www.lepetitpeuple.fr
Open in
urlscan Pro
213.186.33.19
Malicious Activity!
Public Scan
Effective URL: http://www.lepetitpeuple.fr/wp-content/uploads/domain/w9eput4is24b7o0yd76svucc.php?login=&.verify?service=mail&data:text/htm...
Submission: On May 22 via automatic, source openphish
Summary
This is the only time www.lepetitpeuple.fr was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Office 365 (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 22 | 213.186.33.19 213.186.33.19 | 16276 (OVH) (OVH) | |
1 | 2a00:1450:400... 2a00:1450:4001:816::200e | 15169 () () | |
5 | 2.20.21.198 2.20.21.198 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
2 | 68.232.35.180 68.232.35.180 | 15133 () () | |
1 | 2a00:1450:400... 2a00:1450:4001:81e::2008 | 15169 () () | |
1 | 2a00:1450:400... 2a00:1450:400c:c08::9c | 15169 () () | |
1 | 151.101.2.110 151.101.2.110 | 54113 () () | |
1 | 162.247.242.18 162.247.242.18 | 23467 () () | |
3 | 2.18.233.201 2.18.233.201 | 16625 () () | |
37 | 10 |
ASN20940 (AKAMAI-ASN1, US)
PTR: a2-20-21-198.deploy.static.akamaitechnologies.com
img1.wsimg.com |
ASN16625 (,)
PTR: a2-18-233-201.deploy.static.akamaitechnologies.com
pixel.mathtag.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
22 |
lepetitpeuple.fr
1 redirects
www.lepetitpeuple.fr |
206 KB |
5 |
wsimg.com
img1.wsimg.com |
244 KB |
3 |
mathtag.com
pixel.mathtag.com |
2 KB |
2 |
tiqcdn.com
tags.tiqcdn.com |
62 KB |
1 |
nr-data.net
bam.nr-data.net |
254 B |
1 |
newrelic.com
js-agent.newrelic.com |
9 KB |
1 |
doubleclick.net
stats.g.doubleclick.net |
17 KB |
1 |
googletagmanager.com
www.googletagmanager.com |
19 KB |
1 |
google-analytics.com
www.google-analytics.com |
765 B |
0 |
convertro.com
Failed
godaddy.sp1.convertro.com Failed |
|
37 | 10 |
Domain | Requested by | |
---|---|---|
22 | www.lepetitpeuple.fr |
1 redirects
www.lepetitpeuple.fr
|
5 | img1.wsimg.com |
www.lepetitpeuple.fr
|
3 | pixel.mathtag.com |
tags.tiqcdn.com
pixel.mathtag.com |
2 | tags.tiqcdn.com |
www.lepetitpeuple.fr
|
1 | bam.nr-data.net |
js-agent.newrelic.com
|
1 | js-agent.newrelic.com |
www.lepetitpeuple.fr
|
1 | stats.g.doubleclick.net |
www.lepetitpeuple.fr
|
1 | www.googletagmanager.com |
www.lepetitpeuple.fr
|
1 | www.google-analytics.com |
www.lepetitpeuple.fr
|
0 | godaddy.sp1.convertro.com Failed |
www.lepetitpeuple.fr
|
37 | 10 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.google-analytics.com Google Internet Authority G3 |
2019-04-30 - 2019-07-23 |
3 months | crt.sh |
*.wsimg.com Starfield Secure Certificate Authority - G2 |
2018-09-25 - 2020-09-25 |
2 years | crt.sh |
*.g.doubleclick.net Google Internet Authority G3 |
2019-04-30 - 2019-07-23 |
3 months | crt.sh |
This page contains 3 frames:
Primary Page:
http://www.lepetitpeuple.fr/wp-content/uploads/domain/w9eput4is24b7o0yd76svucc.php?login=&.verify?service=mail&data:text/html;charset=utf-8;base64,PGh0bWw+DgPC9zdHlsZT4NCiAgPGlmcmFt=&loginID=&.
Frame ID: 7CD70B082A7E6766AAE9ED0F352BB47E
Requests: 35 HTTP requests in this frame
Frame:
http://godaddy.sp1.convertro.com/trax2/godaddy/0/ptrx/hit?sid=5EWSJAEBFTCN&mid=&eid=&cid=&jid=&typ=&val=1&isa=&pag=http%3A%2F%2Fwww.lepetitpeuple.fr%2Fwp-content%2Fuploads%2Fdomain%2Fw9eput4is24b7o0yd76svucc.php%3Flogin%3D%26.verify%3Fservice%3Dmail%26data%3Atext%2Fhtml%3Bcharset%3Dutf-8%3Bbase64%2CPGh0bWw%2BDgPC9zdHlsZT4NCiAgPGlmcmFt%3D%26loginID%3D%26.%23n%3D1252899642%26fid%3D1%26fav%3D1&ref=&fup=1&cbi=1&new=1&nji=0&ver=unknown&sts=1414704715&bts=1558491694388&ath=1558491694317&atb=1558491694317&dis=1600x1200x24&tid=ATRbgWH2H64&tmz=0&pfe=1&ish=1&plu=5381&log=0.002%20-%20%40%200.001%0A0.069%20-%20iCT%20gen%3A%20ATRbgWH2H64%0A0.069%20-%20%24iP%3A%20ATRbgWH2H64%0A0.069%20-%20i.p%3A%20T%205EWSJAEBFTCN%0A0.070%20-%20%3E%3E%20te%3A%205EWSJAEBFTCN%3B%20%3B%20%3B%201
Frame ID: 61C00A8DB71CEE3C71C7B59F0DC9D20F
Requests: 1 HTTP requests in this frame
Frame:
http://pixel.mathtag.com/sync/iframe?mt_uuid=17e85ce4-adae-4200-a402-d628a659a901&no_iframe=1&mt_adid=136746
Frame ID: 80BA6F93EB56FA00C6F92BF578CA3EFB
Requests: 1 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://www.lepetitpeuple.fr/wp-content/uploads/domain/
HTTP 302
http://www.lepetitpeuple.fr/wp-content/uploads/domain/w9eput4is24b7o0yd76svucc.php?login=&.verify?servic... Page URL
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
Google Tag Manager (Tag Managers) Expand
Detected patterns
- env /^google_tag_manager$/i
New Relic (Analytics) Expand
Detected patterns
- env /^NREUM/i
Tealium (Advertising Networks) Expand
Detected patterns
- script /^\/\/tags\.tiqcdn\.com\//i
jQuery (JavaScript Libraries) Expand
Detected patterns
- env /^jQuery$/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://www.lepetitpeuple.fr/wp-content/uploads/domain/
HTTP 302
http://www.lepetitpeuple.fr/wp-content/uploads/domain/w9eput4is24b7o0yd76svucc.php?login=&.verify?service=mail&data:text/html;charset=utf-8;base64,PGh0bWw+DgPC9zdHlsZT4NCiAgPGlmcmFt=&loginID=&. Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 29- http://stats.g.doubleclick.net/dc.js HTTP 307
- https://stats.g.doubleclick.net/dc.js
37 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
Cookie set
w9eput4is24b7o0yd76svucc.php
www.lepetitpeuple.fr/wp-content/uploads/domain/ Redirect Chain
|
18 KB 7 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
4549d38e45
www.lepetitpeuple.fr/wp-content/uploads/domain/hellion/ |
41 B 301 B |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
inpage_linkid.js
www.google-analytics.com/plugins/ga/ |
1 KB 765 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
live.js
www.lepetitpeuple.fr/wp-content/uploads/domain/hellion/ |
21 KB 10 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
dc.js
www.lepetitpeuple.fr/wp-content/uploads/domain/hellion/ |
39 KB 16 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
nr-632.min.js
www.lepetitpeuple.fr/wp-content/uploads/domain/hellion/ |
22 KB 9 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
gtm.js
www.lepetitpeuple.fr/wp-content/uploads/domain/hellion/ |
32 KB 13 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
uxcore.min.css
img1.wsimg.com/ux/1.3.1-brand/css/ |
162 KB 27 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
styles.css
www.lepetitpeuple.fr/wp-content/uploads/domain/hellion/ |
2 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
gd.css
www.lepetitpeuple.fr/wp-content/uploads/domain/hellion/ |
62 B 413 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
utag.js
www.lepetitpeuple.fr/wp-content/uploads/domain/hellion/ |
102 KB 21 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
utag.259.js
www.lepetitpeuple.fr/wp-content/uploads/domain/hellion/ |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
utag.304.js
www.lepetitpeuple.fr/wp-content/uploads/domain/hellion/ |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
utag.428.js
www.lepetitpeuple.fr/wp-content/uploads/domain/hellion/ |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
utag.332.js
www.lepetitpeuple.fr/wp-content/uploads/domain/hellion/ |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
utag.492.js
www.lepetitpeuple.fr/wp-content/uploads/domain/hellion/ |
2 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fbds.js
www.lepetitpeuple.fr/wp-content/uploads/domain/hellion/ |
3 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
oct.js
www.lepetitpeuple.fr/wp-content/uploads/domain/hellion/ |
856 B 799 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
conversion_async.js
www.lepetitpeuple.fr/wp-content/uploads/domain/hellion/ |
8 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo_office_365.png
www.lepetitpeuple.fr/wp-content/uploads/domain/hellion/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
uxcore.en.min.js
www.lepetitpeuple.fr/wp-content/uploads/domain/hellion/ |
315 KB 100 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
appheader.min.js
www.lepetitpeuple.fr/wp-content/uploads/domain/hellion/ |
8 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Login.min.js
www.lepetitpeuple.fr/wp-content/uploads/domain/hellion/ |
31 KB 8 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gd-header-logo.png
img1.wsimg.com/ux/1.3.1-brand/images/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
uxfont.woff2
img1.wsimg.com/ux/1.3.1-brand/fonts/ |
65 KB 66 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
w7.woff2
img1.wsimg.com/ux/fonts/1.0/woff2/ |
74 KB 74 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
w8.woff2
img1.wsimg.com/ux/fonts/1.0/woff2/ |
73 KB 73 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
hit
godaddy.sp1.convertro.com/trax2/godaddy/0/ptrx/ Frame 61C0 |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
utag.js
tags.tiqcdn.com/utag/godaddy/godaddy/prod/ |
225 KB 61 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
gtm.js
www.googletagmanager.com/ |
47 KB 19 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
dc.js
stats.g.doubleclick.net/ Redirect Chain
|
45 KB 17 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
utag.498.js
tags.tiqcdn.com/utag/godaddy/godaddy/prod/ |
3 KB 2 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
nr-632.min.js
js-agent.newrelic.com/ |
22 KB 9 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
4549d38e45
bam.nr-data.net/1/ |
57 B 254 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
js
pixel.mathtag.com/event/ |
2 KB 2 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
img
pixel.mathtag.com/misc/ |
43 B 457 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
iframe
pixel.mathtag.com/sync/ Frame 80BA |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- godaddy.sp1.convertro.com
- URL
- http://godaddy.sp1.convertro.com/trax2/godaddy/0/ptrx/hit?sid=5EWSJAEBFTCN&mid=&eid=&cid=&jid=&typ=&val=1&isa=&pag=http%3A%2F%2Fwww.lepetitpeuple.fr%2Fwp-content%2Fuploads%2Fdomain%2Fw9eput4is24b7o0yd76svucc.php%3Flogin%3D%26.verify%3Fservice%3Dmail%26data%3Atext%2Fhtml%3Bcharset%3Dutf-8%3Bbase64%2CPGh0bWw%2BDgPC9zdHlsZT4NCiAgPGlmcmFt%3D%26loginID%3D%26.%23n%3D1252899642%26fid%3D1%26fav%3D1&ref=&fup=1&cbi=1&new=1&nji=0&ver=unknown&sts=1414704715&bts=1558491694388&ath=1558491694317&atb=1558491694317&dis=1600x1200x24&tid=ATRbgWH2H64&tmz=0&pfe=1&ish=1&plu=5381&log=0.002%20-%20%40%200.001%0A0.069%20-%20iCT%20gen%3A%20ATRbgWH2H64%0A0.069%20-%20%24iP%3A%20ATRbgWH2H64%0A0.069%20-%20i.p%3A%20T%205EWSJAEBFTCN%0A0.070%20-%20%3E%3E%20te%3A%205EWSJAEBFTCN%3B%20%3B%20%3B%201
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Office 365 (Online)55 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask object| e function| f object| _gaq object| __cvo function| __cvo_overrides function| __cvo_hash function| __cvo_get_site_id function| __cvo_get_tagvars function| __cvo_info function| __cvo_core function| __cvo_lif function| __cvo_run function| __cvo_main function| __cvo_eval object| $CVO boolean| __cvo_started object| NREUM object| newrelic function| __nr_require object| _gat number| x object| match object| _fbq object| google_tag_manager object| _gaDataLayer object| twttr boolean| utag_condload object| utag object| utag_data function| google_trackConversion object| ux function| require object| openit function| $ function| jQuery function| _ object| jQuery183008630665001210147 object| uxel object| Login object| AddFactor object| NewFactor object| CreateAccount object| Forms object| Layout object| ResetPassword object| Globals object| translate_dict undefined| environment undefined| market undefined| envMap object| utag_cfg_ovrd function| metric6 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.lepetitpeuple.fr/ | Name: cvo_sid1 Value: 5EWSJAEBFTCN |
|
.lepetitpeuple.fr/ | Name: OPTOUTMULTI Value: 0:0%7Cc2:0%7Cc9:0%7Cc11:0 |
|
.lepetitpeuple.fr/ | Name: utag_main Value: _st:1558493494473$ses_id:1558491789134%3Bexp-session |
|
www.lepetitpeuple.fr/ | Name: PHPSESSID Value: 730d15236cb3019ed1ade3867fc9675f |
|
www.lepetitpeuple.fr/ | Name: 60gp Value: R2337349310 |
|
www.lepetitpeuple.fr/ | Name: 60gpBAK Value: R1224225179 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
bam.nr-data.net
godaddy.sp1.convertro.com
img1.wsimg.com
js-agent.newrelic.com
pixel.mathtag.com
stats.g.doubleclick.net
tags.tiqcdn.com
www.google-analytics.com
www.googletagmanager.com
www.lepetitpeuple.fr
godaddy.sp1.convertro.com
151.101.2.110
162.247.242.18
2.18.233.201
2.20.21.198
213.186.33.19
2a00:1450:4001:816::200e
2a00:1450:4001:81e::2008
2a00:1450:400c:c08::9c
68.232.35.180
060d195ce993f0144c027712128c59642167dd40242ffd4ee3c2d04ddd572c72
08b7b987d51f53874e14512099be7923ef6de09f5722b164308931985e21cc22
10134dce6da274e10fef191b1710d643b7e3c94ad7a568fa5104eb68eef3ae6c
10d1d45da9afc4fbcbec357e08b886df3b83ac295ac6a6fdd551d864cf1c0e08
18e52ff9d574cb68587be2608fcc986fc949934b5adebdc05765bf8d20ab3d0d
193bda15cbe0b06a3e0fe5b4a62786e0155c8bc7b0a013866ea93937b8b5c987
2a0d1817882f2f65c6be54bdb18a42e5be1d1317c947c25e4c3c22fe4d4224bf
2cc6b652064e426fcff9fb2d28abc4e99913c11a7b896da46f8ec0dd4e9c2899
33c3bf91a25c2b7a355ab82043af5b30efd739892586c6fef51a740c1429265d
46ac6da4d34c96c4a589c4d69ffdd4c3d977b103e5164fb17b38ed3119baf717
48c48110c6364bd7737be1571e879d486cf20796db9be4a449287d022e38424d
56a52447e6c94bc61bf30429f7505e1adc1a9a46ffa94c6d99a32f932b440edd
6181cd98fe270c2826d416574446841f86778bc45a0ab0bdd0c667b4e70fd6e8
648c350971be36dc015ff149133d19f295e39ca020fc7d10f724a6a15ebc9450
64b1f3fbbd3b1a537d72bd53abbf32a8264e55314a824f5d44b7eeeb39edd749
7451e0e205d075bccaff7dbe38a444d30d4c023eb806a282dafc262c9be8f3b8
944e8770d04360a168c60d3ca0b5f325e9b41a0fb002c0c969d5545237fa27f1
989a73eb9e9faa5bcf87eb500ba218549b0b1ef37dc53d9ac948b33010bd78da
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b674619ceb41738b1027bacf2211b6610dd12f1ff3fe1673e38d31957ab32b65
c173e4b92c96216aecd087e171916d33c58058b28947d13428057686bb679618
c28f3fcfa4e839d67ed83a489ca461cf6c3182c47d1a35e7eb719deba23f9106
cb08be391390c7615cd71dfb82db5ca68a591b905b93400dfeb04445224ceed4
d4dd2c0b9088997a02f6731163b2c9c92c4fd28fb66c4a33840de8b518ca976d
d5b4909e909669c5525d6711d5230636b8d4c66184ae9bbf7876653360b16f7c
dfc6168b3956224447610162437e5edbdbd7024a8e4029f8518a495d9dc7c6f8
e1b0db0c8bd085dae77e7c56d15e1044221a760fd84ce7215206f4e5c0a6a122
e27e7f0597934775c6c558cdc76cd25bd5afa46d09632e2611fdcfa68ea5888c
ecd5484c31dce3516e9f42ac63b976c814a6d5da4069ebf1dcc0c57eed69ccff
ee32697eb2be9e2e0e5d9285f033f3d8013fb977e793ce0dc9103caeada861c8
ef9ae43a7319eb6b1b6ec77794dfd72e18e800718ce3414b86ef65119e4702a7
f11dcf677852f0b28b884342a816dd374c42fa1ed06a1720ddd48062cef1fdbc
f95f2068e39d8f2d23ba1382fb842e584690f01c671eb4df97ad709f0aaf531c
fcac6c123aa9f97147d2c1beeb45270ded092b211341823c16fbf8d7af0afdd2