![](/screenshots/beb25ae2-f769-45af-bf38-7c432e2fc7dd.png)
bgitopazdowntown.ddireal.vn
Open in
urlscan Pro
116.118.50.194
Malicious Activity!
Public Scan
Submission: On February 02 via automatic, source phishtank — Scanned from DE
Summary
This is the only time bgitopazdowntown.ddireal.vn was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Wells Fargo (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 | 116.118.50.194 116.118.50.194 | 7602 (SPT-AS-VN...) (SPT-AS-VN Sai gon Postel Corporation) | |
41 | 2.16.187.42 2.16.187.42 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
18 | 104.83.4.33 104.83.4.33 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
1 | 23.37.56.171 23.37.56.171 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
3 | 23.37.49.167 23.37.49.167 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
2 2 | 142.250.181.230 142.250.181.230 | 15169 (GOOGLE) (GOOGLE) | |
1 1 | 2a00:1450:400... 2a00:1450:400d:80a::2002 | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:1450:400... 2a00:1450:400d:802::2002 | 15169 (GOOGLE) (GOOGLE) | |
1 | 151.101.65.230 151.101.65.230 | 54113 (FASTLY) (FASTLY) | |
2 | 35.241.45.82 35.241.45.82 | 15169 (GOOGLE) (GOOGLE) | |
70 | 9 |
ASN7602 (SPT-AS-VN Sai gon Postel Corporation, VN)
bgitopazdowntown.ddireal.vn |
ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-16-187-42.deploy.static.akamaitechnologies.com
connect.secure.wellsfargo.com |
ASN20940 (AKAMAI-ASN1, NL)
PTR: a104-83-4-33.deploy.static.akamaitechnologies.com
static.wellsfargo.com |
ASN16625 (AKAMAI-AS, US)
PTR: a23-37-56-171.deploy.static.akamaitechnologies.com
www10.wellsfargomedia.com |
ASN16625 (AKAMAI-AS, US)
PTR: a23-37-49-167.deploy.static.akamaitechnologies.com
www15.wellsfargomedia.com |
ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f6.1e100.net
ad.doubleclick.net |
ASN15169 (GOOGLE, US)
PTR: 82.45.241.35.bc.googleusercontent.com
udc-neb.kampyle.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
59 |
wellsfargo.com
connect.secure.wellsfargo.com — Cisco Umbrella Rank: 12734 static.wellsfargo.com — Cisco Umbrella Rank: 12058 |
1 MB |
4 |
wellsfargomedia.com
www10.wellsfargomedia.com — Cisco Umbrella Rank: 16702 www15.wellsfargomedia.com — Cisco Umbrella Rank: 24313 |
684 KB |
2 |
kampyle.com
udc-neb.kampyle.com — Cisco Umbrella Rank: 2002 |
578 B |
2 |
doubleclick.net
2 redirects
ad.doubleclick.net — Cisco Umbrella Rank: 184 |
970 B |
2 |
ddireal.vn
bgitopazdowntown.ddireal.vn |
29 KB |
1 |
medallia.com
resources.digital-cloud-prem.medallia.com — Cisco Umbrella Rank: 12420 |
2 KB |
1 |
google.de
adservice.google.de — Cisco Umbrella Rank: 8741 |
476 B |
1 |
google.com
1 redirects
adservice.google.com — Cisco Umbrella Rank: 70 |
567 B |
0 |
rlcdn.com
Failed
api.rlcdn.com Failed |
|
70 | 9 |
Domain | Requested by | |
---|---|---|
41 | connect.secure.wellsfargo.com |
bgitopazdowntown.ddireal.vn
connect.secure.wellsfargo.com |
18 | static.wellsfargo.com |
bgitopazdowntown.ddireal.vn
static.wellsfargo.com |
3 | www15.wellsfargomedia.com |
connect.secure.wellsfargo.com
|
2 | udc-neb.kampyle.com |
static.wellsfargo.com
|
2 | ad.doubleclick.net | 2 redirects |
2 | bgitopazdowntown.ddireal.vn |
bgitopazdowntown.ddireal.vn
|
1 | resources.digital-cloud-prem.medallia.com |
static.wellsfargo.com
|
1 | adservice.google.de |
bgitopazdowntown.ddireal.vn
|
1 | adservice.google.com | 1 redirects |
1 | www10.wellsfargomedia.com |
bgitopazdowntown.ddireal.vn
|
0 | api.rlcdn.com Failed |
static.wellsfargo.com
|
70 | 11 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
connect.secure.wellsfargo.com DigiCert EV RSA CA G2 |
2022-10-11 - 2023-10-11 |
a year | crt.sh |
static.wellsfargo.com DigiCert EV RSA CA G2 |
2022-10-12 - 2023-10-12 |
a year | crt.sh |
www10.wellsfargomedia.com DigiCert TLS RSA SHA256 2020 CA1 |
2022-04-05 - 2023-04-05 |
a year | crt.sh |
www15.wellsfargomedia.com DigiCert TLS RSA SHA256 2020 CA1 |
2022-11-14 - 2023-11-16 |
a year | crt.sh |
*.google.de GTS CA 1C3 |
2023-01-09 - 2023-04-03 |
3 months | crt.sh |
resources.digital-cloud-prem.medallia.com R3 |
2023-01-08 - 2023-04-08 |
3 months | crt.sh |
*.kampyle.com SSL.com RSA SSL subCA |
2022-02-28 - 2023-03-31 |
a year | crt.sh |
This page contains 4 frames:
Primary Page:
http://bgitopazdowntown.ddireal.vn/wp-content/themes/twentytwenty/classes/wells/signon.php?cmd=signon_submit&id=61d51d458427c59f69f463fb87bbfc6061d51d458427c59f69f463fb87bbfc60&session=61d51d458427c59f69f463fb87bbfc6061d51d458427c59f69f463fb87bbfc60
Frame ID: 5A8026C1A67F75A25E6DF32506F589FD
Requests: 59 HTTP requests in this frame
Frame:
https://adservice.google.de/ddm/fls/p/src=2549153;dc_pre=CKrPp7fl9fwCFXRDHgIdcGAB0g;type=allv40;cat=all_a012;u1=11202206270424411143497415;u4=LOGIN;u5=n;u8=loginapp;u11=PROD;u19=GA1.2.848135748.1656329096;u23=DESKTOP;ord=1208668656271.3545;~oref=http://bgitopazdowntown.ddireal.vn/
Frame ID: AE14D0261246A1CB665896FEC5AEB147
Requests: 1 HTTP requests in this frame
Frame:
https://connect.secure.wellsfargo.com/AIDO/convoy.html/discovercard.com/dfs/accounthome/summary/www.schwab.com/secure.accurint.com/unfcu2.org//login1/wachovia.com/MyAccounts.aspx/investing.schwab.com/secure/schwab///https://snsbank.nl/mijnsns/secure/login/httpsabph.pl/pi/do/Authorization/alfabank.ru/swedbank/pf.bgz.pl/httponline.eurobank.pl/?cid=5&si=3&e=http%3A%2F%2Fbgitopazdowntown.ddireal.vn&t=xframe&eu=http%3A%2F%2Fbgitopazdowntown.ddireal.vn%2Fwp-content%2Fthemes%2Ftwentytwenty%2Fclasses%2Fwells%2Fsignon.php&icid=167530499201814245
Frame ID: ECBB5E82C57E1734E6075D7A97D24E58
Requests: 5 HTTP requests in this frame
Frame:
https://connect.secure.wellsfargo.com/AIDO/elegant.html?si=3&e=http%3A%2F%2Fbgitopazdowntown.ddireal.vn&t=xframe&eu=http%3A%2F%2Fbgitopazdowntown.ddireal.vn%2Fwp-content%2Fthemes%2Ftwentytwenty%2Fclasses%2Fwells%2Fsignon.php&icid=167530499202569119
Frame ID: C1502BE28C4F671BB2015F06A2E6B10A
Requests: 5 HTTP requests in this frame
Screenshot
![](/screenshots/beb25ae2-f769-45af-bf38-7c432e2fc7dd.png)
Page Title
Sign On to View Your Personal Accounts | Wells FargoDetected technologies
Detected patterns
- /wp-(?:content|includes)/
Detected patterns
- \.php(?:$|\?)
![](/vendor/wappa/icons/RxJS.png)
Detected patterns
- rx(?:\.\w+)?(?:\.compat|\.global)?(?:\.min)?\.js
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 47- https://ad.doubleclick.net/ddm/activity/src=2549153;type=allv40;cat=all_a012;u1=11202206270424411143497415;u4=LOGIN;u5=n;u8=loginapp;u11=PROD;u19=GA1.2.848135748.1656329096;u23=DESKTOP;ord=1208668656271.3545 HTTP 302
- https://ad.doubleclick.net/ddm/activity/src=2549153;dc_pre=CKrPp7fl9fwCFXRDHgIdcGAB0g;type=allv40;cat=all_a012;u1=11202206270424411143497415;u4=LOGIN;u5=n;u8=loginapp;u11=PROD;u19=GA1.2.848135748.1656329096;u23=DESKTOP;ord=1208668656271.3545 HTTP 302
- https://adservice.google.com/ddm/fls/p/src=2549153;dc_pre=CKrPp7fl9fwCFXRDHgIdcGAB0g;type=allv40;cat=all_a012;u1=11202206270424411143497415;u4=LOGIN;u5=n;u8=loginapp;u11=PROD;u19=GA1.2.848135748.1656329096;u23=DESKTOP;ord=1208668656271.3545;~oref=http://bgitopazdowntown.ddireal.vn/ HTTP 302
- https://adservice.google.de/ddm/fls/p/src=2549153;dc_pre=CKrPp7fl9fwCFXRDHgIdcGAB0g;type=allv40;cat=all_a012;u1=11202206270424411143497415;u4=LOGIN;u5=n;u8=loginapp;u11=PROD;u19=GA1.2.848135748.1656329096;u23=DESKTOP;ord=1208668656271.3545;~oref=http://bgitopazdowntown.ddireal.vn/
70 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
signon.php
bgitopazdowntown.ddireal.vn/wp-content/themes/twentytwenty/classes/wells/ |
105 KB 27 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
connect.secure.wellsfargo.com/ATADUN/2.2/w/w-642409/init/js/ |
541 B 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ga_conversion_async.js
static.wellsfargo.com/tracking/ga/ |
35 KB 14 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
gtag.js
static.wellsfargo.com/tracking/ga/ |
115 KB 45 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
gtag.js
static.wellsfargo.com/tracking/ga/ |
115 KB 45 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
gtag.js
static.wellsfargo.com/tracking/ga/ |
115 KB 45 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
nd
connect.secure.wellsfargo.com/jenny/ |
53 KB 20 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
gtag.js
static.wellsfargo.com/tracking/ga/ |
115 KB 45 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ytc.js
static.wellsfargo.com/tracking/ytc/ |
15 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
general_alt.js
connect.secure.wellsfargo.com/auth/login/static/js/ |
0 0 |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
wfui.5d3fa5b6daab852c2a31.chunk.css
connect.secure.wellsfargo.com/auth/static/ui/loginaltsignon/public/stylesheets/ |
99 KB 17 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main.b3b5f355e18c2c42a801.chunk.css
connect.secure.wellsfargo.com/auth/static/ui/loginaltsignon/public/stylesheets/ |
12 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
glu.js
connect.secure.wellsfargo.com/AIDO/ |
68 KB 37 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
utag.3.js
static.wellsfargo.com/tracking/secure-auth/ |
5 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
utag.4.js
static.wellsfargo.com/tracking/secure-auth/ |
6 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
utag.5.js
static.wellsfargo.com/tracking/secure-auth/ |
7 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
utag.7.js
static.wellsfargo.com/tracking/secure-auth/ |
10 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
utag.10.js
static.wellsfargo.com/tracking/secure-auth/ |
20 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
utag.9.js
static.wellsfargo.com/tracking/secure-auth/ |
11 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
utag.15.js
static.wellsfargo.com/tracking/secure-auth/ |
4 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mint.js
connect.secure.wellsfargo.com/AIDO/ |
266 KB 147 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
pic.js
connect.secure.wellsfargo.com/PIDO/ |
87 KB 50 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
trx.js
connect.secure.wellsfargo.com/AIDO/ |
106 KB 54 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
try.js
connect.secure.wellsfargo.com/AIDO/ |
73 KB 40 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ay6u
connect.secure.wellsfargo.com/AIDO/ |
142 B 2 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
vyHb
connect.secure.wellsfargo.com/AIDO/ |
141 B 2 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
vyHb
connect.secure.wellsfargo.com/AIDO/ |
132 B 2 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
vyHb
connect.secure.wellsfargo.com/AIDO/ |
131 B 2 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
vyHb
connect.secure.wellsfargo.com/AIDO/ |
131 B 2 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
vyHb
connect.secure.wellsfargo.com/AIDO/ |
131 B 2 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
vyHb
connect.secure.wellsfargo.com/AIDO/ |
131 B 2 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
vyHb
connect.secure.wellsfargo.com/AIDO/ |
131 B 2 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
vyHb
connect.secure.wellsfargo.com/AIDO/ |
131 B 2 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
vyHb
connect.secure.wellsfargo.com/AIDO/ |
131 B 2 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
vyHb
connect.secure.wellsfargo.com/AIDO/ |
131 B 2 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
vyHb
connect.secure.wellsfargo.com/AIDO/ |
131 B 2 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
vyHb
connect.secure.wellsfargo.com/AIDO/ |
131 B 2 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
vyHb
connect.secure.wellsfargo.com/AIDO/ |
131 B 2 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
vyHb
connect.secure.wellsfargo.com/AIDO/ |
131 B 2 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
COB-BOB-IRT-enroll_balloons.jpg
www10.wellsfargomedia.com/auth/static/images/ |
611 KB 613 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
sub.png
bgitopazdowntown.ddireal.vn/wp-content/themes/twentytwenty/classes/wells/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
wfui.11759b41ee721f527bba.chunk.js
connect.secure.wellsfargo.com/auth/static/ui/loginaltsignon/public/js/ |
804 KB 202 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main.2c70436e78e79e8ed3b8.chunk.js
connect.secure.wellsfargo.com/auth/static/ui/loginaltsignon/public/js/ |
20 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
utag.js
static.wellsfargo.com/tracking/secure-auth/ |
33 KB 10 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ttms.gif
static.wellsfargo.com/tracking/reporting/ |
43 B 673 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wellsfargosans-rg.woff2
www15.wellsfargomedia.com/wfui/css/fonts/ |
22 KB 22 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wellsfargosans-sbd.woff2
www15.wellsfargomedia.com/wfui/css/fonts/ |
22 KB 22 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wellsfargoserif-rg.woff2
www15.wellsfargomedia.com/wfui/css/fonts/ |
26 KB 26 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
adservice.google.de/ddm/fls/p/src=2549153;dc_pre=CKrPp7fl9fwCFXRDHgIdcGAB0g;type=allv40;cat=all_a012;u1=11202206270424411143497415;u4=LOGIN;u5=n;u8=loginapp;u11=PROD;u19=GA1.2.848135748.1656329096;... Frame AE14 Redirect Chain
|
42 B 476 B |
Document
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
idl
api.rlcdn.com/api/identity/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
utag.21.js
static.wellsfargo.com/tracking/secure-auth/ |
4 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
medallia-digital-embed.js
static.wellsfargo.com/tracking/medallia/wdcusprem/57907/onsite/ |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
generic1661785830759.js
static.wellsfargo.com/tracking/medallia/wdcusprem/57907/onsite/ |
339 KB 77 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
vyHb
connect.secure.wellsfargo.com/AIDO/ |
90 B 2 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
vyHb
connect.secure.wellsfargo.com/AIDO/ |
89 B 2 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
vyHb
connect.secure.wellsfargo.com/AIDO/ |
90 B 2 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
connect.secure.wellsfargo.com/AIDO/convoy.html/discovercard.com/dfs/accounthome/summary/www.schwab.com/secure.accurint.com/unfcu2.org//login1/wachovia.com/MyAccounts.aspx/investing.schwab.com/secur... Frame ECBB |
69 KB 30 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
elegant.html
connect.secure.wellsfargo.com/AIDO/ Frame C150 |
76 KB 33 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
onsiteData.json
resources.digital-cloud-prem.medallia.com/wdcusprem/57907/onsite/ |
26 KB 2 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
track
udc-neb.kampyle.com/v1/qceuv8449dzg58ptt1bhda9g8ue19c7s/ |
59 B 424 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
track
udc-neb.kampyle.com/v1/qceuv8449dzg58ptt1bhda9g8ue19c7s/ |
59 B 154 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
vDRE
connect.secure.wellsfargo.com/mONDkfiy/X6hofEd/48nOVHD/ZW/z5YJtVNp/cw0VPRww/YWt5GQU/ Frame ECBB |
182 KB 73 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
vDRE
connect.secure.wellsfargo.com/mONDkfiy/X6hofEd/48nOVHD/ZW/z5YJtVNp/cw0VPRww/YWt5GQU/ Frame C150 |
182 KB 73 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
vDRE
connect.secure.wellsfargo.com/mONDkfiy/X6hofEd/48nOVHD/ZW/z5YJtVNp/cw0VPRww/YWt5GQU/ Frame ECBB |
18 B 2 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
vDRE
connect.secure.wellsfargo.com/mONDkfiy/X6hofEd/48nOVHD/ZW/z5YJtVNp/cw0VPRww/YWt5GQU/ Frame C150 |
18 B 2 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ay6u
connect.secure.wellsfargo.com/AIDO/ |
80 B 2 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
vDRE
connect.secure.wellsfargo.com/mONDkfiy/X6hofEd/48nOVHD/ZW/z5YJtVNp/cw0VPRww/YWt5GQU/ Frame ECBB |
18 B 2 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
vDRE
connect.secure.wellsfargo.com/mONDkfiy/X6hofEd/48nOVHD/ZW/z5YJtVNp/cw0VPRww/YWt5GQU/ Frame C150 |
18 B 2 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
vDRE
connect.secure.wellsfargo.com/mONDkfiy/X6hofEd/48nOVHD/ZW/z5YJtVNp/cw0VPRww/YWt5GQU/ Frame ECBB |
18 B 2 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
vDRE
connect.secure.wellsfargo.com/mONDkfiy/X6hofEd/48nOVHD/ZW/z5YJtVNp/cw0VPRww/YWt5GQU/ Frame C150 |
18 B 2 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- api.rlcdn.com
- URL
- https://api.rlcdn.com/api/identity/idl?pid=1317
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Wells Fargo (Banking)188 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 object| 2 object| 3 object| 4 object| oncontentvisibilityautostatechange string| nsigskzf string| NDS_LISTEN_FOCUS string| NDS_LISTEN_TOUCH string| NDS_LISTEN_KEYBOARD string| NDS_LISTEN_DEVICE_MOTION_SENSORS string| NDS_LISTEN_MOUSE string| NDS_LISTEN_FORM function| nsnfxffjvt string| NDS_LISTEN_ALL string| NDS_LISTEN_NONE string| nsdmxkuj function| nshidfig string| nselfeqr string| nsigskzfgl string| nselfeqre string| nsnfxf string| nsdbwmivbs function| HashUtil function| nsdmxkujc string| nsnfxff string| nsdmxku string| nsdmxkujct function| nsudv function| nsudcbaog function| nsvkvh string| nshidfigp string| nshidf function| attachEventListener string| nsdbwmi object| nsigskzfg function| nsduhvau function| nscmbviud function| nsklu function| ndoIsKeyIncluded function| ndoIsModifierKey function| ndoIsNavigationKey function| ndoIsEditingKey object| KEYBOARD_LOCATION object| KEY_TYPE_AND_LOCATION function| ndoGetKeyboardLocation function| ndoGetKeyTypeAndLocationIndicator function| ndoGetObjectKeys boolean| nsudvu string| ndjsStaticVersion object| nsnfxffjv object| nsudvun boolean| nsudvunhk number| nsdmxk number| nselfeqrej object| nsdbwmivb object| nsigskz object| nshidfigpa object| nshid object| nsdbwm object| nsotqdopdg boolean| nself string| nsdbw object| nsotqdop function| nsirfj object| nselfeq function| getEnabledEvents object| nds object| nsotq number| numQueries function| nsphhfbbdj object| returned function| nsirfjgcst string| version string| ndsWidgetVersion undefined| nsotqd string| nsigs function| nsppgxt function| nsudcbaogn function| nsklux string| nselfe function| nsphhfb string| nsnfx function| nsduhvaul function| nscmbv string| nsigsk string| nshidfi function| nsudcb string| nsdbwmiv object| nsudvunhkr object| nsdmx function| nsirfjgc function| nsudvunh function| nsotqdopd function| nskluxvlpq function| nsnfxffj function| nsvkvhm function| nsirfjgcs function| nscmb function| nskluxv function| nsvkvhmrm function| nsirf function| nsppg function| nsphhfbbd function| nsppgx function| nsppgxtbsc function| nsduh function| ndwts function| nsduhvaulk function| validateSessionIdCookie function| nscmbviudv function| nsudc function| nsphh function| ndwti function| nsvkvhmrmm function| nscmbviu function| nsduhva function| nskluxvl function| nscmbvi function| nsduhv function| nsppgxtbs function| nsppgxtb function| nsirfjg function| nskluxvlp function| nsudcba function| nsphhf object| nsotqdo object| ndsapi object| antiClickjack number| adrum-start-time object| adrum-config function| GooglemKTybQhCsO function| google_trackConversion object| ___sc124934 object| ___so124934 number| CLIWHIT string| PSESSIONID string| SSESSIONID string| LSESSIONID object| __tp number| __gt object| currentTime boolean| isReact object| mwfGlobals object| utag_data string| GTAG_TYPE object| GTAG_CONFIG object| YAHOO object| dotq function| grip object| webpackJsonp boolean| utag_condload string| new_path object| utag_cfg_ovrd object| userAgentArr object| utag function| isNotUndefinedOrNull function| getDocumentTitleLabel function| sendDataToGA boolean| __tealium_twc_switch function| utag_pad function| utag_visitor_id object| KAMPYLE_EMBED string| MDIGITAL_ON_PREM_PREFIX object| MDIGITAL object| KAMPYLE_CONSTANT object| KAMPYLE_FUNC object| KAMPYLE_DATA object| KAMPYLE_TARGETING object| KAMPYLE_ANIMATION object| KAMPYLE_VIEW object| KAMPYLE_MESSAGE object| KAMPYLE_UTILS object| KAMPYLE_EVENT_DISPATCHER object| KAMPYLE_GA object| MDIGITAL_ELEMENT_BUILDER object| COOLADATA_CODE object| KAMPYLE_COOLADATA object| KAMPYLE_COMMON object| KAMPYLE_THERMO_TEALEAF_FUNC object| KAMPYLE_ADOBE_ANALYTICS object| KAMPYLE_CLICKTALE_FUNC object| KAMPYLE_SESSIONCAM object| KAMPYLE_SCREEN_CAPTURE object| KAMPYLE_ONSITE_SDK object| KAMPYLE_INTEGRATION object| cooladata function| medalliaSurveyLink8 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
bgitopazdowntown.ddireal.vn/ | Name: PHPSESSID Value: 4srl59luoj3if4jibb69l8pc0e |
|
.wellsfargo.com/ | Name: ndcd Value: wc1.1.w-729460.1.2.cUG5TlHoU9KQqD6AwXw1rQ%252C%252C.bLAIyFLMlNhjCrzsTuKHWZEdbFzpKvBYXw0MNMW77AmwC3hVBtU7ohe3xi7SGEQTczxkdX7J_s6mTT-GcAzwIFNC8ufTThdELP5IQ4faXhgOsinICKKl7W62MjD_lWPubqcwFUfFoFlwJvFSWdKYrBfw0kaiy3t8ZAVsduIHczQeWVOtWrHqR40KU-yyrnPF |
|
.doubleclick.net/ | Name: test_cookie Value: CheckForPermission |
|
bgitopazdowntown.ddireal.vn/ | Name: mdLogger Value: false |
|
bgitopazdowntown.ddireal.vn/ | Name: kampyle_userid Value: 1d51-20e1-24d2-148b-27c2-3361-1ad1-ef47 |
|
bgitopazdowntown.ddireal.vn/ | Name: kampyleUserSession Value: 1675304992152 |
|
bgitopazdowntown.ddireal.vn/ | Name: kampyleUserSessionsCount Value: 1 |
|
bgitopazdowntown.ddireal.vn/ | Name: kampyleSessionPageCounter Value: 1 |
3 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ad.doubleclick.net
adservice.google.com
adservice.google.de
api.rlcdn.com
bgitopazdowntown.ddireal.vn
connect.secure.wellsfargo.com
resources.digital-cloud-prem.medallia.com
static.wellsfargo.com
udc-neb.kampyle.com
www10.wellsfargomedia.com
www15.wellsfargomedia.com
api.rlcdn.com
104.83.4.33
116.118.50.194
142.250.181.230
151.101.65.230
2.16.187.42
23.37.49.167
23.37.56.171
2a00:1450:400d:802::2002
2a00:1450:400d:80a::2002
35.241.45.82
00fb0d4cdf817e417a1debd18edda41c97d9dbb75bb9778ff001c1b727795154
052776ce5bb96d76cced9b9d9d5cc8ab2110e33eaba59f6cd3259642a83ff4d4
05413f45f5993fb5a248861440bb0ef62b51aabeb798c6bc82a33f3e8659b866
0b689c08bf809b9d0b18704f683c41e3f7829f58e760ca3c8c93a50c1a41c115
1633cff0d21b3a2b3ac1252ae3fe43aeb1df0f1dce738dc51b0d3c3edbe526fd
18abcbfd674a00d68a13975ada85e901f4ee842ad94c06eef35ef13e071e19c8
1e2f52c125e6e58366a3a410a060fc8475c36cc0523d3b4f15d49377c5c5ac89
20b90132f5e2d51fe8edeaff395c1f75127775d81cf65b33a863eb2ed95edf51
233a5cb7ccfbad3e40b0984592960920bdcf915fd9d987ae3d5ebabcb32e86c5
26fbfe958bfab19d28484b3b379e912c26deb4373a95ab634138817b1cc8fd4e
28c7a1b0b0cfc11cbada099c30a82676e1ccad9b3120b17efdd3d426b4a9ce94
34d6af1ed862f62ede259dedabcadba6446c1e9182cd70b19c66cb3acedae93d
3636799d3181248d5db968a7851b9aa972ea77f64b3cba9ce6b0a8933106c0c2
384f41d37d3a9be1a72e761589096fcce4119150ea81ead29ba758514d321e94
43091c732a9e1f1b0e59c674512e6b66265eec2beff0e764396f1e08e1941eec
5a84fc77c0038f09b7a911ed4b548ac15b43118d8231ab2b428da585aa3c2a52
5e68ea9ca9cce32f91979f88142e963f0ff950cc1f1b6c3246eaaaf2f3091c58
60d47dd37dff7fa5a9353b251f9d54bbbfc2d9564003d347a85075d046ecee7c
61a097bc2513efb34dee32ba60be8df34a5e2d3f9f833065c47fe18b89907662
631f3b6267a831a8d67c45e480b5d5a2601f10ff8708bcf3a45a41b377a129cc
6478879db9ed10ac3e8ada3fbd66208b544cced5c08040333ac2334c8aa8b48c
67de32b64d12842252ed6f84bf84f82ec594e0c90d9a7fcacef1ff32f06778fe
6c771bd1c269646a76015f2f6410a40c031e5adea88f665bfe9ae15a972ab6ab
7641062e10a894814caa9248381c3f3602a108c8063ee475111dc5056c8f28f3
7da443f39799d3ff07e43890054b7888b5f3c2d91b68b9e23a4cc4fa5e037701
85f39a9e87ea01745f1ac1475b364af858780a16798712130d27ef5741ad4431
9184b3835b9cda7302210700cdc5050c5c207682d69c3fbe9e78356cffb65391
91e4378e57724619356caa4ca5a9af2c2c668b503f7b2113b1a8eaee7254db2a
988ce210a0f58c104e2c122eb42338ddd85ff2e33b9b0ffe3af2d7df9e2b00ad
9abd85d49287738590234589863e1a1a2b9f3faa13018120648d898c3fcf759f
9c4cf53fef9222fc5d6659fa4b776fe20d64c46886c3d96547aaae16134afb2a
a48e70425fada198493466f6ff8890b1e22be07abc72ec72e3bd175629065000
a6e52e46f30c7dc4e41a706d9008c258593f367fd4dd7df1bfcca090444aba01
a830d0edb2a0425d62b04c2f2833ad08a47735bc655cab5b29b27d3b522639fb
a8ca2c9183e1073dfb9b2d50c140d9d93048a60dc7f85290feee6aeb980161d3
ab9d8c97b35ed86b6224aca911aa304a0d7dbcbd28e00a4c6585b96e28ed30ba
aeb7b3bfc4281d35b02dfde05ac7a6c0d3daa7f3123b35a9cbd4b5a8e3f3c310
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b8325d272c72a041414d9fb349e9d4bca5e7fc8ad66f47a719e491960afa5683
bb2165c01420613827ddcfad8d638851322b5169f299dfd7f4b81462b65ddb32
bd320a1a5b4aa6e2026cb92ddd25306bbb52efcb74837ad3e9958fec2643a5c5
c567736fbf5b10d4933ff5632a372890f0cd43804f0e17ec9d5c8b1c9b8a14ee
c9c78dfd26c94fb02be818aa68f7f37efd659c95f96ee6ef1ff65a83219feb2a
cbc1399b82e42018fbc8b8b9277200665d6367c9134ead9308ea5e568b00e459
d05c6eece255484babbedeb74b3a5b19daaa9763049e08362b82cfdf1fc8bfbe
d1689035ae9bb4c56fba68cf2d629be13e64da3de97ec1268b8eb60216c8b25c
d4798dd02d76bdfa96287f2d4bf3a0bd0e82c0e0dda34c6db7766fae3b2da78a
db27897282a9c24bf21eeb7cebabf3cc9feec5d7d7676498f7809e632a1a6502
db341d5481f4f4821d615925d8832d4670c0be64ec82a973bbbb692b8ae1b97f
eb458b08c55fa9ecd604e12d9295b936dd8282df9b47aabc754645a523a8ec5d
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef4215a4282e51c566934c7b8f4a910da16a539c29292d69e536ff06ddbddde9
f4b64468a78b11eaf57ddeb656408e55eff3209a4eeb76ce343431f940343ca5
f6d94388f08f73ea73adbfa84c4ec5bff48ba7130e76c71479fcbf832c302d7c
f90598e6dd9e9b38ce71662badd8516ee1f6633e8b472e10824e60f441594b17
fcd6acab1a311e89ae1aef024707e986871eff4071c584de3e93970c5fc4a23d
fe5a6f8b61d3b055e92d347163a4715675351eaa6393364341e823d66406b861
fea85638d902b7d705d72aa9776531c035371a16774f0e52be50c0638c6eb110