www.citictour.com
Open in
urlscan Pro
154.80.249.30
Malicious Activity!
Public Scan
Submission: On March 31 via automatic, source certstream-suspicious
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on March 31st 2020. Valid for: 3 months.
This is the only time www.citictour.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Bet365 (Entertainment)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
34 | 154.80.249.30 154.80.249.30 | 134548 (DXTL-HK D...) (DXTL-HK DXTL Tseung Kwan O Service) | |
1 | 170.178.164.94 170.178.164.94 | 46844 (ST-BGP) (ST-BGP) | |
2 | 103.235.46.191 103.235.46.191 | 55967 (CNNIC-BAI...) (CNNIC-BAIDU-AP Beijing Baidu Netcom Science and Technology Co.) | |
1 | 119.188.176.48 119.188.176.48 | 4837 (CHINA169-...) (CHINA169-BACKBONE CHINA UNICOM China169 Backbone) | |
1 2 | 2a00:1450:400... 2a00:1450:4001:81e::2008 | 15169 (GOOGLE) (GOOGLE) | |
1 1 | 2a00:1450:400... 2a00:1450:400c:c08::9d | 15169 (GOOGLE) (GOOGLE) | |
1 1 | 2a00:1450:400... 2a00:1450:4001:81e::2004 | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:1450:400... 2a00:1450:4001:825::2003 | 15169 (GOOGLE) (GOOGLE) | |
1 | 183.232.231.172 183.232.231.172 | 56040 (CMNET-GUA...) (CMNET-GUANGDONG-AP China Mobile communications corporation) | |
41 | 7 |
ASN134548 (DXTL-HK DXTL Tseung Kwan O Service, HK)
www.citictour.com |
ASN46844 (ST-BGP, US)
PTR: otisle.5globernatop.net
www.bjilife.com |
ASN55967 (CNNIC-BAIDU-AP Beijing Baidu Netcom Science and Technology Co., Ltd., CN)
hm.baidu.com |
ASN4837 (CHINA169-BACKBONE CHINA UNICOM China169 Backbone, CN)
zz.bdstatic.com |
ASN15169 (GOOGLE, US)
ssl.google-analytics.com |
ASN56040 (CMNET-GUANGDONG-AP China Mobile communications corporation, CN)
sp0.baidu.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
34 |
citictour.com
www.citictour.com |
4 MB |
3 |
baidu.com
hm.baidu.com sp0.baidu.com |
14 KB |
2 |
google-analytics.com
1 redirects
ssl.google-analytics.com |
17 KB |
1 |
google.de
www.google.de |
109 B |
1 |
google.com
1 redirects
www.google.com |
182 B |
1 |
doubleclick.net
1 redirects
stats.g.doubleclick.net |
166 B |
1 |
bdstatic.com
zz.bdstatic.com |
505 B |
1 |
bjilife.com
www.bjilife.com |
|
41 | 8 |
Domain | Requested by | |
---|---|---|
34 | www.citictour.com |
www.citictour.com
|
2 | ssl.google-analytics.com |
1 redirects
www.citictour.com
|
2 | hm.baidu.com |
www.citictour.com
|
1 | sp0.baidu.com |
www.citictour.com
|
1 | www.google.de |
www.citictour.com
|
1 | www.google.com | 1 redirects |
1 | stats.g.doubleclick.net | 1 redirects |
1 | zz.bdstatic.com |
www.citictour.com
|
1 | www.bjilife.com |
www.citictour.com
|
41 | 9 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
citictour.com Let's Encrypt Authority X3 |
2020-03-31 - 2020-06-29 |
3 months | crt.sh |
bjilife.com TrustAsia TLS RSA CA |
2020-02-04 - 2021-02-03 |
a year | crt.sh |
baidu.com GlobalSign Organization Validation CA - SHA256 - G2 |
2020-01-13 - 2020-06-25 |
5 months | crt.sh |
*.google-analytics.com GTS CA 1O1 |
2020-03-03 - 2020-05-26 |
3 months | crt.sh |
www.google.de GTS CA 1O1 |
2020-03-03 - 2020-05-26 |
3 months | crt.sh |
This page contains 2 frames:
Primary Page:
https://www.citictour.com/
Frame ID: 08837E9242B685DD84C6C54B735C2205
Requests: 40 HTTP requests in this frame
Frame:
https://www.bjilife.com/as/index.html
Frame ID: B564A3732E9380D095CA0BB9DED3D166
Requests: 1 HTTP requests in this frame
Screenshot
Detected technologies
Windows Server (Operating Systems) ExpandDetected patterns
- headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i
IIS (Web Servers) Expand
Detected patterns
- headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery[.-]([\d.]*\d)[^/]*\.js/i
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 37- https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=1738703849&utmhn=www.citictour.com&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=%E6%BE%B3%E9%97%A8%E7%9A%87%E5%86%A0%E8%B5%8C%E5%9C%BA_%E6%BE%B3%E9%97%A8%E7%9A%87%E5%86%A0VIP%E4%B8%93%E7%BA%BF&utmhid=929976861&utmr=-&utmp=%2F&utmht=1585675194698&utmac=UA-121883074-1&utmcc=__utma%3D23852072.1559787018.1585675195.1585675195.1585675195.1%3B%2B__utmz%3D23852072.1585675195.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=604365200&utmredir=1&utmu=DAAAAAAAAAAAAAAAAAAAAAAE~ HTTP 302
- https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-121883074-1&cid=1559787018.1585675195&jid=604365200&_v=5.7.2&z=1738703849 HTTP 302
- https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-121883074-1&cid=1559787018.1585675195&jid=604365200&_v=5.7.2&z=1738703849 HTTP 302
- https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-121883074-1&cid=1559787018.1585675195&jid=604365200&_v=5.7.2&z=1738703849&slf_rd=1&random=581381195
41 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
www.citictour.com/ |
22 KB 7 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
daxiagu.css
www.citictour.com/skin/css/ |
24 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery2019.1.1.js
www.citictour.com/js/ |
1 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-1.9.1.min.js
www.citictour.com/skin/js/ |
90 KB 41 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
banner.js
www.citictour.com/skin/js/ |
2 KB 977 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
search_btn.jpg
www.citictour.com/skin/images/ |
56 KB 57 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo.png
www.citictour.com/skin/images/ |
31 KB 32 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jcom.js
www.citictour.com/skin/js/ |
5 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.flexslider-min.js
www.citictour.com/skin/js/ |
21 KB 8 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
1AFQ104-0-lp.jpg
www.citictour.com/uploads/allimg/191206/ |
10 KB 10 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
1A64U506-0-lp.jpg
www.citictour.com/uploads/allimg/191206/ |
8 KB 8 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
defaultpic.gif
www.citictour.com/images/ |
9 KB 9 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
sina_tip.jpg
www.citictour.com/skin/images/ |
62 KB 62 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
weixin_tip.jpg
www.citictour.com/skin/images/ |
59 KB 59 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
weixin_2w.jpg
www.citictour.com/skin/images/ |
48 KB 48 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
1A9394009-0-lp.jpg
www.citictour.com/uploads/allimg/191206/ |
13 KB 14 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
1A9105612-0-lp.jpg
www.citictour.com/uploads/allimg/191206/ |
35 KB 35 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bottom_pic.jpg
www.citictour.com/skin/images/ |
72 KB 73 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Ajax.js
www.citictour.com/skin/js/ |
9 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
qq.js
www.citictour.com/skin/js/ |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
baidu_js_push.js
www.citictour.com/ |
447 B 689 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
index.html
www.bjilife.com/as/ Frame B564 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
hm.js
hm.baidu.com/ |
38 KB 14 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
push.js
zz.bdstatic.com/linksubmit/ |
308 B 505 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ga.js
ssl.google-analytics.com/ |
45 KB 17 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
loading.gif
www.citictour.com/skin/images/ |
764 B 1011 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
banner1.jpg
www.citictour.com/skin/images/ |
1 MB 1 MB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
banner2.jpg
www.citictour.com/skin/images/ |
289 KB 289 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
banner3.jpg
www.citictour.com/skin/images/ |
668 KB 668 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
banner4.jpg
www.citictour.com/skin/images/ |
351 KB 351 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
weixin_kuang.png
www.citictour.com/skin/images/ |
63 B 63 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
btn_out.jpg
www.citictour.com/skin/images/ |
588 B 836 B |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mid_bg.jpg
www.citictour.com/skin/images/ |
194 KB 195 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
k1_out.jpg
www.citictour.com/skin/images/ |
86 KB 86 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
k2_out.jpg
www.citictour.com/skin/images/ |
24 KB 24 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
k3_out.jpg
www.citictour.com/skin/images/ |
21 KB 21 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
k4_out.jpg
www.citictour.com/skin/images/ |
18 KB 18 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
i_gl.jpg
www.citictour.com/skin/images/ |
78 KB 78 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ga-audiences
www.google.de/ads/ Redirect Chain
|
42 B 109 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
s.gif
sp0.baidu.com/9_Q4simg2RQJ8t7jm9iCKT-xh_/ |
0 116 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
hm.gif
hm.baidu.com/ |
43 B 299 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Bet365 (Entertainment)34 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate string| uu number| aa string| ss function| $ function| jQuery object| _hmt function| nTab object| jQuery1910953848517550618 string| Obj function| MDown function| MMove function| MUp object| list object| divs undefined| t function| showtip function| gs function| Ajax function| EventError function| EventState function| EventDownloadEnd function| doLoadqqOnline number| lastScrollY function| heartBeat function| mClk string| gaJsHost object| _gat object| _gaq object| pageTracker object| gaGlobal boolean| _bdhm_loaded_8ffb39d40b3fce4de172245298466d21 object| mini_tangram_log_zzb919 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.www.bjilife.com/ | Name: Hm_lvt_69b9d835d2cb90dac8d84a9a71d48e93 Value: 1585675196 |
|
.www.citictour.com/ | Name: Hm_lpvt_8ffb39d40b3fce4de172245298466d21 Value: 1585675196 |
|
.www.citictour.com/ | Name: Hm_lvt_8ffb39d40b3fce4de172245298466d21 Value: 1585675196 |
|
.citictour.com/ | Name: __utmt Value: 1 |
|
.citictour.com/ | Name: __utmb Value: 23852072.1.10.1585675195 |
|
.www.bjilife.com/ | Name: Hm_lpvt_69b9d835d2cb90dac8d84a9a71d48e93 Value: 1585675196 |
|
.citictour.com/ | Name: __utmc Value: 23852072 |
|
.citictour.com/ | Name: __utmz Value: 23852072.1585675195.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none) |
|
.citictour.com/ | Name: __utma Value: 23852072.1559787018.1585675195.1585675195.1585675195.1 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
hm.baidu.com
sp0.baidu.com
ssl.google-analytics.com
stats.g.doubleclick.net
www.bjilife.com
www.citictour.com
www.google.com
www.google.de
zz.bdstatic.com
103.235.46.191
119.188.176.48
154.80.249.30
170.178.164.94
183.232.231.172
2a00:1450:4001:81e::2004
2a00:1450:4001:81e::2008
2a00:1450:4001:825::2003
2a00:1450:400c:c08::9d
05b634498a5f6b561330b926633524aa185df2edf67862b375464d6e70987410
09aaf7c2149183ed1d27a686349c54586ead9f092bbd172f683fad6f61515502
0e5d72c20e148edca04967ab4bff432f44264779dc5ecd81bd710eb487fdd145
0ea17b50947776bbb151e1e37ce81c2f8e5e487db42b3d5cf952adcd87cca136
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
16468f7cca9a8e26d54c276e0a46d5f1956c30effa39658403250bb7193d499d
20c28ceb2bddb447d73e8339a081199178fa4f2cf6d772082916ab46f009e855
2ecc09fc57ac8bdc10e65b3e0cb887bd034cc94d734e4bd556801c384c8dafa6
306f0192596d0c82393efecd66ea8ada627fa8893acd8ca906a6116f93edfec8
3994407a7ca18ea2051076c8b5149d430fae720317ddc29aad57a658a06fe60a
39a62914159975e87157e2971d46fe065951f5aedd0b8b25bdce914fc3d39aac
4b46a81ed2e921413d729d400148cbc169f57b193b76adcb667562dde9a6134a
599831da2acd14d97ef6b31769aa413063e690623172372054d5f826b380fd23
5abe6735f066b2f01eeb989eb6b7a3348cb4d3228b2d2d1d80938cfabe2f6d7e
66fe00b588a221df9dfb97c04d8d38d623b50cac841b0a38b213cc363633c578
71aad76bb09a02979bed039b1449d3b8ebb2aa7068f7dd05f85fa60071b33ec7
75a9403683d41b720bd94da39d393e2af6ba2fe3ef7d0a6c36f1cec82002380d
7648bd41bbdca1ee2de48694e73bd2fba80fe1f90e9b9657dc6ca4e82381b7df
76a34cfea1fc2d1e825002dd9e0122aeaaffebd35a954ecfae83d375b4ea1dd1
7767d5e36ca0f6a331087f59baa183877d53cf8a1f23907c33d5c10b34baeed7
87e6c21878bd9f9611a4ab5162e30ba1ca30190623a29b426f3bec418bf09637
911df5c66b3a2064a83a820f406df7ed339789c688e4e087f87f5c6064b8b7cd
919e7fc2d3ab657656f130f610a3bda4a8a46d76ade4fefe4f131b1ba917773b
91f8d22f5da8b3c9c92e7fecba491c3ac636656fca86602a693c52afe6c22f7f
92166c0f8a12c29f45038d12cde227bc87cd15b92be791110ee0162877c664b1
9785f7c187a25e08ffb7bdfff717ed734fb568f9c78c1bbdd8087038cf48a9cf
a6e3c56dc71999fe4eeb6fe215a89385e61fdb8fc48e83a7e4b0bc3891304c94
a7d527190a93f82f1e018793c15a7551903f0c6c97cad073bd627facd11edef4
af93dee61a027aa89e622716fd619cf682435d112f779d0bac1f5d8f02484c16
b0a38e8b7e33064d228eefe97b552db5ac6aa2e9ca71138d9a8df0b0d3cb5872
c31f2003f1c93ac1e34b09f376d97a65da6e110bf451cf1e0e50a7946c5e7212
c798b34ad7e7555654589d2a1e26d3c12ccc6746b43e57cf65329bee605a50a3
cc8a65d84ecebb6325c954c778fd0add5e61cfb288c89226b31125b35e30528d
ccc96b1ca63c240abc9cf28afad6c20eb7ea4622bc6ea39ad4ebfa88629ce4bf
cf163198fa8359281c14c3e77ce553e4c4b1463ade5a32ce8579fc93718f5e75
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e79b7fdbbb7a5c35e5e46ae98361462f7487f56c34a18a80a49e0864d591246e
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f7202d60b949b29c3c649c3f9a585963222e32b8f31bbdfe9723b291bcdbfbbd