
ajax.googleapis.com
bankingonlinelogin.com
banksonlinelogin.com
encrypted-tbn0.gstatic.com
howtobankonline.org
i2.wp.com
maxcdn.bootstrapcdn.com
media.heartlandtv.com
s10.histats.com
s2.studylib.net
s4.histats.com
ulumgroup.com
usaroutingnumber.com
www.comerica.com
www.comerica.com
104.109.54.84
116.203.253.186
158.69.252.241
162.144.200.37
176.114.1.150
192.0.77.2
198.54.115.237
198.54.121.142
2001:4de0:ac19::1:b:3b
2606:4700:30::6818:7dbc
2606:4700:30::681f:4c4e
2a00:1450:4001:81c::200e
2a00:1450:4001:821::200a
46.105.201.240
0cc0d8717f81afb4e045636c59634993dbe2630fa1adc77e0b54c4876c30cdc8
1f730c8b78091c3479abc2fb805b9093138f05acd0de421b8da96389cbbb9668
3262d61214c051fd1ddc466741e89970ef1755f2044de8ba9d6821a7adfa8841
33675f4a8b0e98d8cac9af2b3cd9374abd17070a24de91ee5c4035754c9127f5
350116180d1380c4d6a892badb35ac9e41fa80d165e822a43264ef52dda640ce
53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef
5512f400cac3fbb1fdfbb02989ed098f88a2af5a6e4ba3d88a039bc421ea7ffe
57d645b552c44d34e97127ccc40bcadda7b2ba9e544f725cfc863012677cd47e
590f387b0eb98f9507c0697fc62872b8f4047201e2daa1c4dd3169fdc5614d43
67f2fd079ff9b3d4be258718787f7c72c7d3ed3e9229473f0f6392422afb7475
719e98c67ac72a550f76485780742f09b06ebb43ad59951a7dbe9e743f735d26
731445e29bba88432ef73088157225e0c3c3d055c8226f03ab25ed1de8780ef6
74489f52ef7781aa554acd81873491fde042c1bdfbae1e8d56816a478a734672
7d407af0ad14ccd5b166025293369914f3afdaabd6806412ae0c88d91025241d
85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf
8a9cdaeba17ef981f99f81b446996912c4523034d203a782564f5f4b15ac96d8
8dd5f5084454b17fc73b925cedf350b93f7fe33479d91d510099225660c988b8
9293004ffea27d33c649adfb86cc7a14bffebd27eb61e65be86f93457ba576a0
9affe5c517b86320fb70fb24812ccfbd9aa27f8078ff6024f9e58c0e2033d4ba
9bc1459fc93b2479fe3c0192d42273b1e4554bacff3bfaa48dda45dc71953d34
c5433c024ecc7cdfa64007b616873eafcad41ff2c5d5ba8af2f8406c803dcaa4
d5dbb7c54e1b76b3077e1251a8266e461c9a97557e54cd5276ffd6b1b8ccaa20
d776e14a8201609edbafe44614b4e1e160a8001f5106eac6e5fb08a4ffc2b9bb
d836d81acb5d5e712c55c4f7911d93513fe1d7d0336353085aa5bd0f36b6998c
dc03042727f81c5143dc3ea5e68d9b3155a6cef763e6e1d8cea17c051d68d472
e0ba73115c657a6a348fdaf6172f869c5a440c887ae0a2da2543cab9de14813f
e5039e2221ad6b206c213c77be0b4e477234a47dddd4c39327edabb58f11339a
e8dedccfa4442cf04e0cb5bd76ff2028d53d4ce0649781110f1c307da4e8e4dc
f51a418aede1e4e22f87a247f4847d94eb87f9f92197ef73284924b5d39dee16
f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c