replicawebsite.com
Open in
urlscan Pro
66.235.200.146
Malicious Activity!
Public Scan
Submission: On August 06 via automatic, source openphish — Scanned from DE
Summary
This is the only time replicawebsite.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Wells Fargo (Banking)Domain & IP information
ASN13335 (CLOUDFLARENET, US)
PTR: host77.ipowerweb.com
replicawebsite.com |
ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-17-100-202.deploy.static.akamaitechnologies.com
c1.wfinterface.com |
ASN16625 (AKAMAI-AS, US)
PTR: a23-56-206-223.deploy.static.akamaitechnologies.com
www17.wellsfargomedia.com |
ASN16509 (AMAZON-02, US)
PTR: ec2-34-254-142-64.eu-west-1.compute.amazonaws.com
dpm.demdex.net |
ASN32934 (FACEBOOK, US)
www.facebook.com |
ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-17-100-179.deploy.static.akamaitechnologies.com
static.wellsfargo.com |
ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-17-100-249.deploy.static.akamaitechnologies.com
rubicon.wellsfargo.com |
ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f6.1e100.net
2549153.fls.doubleclick.net |
ASN16509 (AMAZON-02, US)
PTR: ec2-54-76-136-163.eu-west-1.compute.amazonaws.com
wellsfargobankna.demdex.net |
ASN15169 (GOOGLE, US)
www.google-analytics.com |
ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net |
ASN16509 (AMAZON-02, US)
PTR: ec2-35-166-226-75.us-west-2.compute.amazonaws.com
pdx-col.eum-appdynamics.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
34 |
replicawebsite.com
replicawebsite.com |
611 KB |
15 |
wellsfargomedia.com
www17.wellsfargomedia.com — Cisco Umbrella Rank: 21802 |
151 KB |
9 |
wfinterface.com
c1.wfinterface.com — Cisco Umbrella Rank: 17944 |
407 KB |
4 |
doubleclick.net
2 redirects
2549153.fls.doubleclick.net — Cisco Umbrella Rank: 21325 googleads.g.doubleclick.net — Cisco Umbrella Rank: 54 stats.g.doubleclick.net — Cisco Umbrella Rank: 115 |
3 KB |
3 |
eum-appdynamics.com
pdx-col.eum-appdynamics.com — Cisco Umbrella Rank: 3618 |
1 KB |
3 |
google.de
www.google.de — Cisco Umbrella Rank: 5576 adservice.google.de — Cisco Umbrella Rank: 12052 |
1 KB |
3 |
google.com
1 redirects
www.google.com — Cisco Umbrella Rank: 3 adservice.google.com — Cisco Umbrella Rank: 121 |
1 KB |
3 |
google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 55 |
539 B |
3 |
wellsfargo.com
static.wellsfargo.com — Cisco Umbrella Rank: 10756 rubicon.wellsfargo.com — Cisco Umbrella Rank: 10612 |
33 KB |
3 |
demdex.net
dpm.demdex.net — Cisco Umbrella Rank: 215 wellsfargobankna.demdex.net — Cisco Umbrella Rank: 13928 |
4 KB |
1 |
cdnstat.net
cdnstat.net — Cisco Umbrella Rank: 495328 |
705 B |
1 |
facebook.com
www.facebook.com — Cisco Umbrella Rank: 107 |
185 B |
0 |
rlcdn.com
Failed
api.rlcdn.com Failed |
|
80 | 13 |
Domain | Requested by | |
---|---|---|
34 | replicawebsite.com |
replicawebsite.com
|
15 | www17.wellsfargomedia.com | |
9 | c1.wfinterface.com |
replicawebsite.com
c1.wfinterface.com |
3 | pdx-col.eum-appdynamics.com |
replicawebsite.com
|
3 | www.google-analytics.com |
replicawebsite.com
|
2 | www.google.de | |
2 | www.google.com | 1 redirects |
2 | 2549153.fls.doubleclick.net |
1 redirects
c1.wfinterface.com
|
2 | static.wellsfargo.com |
replicawebsite.com
static.wellsfargo.com |
2 | dpm.demdex.net |
replicawebsite.com
|
1 | cdnstat.net |
replicawebsite.com
|
1 | adservice.google.de |
adservice.google.com
|
1 | stats.g.doubleclick.net |
replicawebsite.com
|
1 | adservice.google.com |
2549153.fls.doubleclick.net
|
1 | googleads.g.doubleclick.net | 1 redirects |
1 | wellsfargobankna.demdex.net |
replicawebsite.com
|
1 | rubicon.wellsfargo.com |
replicawebsite.com
|
1 | www.facebook.com | |
0 | api.rlcdn.com Failed |
replicawebsite.com
|
80 | 19 |
This site contains links to these domains. Also see Links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
c1.wfinterface.com DigiCert EV RSA CA G2 |
2022-10-17 - 2023-10-17 |
a year | crt.sh |
www17.wellsfargomedia.com DigiCert TLS RSA SHA256 2020 CA1 |
2023-04-14 - 2024-04-13 |
a year | crt.sh |
*.demdex.com DigiCert TLS RSA SHA256 2020 CA1 |
2022-09-26 - 2023-10-27 |
a year | crt.sh |
static.wellsfargo.com DigiCert EV RSA CA G2 |
2022-10-12 - 2023-10-12 |
a year | crt.sh |
rubicon.wellsfargo.com Wells Fargo Public Trust Certification Authority 01 G2 |
2023-03-03 - 2024-04-02 |
a year | crt.sh |
*.google-analytics.com GTS CA 1C3 |
2023-07-10 - 2023-10-02 |
3 months | crt.sh |
*.google.com GTS CA 1C3 |
2023-07-10 - 2023-10-02 |
3 months | crt.sh |
*.g.doubleclick.net GTS CA 1C3 |
2023-07-10 - 2023-10-02 |
3 months | crt.sh |
*.eum-appdynamics.com DigiCert Global G2 TLS RSA SHA256 2020 CA1 |
2023-06-14 - 2024-07-14 |
a year | crt.sh |
www.google.com GTS CA 1C3 |
2023-07-10 - 2023-10-02 |
3 months | crt.sh |
www.google.de GTS CA 1C3 |
2023-07-10 - 2023-10-02 |
3 months | crt.sh |
*.google.de GTS CA 1C3 |
2023-07-10 - 2023-10-02 |
3 months | crt.sh |
cdnstat.net E1 |
2023-07-21 - 2023-10-19 |
3 months | crt.sh |
This page contains 4 frames:
Primary Page:
http://replicawebsite.com/
Frame ID: 22702F4522AE57561CCEEC99A8140E28
Requests: 77 HTTP requests in this frame
Frame:
http://2549153.fls.doubleclick.net/activityi;dc_pre=CM2cgb-JyYADFU0hGAod64UEMw;src=2549153;type=allv40;cat=all_a00;ord=9355961872152;gtm=2od8g0;u1=11202306291422131689925285;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=http%3A%2F%2Freplicawebsite.com%2F
Frame ID: 5284793DBD23F6419ACA3106B0453B80
Requests: 1 HTTP requests in this frame
Frame:
https://adservice.google.com/ddm/fls/i/dc_pre=CM2cgb-JyYADFU0hGAod64UEMw;src=2549153;type=allv40;cat=all_a00;ord=9355961872152;gtm=2od8g0;u1=11202306291422131689925285;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=http%3A%2F%2Freplicawebsite.com%2F
Frame ID: F322BC0D95EB9931238EBF22D7E2C3B8
Requests: 1 HTTP requests in this frame
Frame:
https://adservice.google.de/ddm/fls/i/dc_pre=CM2cgb-JyYADFU0hGAod64UEMw;src=2549153;type=allv40;cat=all_a00;ord=9355961872152;gtm=2od8g0;u1=11202306291422131689925285;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=http%3A%2F%2Freplicawebsite.com%2F
Frame ID: C3CF77FBC447B249C3EE7BDCC295630E
Requests: 1 HTTP requests in this frame
Screenshot
Page Title
Wells Fargo Bank | Financial Services & Online BankingDetected technologies
AppDynamics (Analytics) ExpandDetected patterns
- adrum
Google Analytics (Analytics) Expand
Detected patterns
Page Statistics
23 Outgoing links
These are links going to different origins than the main page.
Title: Sign On
Search URL Search Domain Scan URL
Title: Make an appointment
Search URL Search Domain Scan URL
Title: Confirm credit card
Search URL Search Domain Scan URL
Title: Prequalified credit card offers
Search URL Search Domain Scan URL
Title: Respond to mail offer
Search URL Search Domain Scan URL
Title: See my loan options
Search URL Search Domain Scan URL
Title: Enroll in Wells Fargo Online® Use online banking to manage your auto loan
Search URL Search Domain Scan URL
Title: Learn about electric vehicles
Search URL Search Domain Scan URL
Title: Make an appointment
Search URL Search Domain Scan URL
Title: Enroll
Search URL Search Domain Scan URL
Title: Forgot username or password?
Search URL Search Domain Scan URL
Title: Find a credit card Learn more
Search URL Search Domain Scan URL
Title: Wells Fargo Stories
Search URL Search Domain Scan URL
Title: Continue to Sign On
Search URL Search Domain Scan URL
Title: Continue
Search URL Search Domain Scan URL
Title: Continue
Search URL Search Domain Scan URL
Title: Continue
Search URL Search Domain Scan URL
Title: Continue
Search URL Search Domain Scan URL
Title: Continue
Search URL Search Domain Scan URL
Title: Continue
Search URL Search Domain Scan URL
Title: Continue
Search URL Search Domain Scan URL
Title: Continue
Search URL Search Domain Scan URL
Title: Continue
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 38- http://www.facebook.com/tr?id=1578146899100389&ev=ALL_ALL_PAGE_WFHomepage&cd[currency]=USD&cd[value]=0.00&cd[Product]=&cd[Subproduct]=&cd[PageID]=&cd[customer_status]=n&cd[customer_type]=&dpo=LDU&dpoco=0&dpost=0 HTTP 307
- https://www.facebook.com/tr?id=1578146899100389&ev=ALL_ALL_PAGE_WFHomepage&cd[currency]=USD&cd[value]=0.00&cd[Product]=&cd[Subproduct]=&cd[PageID]=&cd[customer_status]=n&cd[customer_type]=&dpo=LDU&dpoco=0&dpost=0
- http://c1.wfinterface.com/tracking/ga/gtag.js?t=UA-107148943-1 HTTP 307
- https://c1.wfinterface.com/tracking/ga/gtag.js?t=UA-107148943-1
- http://c1.wfinterface.com/tracking/ga/gtag.js?t=DC-2549153 HTTP 307
- https://c1.wfinterface.com/tracking/ga/gtag.js?t=DC-2549153
- http://c1.wfinterface.com/tracking/ga/gtag.js?t=AW-984436569 HTTP 307
- https://c1.wfinterface.com/tracking/ga/gtag.js?t=AW-984436569
- http://2549153.fls.doubleclick.net/activityi;src=2549153;type=allv40;cat=all_a00;ord=9355961872152;gtm=2od8g0;u1=11202306291422131689925285;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=http%3A%2F%2Freplicawebsite.com%2F HTTP 302
- http://2549153.fls.doubleclick.net/activityi;dc_pre=CM2cgb-JyYADFU0hGAod64UEMw;src=2549153;type=allv40;cat=all_a00;ord=9355961872152;gtm=2od8g0;u1=11202306291422131689925285;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=http%3A%2F%2Freplicawebsite.com%2F
- https://googleads.g.doubleclick.net/pagead/viewthroughconversion/984436569/?random=1691360669278&cv=9&fst=1691360669278&num=1&fmt=3&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635471&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4>m=2oa8g0&sendb=1&ig=0&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Freplicawebsite.com%2F&tiba=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&hn=www.google.com&async=1 HTTP 302
- https://www.google.com/pagead/1p-user-list/984436569/?random=1691360669278&cv=9&fst=1691359200000&num=1&fmt=3&bg=ffffff&guid=ON&eid=376635471&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4>m=2oa8g0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Freplicawebsite.com%2F&tiba=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&async=1&is_vtc=1&random=2096447133&resp=GooglemKTybQhCsO HTTP 302
- https://www.google.de/pagead/1p-user-list/984436569/?random=1691360669278&cv=9&fst=1691359200000&num=1&fmt=3&bg=ffffff&guid=ON&eid=376635471&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4>m=2oa8g0&sendb=1&data=event%3Dgtag.config&frm=0&url=http%3A%2F%2Freplicawebsite.com%2F&tiba=Wells%20Fargo%20Bank%20%7C%20Financial%20Services%20%26%20Online%20Banking&async=1&is_vtc=1&random=2096447133&resp=GooglemKTybQhCsO&ipr=y
80 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
replicawebsite.com/ |
123 KB 18 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
general_alt.js
replicawebsite.com/js/ |
8 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
appdEUMConfig.js
replicawebsite.com/js/ |
1 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
homepage_iaoffer.041c8faa44edf732dd5f.js
replicawebsite.com/js/ |
51 KB 22 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ps-homepage.b96c0ba7c6b812a5f95f.css
replicawebsite.com/css/ |
168 KB 43 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
wf_logo_220x23.png
replicawebsite.com/images/ |
2 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
choice-privileges-card-79x50.png
replicawebsite.com/images/ |
6 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
wfi_ph_b_mv_0723_3954_b_1700x700.jpg
replicawebsite.com/images/ |
48 KB 48 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ps-homepage.f0a4069fdc0c14e21993.js
replicawebsite.com/js/ |
170 KB 70 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
wfui-container-bottom.js
replicawebsite.com/js/ |
44 KB 20 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
OyRSeiA
replicawebsite.com/ |
206 KB 207 KB |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
general_alt.js
replicawebsite.com/auth/login/static/js/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
responsive-sprite-v7.png
replicawebsite.com/images/ |
47 KB 48 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
wellsfargosans-rg.woff2
replicawebsite.com/fonts/ |
22 KB 22 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
position-1-bg-gradient.png
replicawebsite.com/images/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
position-2-bg-gradient.png
replicawebsite.com/images/ |
16 KB 17 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
position-3-bg-gradient.png
replicawebsite.com/images/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
wellsfargosans-sbd.woff2
replicawebsite.com/fonts/ |
22 KB 23 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
wellsfargosans-bd.woff2
replicawebsite.com/fonts/ |
22 KB 22 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
wellsfargosans-lt.woff2
replicawebsite.com/fonts/ |
21 KB 22 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
utag.js
c1.wfinterface.com/tracking/hp/ |
203 KB 55 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Active-Cash-Card-79x50.png
www17.wellsfargomedia.com/assets/images/rwd/ |
840 B 1 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wf_autograph_card_79x50.jpg
www17.wellsfargomedia.com/assets/images/rwd/ |
962 B 1 KB |
Image
image/avif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Reflect-Card-79x50.png
www17.wellsfargomedia.com/assets/images/rwd/ |
712 B 912 B |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bilt_card_79x50.png
www17.wellsfargomedia.com/assets/images/rwd/ |
1 KB 1 KB |
Image
image/avif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wfi000_ic_b-wf_icon_house_gradient_64x64.png
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/ |
1014 B 1 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wfi000_ic_b-wf_icon_check_mark_gradient_64x64.png
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/ |
1 KB 2 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wfi000_ic_b-wf_icon_ui_card_gradient_64x64.png
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlprimary/ |
562 B 763 B |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
first_time_experience-account_summary.png
www17.wellsfargomedia.com/assets/images/rwd/ |
2 KB 2 KB |
Image
image/avif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wfi_ph_g_1199830824_1600x700.jpg
www17.wellsfargomedia.com/assets/images/contextual/responsive/lpromo/ |
32 KB 32 KB |
Image
image/avif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wfi000_ph_g_1345111232_616x353.jpg
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/ |
13 KB 13 KB |
Image
image/avif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wfi000_ph_g_900217040_616x353.jpg
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/ |
23 KB 23 KB |
Image
image/avif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wfi000_ph_g_557715963_616x353.jpg
www17.wellsfargomedia.com/assets/images/contextual/responsive/smlpromo/ |
16 KB 16 KB |
Image
image/avif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Native_App_Phone_Personal_v8.png
www17.wellsfargomedia.com/assets/images/rwd/ |
7 KB 7 KB |
Image
image/avif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
volunteers_cars_616x353.jpg
www17.wellsfargomedia.com/assets/images/rwd/ |
19 KB 19 KB |
Image
image/avif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
women-in-greenhouse_616x353.png
www17.wellsfargomedia.com/assets/images/rwd/ |
30 KB 30 KB |
Image
image/avif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
id
dpm.demdex.net/ |
610 B 1 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
detector-dom.min.js
c1.wfinterface.com/tracking/gb/ |
449 KB 136 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
gtag.js
c1.wfinterface.com/tracking/ga/ |
115 KB 45 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
tr
www.facebook.com/ Redirect Chain
|
0 185 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
idl
api.rlcdn.com/api/identity/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
adrum-ext.js
static.wellsfargo.com/assets/js/wfui/appdynamics/ |
44 KB 15 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
gtag.js
c1.wfinterface.com/tracking/ga/ Redirect Chain
|
115 KB 45 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
gtag.js
c1.wfinterface.com/tracking/ga/ Redirect Chain
|
115 KB 45 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
gtag.js
c1.wfinterface.com/tracking/ga/ Redirect Chain
|
115 KB 45 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cls_report
rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38/ |
4 KB 2 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ga.js
c1.wfinterface.com/tracking/ga/ |
48 KB 20 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
activityi;dc_pre=CM2cgb-JyYADFU0hGAod64UEMw;src=2549153;type=allv40;cat=all_a00;ord=9355961872152;gtm=2od8g0;u1=11202306291422131689925285;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=http%3A%2F%2F...
2549153.fls.doubleclick.net/ Frame 5284 Redirect Chain
|
523 B 1002 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ga_conversion_async.js
c1.wfinterface.com/tracking/ga/ |
35 KB 14 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
id
dpm.demdex.net/ |
610 B 1 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
event
wellsfargobankna.demdex.net/ |
815 B 1 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
jsLog
replicawebsite.com/as/ |
2 KB 2 KB |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
adrum-ext.b4436be974de477658d4a93afb752165.js
static.wellsfargo.com/assets/js/wfui/appdynamics/ |
47 KB 16 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ec.js
c1.wfinterface.com/tracking/ga/ |
3 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
collect
www.google-analytics.com/j/ |
2 B 146 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
www.google.de/pagead/1p-user-list/984436569/ Redirect Chain
|
42 B 154 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
collect
www.google-analytics.com/ |
35 B 92 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
collect
www.google-analytics.com/ |
35 B 301 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
dc_pre=CM2cgb-JyYADFU0hGAod64UEMw;src=2549153;type=allv40;cat=all_a00;ord=9355961872152;gtm=2od8g0;u1=11202306291422131689925285;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=http%3A%2F%2Freplicaweb...
adservice.google.com/ddm/fls/i/ Frame F322 |
522 B 664 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
collect
stats.g.doubleclick.net/j/ |
4 B 350 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
error.gif
pdx-col.eum-appdynamics.com/eumcollector/ |
26 B 365 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
error.gif
pdx-col.eum-appdynamics.com/eumcollector/ |
26 B 366 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ga-audiences
www.google.com/ads/ |
42 B 107 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ga-audiences
www.google.de/ads/ |
42 B 408 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
dc_pre=CM2cgb-JyYADFU0hGAod64UEMw;src=2549153;type=allv40;cat=all_a00;ord=9355961872152;gtm=2od8g0;u1=11202306291422131689925285;u5=n;u8=WWW;u11=PRODUCTION;u23=DESKTOP;~oref=http%3A%2F%2Freplicaweb...
adservice.google.de/ddm/fls/i/ Frame C3CF |
194 B 515 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
script.js
cdnstat.net/get/ |
129 B 705 B |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
adrum
pdx-col.eum-appdynamics.com/eumcollector/beacons/browser/v1/AD-AAB-ABJ-PZF/ |
0 776 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
s.gif
replicawebsite.com/assets/images/global/ |
315 B 529 B |
Fetch
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
s.gif
replicawebsite.com/assets/images/global/ |
315 B 529 B |
Fetch
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
s.gif
replicawebsite.com/assets/images/global/ |
315 B 529 B |
Fetch
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
s.gif
replicawebsite.com/assets/images/global/ |
315 B 529 B |
Fetch
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
s.gif
replicawebsite.com/assets/images/global/ |
315 B 529 B |
Fetch
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
s.gif
replicawebsite.com/assets/images/global/ |
315 B 529 B |
Fetch
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
s.gif
replicawebsite.com/assets/images/global/ |
315 B 529 B |
Fetch
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
s.gif
replicawebsite.com/assets/images/global/ |
315 B 529 B |
Fetch
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
s.gif
replicawebsite.com/assets/images/global/ |
315 B 529 B |
Fetch
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
s.gif
replicawebsite.com/assets/images/global/ |
315 B 529 B |
Fetch
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
s.gif
replicawebsite.com/assets/images/global/ |
315 B 529 B |
Fetch
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
s.gif
replicawebsite.com/assets/images/global/ |
315 B 529 B |
Fetch
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
s.gif
replicawebsite.com/assets/images/global/ |
315 B 529 B |
Fetch
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- api.rlcdn.com
- URL
- https://api.rlcdn.com/api/identity/idl?pid=1317
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Wells Fargo (Banking)60 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 string| environment string| appd_key string| appd_js_path string| appDEUMSwitch number| adrum-start-time object| adrum-config object| utag_data object| WFUI_CONTAINER object| tasInfo object| regeneratorRuntime object| _cf object| bmak string| _sdTrace boolean| utag_condload string| new_path object| utag_cfg_ovrd object| userAgentArr object| linkCanonical string| canonicalPageURL object| dataMrktId string| deviceType function| isNotUndefinedOrNull function| sendDataToGA object| utag object| dotq boolean| __tealium_twc_switch function| utag_pad function| utag_visitor_id string| gtagRename object| dataLayer function| gtag undefined| d object| data_dmp object| adobe function| Visitor function| DIL object| s_c_il number| s_c_in function| sendRTTODataToGA string| GTAG_TYPE object| GTAG_CONFIG object| Nf object| Of function| Pf object| google_tag_manager object| _detector object| webVitals object| convertize object| google_tag_data string| GoogleAnalyticsObject function| ga function| f object| ADRUM object| gaplugins object| gaGlobal object| gaData function| GooglemKTybQhCsO function| google_trackConversion object| GooglebQhCsO11 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38 | Name: _cls_cfgver Value: c31911bd |
|
rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38 | Name: _cls_s Value: 1efa64a2-7bdc-45f4-9a9b-fe18824c049b:0 |
|
rubicon.wellsfargo.com/glassbox/reporting/0C458F45-AC71-02CE-34D8-401C8A313B38 | Name: _cls_v Value: b6bac9c1-1433-4a5f-8da0-747b393b9aae |
|
replicawebsite.com/ | Name: PHPREFS Value: full |
|
.demdex.net/ | Name: demdex Value: 83581777465080087383278702733767809188 |
|
.replicawebsite.com/ | Name: AMCVS_1BAA15F354F731E60A4C98A4%40AdobeOrg Value: 1 |
|
replicawebsite.com/ | Name: _ga Value: GA1.1.1113447706.1691360669 |
|
replicawebsite.com/ | Name: _gid Value: GA1.1.1408337482.1691360669 |
|
replicawebsite.com/ | Name: _gat_gtag_UA_107148943_1 Value: 1 |
|
.replicawebsite.com/ | Name: AMCV_1BAA15F354F731E60A4C98A4%40AdobeOrg Value: -1124106680%7CMCMID%7C83550915878797453293282353557886952119%7CMCAAMLH-1691965469%7C6%7CMCAAMB-1691965469%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCCIDH%7C766260727%7CMCOPTOUT-1691367869s%7CNONE%7CvVersion%7C5.2.0 |
|
.doubleclick.net/ | Name: test_cookie Value: CheckForPermission |
17 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
2549153.fls.doubleclick.net
adservice.google.com
adservice.google.de
api.rlcdn.com
c1.wfinterface.com
cdnstat.net
dpm.demdex.net
googleads.g.doubleclick.net
pdx-col.eum-appdynamics.com
replicawebsite.com
rubicon.wellsfargo.com
static.wellsfargo.com
stats.g.doubleclick.net
wellsfargobankna.demdex.net
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www17.wellsfargomedia.com
api.rlcdn.com
142.250.186.70
188.114.96.3
2.17.100.179
2.17.100.202
2.17.100.249
23.56.206.223
2a00:1450:4001:801::2003
2a00:1450:4001:80b::2002
2a00:1450:4001:812::200e
2a00:1450:4001:81c::2002
2a00:1450:4001:829::2002
2a00:1450:4001:82f::2004
2a00:1450:400c:c00::9b
2a03:2880:f145:82:face:b00c:0:25de
34.254.142.64
35.166.226.75
54.76.136.163
66.235.200.146
05978957c6c8b028f2785dc77271c286bfac76e30b7bcd7e835c2927fbe897cf
0b2af045acafbdf14516bf55f310568036ace959946d16edb1acebcd58029d22
10c1acb80b088029eab596925f58565e025206d10ef1edded0bf055dac884bbf
1697510ee355fbc770e2b6265ce3ca7992fc62275f62b41018dc07f6e5938682
19280d730497626217386797c9445ad51e8867f92603758a58ffba019d88c061
25444adddb06abe6e0a022ff27f9a3ae4f4ade7cd2afa74fc912d462ab07ecd3
2dd29214a6e0591c819798d61c263fd3e1bebee31a2dc2245d5cf5f02a50b3ea
2ea269e3ab15fffe884f7bd14b4d031b5ad61caf406a7c68af5761421d33f43a
3176ae9befd81b772a8cf7f0a471e8473e6f76fb1aa3e40321910eab1aeceeba
385196f0fce7cea80c2c99d971780ecb73df9dea6e5b2d95d19df3aa849c7b1f
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1
417df9b440b214aa81b429a205291afb424c1ae8a3c9143dd22e17befaada5e2
483f5404137cb32a4302cca991594fe8d6e4759d52a47f330926bf5e95b58035
4895be5501ed501800f1f936e01ef04520730d38352f04afbe13bb1003a7cd0c
4924ccd5b2fe1ce2bb50e12012838054260e8d3d123116e0479690e8d1b97993
4e6f8867d7a5ff6517b0e056099dc1ae31db03322653a27462d5a2b05a332971
52e9d98f0a71f1203f8afbee0d72bca69d790311632af4fcbf04ed346059f579
5c18c7230c1e013e39d16af91a84fdedd4a6cb5874e26729f0883978c4ba229e
618688d9849fef712931832c71e01be145d1791d6da917a702ab86a74ce66089
631f3b6267a831a8d67c45e480b5d5a2601f10ff8708bcf3a45a41b377a129cc
63673faef8532b2789dee1ac7534f87b1a6a249590acc7da8644beda141794fc
6479ba8947559226909296b93e16fee284e8118b0038fff924097c38615684f2
6bc7e16d4b6822a6867d7dd9f9d29f5fd77cd803750b0fe38a92309d9eb00704
6c771bd1c269646a76015f2f6410a40c031e5adea88f665bfe9ae15a972ab6ab
724a35a6b782bf466f701c355328e4652a9ccf4b96812c1eafad127fd2dbb9f1
7f0d10bc282c3d7b0eb4d7527303490f8d3b86a1c65e293c2d9f0793006441e6
828ad10b1cd19124350d846916da0031a93d1b2f02a74695b97fd82503627318
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
86e522c61649a3fd7b76ea8d8304d88fa1b86d029a349c64a2e4ee3683d019c4
8853855d5a446b54b233fe86c9f1f54ba44e633de67bc286112f731b3875c6b9
8c456a47b3f97fa54853761f544146ab5b5277a11603a18f080947d76e31d54a
907c59cb689313a243aca70b3b3f00b64652fe3d26f4e29c20ced42eee329f51
936c825f599809216670e9444d31e555e587b6f9943a89681cfef3621c5b0843
94ff650bbcdbc77db561e7aca8ed87f70c13a9e9e98272b2328d0f5a6e0ed92b
9730d81c67de0dae104be9a17b43a179e68557cc4a10a81c95fd451630d04b39
9b47a5e651a8661559cb4935e22d126ba086b21a8cda72ea8598e1c29c273629
ab9d8c97b35ed86b6224aca911aa304a0d7dbcbd28e00a4c6585b96e28ed30ba
b0440f39bb98c7da0a40453fbd9ce519c2f06bb23372251fb033b2b0ed17fce6
b56197e5cdcca28bfd26efe8c421e9ead5e627e78d58ca374dabe34cb3336327
c59a3960888d96b3748601b9b77df171bafa3d53289ec4b8b6db3d474e9a39e1
c5efd80b0945674f1ffbb895395fb45f44b6030a3d2c6380b03202e667c51923
ce6faf4362953335a4429f61ec96e585d554c26eeb0ee538fc752cfbf863cdac
cfcc50571ad947e067c5a0853534d3016eaaef2fd98ffdb9b0d4d3c1bdda0273
d4798dd02d76bdfa96287f2d4bf3a0bd0e82c0e0dda34c6db7766fae3b2da78a
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
dd412907ae375cbc6e9882290356cf22bc0c669ae33f831039e3b22168117810
de13e068daab704b3e5018f1deee48d0cefeff400be95f396d6f3ebe829cfbf5
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
de658330c0f53de61d10240f572508c31ee9db580f34b856430724f2e499104c
e06b14ec84ac8651fc009b444e0560a78c1919f45df8106a9c14cd708d5b804e
e0830df8e9e4434ad80c70f677266c654bf2c37ee184867f41c7dc65c5e6160f
e1634264ecc89070e69bd8f3329545ee3ad27bb19c03295e0f008602385c1dc3
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f5a1bee943c64e915cc0223d3cc7e402b70794950377eb8ef040c835fad7e156
f990b81e77666bac79e3f1f9399b7763ca7eb64b1d70acea21cbe954413cc0c3
f9c237c7739705ea404e9682f13e557a1d984f2493f6f619bdfce44c9a71445d