![](/screenshots/ef95146f-ecf4-451a-9bb6-a6e436400439.png)
bnpparibas-banking.erli-tore.de
Open in
urlscan Pro
2a06:98c1:3121::3
Malicious Activity!
Public Scan
Effective URL: https://bnpparibas-banking.erli-tore.de/bnpparibas2d3d6z/app/main.php
Submission: On April 30 via api from BE — Scanned from DE
Summary
TLS certificate: Issued by GTS CA 1P5 on April 28th 2024. Valid for: 3 months.
This is the only time bnpparibas-banking.erli-tore.de was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: BNP Paribas (Banking) Generic Cloudflare (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 2606:4700:303... 2606:4700:3036::ac43:cae6 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 32 | 2a06:98c1:312... 2a06:98c1:3121::3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 2606:4700::68... 2606:4700::6811:180e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 2620:1ec:21::14 2620:1ec:21::14 | 8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
34 | 4 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
32 |
erli-tore.de
2 redirects
bnpparibas-banking.erli-tore.de |
731 KB |
2 |
linkedin.com
px.ads.linkedin.com — Cisco Umbrella Rank: 328 |
877 B |
2 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 231 |
31 KB |
1 |
maurerwerk.de
1 redirects
www.maurerwerk.de |
579 B |
34 | 4 |
Domain | Requested by | |
---|---|---|
32 | bnpparibas-banking.erli-tore.de |
2 redirects
bnpparibas-banking.erli-tore.de
|
2 | px.ads.linkedin.com |
bnpparibas-banking.erli-tore.de
|
2 | cdnjs.cloudflare.com |
bnpparibas-banking.erli-tore.de
|
1 | www.maurerwerk.de | 1 redirects |
34 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
erli-tore.de GTS CA 1P5 |
2024-04-28 - 2024-07-27 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2023-07-03 - 2024-07-02 |
a year | crt.sh |
www.linkedin.com DigiCert SHA2 Secure Server CA |
2024-01-30 - 2024-07-30 |
6 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://bnpparibas-banking.erli-tore.de/bnpparibas2d3d6z/app/main.php
Frame ID: FB98BB72071030887D691DA7B40A09D9
Requests: 36 HTTP requests in this frame
Screenshot
![](/screenshots/ef95146f-ecf4-451a-9bb6-a6e436400439.png)
Page URL History Show full URLs
-
https://www.maurerwerk.de/be_/biz8yoa6dj02hh4gnbl
HTTP 302
https://bnpparibas-banking.erli-tore.de/bnpparibas2d3d6z/ HTTP 302
https://bnpparibas-banking.erli-tore.de/bnpparibas2d3d6z/app/main.php Page URL
-
https://bnpparibas-banking.erli-tore.de/cdn-cgi/phish-bypass?atok=Kt6nJ3q2mjkAT24yg.KmPdSL21OkGE6PKcCV7lorb6s-171444...
HTTP 301
https://bnpparibas-banking.erli-tore.de/bnpparibas2d3d6z/app/main.php Page URL
Detected technologies
Detected patterns
- \.php(?:$|\?)
![](/vendor/wappa/icons/Bootstrap.png)
Detected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Detected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://www.maurerwerk.de/be_/biz8yoa6dj02hh4gnbl
HTTP 302
https://bnpparibas-banking.erli-tore.de/bnpparibas2d3d6z/ HTTP 302
https://bnpparibas-banking.erli-tore.de/bnpparibas2d3d6z/app/main.php Page URL
-
https://bnpparibas-banking.erli-tore.de/cdn-cgi/phish-bypass?atok=Kt6nJ3q2mjkAT24yg.KmPdSL21OkGE6PKcCV7lorb6s-1714447353-0.0.1.1-%2Fbnpparibas2d3d6z%2Fapp%2Fmain.php
HTTP 301
https://bnpparibas-banking.erli-tore.de/bnpparibas2d3d6z/app/main.php Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://www.maurerwerk.de/be_/biz8yoa6dj02hh4gnbl HTTP 302
- https://bnpparibas-banking.erli-tore.de/bnpparibas2d3d6z/ HTTP 302
- https://bnpparibas-banking.erli-tore.de/bnpparibas2d3d6z/app/main.php
34 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H3 |
main.php
bnpparibas-banking.erli-tore.de/bnpparibas2d3d6z/app/ Redirect Chain
|
4 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
cf.errors.css
bnpparibas-banking.erli-tore.de/cdn-cgi/styles/ |
23 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
icon-exclamation.png
bnpparibas-banking.erli-tore.de/cdn-cgi/images/ |
452 B 634 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
favicon.ico
bnpparibas-banking.erli-tore.de/ |
293 B 685 B |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Primary Request
main.php
bnpparibas-banking.erli-tore.de/bnpparibas2d3d6z/app/ Redirect Chain
|
17 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bk-coretag.js
bnpparibas-banking.erli-tore.de/bnpparibas2d3d6z/app/xxx_files/ |
51 KB 16 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
js
bnpparibas-banking.erli-tore.de/bnpparibas2d3d6z/app/xxx_files/ |
194 KB 195 KB |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
insight.min.js
bnpparibas-banking.erli-tore.de/bnpparibas2d3d6z/app/xxx_files/ |
48 KB 18 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bootstrap-grid.min.css
bnpparibas-banking.erli-tore.de/bnpparibas2d3d6z/app/xxx_files/ |
501 B 783 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
main.css
bnpparibas-banking.erli-tore.de/bnpparibas2d3d6z/app/xxx_files/ |
489 KB 66 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
tinymce.css
bnpparibas-banking.erli-tore.de/bnpparibas2d3d6z/app/xxx_files/ |
501 B 786 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
brand-isolated.css
bnpparibas-banking.erli-tore.de/bnpparibas2d3d6z/app/xxx_files/ |
156 B 579 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Application.css
bnpparibas-banking.erli-tore.de/bnpparibas2d3d6z/app/xxx_files/ |
131 B 570 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
iscroll.js
bnpparibas-banking.erli-tore.de/bnpparibas2d3d6z/app/xxx_files/ |
50 KB 12 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
config.js
bnpparibas-banking.erli-tore.de/bnpparibas2d3d6z/app/xxx_files/ |
9 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
main.js
bnpparibas-banking.erli-tore.de/bnpparibas2d3d6z/app/xxx_files/ |
164 KB 39 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
vendors-main.js
bnpparibas-banking.erli-tore.de/bnpparibas2d3d6z/app/xxx_files/ |
137 KB 54 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
pagebus.js
bnpparibas-banking.erli-tore.de/bnpparibas2d3d6z/app/xxx_files/ |
12 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.7.1/ |
85 KB 27 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
jquery.mask.min.js
cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.16/ |
8 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bnpp-fortis-isolated.css
bnpparibas-banking.erli-tore.de/bnpparibas2d3d6z/app/xxx_files/ |
547 KB 92 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bnpp-fortis-pws-isolated.css
bnpparibas-banking.erli-tore.de/bnpparibas2d3d6z/app/xxx_files/ |
128 KB 19 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
ia-overrides.css
bnpparibas-banking.erli-tore.de/bnpparibas2d3d6z/app/xxx_files/ |
21 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
collect
px.ads.linkedin.com/ |
0 533 B |
Image
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
/
px.ads.linkedin.com/wa/ |
0 344 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Applicationwebbanking.css
bnpparibas-banking.erli-tore.de/bnpparibas2d3d6z/app/xxx_files/ |
51 KB 10 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Applicationwebbankingbrand_F.css
bnpparibas-banking.erli-tore.de/bnpparibas2d3d6z/app/xxx_files/ |
285 B 644 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bnppf-logo-sprite.svg
bnpparibas-banking.erli-tore.de/bnpparibas2d3d6z/app/xxx_files/images/common/ |
57 KB 20 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
42 B 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
font-icons.ttf
bnpparibas-banking.erli-tore.de/bnpparibas2d3d6z/app/xxx_files/fonts/ |
42 KB 23 KB |
Font
font/ttf |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
BNPPSansRegular-webfont.woff
bnpparibas-banking.erli-tore.de/bnpparibas2d3d6z/app/xxx_files/fonts/bnppf-sans-new/ |
28 KB 28 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
BNPPSansLight-webfont.woff
bnpparibas-banking.erli-tore.de/bnpparibas2d3d6z/app/xxx_files/fonts/bnppf-sans-new/ |
26 KB 27 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bnpp_sans_cond_regular-webfont.ttf
bnpparibas-banking.erli-tore.de/bnpparibas2d3d6z/app/xxx_files/fonts/ |
46 KB 25 KB |
Font
font/ttf |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bnpiconfont.woff
bnpparibas-banking.erli-tore.de/bnpparibas2d3d6z/app/xxx_files/fonts/ |
57 KB 58 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
animgif.gif
bnpparibas-banking.erli-tore.de/resources/ebw-portal/themes/fortis-portal/images/ |
293 B 293 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: BNP Paribas (Banking) Generic Cloudflare (Online)61 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| google_tag_manager object| google_tag_data object| dataLayer function| lintrk boolean| _already_called_lintrk object| tags object| BKTAG function| bk_addUserCtx function| bk_addPageCtx function| bk_addEmailHash function| bk_addPhoneHash function| bk_doJSTag function| bk_doJSTag2 function| bk_doCarsJSTag function| bk_doPartnerAltTag function| bk_doCallbackTag function| bk_doCallbackTagWithTimeOut object| ORIBILI function| IScroll function| getCookie function| setCookie function| setCookieParam object| distributorId object| secure string| href string| hostname undefined| sfSiteId undefined| portal object| axes object| matches undefined| langUrl undefined| brand undefined| lang undefined| audience undefined| sfAxes1 undefined| sfAxes2 undefined| sfAxes3 undefined| sfAxes4 undefined| onePortalURL undefined| main object| webpackChunkebb_migration_ui function| log boolean| wlChatLoaded boolean| wlChatNeedsToOpen boolean| wlfirstload boolean| wlscriptsloaded object| digitalData object| adobeDataLayer object| OpenAjax function| _badParm function| _valPub function| _valSub function| _cacheIt function| _TopicMatcher function| _isCaching function| _copy object| PageBus function| $ function| jQuery object| $jscomp string| feedbackvalue6 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
bnpparibas-banking.erli-tore.de/ | Name: PHPSESSID Value: 81aarmlilh4cb55f4iid9pl10k |
|
.bnpparibas-banking.erli-tore.de/ | Name: __cf_mw_byp Value: Kt6nJ3q2mjkAT24yg.KmPdSL21OkGE6PKcCV7lorb6s-1714447353-0.0.1.1-/bnpparibas2d3d6z/app/main.php |
|
.linkedin.com/ | Name: bcookie Value: "v=2&bb795009-2b7d-44d5-815a-a5f8d15adddd" |
|
.linkedin.com/ | Name: lidc Value: "b=OGST09:s=O:r=O:a=O:p=O:g=2794:u=1:x=1:i=1714447362:t=1714533762:v=2:sig=AQE1mPhxS_PDX2F7Hd-F4ixk-wDDPF65" |
|
.linkedin.com/ | Name: li_gc Value: MTswOzE3MTQ0NDczNjI7MjswMjEvL9Ex+MhZklDnDx8YWBBCirMZxaG42knjlJfqdoueWQ== |
|
bnpparibas-banking.erli-tore.de/ | Name: axes Value: null |
7 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Frame-Options | SAMEORIGIN |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
bnpparibas-banking.erli-tore.de
cdnjs.cloudflare.com
px.ads.linkedin.com
www.maurerwerk.de
2606:4700:3036::ac43:cae6
2606:4700::6811:180e
2620:1ec:21::14
2a06:98c1:3121::3
0593c61a42ecc69ed4f92bc9f92f7d929dc3b575f025a192317d95c5f4eb16f1
05ba4f2d42ade1413142e9fec8a2b644e2a3e177525a4c0506d6374935779e56
08cd690f860049417f3084336b86565ec55c3c880298ce6e8fa5cb81adc0677c
0ee78676ba6b6bee827b5e89bda4fc3efdbf83ec287f2ad4a57beb66f2ed5072
19cbdee225381f76649b0850bbd3d1aeb76d8f53e78feed041f5050b1bf68972
1b3b5cca85067dd8f61a992aa3fabf21be5c6df82e6175a26b978a994c695453
21bf515370156d437cb84e5e3fe487fa4c9b11ca01209d0e759e6594575b7895
2204bd69d3721b82b7b1ce780f9bf1dfab7ba0240804bd5c3d910942836a7e62
2a0db34dc14ef4b5ce73b230701c7561e5012667a4c9cb274ecab646e1474995
2fb2b7fcb467754175ef56c7adad9c21548ea6f0ecbb94bf7321476c73caa354
3afb694987e033e0edf5edced88d904846ed1045fd6d53724a9b34ff925b5098
40daf3da1ce21ff663c7e80d6ef4e9e391913863ef5183ea621121c4239022ac
4492470a3331c34a57c97b37085dd2d8f32d292b616d950f64f925c64b6d9941
4d0ac5ea4df3106d69a03116158777cd3302eec58de91b632ca4b96a5b79da01
52cea700a3c7266fdcf8d5689b09965c6bbff0cc17295dd9213a8087bf7a3c39
59b9e7d5486906f1164e4a6bdd70fa77ea8f743df92625bb9b75bfd207debe2f
6cc4c722a50b4152194b13e7e3c8a1a5a5f23b17988f8fa85404394efc5c0984
7c5b73bb0d8493214832bc99553ddc1cd2279c8687c4bac5844e92509ecba70f
84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091
88cd43c3f5453f7b4db2cbe884b47db3c8317860a2ce6e9b2bc934ff4b8e32eb
9bb8201cc4007630864b1a645eb103b0ab89ac7f3466da5779e1a6a86a056aff
a56f74eaf471b8d0869d8d9556e4925e89767e210c4f0cf273ee012213086ec2
c08a0dd8800f9582aec90be9b9215aea5b58782e2fd6f961ec67220f75576f76
c2018396e7954aa8ff683896b662e5ebda3e861b7b7bd7bee90e1509534f5c4a
d5e1e10b4260001997972228d75738c6124e6b3b89c439d6fd9e813c7cb212ee
d704d237c38374bd74c01946bd55e92686c98eeef54319622648514e9761101a
dbee075ee4370f69cfc15334d6dc1242c4aeb6a280e85616a8ee649329d5eb03
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4ccfa174e2afeeeea33a77db39e1dfacd731e74aff380cbee38fe85f287b93d
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef5c986e27f68a589776557a6377c8985884bf2242a0ad5dae1f11269a531312
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016
fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a