mail-iclloud.com
Open in
urlscan Pro
104.37.35.66
Malicious Activity!
Public Scan
Effective URL: http://mail-iclloud.com/d58f2e29c6101d776e95fac42b3038f0/wsignin-auth.default-live-h64873QQP653aDp765423828763526DasQy.html
Submission: On May 10 via automatic, source openphish
Summary
This is the only time mail-iclloud.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
19 | 104.37.35.66 104.37.35.66 | 51468 (ONECOM) (ONECOM) | |
4 | 23.65.216.8 23.65.216.8 | 16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies) | |
1 | 23.65.219.68 23.65.219.68 | 16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies) | |
1 | 192.229.133.221 192.229.133.221 | 15133 (EDGECAST) (EDGECAST - MCI Communications Services) | |
1 | 54.171.34.141 54.171.34.141 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
1 | 95.100.189.33 95.100.189.33 | 16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies) | |
1 | 66.117.29.3 66.117.29.3 | 15224 (OMNITURE) (OMNITURE - Adobe Systems Inc.) | |
33 | 8 |
ASN51468 (ONECOM, DK)
PTR: webcluster2.webpod1-wdc1.one.com
mail-iclloud.com |
ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a23-65-216-8.deploy.static.akamaitechnologies.com
secure.wlxrs.com |
ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a23-65-219-68.deploy.static.akamaitechnologies.com
secure.shared.live.com |
ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US)
www.w3schools.com |
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-54-171-34-141.eu-west-1.compute.amazonaws.com
msft.demdex.net |
ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a95-100-189-33.deploy.akamaitechnologies.com
tags.bkrtx.com |
ASN15224 (OMNITURE - Adobe Systems Inc., US)
windowslive.tt.omtrdc.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
19 |
mail-iclloud.com
mail-iclloud.com |
376 KB |
4 |
wlxrs.com
secure.wlxrs.com |
23 KB |
1 |
omtrdc.net
windowslive.tt.omtrdc.net |
177 B |
1 |
bkrtx.com
tags.bkrtx.com |
13 KB |
1 |
demdex.net
msft.demdex.net |
138 B |
1 |
w3schools.com
www.w3schools.com |
41 KB |
1 |
live.com
secure.shared.live.com sc.imp.live.com Failed |
1 KB |
0 |
microsoft.com
Failed
s.imp.microsoft.com Failed |
|
0 |
bluekai.com
Failed
tags.bluekai.com Failed |
|
33 | 9 |
Domain | Requested by | |
---|---|---|
19 | mail-iclloud.com |
mail-iclloud.com
|
4 | secure.wlxrs.com |
mail-iclloud.com
|
1 | windowslive.tt.omtrdc.net |
mail-iclloud.com
|
1 | tags.bkrtx.com |
mail-iclloud.com
|
1 | msft.demdex.net |
mail-iclloud.com
|
1 | www.w3schools.com |
mail-iclloud.com
|
1 | secure.shared.live.com | |
0 | s.imp.microsoft.com Failed |
mail-iclloud.com
|
0 | sc.imp.live.com Failed |
mail-iclloud.com
|
0 | tags.bluekai.com Failed |
mail-iclloud.com
|
33 | 10 |
This site contains links to these domains. Also see Links.
Domain |
---|
go.microsoft.com |
account.live.com |
signup.live.com |
login.live.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.test.edgekey.net Symantec Class 3 Secure Server CA - G4 |
2016-11-24 - 2017-11-24 |
a year | crt.sh |
secure.shared.live.com Microsoft IT SSL SHA2 |
2016-11-18 - 2017-05-18 |
6 months | crt.sh |
*.w3schools.com DigiCert SHA2 Secure Server CA |
2017-02-07 - 2020-02-12 |
3 years | crt.sh |
*.demdex.net DigiCert SHA2 High Assurance Server CA |
2014-11-09 - 2018-01-24 |
3 years | crt.sh |
*.bkrtx.com Symantec Class 3 Secure Server CA - G4 |
2016-10-19 - 2017-10-19 |
a year | crt.sh |
This page contains 4 frames:
Primary Page:
http://mail-iclloud.com/d58f2e29c6101d776e95fac42b3038f0/wsignin-auth.default-live-h64873QQP653aDp765423828763526DasQy.html
Frame ID: 15786.1
Requests: 14 HTTP requests in this frame
Frame:
http://mail-iclloud.com/d58f2e29c6101d776e95fac42b3038f0/login_files/EN-US.htm
Frame ID: 15786.2
Requests: 15 HTTP requests in this frame
Frame:
http://mail-iclloud.com/d58f2e29c6101d776e95fac42b3038f0/login_files/header.htm
Frame ID: 15786.3
Requests: 3 HTTP requests in this frame
Frame:
http://tags.bluekai.com/site/14441?dt=0&r=892407581&sig=3761333344&bkca=KJ0+MXarCY9xCo2sqhQWO44QRHwqjYdq+jrKeuGvRxYMtvjFUfq5QydxjYfdBNX0dby0NYoRuOKkUSQU1zrWBg4l+yq8wRelo+F6fnHfYkSLHGSGu/4tfxZfgM4592bMZCOXzzKaiR+MU+R/P9CnxLXJKRNMCxSAOyYdM27QqDHMVDNWA+w9zo0w7eB8vizhavu7ZaREMLgUUpWA23Y0DD8iCTO9463AVaahtgRlPknHnJ0POSWP3EiMJVsBtBgFfwe6q0FT7NnQjItbuRwzR738GGdfTNxvtroxatkF7Bl3walgQksm1VDdxnCf29==
Frame ID: 15786.4
Requests: 1 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- http://mail-iclloud.com/d58f2e29c6101d776e95fac42b3038f0/ Page URL
- http://mail-iclloud.com/d58f2e29c6101d776e95fac42b3038f0/wsignin-auth.default-live-h64873QQP653aDp76... Page URL
Page Statistics
7 Outgoing links
These are links going to different origins than the main page.
Title: What's this?
Search URL Search Domain Scan URL
Title: Can't access your account?
Search URL Search Domain Scan URL
Title: Sign up now
Search URL Search Domain Scan URL
Title: Terms
Search URL Search Domain Scan URL
Title: Privacy & Cookies
Search URL Search Domain Scan URL
Title: Help Center
Search URL Search Domain Scan URL
Title: Feedback
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://mail-iclloud.com/d58f2e29c6101d776e95fac42b3038f0/ Page URL
- http://mail-iclloud.com/d58f2e29c6101d776e95fac42b3038f0/wsignin-auth.default-live-h64873QQP653aDp765423828763526DasQy.html Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request 0- http://mail-iclloud.com/d58f2e29c6101d776e95fac42b3038f0
- http://mail-iclloud.com/d58f2e29c6101d776e95fac42b3038f0/
- http://www.w3schools.com/jquery/jquery.js
- https://www.w3schools.com/jquery/jquery.js
- https://msft.demdex.net/event?d_stuff=1&d_dst=1&d_rtbd=json&d_cts=1&d_cb=aam_tnt_cb&
- https://msft.demdex.net/firstevent?d_stuff=1&d_dst=1&d_rtbd=json&d_cts=1&d_cb=aam_tnt_cb&
- http://tags.bluekai.com/site/14441?ret=html&phint=page%3DPROD-outlook_signin&phint=market%3Den-us&phint=__bk_t%3DSign%20In&phint=__bk_k%3D&phint=__bk_pr%3Dhttp%3A%2F%2Fmail-iclloud.com%2Fd58f2e29c6...
- http://tags.bluekai.com/site/14441?dt=0&r=892407581&sig=3761333344&bkca=KJ0+MXarCY9xCo2sqhQWO44QRHwqjYdq+jrKeuGvRxYMtvjFUfq5QydxjYfdBNX0dby0NYoRuOKkUSQU1zrWBg4l+yq8wRelo+F6fnHfYkSLHGSGu/4tfxZfgM459...
33 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
/
mail-iclloud.com/d58f2e29c6101d776e95fac42b3038f0/ Redirect Chain
|
10 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
NYKpPzcj59cAccountCSSX.css
secure.wlxrs.com/jy5kqke3ytP4lb3i5ZDpNLiWSfajaQ-eDIOI7KaGMzOGtx7r-zkJzcZQdL-oXfcuo!qhAxV70lLofVjqeMaFkn0-MYEtUYM8BG5a7nbwMSo/Base/16.4.4507/ |
101 KB 19 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
invis.gif
secure.wlxrs.com/$live.controls.images/is/ |
43 B 43 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
progressindicator.gif
mail-iclloud.com/d58f2e29c6101d776e95fac42b3038f0/ |
12 KB 12 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
c4.png
secure.wlxrs.com/$live.controls.images/h/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
favicon.ico
secure.shared.live.com/r3ftCWirpBmdQjbotz3STg/ |
1 KB 1 KB |
Other
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
flag.ico
secure.wlxrs.com/$live.controls.images/m/ |
1 KB 1 KB |
Other
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
wsignin-auth.default-live-h64873QQP653aDp765423828763526DasQy.html
mail-iclloud.com/d58f2e29c6101d776e95fac42b3038f0/ |
9 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.js
www.w3schools.com/jquery/ Redirect Chain
|
91 KB 41 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
SpryValidationTextField.js
mail-iclloud.com/d58f2e29c6101d776e95fac42b3038f0/SpryAssets/ |
78 KB 17 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
R3WinLive1033.css
mail-iclloud.com/d58f2e29c6101d776e95fac42b3038f0/login_files/ |
25 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
SpryValidationTextField.css
mail-iclloud.com/d58f2e29c6101d776e95fac42b3038f0/SpryAssets/ |
3 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
untitled.png
mail-iclloud.com/d58f2e29c6101d776e95fac42b3038f0/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
EN-US.htm
mail-iclloud.com/d58f2e29c6101d776e95fac42b3038f0/login_files/ Frame 1578 |
2 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
header.htm
mail-iclloud.com/d58f2e29c6101d776e95fac42b3038f0/login_files/ Frame 1578 |
501 B 342 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
controls.png
mail-iclloud.com/d58f2e29c6101d776e95fac42b3038f0/login_files/hig/img/ |
263 B 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
style.css
mail-iclloud.com/d58f2e29c6101d776e95fac42b3038f0/login_files/EN-US_data/ Frame 1578 |
7 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mbox.js
mail-iclloud.com/d58f2e29c6101d776e95fac42b3038f0/login_files/EN-US_data/ Frame 1578 |
30 KB 8 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
event
mail-iclloud.com/d58f2e29c6101d776e95fac42b3038f0/login_files/EN-US_data/ Frame 1578 |
1 KB 1 KB |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Outlook-SISU-Feature5-C-KH-06-Image_Modified.jpg
mail-iclloud.com/d58f2e29c6101d776e95fac42b3038f0/login_files/EN-US_data/ Frame 1578 |
303 KB 303 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
style_win8.css
mail-iclloud.com/d58f2e29c6101d776e95fac42b3038f0/login_files/EN-US_data/ Frame 1578 |
2 KB 411 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bk-coretag.js
mail-iclloud.com/d58f2e29c6101d776e95fac42b3038f0/login_files/EN-US_data/ Frame 1578 |
30 KB 11 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
standard
mail-iclloud.com/d58f2e29c6101d776e95fac42b3038f0/login_files/EN-US_data/ Frame 1578 |
2 KB 2 KB |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
header.css
mail-iclloud.com/d58f2e29c6101d776e95fac42b3038f0/login_files/header_data/ Frame 1578 |
195 B 158 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo_mail.png
mail-iclloud.com/d58f2e29c6101d776e95fac42b3038f0/login_files/header_data/ Frame 1578 |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Cookie set
firstevent
msft.demdex.net/ Frame 1578 Redirect Chain
|
108 B 138 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bk-coretag.js
tags.bkrtx.com/js/ Frame 1578 |
38 KB 13 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
standard
windowslive.tt.omtrdc.net/m2/windowslive/mbox/ Frame 1578 |
177 B 177 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
14441
tags.bluekai.com/site/ Frame 1578 Redirect Chain
|
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
style.css
sc.imp.live.com/content/dam/imp/surfaces/mail_signin/v3/css/ Frame 1578 |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
style_win8.css
sc.imp.live.com/content/dam/imp/surfaces/mail_signin/v3/css/ Frame 1578 |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
Outlook-SISU-Feature5-C-KH-06-Image_Modified.jpg
sc.imp.live.com/content/dam/imp/surfaces/mail_signin/v3/images/ Frame 1578 |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
zag.gif
s.imp.microsoft.com/ Frame 1578 |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- tags.bluekai.com
- URL
- http://tags.bluekai.com/site/14441?dt=0&r=892407581&sig=3761333344&bkca=KJ0+MXarCY9xCo2sqhQWO44QRHwqjYdq+jrKeuGvRxYMtvjFUfq5QydxjYfdBNX0dby0NYoRuOKkUSQU1zrWBg4l+yq8wRelo+F6fnHfYkSLHGSGu/4tfxZfgM4592bMZCOXzzKaiR+MU+R/P9CnxLXJKRNMCxSAOyYdM27QqDHMVDNWA+w9zo0w7eB8vizhavu7ZaREMLgUUpWA23Y0DD8iCTO9463AVaahtgRlPknHnJ0POSWP3EiMJVsBtBgFfwe6q0FT7NnQjItbuRwzR738GGdfTNxvtroxatkF7Bl3walgQksm1VDdxnCf29==
- Domain
- sc.imp.live.com
- URL
- https://sc.imp.live.com/content/dam/imp/surfaces/mail_signin/v3/css/style.css
- Domain
- sc.imp.live.com
- URL
- https://sc.imp.live.com/content/dam/imp/surfaces/mail_signin/v3/css/style_win8.css
- Domain
- sc.imp.live.com
- URL
- https://sc.imp.live.com/content/dam/imp/surfaces/mail_signin/v3/images/Outlook-SISU-Feature5-C-KH-06-Image_Modified.jpg
- Domain
- s.imp.microsoft.com
- URL
- https://s.imp.microsoft.com/zag.gif?Log=1&tntcalltype=1&tntPCID=1426418742528-674323.21_06&tntANID=A874E651D1D4781C455CB3F4FFFFFFFF&tntSessionID=1426596019627-404346&tntCampaignID=96220&tntCampaignName=Experiment%201%3Fc000041638%7Cet01%7CF2BA64C6&tntOfferID=87053&tntOfferName=en%20US%20OL%20SISU%20Evergreen%20FY15%20OneDrive?o00000079849|A6D18F7E&tntMbox=PROD-outlook_signin&tntRecipeID=2&tntRecipeName=EE03%3Fee03%7C90775660&tntPage=http%3A//mail-iclloud.com/d58f2e29c6101d776e95fac42b3038f0/login_files/EN-US.htm&tntMrkt=en-us&tntFirstSession=false&tntTrafficType=0&tntPageID=1494396429006-684558&tntTime=1494396429246&tntTitle=Sign%20In&tntGeoCountry=nigeria&tntGeoState=lagos&tntGeoDMA=not%20metroized&tntGeoCity=&tntGeoZip=&tntReferrer=http%3A//mail-iclloud.com/d58f2e29c6101d776e95fac42b3038f0/wsignin-auth.default-live-h64873QQP653aDp765423828763526DasQy.html
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic (Online)0 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
mail-iclloud.com
msft.demdex.net
s.imp.microsoft.com
sc.imp.live.com
secure.shared.live.com
secure.wlxrs.com
tags.bkrtx.com
tags.bluekai.com
windowslive.tt.omtrdc.net
www.w3schools.com
s.imp.microsoft.com
sc.imp.live.com
tags.bluekai.com
104.37.35.66
192.229.133.221
23.65.216.8
23.65.219.68
54.171.34.141
66.117.29.3
95.100.189.33
1201c9e70331fab3bfeaae83d453b392f35eeccc008f0674c30b74492e9b1fa0
1fbeb9df6569014efb380b7d4f4041b2fe1a712da9a26bdda3744c7e586b4ce7
2389a64a489d04fb7263889c12e819ce5b424fd35072ca2dc92f6cdc45e2e619
3ffe0ca9c571e0b660232a1da9720e893afe03ca12285f514bcc03473b63475e
4b0e6a62b21d3b6aeeada5430d4a2b9dc9cb9176c984b26ff92aefcffd71ed4b
56d73dd32524ce4475965c2ef09845b11175e3a27e99677e160f0f451d4ae4ba
5d5a88753e1951c41ecbff30d98759d5617f12cebde55bf8c03b4ad84f4e90da
64ccf134e4bc1c5cba0b921557af934df0e4f5c3c7a35292a8baba7bbea57d73
658a4d314b9e0628c43232763e37cb32a05ecd730f84db3e4141010e89aa8194
6b1af85883b2ab64690488468bf9fb0699b82e0b8c3239129847e726bcd79c1b
a1305347219d673cc973172494248e557ce8eccaf65af995c07c9d7daed4475d
a7d1e9b418d587fb4889c59ae4f862715e4dfaf4ceede2090f9a8b0eb5dbf493
bbd6618aa9cfba2a24b8e1b865610b049279e1605aeabf1a5952ed2b976559bf
c8628e44281c5b0373d3152976562155f32a19d0c76f81b933de5c645ab08b44
c9ba899170b761e94f6bbb558d1bc1c7a2f04b27b6652b47e0ed23564e55a104
c9ede39944e2d06465b54dc33d0cdf58f15e79e3b7e62787db411bf74f4efb04
caf380f27bcda4b7d549bf77b61fc62399998f8d13d534cc9c1446c14743cd6e
cb725f174a86bcf23b5b9f53e5b60d53eaa1524f88f4dcec165670a3b0eb6c2c
d71fb752bc1ddebdc8753fa4706280f90e0f03191e610cf65428c34804365e1b
dab5468a7b1dd5f69fcf53b4a4498a58eea2ad145bca9dd10b7d81e3f135fcbf
dfbfc72e2b282d309847621829b78cc68d8dc1e7e1a79899e7846935c18c1969
e6480466d6a714376fee64aa084017aa2da059821e633b255665338a48f4853d
f4a6a060f5342f0ccaa111b2b79da252ad43e489131a9d001b1904251315f0d9
f6de9ced41ed54dbfc4f51abfeb65d843bd8dd33a45cbb773ecf5f92d065dd52
fdc910651fc8d8d5f130010dea528ab23cb7846085de0f9d8bef558c269f9915
fdf23f239d55ed27eeb89ee9b4caaa74766754bfe53f01fac705ffb450a776d4
ff2eef549d79357b46ac3271773c37fe139fe45ea78a1c16b3a7b787fb721256