best-invest-4all.com
Open in
urlscan Pro
2606:4700:3035::ac43:c455
Malicious Activity!
Public Scan
Effective URL: https://best-invest-4all.com/top/SELP/?sxid=kuo6xrli3bqv&ttorigin=kuo6xrli3bqv
Submission: On August 24 via api from US
Summary
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on August 12th 2020. Valid for: a year.
This is the only time best-invest-4all.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Investment Scam (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
4 | 185.53.177.73 185.53.177.73 | 61969 (TEAMINTER...) (TEAMINTERNET-AS) | |
1 | 185.53.179.29 185.53.179.29 | 61969 (TEAMINTER...) (TEAMINTERNET-AS) | |
2 | 3.90.125.85 3.90.125.85 | 14618 (AMAZON-AES) (AMAZON-AES) | |
1 | 52.218.30.99 52.218.30.99 | 16509 (AMAZON-02) (AMAZON-02) | |
1 1 | 3.126.48.135 3.126.48.135 | 16509 (AMAZON-02) (AMAZON-02) | |
21 | 2606:4700:303... 2606:4700:3035::ac43:c455 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a00:1450:400... 2a00:1450:4001:806::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:1450:400... 2a00:1450:4001:81a::2003 | 15169 (GOOGLE) (GOOGLE) | |
31 | 7 |
ASN14618 (AMAZON-AES, US)
PTR: ec2-3-90-125-85.compute-1.amazonaws.com
katie.ttnrd.com |
ASN16509 (AMAZON-02, US)
PTR: s3-eu-west-1.amazonaws.com
s3-eu-west-1.amazonaws.com |
ASN16509 (AMAZON-02, US)
PTR: ec2-3-126-48-135.eu-central-1.compute.amazonaws.com
utjwoevn.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
21 |
best-invest-4all.com
best-invest-4all.com |
2 MB |
4 |
capitalone.it
capitalone.it |
3 KB |
2 |
ttnrd.com
katie.ttnrd.com |
3 KB |
1 |
gstatic.com
fonts.gstatic.com |
9 KB |
1 |
googleapis.com
fonts.googleapis.com |
834 B |
1 |
utjwoevn.com
1 redirects
utjwoevn.com |
2 KB |
1 |
amazonaws.com
s3-eu-west-1.amazonaws.com |
7 KB |
1 |
parkingcrew.net
parkingcrew.net |
18 KB |
31 | 8 |
Domain | Requested by | |
---|---|---|
21 | best-invest-4all.com |
katie.ttnrd.com
best-invest-4all.com |
4 | capitalone.it |
parkingcrew.net
capitalone.it |
2 | katie.ttnrd.com |
capitalone.it
katie.ttnrd.com |
1 | fonts.gstatic.com |
fonts.googleapis.com
|
1 | fonts.googleapis.com |
best-invest-4all.com
|
1 | utjwoevn.com | 1 redirects |
1 | s3-eu-west-1.amazonaws.com |
katie.ttnrd.com
|
1 | parkingcrew.net |
capitalone.it
|
31 | 8 |
This site contains links to these domains. Also see Links.
Domain |
---|
utjwoevn.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
ttnrd.com Amazon |
2019-12-11 - 2021-01-11 |
a year | crt.sh |
*.s3-eu-west-1.amazonaws.com DigiCert Baltimore CA-2 G2 |
2020-08-04 - 2021-08-09 |
a year | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2020-08-12 - 2021-08-12 |
a year | crt.sh |
upload.video.google.com GTS CA 1O1 |
2020-08-11 - 2020-11-03 |
3 months | crt.sh |
*.gstatic.com GTS CA 1O1 |
2020-08-11 - 2020-11-03 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://best-invest-4all.com/top/SELP/?sxid=kuo6xrli3bqv&ttorigin=kuo6xrli3bqv
Frame ID: 1BBA5F94E424DFE474F7BFFE7BA61B22
Requests: 31 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- http://capitalone.it/ Page URL
- https://katie.ttnrd.com/tr?id=014eabf222d38d2cf8888a708d9dd7ef13522b2260.r&tk=eyJhbGciOiJIUzI1NiIsIn... Page URL
-
https://utjwoevn.com/click?trvid=10137&externalid=014eabf222d38d2cf8888a708d9dd7ef13522b2260.r.15...
HTTP 302
https://best-invest-4all.com/top/SELP/?sxid=kuo6xrli3bqv&ttorigin=kuo6xrli3bqv Page URL
Detected technologies
Nginx (Web Servers) ExpandDetected patterns
- headers server /nginx(?:\/([\d.]+))?/i
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Title: (function(){for(var g="function"==typeof Object.defineProperties?Object.defineProperty:function(b,c,a){if(a.get||a.set)throw new TypeError("ES3 does not support getters and setters.");b!=Array.prototype&&b!=Object.prototype&&(b[c]=a.value)},h="undefined"!=typeof window&&window===this?this:"undefined"!=typeof global&&null!=global?global:this,k=["String","prototype","repeat"],l=0;l<k.length-1;l++){var m=k[l];m in h||(h[m]={});h=h[m]}var n=k[k.length-1],p=h[n],q=p?p:function(b){var c;if(null==this)throw new TypeError("The 'this' value for String.prototype.repeat must not be null or undefined");c=this+"";if(0>b||1342177279<b)throw new RangeError("Invalid count value");b|=0;for(var a="";b;)if(b&1&&(a+=c),b>>>=1)c+=c;return a};q!=p&&null!=q&&g(h,n,{configurable:!0,writable:!0,value:q});var t=this;function u(b,c){var a=b.split("."),d=t;a[0]in d||!d.execScript||d.execScript("var "+a[0]);for(var e;a.length&&(e=a.shift());)a.length||void 0===c?d[e]?d=d[e]:d=d[e]={}:d[e]=c};function v(b){var c=b.length;if(0<c){for(var a=Array(c),d=0;d<c;d++)a[d]=b[d];return a}return[]};function w(b){var c=window;if(c.addEventListener)c.addEventListener("load",b,!1);else if(c.attachEvent)c.attachEvent("onload",b);else{var a=c.onload;c.onload=function(){b.call(this);a&&a.call(this)}}};var x;function y(b,c,a,d,e){this.h=b;this.j=c;this.l=a;this.f=e;this.g={height:window.innerHeight||document.documentElement.clientHeight||document.body.clientHeight,width:window.innerWidth||document.documentElement.clientWidth||document.body.clientWidth};this.i=d;this.b={};this.a=[];this.c={}}function z(b,c){var a,d,e=c.getAttribute("data-pagespeed-url-hash");if(a=e&&!(e in b.c))if(0>=c.offsetWidth&&0>=c.offsetHeight)a=!1;else{d=c.getBoundingClientRect();var f=document.body;a=d.top+("pageYOffset"in window?window.pageYOffset:(document.documentElement||f.parentNode||f).scrollTop);d=d.left+("pageXOffset"in window?window.pageXOffset:(document.documentElement||f.parentNode||f).scrollLeft);f=a.toString()+","+d;b.b.hasOwnProperty(f)?a=!1:(b.b[f]=!0,a=a<=b.g.height&&d<=b.g.width)}a&&(b.a.push(e),b.c[e]=!0)}y.prototype.checkImageForCriticality=function(b){b.getBoundingClientRect&&z(this,b)};u("pagespeed.CriticalImages.checkImageForCriticality",function(b){x.checkImageForCriticality(b)});u("pagespeed.CriticalImages.checkCriticalImages",function(){A(x)});function A(b){b.b={};for(var c=["IMG","INPUT"],a=[],d=0;d<c.length;++d)a=a.concat(v(document.getElementsByTagName(c[d])));if(a.length&&a[0].getBoundingClientRect){for(d=0;c=a[d];++d)z(b,c);a="oh="+b.l;b.f&&(a+="&n="+b.f);if(c=!!b.a.length)for(a+="&ci="+encodeURIComponent(b.a[0]),d=1;d<b.a.length;++d){var e=","+encodeURIComponent(b.a[d]);131072>=a.length+e.length&&(a+=e)}b.i&&(e="&rd="+encodeURIComponent(JSON.stringify(B())),131072>=a.length+e.length&&(a+=e),c=!0);C=a;if(c){d=b.h;b=b.j;var f;if(window.XMLHttpRequest)f=new XMLHttpRequest;else if(window.ActiveXObject)try{f=new ActiveXObject("Msxml2.XMLHTTP")}catch(r){try{f=new ActiveXObject("Microsoft.XMLHTTP")}catch(D){}}f&&(f.open("POST",d+(-1==d.indexOf("?")?"?":"&")+"url="+encodeURIComponent(b)),f.setRequestHeader("Content-Type","application/x-www-form-urlencoded"),f.send(a))}}}function B(){var b={},c;c=document.getElementsByTagName("IMG");if(!c.length)return{};var a=c[0];if(!("naturalWidth"in a&&"naturalHeight"in a))return{};for(var d=0;a=c[d];++d){var e=a.getAttribute("data-pagespeed-url-hash");e&&(!(e in b)&&0<a.width&&0<a.height&&0<a.naturalWidth&&0<a.naturalHeight||e in b&&a.width>=b[e].o&&a.height>=b[e].m)&&(b[e]={rw:a.width,rh:a.height,ow:a.naturalWidth,oh:a.naturalHeight})}return b}var C="";u("pagespeed.CriticalImages.getBeaconData",function(){return C});u("pagespeed.CriticalImages.Run",function(b,c,a,d,e,f){var r=new y(b,c,a,e,f);x=r;d&&w(function(){window.setTimeout(function(){A(r)},0)})});})();pagespeed.CriticalImages.Run('/ngx_pagespeed_beacon','https://www.valuta-konverterare.com/valkonv1/?valkonv1=392885059&valkonv2=9768152005&valkonv3=35686588687&valkonv4=p&valkonv5=n','4mRdCVURiz',true,false,'9Eoky0LnA6w');
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://capitalone.it/ Page URL
- https://katie.ttnrd.com/tr?id=014eabf222d38d2cf8888a708d9dd7ef13522b2260.r&tk=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwdWIiOiI1MDVjNmI4MTcxMzIwNDAyNTc1YjFkNmUiLCJ0cyI6IjA4MjQxMDE1IiwiZCI6ImNhcGl0YWxvbmUuaXQifQ.kQu4ZpjxesozERu3mWcrIhjv65hlgfzsxNKe01GfeNI Page URL
-
https://utjwoevn.com/click?trvid=10137&externalid=014eabf222d38d2cf8888a708d9dd7ef13522b2260.r.1598264125.440722ee0755445c2b2194e538853245&cpc=0.0089&sourceid=5025139f21fca70a0900014a&match=ron&carrier=wifi&mob_pf=macintosh&country=SE
HTTP 302
https://best-invest-4all.com/top/SELP/?sxid=kuo6xrli3bqv&ttorigin=kuo6xrli3bqv Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
31 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
/
capitalone.it/ |
4 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
js3.js
parkingcrew.net/assets/scripts/ |
17 KB 18 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
track.php
capitalone.it/ |
0 300 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
ls.php
capitalone.it/ |
0 347 B |
XHR
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
track.php
capitalone.it/ |
0 293 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
tr
katie.ttnrd.com/ |
2 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ajax-loader.gif
s3-eu-west-1.amazonaws.com/pxgif/ |
7 KB 7 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
trx
katie.ttnrd.com/ |
234 B 385 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
/
best-invest-4all.com/top/SELP/ Redirect Chain
|
30 KB 11 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
se-btc-fhern.css
best-invest-4all.com/top/SELP/Dagens%20Nyheter_files/ |
6 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
dn.png
best-invest-4all.com/top/SELP/Dagens%20Nyheter_files/ |
8 KB 8 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
as-seen.jfif
best-invest-4all.com/top/SELP/Dagens%20Nyheter_files/ |
20 KB 20 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Felix_Herngren1.jfif
best-invest-4all.com/top/SELP/Dagens%20Nyheter_files/ |
42 KB 42 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Felix_Herngren2.jfif
best-invest-4all.com/top/SELP/Dagens%20Nyheter_files/ |
56 KB 56 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Felix_Herngren3.jfif
best-invest-4all.com/top/SELP/Dagens%20Nyheter_files/ |
39 KB 39 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
xjfu04hzwv1fubhhu6l7.jfif
best-invest-4all.com/top/SELP/Dagens%20Nyheter_files/ |
78 KB 78 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ulprhvedsgozq6r6gy8t.jfif
best-invest-4all.com/top/SELP/Dagens%20Nyheter_files/ |
91 KB 92 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
scandi-family.jfif
best-invest-4all.com/top/SELP/Dagens%20Nyheter_files/ |
48 KB 48 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
everydayprofit_euro.gif
best-invest-4all.com/top/SELP/Dagens%20Nyheter_files/ |
571 KB 572 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
oliver-check.jfif
best-invest-4all.com/top/SELP/Dagens%20Nyheter_files/ |
333 KB 334 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
SE-step1.jfif
best-invest-4all.com/top/SELP/Dagens%20Nyheter_files/ |
105 KB 105 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
SE-step2.jfif
best-invest-4all.com/top/SELP/Dagens%20Nyheter_files/ |
31 KB 31 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
SE-step3.jfif
best-invest-4all.com/top/SELP/Dagens%20Nyheter_files/ |
23 KB 24 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
s1.jfif
best-invest-4all.com/top/SELP/Dagens%20Nyheter_files/ |
39 KB 40 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
s2.jfif
best-invest-4all.com/top/SELP/Dagens%20Nyheter_files/ |
42 KB 42 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
s3.jfif
best-invest-4all.com/top/SELP/Dagens%20Nyheter_files/ |
37 KB 37 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.js
best-invest-4all.com/top/SELP/Dagens%20Nyheter_files/ |
85 KB 29 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
7 KB 834 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sprite_side3.jpg
best-invest-4all.com/top/SELP/Dagens%20Nyheter_files/ |
283 B 283 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
mem5YaGs126MiZpBA-UN7rgOUuhpKKSTjw.woff2
fonts.gstatic.com/s/opensans/v17/ |
9 KB 9 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
ngx_pagespeed_beacon
best-invest-4all.com/ |
283 B 401 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Investment Scam (Online)4 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| trustedTypes object| pagespeed function| $ function| jQuery0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
best-invest-4all.com
capitalone.it
fonts.googleapis.com
fonts.gstatic.com
katie.ttnrd.com
parkingcrew.net
s3-eu-west-1.amazonaws.com
utjwoevn.com
185.53.177.73
185.53.179.29
2606:4700:3035::ac43:c455
2a00:1450:4001:806::200a
2a00:1450:4001:81a::2003
3.126.48.135
3.90.125.85
52.218.30.99
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
20a94dc4dfb13e385b257c230ecd0586092769b5017d088fe8c92762bfbaca0d
2963571f2036dd4792eb4acf99b1ae0ad34587312c631a4206a7a5db9ab0e5a2
2f84a481bfeca8f56677ddf912aa150855203512dba11a5165e911b7c9e489b0
41ae582c2966c114c9b12708ba4dd3441461f59b750433d76082d4aee7b31e5c
4b1ff32b483758f5f36de059db191a245aee588b3e28584a9a876aeb767348e8
595a99ea1e108420e4aeacbe713d264efe0f40770bb5db05f3f990e62102f3b4
59abb5017d72699e234da48572275b5e5cb26fd332b6fb5e763e376ed1732011
6c17669098d4f8b8cd255a30e3ab25b63829ed103ec3f15a0ba5a8c5e0f514a6
7addbf149c6d1e03a6b4204f824855458c53fbc5b693642da1b1ec7608234c4b
844567499e73dc38ce96c501f9d56bf167be75f1e9f969ad30ef524c738ef090
9bf2df9a216338f0a0fc572e12cd3d5f1938162ba63f942d5dc739a3180b94a3
9eb44f3327e7927df7199261cfdb86cbe3bfb92e82e6b6598db42714c4aa4535
a0658716bdea3d6d7bc9b0f17b9d38defb459faad64f93fa3a95f0f40e26d14d
a606134e35db97024d04789609660c94f87f660dc259d91db5180e32787d4dad
a84879746570e81e3d29411e40e138b0a7ae026728a6f9761c9a19ca5e1dc71a
b97dbc24aab723b43a63e6dcb6fd9468b960c952e9dea332d4395393e4f198d6
bc782a13f55258dcb19342a42ce7f3e52d8660a1123d060d4cf7fd151e84ff9d
bf5189504db2989e3793ea49c8896d16257f1c7c4e3ae1764e6b25e946c33ea2
d00255a582d67e7d1061097b97f939b3d4e4bd48c31e6e0fd1cdf3d2f271ab63
d9e7b7bd20247abcb6e88d052d3562463cdc19e76ffd767154f1452f519ba84f
e0646ceddeb0cbc962c06d9a2f31da5abfb074231ca4f768c4c33b823c0ce85e
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f4cd3aafbcd39299de3a7b2fbf85d8bffdc035eb40a4f27228ed2166aee4b324
f8ad963c1dce01b8c3ca19bfb27e47fd8b72951e68216a50bfc79d2b4c664c94