wells100.azurewebsites.net
Open in
urlscan Pro
52.173.94.173
Malicious Activity!
Public Scan
Submission: On July 30 via automatic, source openphish
Summary
TLS certificate: Issued by DigiCert SHA2 Secure Server CA on May 10th 2019. Valid for: 2 years.
This is the only time wells100.azurewebsites.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Wells Fargo (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
4 | 52.173.94.173 52.173.94.173 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation) | |
2 | 159.45.170.178 159.45.170.178 | 10837 (WELLSFARG...) (WELLSFARGO-10837 - Wells Fargo & Company) | |
20 | 23.43.125.9 23.43.125.9 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
10 | 23.8.0.234 23.8.0.234 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
14 | 159.45.66.156 159.45.66.156 | 4196 (WELLSFARG...) (WELLSFARGO-4196 - Wells Fargo & Company) | |
2 | 159.45.2.145 159.45.2.145 | 10837 (WELLSFARG...) (WELLSFARGO-10837 - Wells Fargo & Company) | |
1 | 34.249.55.114 34.249.55.114 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
1 | 2a00:1450:400... 2a00:1450:4001:824::200e | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
64 | 9 |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)
wells100.azurewebsites.net |
ASN10837 (WELLSFARGO-10837 - Wells Fargo & Company, US)
static.wellsfargo.com |
ASN20940 (AKAMAI-ASN1, US)
PTR: a23-43-125-9.deploy.static.akamaitechnologies.com
www01.wellsfargomedia.com | |
www04.wellsfargomedia.com |
ASN20940 (AKAMAI-ASN1, US)
PTR: a23-8-0-234.deploy.static.akamaitechnologies.com
www20.wellsfargomedia.com |
ASN4196 (WELLSFARGO-4196 - Wells Fargo & Company, US)
connect.secure.wellsfargo.com |
ASN10837 (WELLSFARGO-10837 - Wells Fargo & Company, US)
www.wellsfargo.com |
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-34-249-55-114.eu-west-1.compute.amazonaws.com
wellsfargobankna.demdex.net |
ASN15169 (GOOGLE - Google LLC, US)
www.google-analytics.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
30 |
wellsfargomedia.com
www01.wellsfargomedia.com www04.wellsfargomedia.com www20.wellsfargomedia.com |
618 KB |
18 |
wellsfargo.com
static.wellsfargo.com connect.secure.wellsfargo.com www.wellsfargo.com |
305 KB |
4 |
azurewebsites.net
wells100.azurewebsites.net |
16 KB |
1 |
google-analytics.com
www.google-analytics.com |
|
1 |
demdex.net
wellsfargobankna.demdex.net |
727 B |
64 | 5 |
Domain | Requested by | |
---|---|---|
18 | www01.wellsfargomedia.com |
wells100.azurewebsites.net
www.wellsfargo.com |
14 | connect.secure.wellsfargo.com |
wells100.azurewebsites.net
connect.secure.wellsfargo.com |
10 | www20.wellsfargomedia.com |
wells100.azurewebsites.net
www.wellsfargo.com |
4 | wells100.azurewebsites.net |
connect.secure.wellsfargo.com
|
2 | www.wellsfargo.com |
wells100.azurewebsites.net
|
2 | www04.wellsfargomedia.com |
wells100.azurewebsites.net
|
2 | static.wellsfargo.com |
wells100.azurewebsites.net
|
1 | www.google-analytics.com |
connect.secure.wellsfargo.com
|
1 | wellsfargobankna.demdex.net |
connect.secure.wellsfargo.com
|
64 | 9 |
This site contains links to these domains. Also see Links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.azurewebsites.net DigiCert SHA2 Secure Server CA |
2019-05-10 - 2021-05-10 |
2 years | crt.sh |
static.wellsfargo.com DigiCert Global CA G2 |
2019-02-07 - 2021-02-07 |
2 years | crt.sh |
www01.wellsfargomedia.com GeoTrust RSA CA 2018 |
2019-02-19 - 2020-05-20 |
a year | crt.sh |
www20.wellsfargomedia.com GeoTrust RSA CA 2018 |
2019-02-19 - 2020-05-20 |
a year | crt.sh |
connect.secure.wellsfargo.com DigiCert Global CA G2 |
2019-02-07 - 2021-02-07 |
2 years | crt.sh |
www.wellsfargo.com DigiCert Global CA G2 |
2019-02-08 - 2021-02-08 |
2 years | crt.sh |
*.demdex.net DigiCert SHA2 High Assurance Server CA |
2018-01-09 - 2021-02-12 |
3 years | crt.sh |
*.google-analytics.com Google Internet Authority G3 |
2019-07-02 - 2019-09-24 |
3 months | crt.sh |
This page contains 5 frames:
Primary Page:
https://wells100.azurewebsites.net/w/83245e2873/outer_pag.php
Frame ID: 6A7FA9E6CA91C092285EB84D0FF1CEED
Requests: 60 HTTP requests in this frame
Frame:
https://connect.secure.wellsfargo.com/PIDO/farmbook.html?e=https%3A%2F%2Fwells100.azurewebsites.net&__tp=login&eu=https%3A%2F%2Fwells100.azurewebsites.net%2Fw%2F83245e2873%2Fouter_pag.php&icid=156449188375430899
Frame ID: F9703236285F752A8060D2205A6E063B
Requests: 1 HTTP requests in this frame
Frame:
https://connect.secure.wellsfargo.com/AIDO/convoy.html/discovercard.com/dfs/accounthome/summary/-www.schwab.com/secure.accurint.com/unfcu2.org//login1/wachovia.com/MyAccounts.aspx/investing.schwab.com/secure/schwab///https://snsbank.nl/mijnsns/secure/login/httpsabph.pl/pi/do/Authorization/alfabank.ru/swedbank/pf.bgz.pl/httponline.eurobank.pl/?cid=5&si=3&e=https%3A%2F%2Fwells100.azurewebsites.net&LSESSIONID=jLd1oqEa54kmcCmLLR0u3DsPqPuSo3nRVU%2B3EXavFtPX08UvN8F06sej&t=xframe&__tp=login&eu=https%3A%2F%2Fwells100.azurewebsites.net%2Fw%2F83245e2873%2Fouter_pag.php&icid=156449188376346922
Frame ID: 8EC22BFA982CCAEB977258E482098402
Requests: 1 HTTP requests in this frame
Frame:
https://connect.secure.wellsfargo.com/AIDO/elegant.html?si=3&e=https%3A%2F%2Fwells100.azurewebsites.net&LSESSIONID=jLd1oqEa54kmcCmLLR0u3DsPqPuSo3nRVU%2B3EXavFtPX08UvN8F06sej&t=xframe&__tp=login&eu=https%3A%2F%2Fwells100.azurewebsites.net%2Fw%2F83245e2873%2Fouter_pag.php&icid=156449188376489960
Frame ID: F53D5849B72D139188427B54578F4AC3
Requests: 1 HTTP requests in this frame
Frame:
https://connect.secure.wellsfargo.com/AIDO/gateway.html?e=https%3A%2F%2Fwells100.azurewebsites.net&__tp=login&eu=https%3A%2F%2Fwells100.azurewebsites.net%2Fw%2F83245e2873%2Fouter_pag.php&icid=15644918848092354
Frame ID: A8E26AEF37EAA6B7B40B904CBA31D032
Requests: 1 HTTP requests in this frame
Screenshot
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- url /\.php(?:$|\?)/i
Windows Server (Operating Systems) Expand
Detected patterns
- headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i
IIS (Web Servers) Expand
Detected patterns
- headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i
RxJS (JavaScript Frameworks) Expand
Detected patterns
- script /rx(?:\.\w+)?(?:\.compat|\.global)?(?:\.min)?\.js/i
Page Statistics
120 Outgoing links
These are links going to different origins than the main page.
Title: Enroll
Search URL Search Domain Scan URL
Title: Checking Accounts
Search URL Search Domain Scan URL
Title: Savings Accounts and CDs
Search URL Search Domain Scan URL
Title: Debit and Prepaid Cards
Search URL Search Domain Scan URL
Title: Credit Cards
Search URL Search Domain Scan URL
Title: Foreign Exchange
Search URL Search Domain Scan URL
Title: Global Remittance Services
Search URL Search Domain Scan URL
Title: Online Banking
Search URL Search Domain Scan URL
Title: Mobile Features
Search URL Search Domain Scan URL
Title: Control TowerSM
Search URL Search Domain Scan URL
Title: Tax Center
Search URL Search Domain Scan URL
Title: Banking Made Easy
Search URL Search Domain Scan URL
Title: Planning for Retirement
Search URL Search Domain Scan URL
Title: Security Center
Search URL Search Domain Scan URL
Title: Mortgage Rates
Search URL Search Domain Scan URL
Title: Routing Number
Search URL Search Domain Scan URL
Title: Overdraft Services
Search URL Search Domain Scan URL
Title: Get Help with Payment Challenges
Search URL Search Domain Scan URL
Title: Open a Checking Account
Search URL Search Domain Scan URL
Title: Apply for an Account or Service
Search URL Search Domain Scan URL
Title: Mortgage Loans
Search URL Search Domain Scan URL
Title: Home Equity Lines
Search URL Search Domain Scan URL
Title: Personal Lines and Loans
Search URL Search Domain Scan URL
Title: Student Loans
Search URL Search Domain Scan URL
Title: Auto Loans
Search URL Search Domain Scan URL
Title: Going to College
Search URL Search Domain Scan URL
Title: Borrowing and Credit
Search URL Search Domain Scan URL
Title: Home Equity Rates
Search URL Search Domain Scan URL
Title: Finish Application/Check Status
Search URL Search Domain Scan URL
Title: Student Loan Discounts
Search URL Search Domain Scan URL
Title: Self-Directed Online Trading
Search URL Search Domain Scan URL
Title: Digital Investing Plus Advice
Search URL Search Domain Scan URL
Title: Dedicated Financial Advisor
Search URL Search Domain Scan URL
Title: Compare Ways to Invest
Search URL Search Domain Scan URL
Title: IRAs
Search URL Search Domain Scan URL
Title: Invest in Mutual Funds
Search URL Search Domain Scan URL
Title: Investment Services
Search URL Search Domain Scan URL
Title: Rollovers (401k and IRA)
Search URL Search Domain Scan URL
Title: Investing for Education
Search URL Search Domain Scan URL
Title: Strategy and Research
Search URL Search Domain Scan URL
Title: Income in Retirement
Search URL Search Domain Scan URL
Title: Investing Basics
Search URL Search Domain Scan URL
Title: Contact a Financial Advisor
Search URL Search Domain Scan URL
Title: Open an IRA
Search URL Search Domain Scan URL
Title: Open a WellsTrade� Account
Search URL Search Domain Scan URL
Title: Open an Intuitive Investor� Account
Search URL Search Domain Scan URL
Title: Employer Plan 401(k) Sign On
Search URL Search Domain Scan URL
Title: The Private Bank
Search URL Search Domain Scan URL
Title: Abbot Downing
Search URL Search Domain Scan URL
Title: All Wealth Management Services
Search URL Search Domain Scan URL
Title: Wealth Planning
Search URL Search Domain Scan URL
Title: Private Banking
Search URL Search Domain Scan URL
Title: Investment Management
Search URL Search Domain Scan URL
Title: Specialized Wealth Services
Search URL Search Domain Scan URL
Title: Trust Services
Search URL Search Domain Scan URL
Title: Wealth Management Insights
Search URL Search Domain Scan URL
Title: Conversations Magazine
Search URL Search Domain Scan URL
Title: Contact The Private Bank
Search URL Search Domain Scan URL
Title: Contact Abbot Downing
Search URL Search Domain Scan URL
Title: Explore Rewards
Search URL Search Domain Scan URL
Title: Earn Rewards
Search URL Search Domain Scan URL
Title: Use Rewards
Search URL Search Domain Scan URL
Title: Share Rewards
Search URL Search Domain Scan URL
Title: Customer Relationship Overview
Search URL Search Domain Scan URL
Title: Banking Made Easy
Search URL Search Domain Scan URL
Title: Sign On to Go Far Rewards
Search URL Search Domain Scan URL
Title: Go Far Rewards FAQs
Search URL Search Domain Scan URL
Title: Forgot Password/Username?
Search URL Search Domain Scan URL
Title: Learn More
Search URL Search Domain Scan URL
Title: Learn More
Search URL Search Domain Scan URL
Title: Learn More
Search URL Search Domain Scan URL
Title: Student loan options
Search URL Search Domain Scan URL
Title: Buying a house? We can help.
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: Go to Borrowing and Credit
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: Go to Banking Made Easy
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: Go to Retirement Planning
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: Go to Home Lending
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: Visit Going to College
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: Go to Investing Basics
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: Learn More About Fraud Prevention
Search URL Search Domain Scan URL
Title:
Search URL Search Domain Scan URL
Title: Ready to buy a home? Estimate how much you may be able to borrow
Search URL Search Domain Scan URL
Title: Who inspires you? Meet a barrier-breaking pioneer today
Search URL Search Domain Scan URL
Title: Questions about an old 401(k)? Let's talk about your options
Search URL Search Domain Scan URL
Title: Our Vision, Values & Goals
Search URL Search Domain Scan URL
Title: Making Things Right - Customer Redress
Search URL Search Domain Scan URL
Title: About Wells Fargo
Search URL Search Domain Scan URL
Title: Careers
Search URL Search Domain Scan URL
Title: Report Fraud
Search URL Search Domain Scan URL
Title: Sitemap
Search URL Search Domain Scan URL
Title: Diversity & Accessibility
Search URL Search Domain Scan URL
Title: Online Access Agreement
Search URL Search Domain Scan URL
Title: Ad Choices
Search URL Search Domain Scan URL
Title:
Search URL Search Domain Scan URL
Title:
Search URL Search Domain Scan URL
Title:
Search URL Search Domain Scan URL
Title:
Search URL Search Domain Scan URL
Title:
Search URL Search Domain Scan URL
Title:
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
64 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
Cookie set
outer_pag.php
wells100.azurewebsites.net/w/83245e2873/ |
65 KB 16 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
utag.sync.js
static.wellsfargo.com/tracking/toppages/ |
10 KB 5 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
homepage_ret.css
www01.wellsfargomedia.com/css/home/ |
52 KB 10 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
homepage-horz-logo.svg
www01.wellsfargomedia.com/assets/images/css/template/homepage/ |
5 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
homepage-lock.svg
www04.wellsfargomedia.com/assets/images/css/template/homepage/ |
2 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
homepage-signon-lock.svg
www01.wellsfargomedia.com/assets/images/css/template/homepage/ |
4 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
wfic530_ph_b-2009_00130-bim2_1200x532.jpg
www20.wellsfargomedia.com/assets/images/contextual/banner/checking/1200x532/ |
61 KB 60 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
wfi000_ic_b-check-gray_50x50.png
www20.wellsfargomedia.com/assets/images/contextual/banner/checking/50x50/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
wfi000_ic_b-graduation-hat-gray_50x50.png
www20.wellsfargomedia.com/assets/images/contextual/banner/student-loans/50x50/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
wfi000_ic_b-building-house2-gray_50x50.png
www20.wellsfargomedia.com/assets/images/contextual/banner/mortgage/50x50/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
task-icon-account-50x50.png
www01.wellsfargomedia.com/assets/images/homepage/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
task-icon-rates-50x50.png
www01.wellsfargomedia.com/assets/images/homepage/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
FICO-phone-borrowing-and-credit-970x485.jpg
www01.wellsfargomedia.com/assets/images/photography/lifestyle/970x485/ |
35 KB 35 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
home-sprite-image.png
www01.wellsfargomedia.com/assets/images/css/template/homepage/ |
11 KB 11 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
paying-phone-beach-banking-made-easy-970x485.jpg
www01.wellsfargomedia.com/assets/images/photography/lifestyle/970x485/ |
33 KB 33 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
couple-beach-retirement-970x485.jpg
www01.wellsfargomedia.com/assets/images/photography/lifestyle/970x485/ |
33 KB 33 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
couple-moving-in-homelending-970x485.jpg
www01.wellsfargomedia.com/assets/images/photography/lifestyle/970x485/ |
34 KB 34 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
student-graduation-going-to-college-970x485.jpg
www01.wellsfargomedia.com/assets/images/photography/lifestyle/970x485/ |
34 KB 35 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
woman-tablet-investing-basics-970x485.jpg
www01.wellsfargomedia.com/assets/images/photography/lifestyle/970x485/ |
32 KB 32 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
woman-card-security-center-970x485.jpg
www01.wellsfargomedia.com/assets/images/photography/lifestyle/970x485/ |
34 KB 35 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
homepage_footer_stagecoach.svg
www01.wellsfargomedia.com/assets/images/global/ |
14 KB 7 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
home-sprite-image.png
www04.wellsfargomedia.com/assets/images/css/template/homepage/ |
11 KB 11 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login-userprefs.min.js
connect.secure.wellsfargo.com/auth/static/prefs/ |
159 KB 87 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-hp.js
www.wellsfargo.com/js/vendor/ |
86 KB 30 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
homepage_per.js
www.wellsfargo.com/js/global/ |
83 KB 20 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
homepage-magnifying-glass.png
www01.wellsfargomedia.com/assets/images/css/template/homepage/ |
302 B 775 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icn-uti-checkbox.svg
www01.wellsfargomedia.com/assets/images/css/template/homepage/ |
728 B 928 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
conutils-6.9.0.js
connect.secure.wellsfargo.com/auth/static/scripts/ |
23 KB 9 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
atadun.js
connect.secure.wellsfargo.com/auth/static/prefs/ |
1023 B 1 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
glu.js
connect.secure.wellsfargo.com/AIDO/ |
45 KB 21 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mint.js
connect.secure.wellsfargo.com/AIDO/ |
38 KB 16 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
pic.js
connect.secure.wellsfargo.com/PIDO/ |
43 KB 19 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
utag.js
static.wellsfargo.com/tracking/toppages/ |
149 KB 43 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
tas
wells100.azurewebsites.net/ |
103 B 403 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icon-marquee-dot-active.svg
www01.wellsfargomedia.com/assets/images/css/template/homepage/ |
578 B 874 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icon-marquee-dot-inactive.svg
www01.wellsfargomedia.com/assets/images/css/template/homepage/ |
587 B 880 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
trx.js
connect.secure.wellsfargo.com/AIDO/ |
71 KB 31 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
try.js
connect.secure.wellsfargo.com/AIDO/ |
45 KB 21 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
event
wellsfargobankna.demdex.net/ |
2 B 727 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
collect
www.google-analytics.com/ |
35 B 0 |
Fetch
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
s.gif
wells100.azurewebsites.net/assets/images/global/ |
103 B 263 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
s.gif
wells100.azurewebsites.net/assets/images/global/ |
103 B 263 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
vyHb
connect.secure.wellsfargo.com/AIDO/ |
106 B 776 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ay6u
connect.secure.wellsfargo.com/AIDO/ |
107 B 777 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
wfic598_ph_g-878868560_1200x532.jpg
www20.wellsfargomedia.com/assets/images/contextual/banner/student-loans/1200x532/ |
58 KB 59 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
wfic602_ph_b-dog-frontofhome_1200x532.jpg
www20.wellsfargomedia.com/assets/images/contextual/banner/mortgage/1200x532/ |
57 KB 58 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
wfia081_ph_b-7007_00117_489x234.jpg
www20.wellsfargomedia.com/assets/images/contextual/banner/checking/489x234/ |
28 KB 28 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
wfic597_ph_b-jk_0810_4210_304x194.jpg
www20.wellsfargomedia.com/assets/images/contextual/banner/mortgage/304x194/ |
29 KB 29 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
wfi111_ph_a-patpatterson_304x194.jpg
www20.wellsfargomedia.com/assets/images/contextual/banner/enterprise/304x194/ |
28 KB 29 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
wfi111_ph_hre_default3_304x194.jpg
www01.wellsfargomedia.com/assets/images/homepage/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
wellsfargo-volunteers-building-house-414x240.jpg
www01.wellsfargomedia.com/assets/images/photography/lifestyle/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
stagecoach-two-drivers-field-green-414x240.jpg
www04.wellsfargomedia.com/assets/images/homepage/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
redress_414x240.jpg
www01.wellsfargomedia.com/assets/images/homepage/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
three-men-volunteer-house-414x240.jpg
www04.wellsfargomedia.com/assets/images/homepage/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
woman-sitting-chair-tablet-screenshot-414x240.jpg
www01.wellsfargomedia.com/assets/images/homepage/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
farmbook.html
connect.secure.wellsfargo.com/PIDO/ Frame F970 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
connect.secure.wellsfargo.com/AIDO/convoy.html/discovercard.com/dfs/accounthome/summary/-www.schwab.com/secure.accurint.com/unfcu2.org//login1/wachovia.com/MyAccounts.aspx/investing.schwab.com/secu... Frame 8EC2 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
elegant.html
connect.secure.wellsfargo.com/AIDO/ Frame F53D |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
gateway.html
connect.secure.wellsfargo.com/AIDO/ Frame A8E2 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
s.gif
wells100.azurewebsites.net/assets/images/global/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
wfic598_ph_g-878868560_1200x532.jpg
www20.wellsfargomedia.com/assets/images/contextual/banner/student-loans/1200x532/ |
58 KB 59 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
icon-marquee-dot-inactive.svg
www01.wellsfargomedia.com/assets/images/css/template/homepage/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST |
tas
wells100.azurewebsites.net/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
icon-marquee-dot-active.svg
www01.wellsfargomedia.com/assets/images/css/template/homepage/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- www01.wellsfargomedia.com
- URL
- https://www01.wellsfargomedia.com/assets/images/homepage/wfi111_ph_hre_default3_304x194.jpg
- Domain
- www01.wellsfargomedia.com
- URL
- https://www01.wellsfargomedia.com/assets/images/photography/lifestyle/wellsfargo-volunteers-building-house-414x240.jpg
- Domain
- www04.wellsfargomedia.com
- URL
- https://www04.wellsfargomedia.com/assets/images/homepage/stagecoach-two-drivers-field-green-414x240.jpg
- Domain
- www01.wellsfargomedia.com
- URL
- https://www01.wellsfargomedia.com/assets/images/homepage/redress_414x240.jpg
- Domain
- www04.wellsfargomedia.com
- URL
- https://www04.wellsfargomedia.com/assets/images/homepage/three-men-volunteer-house-414x240.jpg
- Domain
- www01.wellsfargomedia.com
- URL
- https://www01.wellsfargomedia.com/assets/images/homepage/woman-sitting-chair-tablet-screenshot-414x240.jpg
- Domain
- wells100.azurewebsites.net
- URL
- https://wells100.azurewebsites.net/assets/images/global/s.gif?log=1&pid=222-147047-64&pageUrl=https%3A%2F%2Fwells100.azurewebsites.net%2Fw%2F83245e2873%2Fouter_pag.php&cb=1564491890707&event=LinkActivated&eventType=autoload&eventDescription=DisplayMarqueeCarouselItem&clist=402-166161-16~91-146911-32
- Domain
- www01.wellsfargomedia.com
- URL
- https://www01.wellsfargomedia.com/assets/images/css/template/homepage/icon-marquee-dot-inactive.svg
- Domain
- wells100.azurewebsites.net
- URL
- https://wells100.azurewebsites.net/tas
- Domain
- www01.wellsfargomedia.com
- URL
- https://www01.wellsfargomedia.com/assets/images/css/template/homepage/icon-marquee-dot-active.svg
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Wells Fargo (Banking)153 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask object| utag_data object| TNL function| testandlearn object| CryptoJS function| domReady object| jsData object| tasInfo string| USERPREFS_PATH string| UPRESOURCE_PATH string| ATADUN_PATH string| loginUrlBase object| scriptParent string| loginUrlBaseNoProtocol object| getUrl string| host string| port string| guid function| disableSubmitsCollectUserPrefs function| addLoginFormFieldsAndSubmit function| jsEnabled function| addEvent object| UserPrefsHelper object| collector function| loadUserPrefs function| submitUserPrefs function| getUserPrefsOnPageLoad function| undoSaveUsername function| maskedUsernameChanged function| addScriptElement function| getCookie function| appendHiddenInput function| addCookiesToForm function| generateGuid function| brief function| $ function| jQuery object| WF function| GSA_getSearchRootPathPrefix function| GSA_getResourceRootPathPrefix function| GSA_isEmbeddedMode string| ss_form_element string| ss_popup_element object| ss_seq string| ss_g_one_name_to_display string| ss_g_more_names_to_display number| ss_g_max_to_display number| ss_max_to_display number| ss_wait_millisec number| ss_delay_millisec object| ss_gsa_host string| SS_OUTPUT_FORMAT_LEGACY string| SS_OUTPUT_FORMAT_OPEN_SEARCH string| SS_OUTPUT_FORMAT_RICH string| ss_protocol boolean| ss_allow_non_query string| ss_non_query_empty_title boolean| ss_allow_debug object| URI_RE_ object| URI_DISALLOWED_IN_SCHEME_OR_CREDENTIALS_ object| URI_DISALLOWED_IN_PATH_ object| ss_cached object| ss_qbackup object| ss_qshown number| ss_loc number| ss_waiting boolean| ss_painting object| ss_key_handling_queue object| ss_painting_queue boolean| ss_dismissed boolean| ss_panic string| SS_ROW_CLASS string| SS_ROW_SELECTED_CLASS undefined| XH_ieProgId_ number| XML_READY_STATE_UNINITIALIZED number| XML_READY_STATE_LOADING number| XML_READY_STATE_LOADED number| XML_READY_STATE_INTERACTIVE number| XML_READY_STATE_COMPLETED function| XH_XmlHttpInit_ function| XH_XmlHttpCreate function| XH_XmlHttpGET function| XH_XmlHttpPOST function| XH_XmlHttpOpen function| XH_XmlHttpSetRequestHeader function| XH_XmlHttpSend function| XH_XmlHttpAbort object| ss_debug function| ss_composeSuggestUri function| ss_suggest function| ss_processed function| ss_handleAllKey function| ss_handleKey function| ss_isEmbeddedMode_ function| ss_handleQuery function| ss_removeNode_ function| ss_replaceNode_ function| ss_initEmbedMode_ function| ss_sf function| ss_clear function| ss_hide function| ss_show function| ss_showSuggestion function| ss_showRelatedSuggestion function| ss_handleMouseM function| ss_handleMouseC function| ss_countSuggestions function| ss_locateSuggestion function| ss_escape function| ss_escapeDbg function| ss_Debugger function| injectStyles function| injectScripts object| ss_use object| root object| lun3 string| ndURI boolean| isNative object| ___so124934 number| CLIWHIT string| PSESSIONID string| SSESSIONID object| M object| regex object| match string| LSESSIONID string| __tp number| __gt function| grip object| bidt8pdb boolean| utag_condload string| new_path object| utag_cfg_ovrd object| userAgentArr object| utag function| utag_pad function| utag_visitor_id string| urlRgx string| tagRgx boolean| whiteList number| conditionalCollectSnippet undefined| d object| data_dmp function| Visitor function| DIL object| s_c_il number| s_c_in function| ee_rkqeulcbdkhyw object| ____0.7331099191522614 function| vnunlprugkkakngg string| internal_IP1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.wells100.azurewebsites.net/ | Name: ARRAffinity Value: 773bfa268ddab40e86c4a46387d400861441e481df507518e27566c3d97fff41 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
connect.secure.wellsfargo.com
static.wellsfargo.com
wells100.azurewebsites.net
wellsfargobankna.demdex.net
www.google-analytics.com
www.wellsfargo.com
www01.wellsfargomedia.com
www04.wellsfargomedia.com
www20.wellsfargomedia.com
wells100.azurewebsites.net
www01.wellsfargomedia.com
www04.wellsfargomedia.com
159.45.170.178
159.45.2.145
159.45.66.156
23.43.125.9
23.8.0.234
2a00:1450:4001:824::200e
34.249.55.114
52.173.94.173
004590468c4ed29e2b9ac5192217c685059d0d623e4398c49cdb4a0b5a386831
11fa95cade4d31642d17ebba420d3706837b9a91090992b2d2aecc74a6b6ab88
1520e8d58a834ea92e3db6cedff43672d051f212f87449394752b0b63cdb0ec5
16b5311ddbd849fd1808d3d855f79d9640417d7c65714ffec6f6bb6f17416883
1783426a8c138cbdb6fc9de3b7f7784e2095efac7560d5255c6cb01945ea578b
3266bad930b35d863ee0cec9addafca06ff7f83dc81418a3b1029e71a96f4ccc
377002514be0ec6ce7340ccfbd11ea8456e71d26447f176af4aadbb4289ff86c
37bf55a3b2442ce068a51c055c3db6bf8504971d9c0c54113f71236ec2a5243e
433394c17bbe8207f26508728d8c23f0af67479f7831f50b486401d94996976a
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
449c3ffe12fb0fbbff8d3f6e965ff2deedff5ebee78cc71c14e772a539b1ec98
51044ed6d500b29e1b81d6d9a3033efd718c9ad62307fe1225baebcc8d5fb813
6deaefd34132d05cf9392b7ae370005e2e9b5354bc7905925dc2550be39ef68d
780b98a3861aa8d4afe428953ad3b9e988a74cd5f064b4a1eb453f5d901221e7
79ef4c1a532b7d0ec3a746f6dc63d2ab143969f29751cd51d5766a1cfc084fb0
7b1acbecc92198d28a194bab0fa46dd84878d9cb78f3e2bbbd4ba771ef168ebd
7bfab3d904c5effc47fe1577c20615a1efcf84f2a6e1b8e5ccaa501ac657fcab
7cd2b1ab0ed81ddc453b8da5357fcf7b3cbec29cd139059706a7b0bda253af48
7dff74171707711abeed94a8de67bc37acb52f1cb24f7b865a8a192824bf9a73
7f1d06a3ce29e740376e880b0c35d5fb006ddf1773ee0d539e507c31067acbc3
89f8d3836f41e0b18adc0279968e0d0d229d8686dde8c2d85d5b62447c06fbce
8ffc4d6a0d55daee3089560883f6e3c21cbbfef5b674a8dc875d9529e5e5376c
90b2d35cd5e08370ed20db81197dd9da1a4dbb421f71293fd5733ea49eb7b3e1
954424ae82926de25de2b279a3c1a3a10b0f9ed2d0e45df7869ef5ffdf8efb6a
982003c4cecd7caa0d1b5b8ceb4ee3d9a49263cb37fe56ccf4d5113868fe6741
a414267db5a05cdefdf343cacd3df72242dcfe06573c1b05601afc60476566fa
bcb4ac124f56ac268c5c720220ab98c292a9e27239da2a30339a3e889576e377
bdf751447a40cc6dbbd9df1beeac962c5cb9a6287efff4b64fa046adcc3f0c98
bf420fd8cada6f986b296d9785410646374facfa8afec0296b97b3366d4f4349
c4394793a895d3dc307c94366b05d7dc3868c4125021e7c296d158911cfbb4dc
cb4cfd594b2f8e32b89c3cb3ce1e766619a0e8273a8b2eb9148880ee534d7ba5
cede6c6d76d57a1f4da3d157863dc37c7e5a9d63f47b7f0401a985aaeb690f9e
cfd4c24ae595a860f108f4de55ce9a1744bad06d612d508c4d0bf39901b9862c
d21264356c50d969aadc4a610dfc89bc5289b79511841201aff61058201a3011
d25b81004984b1d2070119fe5e71911e629d5cbcf85259fd41b49afe1cfe9734
d6e3a5a263a697df3e5989b893e27ac29972dd9346b01da3e5476becb9a73a25
d6f9a6d48f3d43b2f7004bb3f1bea032abe36c545087c45907bf36f6d1949bc6
d6fdad356ecabcdcfb77a0486b3e240f450369e0304739e55c71a112d5f3d2df
d7547cd9a8b7f8fcf5252ad9062e37a71890155c85393a1ce2b60b21e6066a91
dcd6023a12e91cbf5f38230a01e8d7e60b04d48fcaf635ccfe89f56a90f94f4f
e9ecf74092e5fe396ce9fe40ea17070242ed95e6c0b09d595dd4254d8afcabaa
ea4b20ddecd76a86c3dc31d488970cf15e6284756c271b1d983f597652ebeb61
eb0773bab4190baeb667b0079a148b4495acab39ad0b1beeba95d5750afe5eb9
f96742979b5c4e53e4d7d4fc2e3c9ae0ef47d0ae48a9342b03467655c668fa6d
fbdbdec73948179778c9fa39a0108957d10c49c9bdeb9f830448bffd4a268582