mimicward.live
Open in
urlscan Pro
104.21.11.203
Malicious Activity!
Public Scan
Effective URL: https://mimicward.live/?s1=351497&s2=1128312058&s3=1782&s4=1710&ow=&s10=739
Submission: On January 18 via api from CA — Scanned from CA
Summary
TLS certificate: Issued by GTS CA 1P5 on January 15th 2024. Valid for: 3 months.
This is the only time mimicward.live was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Customer Survey Spam (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 20.209.1.1 20.209.1.1 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
1 | 31.222.255.36 31.222.255.36 | 398343 (BAXET-GROUP) (BAXET-GROUP) | |
29 | 104.21.11.203 104.21.11.203 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
5 | 104.21.80.104 104.21.80.104 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 142.251.163.97 142.251.163.97 | 15169 (GOOGLE) (GOOGLE) | |
1 | 172.253.122.113 172.253.122.113 | 15169 (GOOGLE) (GOOGLE) | |
39 | 6 |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
dleomaplndehdkqaoekela.blob.core.windows.net |
ASN15169 (GOOGLE, US)
PTR: wv-in-f97.1e100.net
www.googletagmanager.com |
ASN15169 (GOOGLE, US)
PTR: bh-in-f113.1e100.net
www.google-analytics.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
29 |
mimicward.live
mimicward.live |
300 KB |
5 |
trk-adulvion.com
trk-adulvion.com — Cisco Umbrella Rank: 300281 event.trk-adulvion.com — Cisco Umbrella Rank: 317955 |
3 KB |
2 |
googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 37 |
149 KB |
1 |
google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 27 |
244 B |
1 |
offalring.com
offalring.com |
506 B |
1 |
windows.net
dleomaplndehdkqaoekela.blob.core.windows.net |
1012 B |
39 | 6 |
Domain | Requested by | |
---|---|---|
29 | mimicward.live |
offalring.com
mimicward.live |
4 | event.trk-adulvion.com |
trk-adulvion.com
|
2 | www.googletagmanager.com |
mimicward.live
www.googletagmanager.com |
1 | www.google-analytics.com |
www.googletagmanager.com
|
1 | trk-adulvion.com |
mimicward.live
|
1 | offalring.com |
dleomaplndehdkqaoekela.blob.core.windows.net
|
1 | dleomaplndehdkqaoekela.blob.core.windows.net | |
39 | 7 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.blob.core.windows.net Microsoft RSA TLS CA 01 |
2023-09-27 - 2024-09-27 |
a year | crt.sh |
offalring.com R3 |
2023-12-27 - 2024-03-26 |
3 months | crt.sh |
mimicward.live GTS CA 1P5 |
2024-01-15 - 2024-04-14 |
3 months | crt.sh |
trk-adulvion.com GTS CA 1P5 |
2023-12-17 - 2024-03-16 |
3 months | crt.sh |
*.google-analytics.com GTS CA 1C3 |
2023-12-11 - 2024-03-04 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://mimicward.live/?s1=351497&s2=1128312058&s3=1782&s4=1710&ow=&s10=739
Frame ID: 030BE8072BD327A9107A7FED8B966371
Requests: 37 HTTP requests in this frame
Screenshot
Page Title
[1] Reward Pending - Online Survey - We Want Your Opinion!Page URL History Show full URLs
- https://dleomaplndehdkqaoekela.blob.core.windows.net/dleomaplndehdkqaoekela/url.html Page URL
- https://offalring.com/0/0/0/f5344aec24f670f795a2e0bf17ae20f8/1200/11566_32/415_1325970_9224_2106_md Page URL
- https://mimicward.live/?s1=351497&s2=1128312058&s3=1782&s4=1710&ow=&s10=739 Page URL
Detected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Font Awesome (Font Scripts) Expand
Detected patterns
- <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Google Analytics (Analytics) Expand
Detected patterns
Google Tag Manager (Tag Managers) Expand
Detected patterns
- googletagmanager\.com/ns\.html[^>]+></iframe>
- <!-- (?:End )?Google Tag Manager -->
- googletagmanager\.com/gtm\.js
- googletagmanager\.com/gtag/js
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://dleomaplndehdkqaoekela.blob.core.windows.net/dleomaplndehdkqaoekela/url.html Page URL
- https://offalring.com/0/0/0/f5344aec24f670f795a2e0bf17ae20f8/1200/11566_32/415_1325970_9224_2106_md Page URL
- https://mimicward.live/?s1=351497&s2=1128312058&s3=1782&s4=1710&ow=&s10=739 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
39 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
url.html
dleomaplndehdkqaoekela.blob.core.windows.net/dleomaplndehdkqaoekela/ |
609 B 1012 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
415_1325970_9224_2106_md
offalring.com/0/0/0/f5344aec24f670f795a2e0bf17ae20f8/1200/11566_32/ |
138 B 506 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
/
mimicward.live/ |
2 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
c3dcf50da7ad97e8439105bf2984d95d
mimicward.live/ |
49 KB 15 KB |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bootstrap.min.css
mimicward.live/assets/js/vendor/bootstrap/css/ |
141 KB 22 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
all.css
mimicward.live/assets/vendors/fontawesome/css/ |
72 KB 13 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
common-hybrid.css
mimicward.live/assets/css/legacy/dist/ |
31 KB 8 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
1.4.css
mimicward.live/assets/css/legacy/ |
7 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
msg.v3.js
mimicward.live/inc/ |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
onlinesurvey-color.png
mimicward.live/uploads/archive/company/175/images/ |
41 KB 41 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
flag-ca.png
mimicward.live/assets/images/flags/ |
2 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
loader.gif
mimicward.live/assets/images/common/ |
15 KB 16 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
tick-icon.png
mimicward.live/assets/images/common/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
ci3.jpg
mimicward.live/assets/images/ |
2 KB 2 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
vicon.png
mimicward.live/assets/images/ |
972 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
ci37.jpg
mimicward.live/assets/images/ |
2 KB 2 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
ci13.jpg
mimicward.live/assets/images/ |
1 KB 2 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
ci20.jpg
mimicward.live/assets/images/ |
1 KB 2 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
ci31.jpg
mimicward.live/assets/images/ |
2 KB 2 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
ci27.jpg
mimicward.live/assets/images/ |
2 KB 2 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
ci16.jpg
mimicward.live/assets/images/ |
2 KB 2 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
ci9.jpg
mimicward.live/assets/images/ |
2 KB 2 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
x.png
mimicward.live/assets/images/common/ |
5 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
email-decode.min.js
mimicward.live/cdn-cgi/scripts/5c5dd728/cloudflare-static/ |
1 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
jquery-3.4.1.min.js
mimicward.live/assets/js/vendor/ |
86 KB 31 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bootstrap.min.js
mimicward.live/assets/js/vendor/bootstrap/js/ |
48 KB 14 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
functions.js
mimicward.live/assets/js/ |
814 B 867 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
intl_functions.js
mimicward.live/assets/js/ |
4 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
common-hybrid.js
mimicward.live/assets/js/legacy/dist/ |
100 KB 22 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
v9e118mez8
trk-adulvion.com/scripts/push/ |
7 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gtm.js
www.googletagmanager.com/ |
180 KB 65 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
fa-solid-900.woff2
mimicward.live/assets/vendors/fontawesome/webfonts/ |
78 KB 79 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
www.googletagmanager.com/gtag/ |
243 KB 84 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
collect
www.google-analytics.com/g/ |
0 244 B |
Ping
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
c3dcf50da7ad97e8439105bf2984d95d
mimicward.live/ |
25 B 520 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H2 |
v9e118mez8
event.trk-adulvion.com/register/event_log/ |
0 0 |
Preflight
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
v9e118mez8
event.trk-adulvion.com/register/event_log/ |
0 0 |
Fetch
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H2 |
v9e118mez8
event.trk-adulvion.com/register/event_log/ |
0 0 |
Preflight
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
v9e118mez8
event.trk-adulvion.com/register/event_log/ |
0 0 |
Fetch
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Customer Survey Spam (Consumer)131 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| _0x4eba function| _0x3ccf function| pushCount object| MYCALL string| s1 string| s2 string| fp string| esource string| pshpub string| pshdomain string| pshfingerprint object| dataLayer function| $ function| jQuery object| bootstrap number| refresh_page function| startTimer number| duration undefined| time undefined| refresh function| startINTSurvey function| startQuestion function| startSurveyDub function| showSurveyDub function| callPushNotify string| LNG string| CMP string| CNT string| BID string| FNP string| CMPID string| API_URL object| currentdate object| months function| a0_0x4c5a3a function| a0_0x1517 string| attrChoices string| domain string| pipeline string| zipcode string| state_selected boolean| skip_modal_email boolean| email_send_modal object| states function| birthdayFill function| beforeShowQuestion function| showOfferWall function| createQuestion function| sendOf function| a0_0xa3cb function| runT function| replaceUrlParam function| startsurvey function| nextQuestion function| formatPhoneNumber function| overflowP function| switchTypeQuestions function| validatePhone function| validateEmail function| validateZip function| sendZipIp function| validateHeightF function| validateHeightI function| validateWeight function| validateAll function| validateName function| validateLName function| validateBirthday function| days function| daysInMonth function| dashedNumber function| alpha function| validateKeyStrokes function| showStreetState function| leadgenForm function| emailPixel function| startSurveyU function| switchTypeQuestionsU function| nextQuestionU function| showOfferWallU function| validateData function| showStreetStateU function| showDisclaimer function| preventS string| aff_id string| click_id string| Brand string| lpid string| lpow object| prepop string| emailURL string| phoneURL string| zipcodeURL string| cityURL string| stateURL string| languageCode string| countryCode string| popUrl function| putVarCommon function| count_p function| mfq_tags function| showEmailModal function| hideM number| advEmail number| email_pixel string| prod_var number| answered number| prevProgress number| stepsTotal number| progress string| cheerstx string| txt function| cheers object| google_tag_manager object| google_tag_data function| onYouTubeIframeAPIReady object| gaGlobal function| urlBase64ToUint8Array function| pullUrlParams function| push_subscribe function| push_subscribe_promise function| setIfNull function| logPushEvent function| push_unsubscribe function| push_init function| setSessionId function| setUtm function| getSessionId function| getUrlVars function| getDomainName function| getStore4 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
offalring.com/ | Name: uid1782 Value: 1128312058-20240118081440-820b93e991652a0762145e1298e76a0b-0 |
|
mimicward.live/ | Name: PHPSESSID Value: b669a71b374bd855acbc0d1b75bc33d3 |
|
.mimicward.live/ | Name: _ga_DKB9VH2QW4 Value: GS1.1.1705583682.1.0.1705583682.0.0.0 |
|
.mimicward.live/ | Name: _ga Value: GA1.1.1293909142.1705583682 |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
dleomaplndehdkqaoekela.blob.core.windows.net
event.trk-adulvion.com
mimicward.live
offalring.com
trk-adulvion.com
www.google-analytics.com
www.googletagmanager.com
104.21.11.203
104.21.80.104
142.251.163.97
172.253.122.113
20.209.1.1
31.222.255.36
05cf9245abc1253f668bb3ef94a67b4259f13e090f5e4d4ca447924375b2d26c
0e3a1f318e7c5db810bd0f319c2cb863472190d32cd269ddc72f3dce455d92e6
10ba49eb3165c20fb10cb5b2abc25543b9876aa66914075d33f2818e990b6436
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
2c0f3dcfe93d7e380c290fe4ab838ed8cadff1596d62697f5444be460d1f876d
393149428488dc93527918bb12aa42f1b9186f255ecdfc90356ed6fb3931dd6c
409382c8f24799f9a4757fbd4a21d8c9f576dcc0bdebbc1b209edfe3c30946d6
40a4a7e1e3b6806e9eb4b719dcdd56c7f3dec5c4991bc15b56193c7e99f719f8
4494c69afed09e8bb02dc10d4be3adaed00aa6479d838bd8ed1bf3119132004d
462beb0c8ecb2abb15685c31875f268d166313581df110401c2483fab24a46df
4c24dfd28784ad2befb3dafaac6bf1ed4e7cd58cce713d9a0b228d426e812baf
64f06bc81a732e876ce54fdae5ea0eb85ef861329306962bd2dad24ff1cfbc3b
6659b4426a9dba95133c0e3b27b5d952d6cc1e574b88640a7e7bcec354d902c1
6c916669cf923b4f1b2db5c5107c83b6ca205e7ad0dcd840b251e63f0c8d28a2
72b629cd526729bd25e6091b21e3e3ed6e16e17fb549a700f029f0c5693b0f4f
8581b7303f826b134b1c47eae7c9a672514237095854a9596e23c0c141a1456a
8b98dc72d2351b7b30a82596a957e6c11e9894edc0b04e90b9088f9651f1e144
8c17435e1a09ed89d29dab00015da616c16e39da1c5daf5f8c8026dcbcf5836a
91caebaa07e970b9566eb195570097c03616d933955113dbfb1eced337a5f8b5
9437d87812b34d91f53e5421eeed60dd3aa108b42cb34f4a8dbb855a0531a55b
9ba6662bdb40bb1a731890fe8a7612ab1724363831a0342e36c2fc4bddd4a7a1
ab01e78f9a01b905e2df63b9509738a116ac5ad60aabc8876ce241b91733dd03
b1bfd00a1efec5d94e650f5c29012d1f9ee342ff658a6167746403214701bd81
b42bb36a1f853d60a708d645fee4e32e1e6edd4e4df16df79aa5ae0c041058ff
b902eec0b1fdf27ccd39b06e13ea1c5cd1ca51d7eb721eff09817e6d821442ad
bc4ba5ab1f79419e5c8a06db6d5ed27f78b026617608d8513bdf476bf78e1120
bdbd0b5f18b8f392c2690d46eab91ad506f93a79ded7318b5cc547ed975a4529
c86fc6524af3fab1567a1206ea20eca001d2b8eaa06b1fef573a7319f45c467c
ca073253e928cb0afd146d9138741aaecda9e842fbe4f9db63fd9ed2436dcdcc
e061934e3e59bb4572a66216f0474b7cf744596985c83893ab7146cb4b76292f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b
f1760721557bddd62a40868b0687f7d52638ac368c927b25ccf98870d3a2eacc