pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev
Open in
urlscan Pro
2606:4700::6812:223
Malicious Activity!
Public Scan
Effective URL: https://pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev/thefilw.html
Submission: On June 21 via api from US — Scanned from DE
Summary
TLS certificate: Issued by E1 on June 3rd 2024. Valid for: 3 months.
This is the only time pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Dropbox (Consumer) Generic Cloudflare (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 8 | 91.215.42.31 91.215.42.31 | 57724 (DDOS-GUARD) (DDOS-GUARD) | |
2 | 185.129.100.100 185.129.100.100 | 57724 (DDOS-GUARD) (DDOS-GUARD) | |
1 6 | 2606:4700::68... 2606:4700::6812:223 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 104.18.10.207 104.18.10.207 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a04:4e42:400... 2a04:4e42:400::649 | 54113 (FASTLY) (FASTLY) | |
4 | 78.46.22.25 78.46.22.25 | 24940 (HETZNER-AS) (HETZNER-AS) | |
1 | 2a02:ec80:300... 2a02:ec80:300:ed1a::2:b | 14907 (WIKIMEDIA) (WIKIMEDIA) | |
1 | 104.17.24.14 104.17.24.14 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
5 | 2606:4700:303... 2606:4700:3037::ac43:8ef5 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 23.211.242.198 23.211.242.198 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
30 | 11 |
ASN57724 (DDOS-GUARD, RU)
PTR: ddos-guard.net
check.ddos-guard.net |
ASN13335 (CLOUDFLARENET, US)
pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev |
ASN24940 (HETZNER-AS, DE)
PTR: static.25.22.46.78.clients.your-server.de
www.freepnglogos.com |
ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-211-242-198.deploy.static.akamaitechnologies.com
sm.pcmag.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
gg.gg
1 redirects
gg.gg — Cisco Umbrella Rank: 789816 |
191 KB |
6 |
r2.dev
1 redirects
pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev |
81 KB |
5 |
fontawesome.com
use.fontawesome.com — Cisco Umbrella Rank: 1381 fontawesome.com Failed |
85 KB |
4 |
freepnglogos.com
www.freepnglogos.com — Cisco Umbrella Rank: 248053 |
1 MB |
2 |
bootstrapcdn.com
maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 1286 |
38 KB |
2 |
ddos-guard.net
check.ddos-guard.net — Cisco Umbrella Rank: 181864 |
742 B |
1 |
pcmag.com
sm.pcmag.com — Cisco Umbrella Rank: 407607 |
26 KB |
1 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 268 |
7 KB |
1 |
wikimedia.org
upload.wikimedia.org — Cisco Umbrella Rank: 3915 |
23 KB |
1 |
jquery.com
code.jquery.com — Cisco Umbrella Rank: 816 |
31 KB |
30 | 10 |
Domain | Requested by | |
---|---|---|
8 | gg.gg |
1 redirects
gg.gg
|
6 | pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev |
1 redirects
gg.gg
pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev |
5 | use.fontawesome.com |
pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev
use.fontawesome.com |
4 | www.freepnglogos.com |
pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev
|
2 | maxcdn.bootstrapcdn.com |
pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev
|
2 | check.ddos-guard.net |
gg.gg
|
1 | sm.pcmag.com |
pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev
|
1 | cdnjs.cloudflare.com |
pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev
|
1 | upload.wikimedia.org |
pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev
|
1 | code.jquery.com |
pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev
|
0 | fontawesome.com Failed |
pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev
|
30 | 11 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
gg.gg R3 |
2024-05-30 - 2024-08-28 |
3 months | crt.sh |
*.ddos-guard.net Sectigo RSA Domain Validation Secure Server CA |
2023-08-04 - 2024-07-30 |
a year | crt.sh |
*.r2.dev E1 |
2024-06-03 - 2024-09-01 |
3 months | crt.sh |
bootstrapcdn.com GTS CA 1P5 |
2024-05-25 - 2024-08-23 |
3 months | crt.sh |
*.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2023-07-11 - 2024-07-14 |
a year | crt.sh |
freepnglogos.com R3 |
2024-05-12 - 2024-08-10 |
3 months | crt.sh |
*.wikipedia.org DigiCert TLS Hybrid ECC SHA384 2020 CA1 |
2023-10-18 - 2024-10-16 |
a year | crt.sh |
cdnjs.cloudflare.com E1 |
2024-06-02 - 2024-08-31 |
3 months | crt.sh |
use.fontawesome.com Cloudflare Inc ECC CA-3 |
2023-10-12 - 2024-10-10 |
a year | crt.sh |
www.ziffdavis.com COMODO RSA Organization Validation Secure Server CA |
2023-07-27 - 2024-07-26 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev/thefilw.html
Frame ID: 77739736B1DA78EEB59E8D80E0DB85A1
Requests: 33 HTTP requests in this frame
Screenshot
Page Title
Dropbox - Get your files anytime anywherePage URL History Show full URLs
-
http://gg.gg/1b5m7v
HTTP 307
https://gg.gg/1b5m7v Page URL
-
https://gg.gg/1b5m7v
HTTP 301
https://pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev/thefilw.html Page URL
-
https://pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev/cdn-cgi/phish-bypass?atok=Wgz..EtT5rq6Az.XLd9PZEZFA8S8zVDfYZqGxN78EWw-171896...
HTTP 301
https://pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev/thefilw.html Page URL
Detected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
CodeIgniter (Web Frameworks) Expand
Detected patterns
Font Awesome (Font Scripts) Expand
Detected patterns
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Popper (Miscellaneous) Expand
Detected patterns
- /popper\.js/([0-9.]+)
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://gg.gg/1b5m7v
HTTP 307
https://gg.gg/1b5m7v Page URL
-
https://gg.gg/1b5m7v
HTTP 301
https://pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev/thefilw.html Page URL
-
https://pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev/cdn-cgi/phish-bypass?atok=Wgz..EtT5rq6Az.XLd9PZEZFA8S8zVDfYZqGxN78EWw-1718962538-0.0.1.1-%2Fthefilw.html
HTTP 301
https://pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev/thefilw.html Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://gg.gg/1b5m7v HTTP 307
- https://gg.gg/1b5m7v
- https://gg.gg/1b5m7v HTTP 301
- https://pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev/thefilw.html
- https://cdn.fontawesome.com/js/stats.js HTTP 301
- https://fontawesome.com/
30 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
1b5m7v
gg.gg/ Redirect Chain
|
747 B 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index.css
gg.gg/.well-known/ddos-guard/js-challenge/ |
3 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
view.js
gg.gg/.well-known/ddos-guard/js-challenge/ |
43 KB 43 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index.js
gg.gg/.well-known/ddos-guard/js-challenge/ |
141 KB 141 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
check.js
check.ddos-guard.net/ |
152 B 490 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
0eWsYeGCa0jrDOZv
gg.gg/.well-known/ddos-guard/id/ |
68 B 211 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
0eWsYeGCa0jrDOZv
check.ddos-guard.net/set/id/ |
68 B 252 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
450 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
555 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
favicon.ico
gg.gg/ |
747 B 799 B |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
/
gg.gg/.well-known/ddos-guard/mark/ |
0 0 |
Fetch
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
thefilw.html
pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev/ Redirect Chain
|
4 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cf.errors.css
pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev/cdn-cgi/styles/ |
23 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icon-exclamation.png
pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev/cdn-cgi/images/ |
452 B 889 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
favicon.ico
pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev/ |
27 KB 27 KB |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
thefilw.html
pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev/ Redirect Chain
|
44 KB 44 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bootstrap.min.css
maxcdn.bootstrapcdn.com/bootstrap/4.0.0-beta/css/ |
122 KB 23 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.6.1.min.js
code.jquery.com/ |
88 KB 31 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
transparent-outlook-icon-2.png
www.freepnglogos.com/uploads/logo-outlook/ |
82 KB 82 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
microsoft-office-2013-symbol-logo-png-6.png
www.freepnglogos.com/uploads/microsoft-office-png-logo/ |
12 KB 12 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1599px-AOL_logo.svg.png
upload.wikimedia.org/wikipedia/commons/thumb/b/b6/AOL_logo.svg/ |
22 KB 23 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
yahoo-logo-png-free-download-3.png
www.freepnglogos.com/uploads/yahoo-logo-png/ |
118 KB 118 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
email-logo-png-33.png
www.freepnglogos.com/uploads/ |
1 MB 1 MB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
popper.min.js
cdnjs.cloudflare.com/ajax/libs/popper.js/1.11.0/umd/ |
19 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bootstrap.min.js
maxcdn.bootstrapcdn.com/bootstrap/4.0.0-beta/js/ |
50 KB 16 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
b9bdbd120a.js
use.fontawesome.com/ |
4 KB 2 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
dropbox_nzhw.1200.png
sm.pcmag.com/t/pcmag_au/gallery/d/dropbox/ |
26 KB 26 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
/
fontawesome.com/ Redirect Chain
|
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
webfontloader.js
use.fontawesome.com/webfontloader/1.6.24/ |
12 KB 5 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
b9bdbd120a.css
use.fontawesome.com/ |
1 KB 683 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
font-awesome-css.min.css
use.fontawesome.com/releases/v4.6.3/css/ |
28 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fontawesome-webfont.woff2
use.fontawesome.com/releases/v4.6.3/fonts/ |
70 KB 71 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- fontawesome.com
- URL
- https://fontawesome.com/
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Dropbox (Consumer) Generic Cloudflare (Online)10 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
undefined| event object| fence object| sharedStorage function| $ function| jQuery function| Popper object| FontAwesomeCdnConfig object| WebFontConfig function| validateEmail object| WebFont9 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.gg.gg/ | Name: __ddgid_ Value: oifLjtT0CLYVtrkC |
|
.gg.gg/ | Name: __ddgmark_ Value: U4fCWsW0CPGKC5Do |
|
.gg.gg/ | Name: __ddg5_ Value: dgxANH0PQXi8CI0U |
|
.check.ddos-guard.net/ | Name: __ddg2 Value: 0eWsYeGCa0jrDOZv |
|
.gg.gg/ | Name: __ddg2_ Value: 0eWsYeGCa0jrDOZv |
|
.gg.gg/ | Name: __ddg1_ Value: VUogcgws4RcNtOH3wQpR |
|
gg.gg/ | Name: ci_session Value: a%3A5%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22b4cac432933bb716acdfce98a6019712%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A12%3A%22186.2.160.14%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A111%3A%22Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F126.0.0.0+Safari%2F537.36%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1718962538%3Bs%3A9%3A%22user_data%22%3Bs%3A0%3A%22%22%3B%7D6d922ffe0992aa6594b152b4cf9f904c |
|
.gg.gg/ | Name: gg_token Value: 01230a77b5e64989f2f23591f1b32c876675496a975dd6.87262815 |
|
.pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev/ | Name: __cf_mw_byp Value: Wgz..EtT5rq6Az.XLd9PZEZFA8S8zVDfYZqGxN78EWw-1718962538-0.0.1.1-/thefilw.html |
10 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdnjs.cloudflare.com
check.ddos-guard.net
code.jquery.com
fontawesome.com
gg.gg
maxcdn.bootstrapcdn.com
pub-3ec16bad2c504d6e9ce48f22cd0d37f8.r2.dev
sm.pcmag.com
upload.wikimedia.org
use.fontawesome.com
www.freepnglogos.com
fontawesome.com
104.17.24.14
104.18.10.207
185.129.100.100
23.211.242.198
2606:4700:3037::ac43:8ef5
2606:4700::6812:223
2a02:ec80:300:ed1a::2:b
2a04:4e42:400::649
78.46.22.25
91.215.42.31
0e25895d7caaf355a53d19c37c69a06198f668e5422b211d27597ed93983b80b
1178bdeab6cbf37326ade037d83cca061c27e1a1ae463dedea7141702f526008
129576009d7636639b5d851ad8b7456b31d9082a015f6dbf606345e54f6a3de7
1693f38122d60b07323f33e1cb24e3488d291eefbce95f1d144efadcb512b4b1
1b0e467247b9dab100ff77807af502e4277f72f721241c3f5b2eb483971aa9fa
20145c74297de3c73dabe61765a3eba939c9ffb572b6fb6df5a7a1f105af2adb
2711b037e078e306e59765e9fc22d9f86867eb26af8c6af72d864a1c52bed8ac
2bb6e2b52ebd0bb36ba61aba050fed74814a6cf36a629a69558a55a23201130b
3bcbb22ed60fc8cac1887b4f7adbc62e578dc7c5e814768b9a8192decdc55137
46de0b42e2dc03ba6d16b37e3e864f0eef8f328f6eebbdd4f472bfa560009f33
5292e677fe712c80863414e9e73f3678d86d409f751392b6803b70a949fc1017
5650434f7dcd51ed3f49deae8ee95bba6e9de21c57bce6bc005c611b0232e0af
570a6631252b8a52df4de0e953ae77dbdf524dfc3637cda2840494a0d2b49499
5dceec0355eda7880dead5e13d22d394b8a1e79101a93bf96447557997d93e86
61f7de13520a14ec37ba246b4846f5850ab87ffbc0d5b366709509c1d97d83b5
62d7de601e108ea0e4c50e165872efa95fef735c7a51481d513bb5b36a568cde
633db3e2a35ba367ca8f5912d246dd625ec4727e3b937c717c08589282591c78
71158fa7308057865c78415e48ae462926774b56656c99bff642a0788ed5370f
781f9640521a0e58c8bfa567d0b6646fd227fb85ff3530f737ebec5998633ce0
7aef33eaeca96404d97e03fbbbf2484d298711c0312b87f282e120cb409d7b70
7dacf83f51179de8d7980a513e67ab3a08f2c6272bb5946df8fd77c0d1763b73
7ea09b560f4ee78eef3bd17346ad544176f524866ebc3d4a954f554afa50d149
84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091
9bf87f7140c085febf881462c536ee73cf9183670811342d3dc1fd0f7a762a0d
a3cf00c109d907e543bc4f6dbc85eb31068f94515251347e9e57509b52ee3d74
d9a3473ec58a884a38a3356602b33d053692a1e821a3f14b5b6e27d97d575ff7
eb8487a513bc473ada8e9a2876531d18d81108d0982a81c1476484094c3a6aa6
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016
f309b7c03d9cae63a9bedbee6ed655f3dbcdb194132943639344dead5f3b9710