wellsfargosecurity9076.ongraphy.com
Open in
urlscan Pro
134.209.156.27
Malicious Activity!
Public Scan
Submission: On April 07 via manual from US — Scanned from DE
Summary
TLS certificate: Issued by R3 on February 14th 2022. Valid for: 3 months.
This is the only time wellsfargosecurity9076.ongraphy.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Banking (Banking)Domain & IP information
ASN14061 (DIGITALOCEAN-ASN, US)
wellsfargosecurity9076.ongraphy.com |
ASN16509 (AMAZON-02, US)
dz8fbjd9gwp2s.cloudfront.net |
ASN25959 (SUNTRUST, US)
PTR: wholesaleportal.suntrust.com
wholesaleportal.suntrust.com |
ASN25959 (SUNTRUST, US)
PTR: www1-wholesaleportal.suntrust.com
www1-wholesaleportal.suntrust.com | |
treasurymanager-login.truist.com |
ASN15169 (GOOGLE, US)
www.googletagmanager.com |
ASN15169 (GOOGLE, US)
www.google-analytics.com |
ASN16509 (AMAZON-02, US)
PTR: server-18-66-242-40.dus51.r.cloudfront.net
cdn.amplitude.com |
ASN16509 (AMAZON-02, US)
PTR: ec2-44-237-112-196.us-west-2.compute.amazonaws.com
api.amplitude.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
30 |
cloudfront.net
dz8fbjd9gwp2s.cloudfront.net |
339 KB |
12 |
suntrust.com
12 redirects
wholesaleportal.suntrust.com — Cisco Umbrella Rank: 677550 www1-wholesaleportal.suntrust.com — Cisco Umbrella Rank: 584312 suntrust.com — Cisco Umbrella Rank: 105618 www.suntrust.com — Cisco Umbrella Rank: 206732 |
2 KB |
12 |
ongraphy.com
wellsfargosecurity9076.ongraphy.com |
2 MB |
8 |
truist.com
treasurymanager-login.truist.com — Cisco Umbrella Rank: 650541 www.truist.com — Cisco Umbrella Rank: 32711 |
48 KB |
7 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 46 |
5 KB |
4 |
google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 37 |
56 KB |
3 |
nr-data.net
bam.nr-data.net |
726 B |
2 |
amplitude.com
cdn.amplitude.com — Cisco Umbrella Rank: 2974 api.amplitude.com — Cisco Umbrella Rank: 1280 |
22 KB |
2 |
googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 71 |
104 KB |
1 |
newrelic.com
js-agent.newrelic.com |
18 KB |
1 |
gstatic.com
fonts.gstatic.com |
37 KB |
1 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 238 |
4 KB |
1 |
ibb.co
i.ibb.co — Cisco Umbrella Rank: 13776 |
142 KB |
1 |
fontawesome.com
use.fontawesome.com — Cisco Umbrella Rank: 942 |
9 KB |
73 | 14 |
Domain | Requested by | |
---|---|---|
30 | dz8fbjd9gwp2s.cloudfront.net |
wellsfargosecurity9076.ongraphy.com
dz8fbjd9gwp2s.cloudfront.net |
12 | wellsfargosecurity9076.ongraphy.com |
wellsfargosecurity9076.ongraphy.com
|
7 | treasurymanager-login.truist.com |
wellsfargosecurity9076.ongraphy.com
treasurymanager-login.truist.com |
7 | fonts.googleapis.com |
wellsfargosecurity9076.ongraphy.com
dz8fbjd9gwp2s.cloudfront.net |
5 | www1-wholesaleportal.suntrust.com | 5 redirects |
5 | wholesaleportal.suntrust.com | 5 redirects |
4 | www.google-analytics.com |
wellsfargosecurity9076.ongraphy.com
www.googletagmanager.com |
3 | bam.nr-data.net |
wellsfargosecurity9076.ongraphy.com
|
2 | www.googletagmanager.com |
wellsfargosecurity9076.ongraphy.com
|
1 | js-agent.newrelic.com |
wellsfargosecurity9076.ongraphy.com
|
1 | api.amplitude.com |
wellsfargosecurity9076.ongraphy.com
|
1 | cdn.amplitude.com |
wellsfargosecurity9076.ongraphy.com
|
1 | fonts.gstatic.com |
fonts.googleapis.com
|
1 | cdnjs.cloudflare.com |
wellsfargosecurity9076.ongraphy.com
|
1 | www.truist.com |
wellsfargosecurity9076.ongraphy.com
|
1 | www.suntrust.com | 1 redirects |
1 | suntrust.com | 1 redirects |
1 | i.ibb.co |
wellsfargosecurity9076.ongraphy.com
|
1 | use.fontawesome.com |
wellsfargosecurity9076.ongraphy.com
|
73 | 19 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.100forms.com |
www.suntrust.com |
www.graphy.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
ongraphy.com R3 |
2022-02-14 - 2022-05-15 |
3 months | crt.sh |
*.cloudfront.net Amazon |
2022-02-01 - 2023-01-31 |
a year | crt.sh |
upload.video.google.com GTS CA 1C3 |
2022-03-17 - 2022-06-09 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2021-07-07 - 2022-07-06 |
a year | crt.sh |
ibb.co R3 |
2022-02-05 - 2022-05-06 |
3 months | crt.sh |
*.google-analytics.com GTS CA 1C3 |
2022-03-17 - 2022-06-09 |
3 months | crt.sh |
*.gstatic.com GTS CA 1C3 |
2022-03-17 - 2022-06-09 |
3 months | crt.sh |
www1-wholesaleportal.suntrust.com DigiCert Global G2 TLS RSA SHA256 2020 CA1 |
2022-01-07 - 2023-01-06 |
a year | crt.sh |
cdn.amplitude.com Amazon |
2021-12-17 - 2023-01-14 |
a year | crt.sh |
*.amplitude.com COMODO RSA Domain Validation Secure Server CA |
2022-01-28 - 2023-02-28 |
a year | crt.sh |
js-agent.newrelic.com GlobalSign Atlas R3 DV TLS CA H2 2021 |
2021-10-06 - 2022-11-07 |
a year | crt.sh |
*.nr-data.net DigiCert TLS RSA SHA256 2020 CA1 |
2022-01-10 - 2023-02-10 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
https://wellsfargosecurity9076.ongraphy.com/s/pages/pleaseverifyme
Frame ID: FD571B76559F2E53BFF2EA57145A3C4B
Requests: 59 HTTP requests in this frame
Frame:
https://wellsfargosecurity9076.ongraphy.com/t/public/login
Frame ID: 02083BF008E069C699CBC5E093893527
Requests: 14 HTTP requests in this frame
Screenshot
Page Title
Wells Fargo Security VerificationWells FargoWells FargoDetected technologies
AngularJS (JavaScript Frameworks) ExpandDetected patterns
- \bangular.{0,32}\.js
Amplitude (Analytics) Expand
Detected patterns
- cdn\.amplitude\.com
Clipboard.js (Miscellaneous) Expand
Detected patterns
- clipboard(?:-([\d.]+))?(?:\.min)?\.js
DataTables (JavaScript Libraries) Expand
Detected patterns
- dataTables.*\.js
Font Awesome (Font Scripts) Expand
Detected patterns
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Google Analytics (Analytics) Expand
Detected patterns
- google-analytics\.com/(?:ga|urchin|analytics)\.js
Google Tag Manager (Tag Managers) Expand
Detected patterns
- googletagmanager\.com/gtm\.js
- googletagmanager\.com/gtag/js
Modernizr (JavaScript Libraries) Expand
Detected patterns
- ([\d.]+)?/modernizr(?:\.([\d.]+))?.*\.js
Underscore.js (JavaScript Libraries) Expand
Detected patterns
- underscore.*\.js(?:\?ver=([\d.]+))?
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
jQuery UI (JavaScript Libraries) Expand
Detected patterns
- jquery-ui.*\.js
Page Statistics
5 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Title: Wells Fargo Security
Search URL Search Domain Scan URL
Title: Privacy,
Search URL Search Domain Scan URL
Title: Security & Fraud
Search URL Search Domain Scan URL
Title: Graphy
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 14- https://wholesaleportal.suntrust.com/OCM/user/assets/css/basic.css HTTP 302
- https://www1-wholesaleportal.suntrust.com/OCM/user/assets/css/basic.css HTTP 302
- https://treasurymanager-login.truist.com/OCM/user/assets/css/basic.css
- https://wholesaleportal.suntrust.com/OCM/user/assets/css/unauth_edits.css HTTP 302
- https://www1-wholesaleportal.suntrust.com/OCM/user/assets/css/unauth_edits.css HTTP 302
- https://treasurymanager-login.truist.com/OCM/user/assets/css/unauth_edits.css
- https://wholesaleportal.suntrust.com/OCM/user/assets/libs/js/validate.js HTTP 302
- https://www1-wholesaleportal.suntrust.com/OCM/user/assets/libs/js/validate.js HTTP 302
- https://treasurymanager-login.truist.com/OCM/user/assets/libs/js/validate.js
- https://wholesaleportal.suntrust.com/OCM/user/assets/libs/js/new.js HTTP 302
- https://www1-wholesaleportal.suntrust.com/OCM/user/assets/libs/js/new.js HTTP 302
- https://treasurymanager-login.truist.com/OCM/user/assets/libs/js/new.js
- https://suntrust.com/ HTTP 302
- https://www.suntrust.com/ HTTP 301
- https://www.truist.com/
- https://wholesaleportal.suntrust.com/OCM/user/assets/images/icon_lock.gif HTTP 302
- https://www1-wholesaleportal.suntrust.com/OCM/user/assets/images/icon_lock.gif HTTP 302
- https://treasurymanager-login.truist.com/OCM/user/assets/images/icon_lock.gif
73 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
pleaseverifyme
wellsfargosecurity9076.ongraphy.com/s/pages/ |
92 KB 25 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
box.css
dz8fbjd9gwp2s.cloudfront.net/resources/pagebuilder2/box/ |
56 KB 8 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
content.css
dz8fbjd9gwp2s.cloudfront.net/resources/pagebuilder2/assets/minimalist-blocks/ |
50 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
spectre.min.css
dz8fbjd9gwp2s.cloudfront.net/resources/themes/default/ |
48 KB 10 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
spectre-exp.min.css
dz8fbjd9gwp2s.cloudfront.net/resources/themes/default/ |
19 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css2
fonts.googleapis.com/ |
11 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon
fonts.googleapis.com/ |
1 KB 512 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sstyles.css
dz8fbjd9gwp2s.cloudfront.net/resources/stylesheets/ |
54 KB 13 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sstyles_ext.css
dz8fbjd9gwp2s.cloudfront.net/resources/stylesheets/ |
5 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.datetimepicker.css
dz8fbjd9gwp2s.cloudfront.net/resources/css/ |
8 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
intlTelInput.css
dz8fbjd9gwp2s.cloudfront.net/resources/css/ |
27 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
3 KB 714 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sstore.css
dz8fbjd9gwp2s.cloudfront.net/resources/stylesheets/ |
4 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
all.css
use.fontawesome.com/releases/v5.0.10/css/ |
36 KB 9 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wells-fargo-stagecoach-logo-png-generic2.jpg
i.ibb.co/wSRCTrK/ |
142 KB 142 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
basic.css
treasurymanager-login.truist.com/OCM/user/assets/css/ Redirect Chain
|
41 KB 41 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
unauth_edits.css
treasurymanager-login.truist.com/OCM/user/assets/css/ Redirect Chain
|
594 B 972 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
validate.js
treasurymanager-login.truist.com/OCM/user/assets/libs/js/ Redirect Chain
|
3 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
new.js
treasurymanager-login.truist.com/OCM/user/assets/libs/js/ Redirect Chain
|
530 B 922 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
www.truist.com/ Redirect Chain
|
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headersRedirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icon_lock.gif
treasurymanager-login.truist.com/OCM/user/assets/images/ Redirect Chain
|
101 B 480 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-2.0.3.min.js
dz8fbjd9gwp2s.cloudfront.net/resources/js/ |
82 KB 29 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
underscore-min.js
dz8fbjd9gwp2s.cloudfront.net/resources/js/ |
18 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.form.js
dz8fbjd9gwp2s.cloudfront.net/resources/js/ |
15 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.noty.packaged.min.js
dz8fbjd9gwp2s.cloudfront.net/resources/js/ |
30 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-ui.min.js
dz8fbjd9gwp2s.cloudfront.net/resources/js/ |
119 KB 33 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.timeago.js
dz8fbjd9gwp2s.cloudfront.net/resources/js/ |
3 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.dataTables.js
dz8fbjd9gwp2s.cloudfront.net/resources/js/ |
76 KB 26 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.datetimepicker.js
dz8fbjd9gwp2s.cloudfront.net/resources/js/ |
37 KB 10 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
modernizr-custom.js
dz8fbjd9gwp2s.cloudfront.net/resources/js/js-webshim/minified/extras/ |
6 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
angular.min.js
dz8fbjd9gwp2s.cloudfront.net/resources/js/ |
172 KB 61 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
angular-sanitize.min.js
dz8fbjd9gwp2s.cloudfront.net/resources/js/ |
6 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sp-table.js
dz8fbjd9gwp2s.cloudfront.net/resources/scripts/angular/ |
5 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
aes.js
dz8fbjd9gwp2s.cloudfront.net/resources/js/ |
13 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
mode-ecb-min.js
dz8fbjd9gwp2s.cloudfront.net/resources/js/ |
392 B 595 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pad-nopadding-min.js
dz8fbjd9gwp2s.cloudfront.net/resources/js/ |
202 B 548 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
clipboard.min.js
cdnjs.cloudflare.com/ajax/libs/clipboard.js/2.0.4/ |
11 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sutils.js
dz8fbjd9gwp2s.cloudfront.net/resources/scripts/ |
148 KB 46 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
detect-private-browsing.js
dz8fbjd9gwp2s.cloudfront.net/resources/js/ |
3 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
intlTelInput.min.js
dz8fbjd9gwp2s.cloudfront.net/resources/js/ |
23 KB 10 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sstore.js
dz8fbjd9gwp2s.cloudfront.net/resources/scripts/ |
20 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
box.js
dz8fbjd9gwp2s.cloudfront.net/resources/pagebuilder2/box/ |
83 KB 23 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
10 KB 825 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ionicons.min.css
dz8fbjd9gwp2s.cloudfront.net/resources/pagebuilder2/assets/ionicons/css/ |
50 KB 8 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gtm.js
www.googletagmanager.com/ |
100 KB 39 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
fonts.gstatic.com/s/inter/v8/ |
37 KB 37 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
www.googletagmanager.com/gtag/ |
176 KB 65 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
optimize.js
www.google-analytics.com/gtm/ |
91 KB 36 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
analytics.js
www.google-analytics.com/ |
49 KB 20 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
collect
www.google-analytics.com/g/ |
0 158 B |
Ping
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
collect
www.google-analytics.com/j/ |
1 B 21 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
pageBG_770.gif
treasurymanager-login.truist.com/OCM/user/assets/images/ |
129 B 508 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bg_info.gif
treasurymanager-login.truist.com/OCM/user/assets/images/ |
949 B 1 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login
wellsfargosecurity9076.ongraphy.com/t/public/ Frame 0208 |
840 B 745 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
amplitude-8.5.0-min.gz.js
cdn.amplitude.com/libs/ |
68 KB 22 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
css
fonts.googleapis.com/ Frame 0208 |
18 KB 877 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
icon
fonts.googleapis.com/ Frame 0208 |
1 KB 439 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
app.1c83697061f7a40eb4db.js
wellsfargosecurity9076.ongraphy.com/t/ Frame 0208 |
6 MB 2 MB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
app.36aa706dcdda93a7ab6a.css
wellsfargosecurity9076.ongraphy.com/t/ Frame 0208 |
102 KB 37 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
/
api.amplitude.com/ |
7 B 168 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
css2
fonts.googleapis.com/ Frame 0208 |
11 KB 730 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
nr-spa-1215.min.js
js-agent.newrelic.com/ |
47 KB 18 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
get
wellsfargosecurity9076.ongraphy.com/s/account/org/ Frame 0208 |
3 KB 4 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
NRJS-9dbe38d984537dd2302
bam.nr-data.net/1/ |
57 B 322 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
spectre.min.css
wellsfargosecurity9076.ongraphy.com/t/themes/theme2/ Frame 0208 |
48 KB 10 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
spectre-exp.min.css
wellsfargosecurity9076.ongraphy.com/t/themes/theme2/ Frame 0208 |
19 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
702.df873a111f9694fea122.js
wellsfargosecurity9076.ongraphy.com/t/ Frame 0208 |
873 KB 226 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
769.02bda6c1457fb13ccfbf.js
wellsfargosecurity9076.ongraphy.com/t/ Frame 0208 |
23 KB 8 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
866.4418b18b3ca3d65db203.js
wellsfargosecurity9076.ongraphy.com/t/ Frame 0208 |
83 KB 25 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
399.5df28f2e7e6a1892b425.css
wellsfargosecurity9076.ongraphy.com/t/ Frame 0208 |
20 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
399.cabac1eaa1ae97820dab.js
wellsfargosecurity9076.ongraphy.com/t/ Frame 0208 |
68 KB 14 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
NRJS-9dbe38d984537dd2302
bam.nr-data.net/events/1/ |
24 B 202 B |
XHR
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
NRJS-9dbe38d984537dd2302
bam.nr-data.net/events/1/ |
24 B 202 B |
XHR
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Banking (Banking)234 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 function| structuredClone object| oncontextlost object| oncontextrestored function| getScreenDetails object| NREUM object| newrelic function| __nr_require string| orgCountry string| learnerConsentMsg string| creatorConsentMsg string| cookieMsg string| learnerDeletionAlertMsg boolean| hideCookiePopup string| RESCDN object| dataLayer object| google_tag_manager string| GoogleAnalyticsObject function| ga object| google_tag_data object| gaGlobal object| gaplugins object| google_optimize object| gaData function| Validation function| isEmpty function| isValidEmailAddress function| setLabelText function| popUp function| Redirect function| pageError function| pageException string| disabledLocleVar string| enabledLocaleVar string| smsLocaleVar string| webpushLocaleVar string| mobilepushLocaleVar string| invoicenumberLocaleVar string| productLocaleVar string| dateLocaleVar string| amountLocaleVar string| detailsLocaleVar string| subscriptionPlanLocaleVar string| addonsLocaleVar string| showLocalVar string| hideLocaleVar boolean| isPopupLogin string| login string| message function| closeLoginPopup object| amplitude function| $ function| jQuery function| _ object| html5 object| Modernizr object| angular object| spayeeAngularApp object| $jscomp object| CryptoJS function| ClipboardJS boolean| isIncognito function| hidePaymentBanner function| supportsHistoryApi function| sortQuestionsBySequence function| sortQuestions function| setGraphyCookie function| getGraphyCookie object| autocomplete function| getCourseItemDetail function| showModal function| hideModal function| loadHash function| addMissingData function| formatDate function| scrollToBottom function| toggleFeedbackIcons function| getData function| formatRating function| openFullscreen function| closeFullscreen function| postData function| parseJData object| bugsList function| logError function| parseDate function| getMonthName function| getDayName function| formatTimeTo12 function| initDataTable function| getFilters function| showAlert object| notyLoader function| showNotyLoader function| hideNotyLoader function| removejscssfile function| validatePassword function| toISTDate function| toISTDateInd function| checkDateFormat function| toYYYYMMDDFormat function| millisecondsToStr function| millisecondsToHHMMSSStr function| formatISO8601Date function| toISO8601LocaleDate function| getValidityText function| replaceHashTagsWithLinks function| getHashTags function| stripTags function| getParamFromHash function| getParamFromUrl function| youtubeVideoId function| vimeoVideoId function| YTDurationToSeconds object| youtube function| convertDate function| convertDateTimeLocale function| convertDateTime function| convertDateTimeD_M_Y function| convertDateTimeY_M_D function| convertDateTimeHourY_M_D function| convertY_M_DtoTimestamp function| convertY_M_DtoDate function| convertMillisDateTime function| sortArray function| calculateMarkObtained function| renderMarks function| renderFloat function| calculateKeyLabel function| htmlEntities function| decodeHtmlEntities function| getQuestionTypeLabel function| saveLocalSetting function| getLocalSetting function| removeLocalSetting function| formatBytes function| formatSeconds function| formatSecondsV2 function| getPaceOfLearingDisplay function| convertBase64ToArray function| convertArrayToBase64 function| getRandomInt function| randomId function| scrollToElement function| getUserInitial function| getUserEmail function| loadPageTemplate function| getDeviceType function| getCourseAssetIcon function| getCourseAssetLabel function| getCourseTypeLabel function| getCourseTypeText function| getCourseAssetCover function| iframeAutoHeight function| preventSessionTimeout function| formatVideoTime function| guid function| getCurrencyLabel function| getCurrencySymbol function| getCountryLabel function| fullIframe function| normalIframe function| formatToRomanDay function| loadSPCourses function| loadSPCurriculum function| loadSPWidget function| stripHtmlTag function| checkIfCookiesAreDisabled function| cookiesAreDisabled function| resolveProp function| isValidUrl function| copyToClipboard function| redirectToSSOUrl function| getPlanTypeLabel function| profileImageError function| changeIframeHeight function| bindCustomControls function| fullscreenmode function| checkDomainExist function| getGA4Code function| getGACode function| isPasswordWeak function| segmentTrack function| logAmplitude function| bindLogAmplitude function| registerAmplitude object| indianCities string| ctx string| isFirstLogin object| cjs string| defaultCoreColor string| theme1CoreColor string| theme2CoreColor string| theme3CoreColor string| theme4CoreColor string| theme5CoreColor string| theme6CoreColor string| theme7CoreColor string| theme8CoreColor string| theme9CoreColor string| theme10CoreColor string| spka string| webColor string| CFCDN boolean| mobileNotification boolean| webNotification boolean| iosPlayVideo string| gaType function| retry function| isIE10OrLater function| detectPrivateMode boolean| found object| utmSource object| utmMedium object| utmCampaign object| utmTerm object| utmContent object| store function| updateQueryStringParameter function| paramValueFromUrl object| coursesList object| blogsList undefined| limit undefined| packet function| applyAnimation function| removeAnimation function| applyAnimationSection function| removeAnimationSection function| loadScript object| skrollr object| AOS function| noty function| onYouTubeIframeAPIReady object| __AMPLITUDE__9 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
wellsfargosecurity9076.ongraphy.com/ | Name: JSESSIONID Value: 6B6DB9C9A086FEE91BDD6BC1A07ED196 |
|
wellsfargosecurity9076.ongraphy.com/ | Name: id Value: ee43d653-f6bc-4d97-9756-6c75382f8809 |
|
.ongraphy.com/ | Name: _ga_MMQ1QRP1RS Value: GS1.1.1649333319.1.0.1649333319.0 |
|
.ongraphy.com/ | Name: _ga Value: GA1.2.1117036147.1649333320 |
|
.ongraphy.com/ | Name: _gid Value: GA1.2.1648317510.1649333320 |
|
.ongraphy.com/ | Name: _gat_UA-174908808-6 Value: 1 |
|
www.truist.com/ | Name: AWSALBCORS Value: 5J/35bMr6hfCZKjKUU0TghFpA1K4QuyJq4WPQOAXfjBoxPiqLIuAjpGFy0w7xetY7h4dGr4PMCcvzZMQ/3rd/XIcCFtFpQFw6eAM9hJILp8kE4xIlZ0ZXhannLrH |
|
.ongraphy.com/ | Name: amp_75132c Value: PLvR4DYgOWfAqQIbYmvMYR...1g01uqgo0.1g01uqgo1.0.1.1 |
|
.nr-data.net/ | Name: JSESSIONID Value: 6a43f459396f062a |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
api.amplitude.com
bam.nr-data.net
cdn.amplitude.com
cdnjs.cloudflare.com
dz8fbjd9gwp2s.cloudfront.net
fonts.googleapis.com
fonts.gstatic.com
i.ibb.co
js-agent.newrelic.com
suntrust.com
treasurymanager-login.truist.com
use.fontawesome.com
wellsfargosecurity9076.ongraphy.com
wholesaleportal.suntrust.com
www.google-analytics.com
www.googletagmanager.com
www.suntrust.com
www.truist.com
www1-wholesaleportal.suntrust.com
134.209.156.27
151.101.130.137
162.247.242.31
167.181.46.220
167.181.46.31
167.181.46.72
18.66.242.40
2600:9000:2156:9e00:5:842a:2dc0:93a1
2600:9000:2156:de00:e:eafc:c400:93a1
2600:9000:2156:e000:14:deaa:bd00:21
2606:4700::6811:180e
2a00:1450:4001:811::2008
2a00:1450:4001:813::2003
2a00:1450:4001:828::200a
2a00:1450:4001:830::200e
2a06:98c1:3120::7
44.237.112.196
51.210.32.103
05b9b4079dde27598ac6b42eb68e0ec87a63893ad4e77501b9cea1ed62c007cd
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
11d24620975d0cba30b205f6561681eb0defb0ffea5e53e541eb4f653476708e
13aed0678e68491c663cdee589510d2b2c085497c2cde81d50d13c148bb5b853
1626706afc88d95ebe1173b553ec732c6dc82a576989315fdf5e7779af738a44
1663302da81a7fff5abb28cdfb7e81661f5a9373b5a3c4be41e98e3c605a3379
16e5e6ffd8d5c253dead40c6b8f41c376d578fb29d6572480d4287f897a7f760
1bb03826b26326516a3f4c9a9b39f03e3000a4828f91a75e1dfc88c2269af5ed
1bc0a4cf5bf6bc500211ed1d6bd684802aedf1dc3b62bd30fb31fe9945a0b279
2450e5580136f94bda7ccf95e3167b57e15b05b513a430967943a50036fa47a4
29278607988c520914765b604f63beae457ecfdc8b5c54a415a77504a343d2b9
2fc114e53f3be924987eb3c70290b9c772c126ad30ebb73c67b35c55928fbe21
37ab7845de136d75b0cef4c245a663d8b361a82d6ca8eb65f1e533641fab0849
3ae25db0e83ad363d55d0e2a92ddb94f9b62fea2dbf0f3648077f1548d16a8a7
45680f8f4aaac4e1b2cdbf49411f28ecc30374ef3e5954b12453a87da8f6d031
48b6f0087f78df7541bd826397f3ad3bd913373e5fb20715be2789abed696280
4a2dbed8e1a0521c53d60f577259bec7c09812ba4558f9da4ca55e4d629925d7
4da017594b9c5c71388c7e677403dad7a383fe8c07db6ba4e4a0b3ebe151dc23
50ca9a805fcc28dda65c46c0e0347a20db91460b0cfb70b89ca3c8fa6c55eb3a
57a21d4f86dd21c8a5297f46271dd2f2a219ce37ea0505b6192b12e5422e1c1b
5980e6dba445517fae40d80a3676f86e909110291d6be98e358b343b3d780edf
5abbed67374240c74c9e553a736b22a56864394c11f8c6a8421b7aea8d64b1a2
5e864c2e3f674c60970513411eaeeeafd2d615d842e65ec01d09ccfcb4a7b38d
61459e0c38844c3923eb3fb7b27b91c0c306b5154481e21e0b555670ee72f773
6367424aa2687ee1887fc8f61775c7431a2386904aacbde17de49bf63d92b81e
66767502cbaa41a97d3c7fdd3193514c273e6dbbb39a2b87d9eb081f0e1da2e4
6a175e0bba4e6d871eb91e001ed87d6f40fbfd425611f73fc7c9da0d5e8ffb96
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6d284bef6bf9ca2e0864a3a490a51887caebfbcd5d1d8405c186d7439c194fab
6f9de51d3a102875bce67f34c0193dce16ccb5871dac8ce27c51322104f9cbe3
707e29142b22ac62d55adde5550ccf1e44322fcf424534ec56d9bf016baebed5
7363a406eda361fe2751f45bbab1761e76940914b202ec3d45090ed556c8cf89
7390844fb6139597dfcc807d47e4122d20f8b4037161f7ff03efba99efa751b5
7591882289345af5a3877d6d1cbbf3d158ca249dfe0bdd49d703b6f31e386ca8
7869defdac1bf521072e2dac0f82dab9babd837984e56fc9ab967e3765562660
7d5085d722925d1a67e9ced72691fbbc2b019d4b85d79eeec90ea19f02093a5a
820ba84f8f3c57b10d5862b3ef966a897868caf38b9dba9effd3766b3e68dbd6
86844249ddef57c9616e4c50ab8c91a35b771b4c110465afacfeadd1818c1cca
8c077b9e5b125c3ec388a4cf597352c748261bcb1487f8a5107989650091b5ba
92225318ad7ca475ec897a06f36ea725427f852dffa013fe14b69892d2221009
9d051b8f12fb454532498863372b125a0a8c32cb8e5587bedcd321abeaf14482
9d2b815fa5b9255f38be8c13653e7d82f3c1ef90e6932efb490aa641771587fc
9d314c532e6e20fe58e42ae917f08d80d66066396e4d0ef0c09e3c99837e8850
9f8564b4eb2e46fbe614cd33fdb5fa56465ae4065c18fa8799397f7767e60153
a031e54195ba40a6db424fc7308071dc82278d755072d708e73fb2649f7857a5
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a2b20e55a5db919aca9c2aa4c5bf96631ac2425293b733e32ad5f6d51ceb84ac
a93761ea2f475212c531822a9c6d110b9a48f9ec0f367119bfabfd0c99561b62
aaba5fd62a0b19bd88e0d972d5a2dbde7502cdb74a0f473d09ddade178544da6
aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
b13cb5989e08fcb02314209d101e1102f3d299109bdc253b62aa1da21c9e38ba
b37b9b7ff9212118b628e8de65184a154aabaf093744b194c8cd936a9e16cf46
b97c99a69a6275c8f90703cd4c0864089a74fd08383a1cc75a8a4d0c2cb60cce
c90f0e501d2948fbc2b61bffd654fa4ab64741fd48923782419eeb14d3816fb8
cb09c699c15cee76d1bd8740e9b1bac91eafdcc9ce51819f6aecc2498fb47874
cdea032adb281f3ac5922f7447db7a1598eb0d4202486d1337954f4fe39db20c
cfac6241dd3aabb5f1552c17501790093015c006a8e13671823c1ff4872beaae
d9d2984f7d4a862c44b95ed1098cbf426e30ec2c857f870967f81c0d99543089
dd2d8d288526b88b0eae53168e31b4092acf39ed38d40ffcbc6d0ab2f7a4aa66
de2bbd8e0b32f53a53c1729bedb350cea59e9115fba4f2bed8e2e3dd1f76d9fa
e1d50eb40884ce799304e6fc43edc3888200403816fef35e72c46a2ccdc56751
e238db0d2002e80eef22fa9f2e8b2f69f316564ad6ad99e42d06008eed12d347
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eda6e72983f61a8d52e0ff4f8df3f477e80a7f28a4148c641f483eb36d327b0c
f132e31e0a474d2aa123100b9ba571a931fd8eb84ab7d5d1a2f0b5eca36f067c
f44c02f016ee3c6c0822db91ffe1bff3ebffb92bfc807413bb168469ff47bc3e
f5ecda52213a27cc7692d76ca71c212b43f352770f1207d91a996f136eb461dc
f66a48a13c4d8604a7f8f41bc198bf10044fc4dd7c0dfc8f8a1d3adc8be91941
fc7e184beeda61bf6427938a84560f52348976bb55e807b224eb53930e97ef6a