wristholder.online
Open in
urlscan Pro
2606:4700:3031::ac43:dde5
Malicious Activity!
Public Scan
Effective URL: https://wristholder.online/a3a7b7b16fc9a9add134748cb2a542a5
Submission: On February 02 via manual from CH — Scanned from CH
Summary
TLS certificate: Issued by E1 on January 24th 2024. Valid for: 3 months.
This is the only time wristholder.online was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Customer Survey Spam (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
4 | 2606:4700:303... 2606:4700:3037::6815:1c08 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 195.133.30.21 195.133.30.21 | 398343 (BAXET-GROUP) (BAXET-GROUP) | |
1 2 | 2a06:98c1:312... 2a06:98c1:3121::3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
33 | 2606:4700:303... 2606:4700:3031::ac43:dde5 | () () | |
2 | 2a00:1450:400... 2a00:1450:4001:810::2008 | () () | |
1 | 2001:4860:480... 2001:4860:4802:34::36 | () () | |
48 | 7 |
ASN13335 (CLOUDFLARENET, US)
mailing.cursosdeinglesenguayaquil.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
33 |
wristholder.online
wristholder.online |
534 KB |
4 |
cursosdeinglesenguayaquil.com
mailing.cursosdeinglesenguayaquil.com |
10 KB |
2 |
googletagmanager.com
www.googletagmanager.com |
150 KB |
1 |
google-analytics.com
region1.google-analytics.com |
256 B |
1 |
trk-adulvion.com
trk-adulvion.com event.trk-adulvion.com Failed |
3 KB |
1 |
lyricducks.xyz
1 redirects
lyricducks.xyz |
678 B |
1 |
absorbwet.com
absorbwet.com |
493 B |
48 | 7 |
Domain | Requested by | |
---|---|---|
33 | wristholder.online |
absorbwet.com
wristholder.online |
4 | mailing.cursosdeinglesenguayaquil.com |
mailing.cursosdeinglesenguayaquil.com
|
2 | www.googletagmanager.com |
wristholder.online
www.googletagmanager.com |
1 | region1.google-analytics.com |
www.googletagmanager.com
|
1 | trk-adulvion.com |
wristholder.online
|
1 | lyricducks.xyz | 1 redirects |
1 | absorbwet.com |
mailing.cursosdeinglesenguayaquil.com
|
0 | event.trk-adulvion.com Failed |
trk-adulvion.com
|
48 | 8 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
cursosdeinglesenguayaquil.com GTS CA 1P5 |
2023-12-25 - 2024-03-24 |
3 months | crt.sh |
absorbwet.com R3 |
2024-01-25 - 2024-04-24 |
3 months | crt.sh |
wristholder.online E1 |
2024-01-24 - 2024-04-23 |
3 months | crt.sh |
trk-adulvion.com GTS CA 1P5 |
2023-12-17 - 2024-03-16 |
3 months | crt.sh |
*.google-analytics.com GTS CA 1C3 |
2024-01-09 - 2024-04-02 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://wristholder.online/a3a7b7b16fc9a9add134748cb2a542a5
Frame ID: 9929F79E71D34E530FAE51CEDAF5C730
Requests: 46 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- https://mailing.cursosdeinglesenguayaquil.com/4eFsLZ547gOGlj24JBjU0hqG0rRgz0SoJO9 Page URL
- https://mailing.cursosdeinglesenguayaquil.com/t/4eFsLZ547gOGlj24JBjU0hqG0rRgz0SoJO9 Page URL
- https://absorbwet.com/0/0/0/efff8e082d1e84388697a303901cc1d5/9/24-547/0-0-0 Page URL
-
https://lyricducks.xyz/?s1=351889&s2=1135993420&s3=3121&s10=436
HTTP 302
https://wristholder.online/a3a7b7b16fc9a9add134748cb2a542a5 Page URL
Detected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Font Awesome (Font Scripts) Expand
Detected patterns
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Google Tag Manager (Tag Managers) Expand
Detected patterns
- googletagmanager\.com/gtm\.js
- googletagmanager\.com/gtag/js
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://mailing.cursosdeinglesenguayaquil.com/4eFsLZ547gOGlj24JBjU0hqG0rRgz0SoJO9 Page URL
- https://mailing.cursosdeinglesenguayaquil.com/t/4eFsLZ547gOGlj24JBjU0hqG0rRgz0SoJO9 Page URL
- https://absorbwet.com/0/0/0/efff8e082d1e84388697a303901cc1d5/9/24-547/0-0-0 Page URL
-
https://lyricducks.xyz/?s1=351889&s2=1135993420&s3=3121&s10=436
HTTP 302
https://wristholder.online/a3a7b7b16fc9a9add134748cb2a542a5 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
48 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
4eFsLZ547gOGlj24JBjU0hqG0rRgz0SoJO9
mailing.cursosdeinglesenguayaquil.com/ |
648 B 999 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
rocket-loader.min.js
mailing.cursosdeinglesenguayaquil.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/ |
12 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
4eFsLZ547gOGlj24JBjU0hqG0rRgz0SoJO9
mailing.cursosdeinglesenguayaquil.com/t/ |
466 B 850 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
rocket-loader.min.js
mailing.cursosdeinglesenguayaquil.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/ |
12 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
0-0-0
absorbwet.com/0/0/0/efff8e082d1e84388697a303901cc1d5/9/24-547/ |
126 B 493 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
a3a7b7b16fc9a9add134748cb2a542a5
wristholder.online/ Redirect Chain
|
63 KB 17 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.css
wristholder.online/assets/vendors/bootstrap-4.5.3/css/ |
157 KB 25 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
all.min.css
wristholder.online/assets/vendors/fontawesome/css/ |
58 KB 13 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Poppins-Regular.ttf
wristholder.online/assets/css/aprilia/ |
155 KB 69 KB |
Font
font/ttf |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
common.css
wristholder.online/assets/css/aprilia/ |
40 KB 10 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
msg.v3.js
wristholder.online/inc/ |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo-digitech.png
wristholder.online/uploads/archive/company/92/images/ |
35 KB 36 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
4.png
wristholder.online/uploads/archive/product/40/images/ |
127 KB 127 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
7a2271c9b418cfab10efe4c7abf4a486.svg
wristholder.online/fim/436-CH/ |
1 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
799ef7499abed22eb1af18824576d18f.png
wristholder.online/fim/436-CH/ |
13 KB 13 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
3e67bcdc0ca01ff9cc24c23554daca75.png
wristholder.online/fim/436-CH/ |
619 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
db8083b148e522e02a535a74d615d458.png
wristholder.online/fim/436-CH/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
8d17e3d78ac5071b928bf89f0fc16bc2.png
wristholder.online/fim/436-CH/ |
16 KB 16 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
3d66c90da4cd2d17026f93a6cca1b276.jpg
wristholder.online/fim/436-CH/ |
2 KB 2 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
205a6ac59944b76bf87eca80d5aa4ad5.png
wristholder.online/fim/436-CH/ |
972 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bbc81eb941296f4f517fa3cce42370fe.jpg
wristholder.online/fim/436-CH/ |
2 KB 3 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
33d1c7ce31e0d8f99b2f09bb2106f0d0.jpg
wristholder.online/fim/436-CH/ |
2 KB 3 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
2.jpg
wristholder.online/uploads/archive/product/40/images/ |
8 KB 8 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
0d9f479db8b4ed8e3a39813941c774b4.jpg
wristholder.online/fim/436-CH/ |
2 KB 3 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
ea721380c5bbabc55d59778ca48cd3f2.jpg
wristholder.online/fim/436-CH/ |
2 KB 2 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
S4349956.jpg
wristholder.online/uploads/archive/product/40/images/ |
14 KB 14 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
1f842e557aab6b70a7e211bdc70c64b3.jpg
wristholder.online/fim/436-CH/ |
2 KB 3 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
7503499b0a5df1d5c2f4eaa567bb074d.jpg
wristholder.online/fim/436-CH/ |
2 KB 2 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
ipad-pro-unboxing-15.jpg
wristholder.online/uploads/archive/product/40/images/ |
5 KB 6 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
3000fe6251cc4ac49b1253986911d8c0.jpg
wristholder.online/fim/436-CH/ |
1 KB 2 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
f45e2f99dad56063ec189923505a029d.png
wristholder.online/fim/436-CH/ |
5 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
email-decode.min.js
wristholder.online/cdn-cgi/scripts/5c5dd728/cloudflare-static/ |
1 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
jquery-3.4.1.min.js
wristholder.online/assets/vendors/ |
86 KB 31 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bootstrap.min.js
wristholder.online/assets/vendors/bootstrap-4.5.3/js/ |
62 KB 16 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
functions.js
wristholder.online/assets/js/ |
1 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
intl_functions.js
wristholder.online/assets/js/ |
8 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
common.js
wristholder.online/assets/js/aprilia/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
v9e118mez8
trk-adulvion.com/scripts/push/ |
7 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gtm.js
www.googletagmanager.com/ |
184 KB 66 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
fa-solid-900.woff2
wristholder.online/assets/vendors/fontawesome/webfonts/ |
78 KB 79 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
fa-regular-400.woff2
wristholder.online/assets/vendors/fontawesome/webfonts/ |
13 KB 14 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST |
a3a7b7b16fc9a9add134748cb2a542a5
wristholder.online/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
www.googletagmanager.com/gtag/ |
244 KB 85 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
collect
region1.google-analytics.com/g/ |
0 256 B |
Ping
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST |
v9e118mez8
event.trk-adulvion.com/register/event_log/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS |
v9e118mez8
event.trk-adulvion.com/register/event_log/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS |
v9e118mez8
event.trk-adulvion.com/register/event_log/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST |
v9e118mez8
event.trk-adulvion.com/register/event_log/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- wristholder.online
- URL
- https://wristholder.online/assets/js/aprilia/common.js?v=1f799d335869602a9f60ff0efb508a66
- Domain
- wristholder.online
- URL
- https://wristholder.online/a3a7b7b16fc9a9add134748cb2a542a5
- Domain
- event.trk-adulvion.com
- URL
- https://event.trk-adulvion.com/register/event_log/v9e118mez8
- Domain
- event.trk-adulvion.com
- URL
- https://event.trk-adulvion.com/register/event_log/v9e118mez8
- Domain
- event.trk-adulvion.com
- URL
- https://event.trk-adulvion.com/register/event_log/v9e118mez8
- Domain
- event.trk-adulvion.com
- URL
- https://event.trk-adulvion.com/register/event_log/v9e118mez8
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Customer Survey Spam (Consumer)0 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
absorbwet.com/ | Name: uid3121 Value: 1135993420-20240202182919-8b815e09012e48d97f148a13f9cf28a4- |
|
lyricducks.xyz/ | Name: PHPSESSID Value: edec559ab3065d3b0690bb8eee627d45 |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
absorbwet.com
event.trk-adulvion.com
lyricducks.xyz
mailing.cursosdeinglesenguayaquil.com
region1.google-analytics.com
trk-adulvion.com
wristholder.online
www.googletagmanager.com
event.trk-adulvion.com
wristholder.online
195.133.30.21
2001:4860:4802:34::36
2606:4700:3031::ac43:dde5
2606:4700:3037::6815:1c08
2a00:1450:4001:810::2008
2a06:98c1:3121::3
00d1089f3939addcf5432d48ed80136c7012c82efdcd2f8dd64aec97aee0f8f9
021e62fc12d39ebcbd5469276bacc42d316df808b8b9623b329391f771f49343
21fb6ba9c3fe078fa8c9fcb5c0224076a3d2fe5fae43e63d0b6ee9541bf0b90a
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
272636a6d53d7dd9f0158dc5c47c4b7d2a328f9cf7f0d147924207690aeb8df1
2e47f6803f61ca30955c2dcf1d7b2d7361891cdb2a3ad96d667f71a5079a2931
40a4a7e1e3b6806e9eb4b719dcdd56c7f3dec5c4991bc15b56193c7e99f719f8
4c24dfd28784ad2befb3dafaac6bf1ed4e7cd58cce713d9a0b228d426e812baf
5a2e118a815e6de6042a2e004718938e3068ffdf3fca85010a37fcaaa72d49ae
5deddf7c5858ea17a9c6113f84b6624e75e00efaba9a11da2c7aae49ce0d8861
5e3022f8087def9c055a7b972d51cfdc0400fdb5238b317fedcec10d7f2fc154
5f98f95589e14b4ab6405c1a9dd70832ba177c05cf8aa0bb048cd4f28bd1aba1
6b3771113ea2c584837a3b4036f7f8f810c11e8b02f78e98eed712c82618077a
6c916669cf923b4f1b2db5c5107c83b6ca205e7ad0dcd840b251e63f0c8d28a2
6da5cf6e99c9e5b4eac83104070645628b698579cb3b457dbb0097befc548dc2
707fdc5c8bab57a90061c6a8ed7b70d5ffb82fc810e994e79f90bace890c255a
7080e089dab3a0ae988d8605e0228194997e26bbb43079ac5772315032c966a2
72b629cd526729bd25e6091b21e3e3ed6e16e17fb549a700f029f0c5693b0f4f
75ebfc0168a8c147fa15ef9d89fbbc16d7365d0c6d98dd49243924d62707d6f1
7c8320a5828b542d6c0fc42ea0008278e337bf1df2377e43373130546867fb46
85e69233cd6795c61fe1383eae608d874ca8a2c87ba21027ebf7eaf238891351
897477d6c25d771de27b1f041bd2b76887ccaff0e476dbd7f56bce1a00950e7c
904426131894370992ab9930bd6e618ba60b91119ed15e63b66e2fe91c3edf1e
ab01e78f9a01b905e2df63b9509738a116ac5ad60aabc8876ce241b91733dd03
b1bfd00a1efec5d94e650f5c29012d1f9ee342ff658a6167746403214701bd81
b3b8c21edfe6c5e402fdc607366fd8d15949a65914f58134733dc68922bc8d61
b4b56aeb01478defd67e194e6b8e34abceeb1b49ca51b1729f57a38e2a6c1438
bc4ba5ab1f79419e5c8a06db6d5ed27f78b026617608d8513bdf476bf78e1120
be56734e3715aba63d80e9cea86b1d0484215d05d8ccd61d0851d1e6c21e5a97
c61ae3686a74d0d0f5372fe3f83abb92da77e80840ad9981b19a7e2e34a38fb2
c64142685031501ba7f6f095b7c3f05b948fc888af17b77c68e43e8102a35425
c86fc6524af3fab1567a1206ea20eca001d2b8eaa06b1fef573a7319f45c467c
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
d04b46088ef1ee3b2aa958d1f028273d2adac5751011aa700b53594c0b10b78c
d1fb8d8337cd22568295b0ed998c85c58f0b4cd083af0b0db21cb0af80002f2d
d8968086f7509df34c3278563dab87399da4f9dcdfb419818e3a309eedc70b88
dba8f9dfea5bada9ef456b4518fba0c7185a4c6ed0f6c9bda71e9c5b11a5342e
e1d0e1ecf55bd3fed22fec6e1c49b61dee714d548dd31b42d6b693596f3bdf75
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f77c0d1739b618edc4a01ca3f6b2990b01a3009030af49ee8cf68e83052df194