doings.pages.dev
Open in
urlscan Pro
2606:4700:310c::ac42:2f54
Malicious Activity!
Public Scan
Submission: On June 14 via api from US — Scanned from US
Summary
TLS certificate: Issued by E1 on June 14th 2023. Valid for: 3 months.
This is the only time doings.pages.dev was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: ID.me (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 2606:4700:310... 2606:4700:310c::ac42:2f54 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
21 | 2600:141b:900... 2600:141b:9000::b833:94c0 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
2 | 2607:f8b0:402... 2607:f8b0:4020:805::200a | 15169 (GOOGLE) (GOOGLE) | |
3 | 2607:f8b0:400... 2607:f8b0:4006:80e::200e | 15169 (GOOGLE) (GOOGLE) | |
2 | 2607:f8b0:402... 2607:f8b0:4020:806::2008 | 15169 (GOOGLE) (GOOGLE) | |
1 | 2600:141b:900... 2600:141b:9000:48c::11a6 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
1 | 2600:141b:900... 2600:141b:9000:5a8::11a6 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
1 | 2607:f8b0:400... 2607:f8b0:4004:c19::9d | 15169 (GOOGLE) (GOOGLE) | |
5 | 104.18.70.113 104.18.70.113 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2607:f8b0:402... 2607:f8b0:4020:807::2004 | 15169 (GOOGLE) (GOOGLE) | |
2 | 104.16.51.111 104.16.51.111 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
40 | 11 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
21 |
id.me
api.id.me — Cisco Umbrella Rank: 44796 |
450 KB |
5 |
zdassets.com
static.zdassets.com — Cisco Umbrella Rank: 2087 ekr.zdassets.com — Cisco Umbrella Rank: 2428 |
312 KB |
3 |
google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 60 |
21 KB |
2 |
zendesk.com
idme.zendesk.com — Cisco Umbrella Rank: 108497 |
1 KB |
2 |
go-mpulse.net
s.go-mpulse.net — Cisco Umbrella Rank: 1293 c.go-mpulse.net — Cisco Umbrella Rank: 573 |
50 KB |
2 |
googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 82 |
135 KB |
2 |
googleapis.com
maps.googleapis.com — Cisco Umbrella Rank: 388 |
70 KB |
1 |
google.com
www.google.com — Cisco Umbrella Rank: 3 |
408 B |
1 |
doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 124 |
347 B |
1 |
pages.dev
doings.pages.dev |
7 KB |
40 | 10 |
Domain | Requested by | |
---|---|---|
21 | api.id.me |
doings.pages.dev
api.id.me |
4 | static.zdassets.com |
api.id.me
static.zdassets.com |
3 | www.google-analytics.com |
api.id.me
www.google-analytics.com www.googletagmanager.com |
2 | idme.zendesk.com |
static.zdassets.com
|
2 | www.googletagmanager.com |
api.id.me
www.googletagmanager.com |
2 | maps.googleapis.com |
doings.pages.dev
maps.googleapis.com |
1 | ekr.zdassets.com |
static.zdassets.com
|
1 | www.google.com |
doings.pages.dev
|
1 | stats.g.doubleclick.net |
www.google-analytics.com
|
1 | c.go-mpulse.net |
s.go-mpulse.net
|
1 | s.go-mpulse.net |
doings.pages.dev
|
1 | doings.pages.dev | |
40 | 12 |
Subject Issuer | Validity | Valid | |
---|---|---|---|
doings.pages.dev E1 |
2023-06-14 - 2023-09-12 |
3 months | crt.sh |
api.id.me DigiCert TLS Hybrid ECC SHA384 2020 CA1 |
2022-09-23 - 2023-09-26 |
a year | crt.sh |
upload.video.google.com GTS CA 1C3 |
2023-05-22 - 2023-08-14 |
3 months | crt.sh |
*.google-analytics.com GTS CA 1C3 |
2023-05-19 - 2023-08-11 |
3 months | crt.sh |
akstat.io DigiCert TLS RSA SHA256 2020 CA1 |
2023-04-05 - 2024-04-04 |
a year | crt.sh |
*.g.doubleclick.net GTS CA 1C3 |
2023-05-19 - 2023-08-11 |
3 months | crt.sh |
zdassets.com Cloudflare Inc ECC CA-3 |
2022-11-10 - 2023-11-09 |
a year | crt.sh |
www.google.com GTS CA 1C3 |
2023-05-22 - 2023-08-14 |
3 months | crt.sh |
idme.zendesk.com Cloudflare Inc ECC CA-3 |
2023-04-01 - 2024-03-31 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
https://doings.pages.dev/api.id.me
Frame ID: 6141D46BC9EF3A886A862ED344DDB6EF
Requests: 35 HTTP requests in this frame
Frame:
https://static.zdassets.com/web_widget/latest/web-widget-framework-7a54a546dda064893d09.js
Frame ID: 403BF9EA4A5B0D8B85982355466D2880
Requests: 5 HTTP requests in this frame
Screenshot
Page Title
Complete your sign in - ID.meDetected technologies
Google Maps (Maps) ExpandDetected patterns
- //maps\.google(?:apis)?\.com/maps/api/js
Google Analytics (Analytics) Expand
Detected patterns
- google-analytics\.com/(?:ga|urchin|analytics)\.js
Google Tag Manager (Tag Managers) Expand
Detected patterns
- googletagmanager\.com/gtm\.js
- googletagmanager\.com/gtag/js
Page Statistics
6 Outgoing links
These are links going to different origins than the main page.
Title: Resend my verification code
Search URL Search Domain Scan URL
Title: update your settings here
Search URL Search Domain Scan URL
Title: Go back
Search URL Search Domain Scan URL
Title: What is ID.me?
Search URL Search Domain Scan URL
Title: Terms of Service
Search URL Search Domain Scan URL
Title: Privacy Policy
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
40 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
api.id.me
doings.pages.dev/ |
15 KB 7 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
google-81990243df62fe63ea10e1b61505d86bdd0b9507c3b841c224bd25981a95c8aa.js
api.id.me/assets/analytics/ |
471 B 581 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gtm_engineering-75cb54582c7329f991049ae3b2e8de9ade91f84253bb7026330dfb172ff4de40.js
api.id.me/assets/analytics/ |
349 B 533 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
runtime-5d83b91d2172c6417e29.js
api.id.me/packs/js/ |
1 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
725-51e18ddddea6f1a98a88.js
api.id.me/packs/js/ |
266 KB 83 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
polyfills-b73a7b909378b44c462f.js
api.id.me/packs/js/ |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
394-67f6b85bd116ded069b6.js
api.id.me/packs/js/ |
77 KB 20 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
components-03ec7363c8a9e5d48a48.js
api.id.me/packs/js/ |
206 B 442 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
queueclient.min.js
api.id.me//static.queue-it.net/script/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
queueconfigloader.min.js
api.id.me//static.queue-it.net/script/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
application-005e81fbd7c4d1513e92a09933a5d2c3ff93d6a904f89deb161e2cf7f8b640e0.css
api.id.me/assets/ |
182 KB 30 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
idme-logo-1d96899e99d393974ec16fa17a820e78fca132bd8ea53e01f12bdc000baf674f.svg
api.id.me/assets/logos/ |
3 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
maps.googleapis.com/maps/api/ |
220 KB 70 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
application-a25c0fd8ab4b252763f219d7de3fa0707fe575ea3226d864248f689e914fa7fe.js
api.id.me/assets/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
chat-277e743ae9574a31927fbdf43530b414d8e8480f369965cec738a2a93d3e0311.js
api.id.me/assets/zendesk/ |
506 B 609 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
analytics.js
www.google-analytics.com/ |
51 KB 21 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gtm.js
www.googletagmanager.com/ |
127 KB 47 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
GTDQ2-YPV4D-ZPN8M-VW3LM-H9A7G
s.go-mpulse.net/boomerang/ |
205 KB 49 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
progressbar-line-785aacc7b53681c60e0c66e42f97bc2540800db62c1ca2b84feed419c496aab9.svg
api.id.me/assets/ |
953 B 736 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Poppins-Medium-a5829f09868f62506459177f6872e751d023527e6cfd42525bce8d1c33365003.woff
api.id.me/assets/ |
67 KB 67 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Poppins-SemiBold-15cea7fedab57408d132253bd4663008d2627476be29759d00c67d716ee0570b.woff
api.id.me/assets/ |
66 KB 67 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Poppins-Bold-8fa4cd82d3da48c46174cb96d5cd7eac6a2139c5bdc44e466b17ae54033b10ae.woff
api.id.me/assets/ |
66 KB 67 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
OpenSans-f965889da0ef7fe9f91270decb4638eafb62e358ac08b974059512f9b4fa099b.woff
api.id.me/assets/ |
14 KB 14 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
OpenSans-Semibold-6c9bf1664cc6e8151624c0c19613cb4183278f26f97011c172542d5d574faab8.woff
api.id.me/assets/ |
14 KB 14 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
OpenSans-Bold-13cd71fff17a279d6c6c8fe515396b6a9898a0e46c26bca41a031a7ee652e227.woff
api.id.me/assets/ |
14 KB 14 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Poppins-Regular-f7d5d006eb67f9f5b1499b3140f4cedbe8e0d4d500810216a022e3acd64fb989.woff
api.id.me/assets/ |
67 KB 67 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
collect
www.google-analytics.com/j/ |
4 B 209 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
config.json
c.go-mpulse.net/api/ |
51 B 323 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
collect
stats.g.doubleclick.net/j/ |
2 B 347 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
www.googletagmanager.com/gtag/ |
262 KB 88 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
gen_204
maps.googleapis.com/maps/api/mapsjs/ |
3 B 45 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
asset_composer.js
static.zdassets.com/ekr/ |
24 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ga-audiences
www.google.com/ads/ |
42 B 408 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
collect
www.google-analytics.com/g/ |
0 17 B |
Ping
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
22fb9205-0748-40d7-8eb1-c964afe88d06
ekr.zdassets.com/compose/ |
314 B 1 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
web-widget-framework-7a54a546dda064893d09.js
static.zdassets.com/web_widget/latest/ Frame 403B |
100 KB 32 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
config
idme.zendesk.com/embeddable/ Frame 403B |
316 B 1001 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
web-widget-main-bfd6eb7.js
static.zdassets.com/web_widget/classic/latest/ Frame 403B |
924 KB 266 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
embeddable_blip
idme.zendesk.com/ Frame 403B |
0 321 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
en-us-json-bfd6eb7.js
static.zdassets.com/web_widget/classic/latest/web-widget-locales/classic/ Frame 403B |
25 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: ID.me (Online)48 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 boolean| credentialless object| onbeforetoggle object| onscrollend string| _qUUID string| _qSESSIONID string| _qINTID string| _qINT number| _sf_startpt object| settings number| QUEUE_IDENTIFIER object| locales string| GoogleAnalyticsObject function| ga object| dataLayer object| webpackChunkapp function| clearImmediate function| setImmediate function| reactiveElementPolyfillSupport object| WebComponents function| __CE_installPolyfill object| ShadyCSS object| regeneratorRuntime object| reactiveElementVersions object| litHtmlVersions object| litElementVersions string| BOOMR_API_key object| BOOMR object| event_data object| google_tag_data object| gaplugins object| gaGlobal object| gaData function| BOOMR_check_doc_domain object| ErrorStackParser object| UserTimingCompression object| BOOMR_mq object| google_tag_manager object| google object| module$contents$mapsapi$overlay$overlayView_OverlayView function| zEmbed function| zE function| onYouTubeIframeAPIReady number| BOOMR_configt object| zEWebpackACJsonp number| BOOMR_onload boolean| zEACLoaded function| $zopim5 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.doings.pages.dev/ | Name: _gid Value: GA1.3.1049798620.1686783320 |
|
.doings.pages.dev/ | Name: _gat Value: 1 |
|
.doings.pages.dev/ | Name: _ga Value: GA1.1.324631898.1686783320 |
|
.doings.pages.dev/ | Name: _ga_684ZXW8HVT Value: GS1.1.1686783320.1.0.1686783320.0.0.0 |
|
.doings.pages.dev/ | Name: RT Value: "z=1&dm=doings.pages.dev&si=caaa974b-22a3-415c-aae2-a0de065c2b81&ss=liwb8iss&sl=1&tt=xo&rl=1&ld=xq" |
3 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Content-Type-Options | nosniff |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
api.id.me
c.go-mpulse.net
doings.pages.dev
ekr.zdassets.com
idme.zendesk.com
maps.googleapis.com
s.go-mpulse.net
static.zdassets.com
stats.g.doubleclick.net
www.google-analytics.com
www.google.com
www.googletagmanager.com
104.16.51.111
104.18.70.113
2600:141b:9000:48c::11a6
2600:141b:9000:5a8::11a6
2600:141b:9000::b833:94c0
2606:4700:310c::ac42:2f54
2607:f8b0:4004:c19::9d
2607:f8b0:4006:80e::200e
2607:f8b0:4020:805::200a
2607:f8b0:4020:806::2008
2607:f8b0:4020:807::2004
09ebd7f407439990aac227e70da23e1a819e8e30282928e324370805f480bec4
114d9abe80c359585b47c34f73fc67e8f7721209074ad447f1bf9e2d344da149
13bbdcef736bf499b046f8f3ba1b8c10f2540265048aee244d143f21f3168950
21b17052acd1aacb7b30b0b728c04bb2111f71f964e454e2ecb6902a3a7a38f8
28e5a7bc5703c00c8bc6fd0cfe45a3088e0a88a7862d206bb93f6cba655157ff
299da7026347cc548560d3a1639f471f23447f7289ca674dd49bd01b36e2124b
4211906bbd6ea5cb344406a86853dbb4f5711457a0ee71a7c832e046605bc8b3
55fc0d5f38f5fdd8ba0c458ab25cdd24a5e297929db8599c05b8f700c43aa8a6
6068f86ff5e6d3a3e100e95fd0ab03a5fb9ebfca9386b2c0ee131361a62526c2
62222165f0b605823009b99ec5acf4f3721a5a3aecc7bc7f83ea7ed210c00e5b
622be2eb8ef5825d74867a56c04c9274812a7276da1f7bd218401deb24fdc045
6dfdf411a70ae4d26942efdf1034e66976435758d29f2a7d556d77e08b9e2412
7c7a9303bfaaaccaa84e93be7ac0d17cc7647afc73bdb1a84234a7e988d37528
84997ad3824dbe8eab4965678bb5c1dced09726238c2493e0005413179295965
8adcc0c6ed667c0a0ec933979080a868d823684e75346446913fe2033cb91817
8c040428f7853cc935f8f7a4eb3e2e7be8d5a14e59616f6fc6f03f55b3ed94c8
937c7bd392e945cd2e1ee86cf47b357af016af281c2062d3249132c023f65f39
9d5575173e17b34916779d395ad1fdbe82e3a463fbad9813bfc83b334bf12265
a26249a2fdaadd15541d8c273b3fdc7347d83866e238565612c24b59f608e473
ad5fb58ad11730ef707d4f28db7a83ec4804bb3e8373dc69bedd94cd7a872efc
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
b2a95245d69655b25812ab2bd247b8a4f29b922b27aff9b81947e6a61570df8a
b4bbca17dde30ca7c1ebeef9eacb9bc8705ca76f4089911a3c60500eb2e17224
bb988ab760df25b36634e5033c142c3fb806f99cc70e5ce2c77f5fe3c802035f
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
cfda84577729425a91460b1220d5ed31b76bb0f63e1bd55014c35127798eb355
d2cd642203b359e6d595a17aef1c0213f0eb21c8d7baad33ce4db3a20993c1f3
d438276c8d640b0ed56e16f477cfba5dfb2edbc545e2fdd5191ae557368479bd
dd3df42b3ffd71e0c96e93f9d5d81a128979c3cdf5eb2864241a67c7d620f4aa
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3d18722a802bdd6ee14c794785516720e0581a8f6c57ffe81d4227c26ee1042
e52766798b247c123d77c77719ddc6dda678cfbd064956d0afd4dcb05621f89e
e7b90d32907f89c49e9e2a2ccca95133277f756f13a14187936d9b948ff67b44
eb439f785d33858dfe7300098e5f38c7ebb471ccfe409dde80df79c90c11e5e9
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
fd5d26e4b7a154adea25fd7b0f913a5f686dbd8000c7836ffb18a03935c89826