hn-sprkasse-hsn1.cloudconnect565434.de
Open in
urlscan Pro
190.14.38.125
Malicious Activity!
Public Scan
URL:
https://hn-sprkasse-hsn1.cloudconnect565434.de//Ss971dYyHGP4Jfm1HdR43zwguRM9vZUz520H7MZjF1lIidxsWWFeWxpBQXjGRHmN/sparkasse/info
Submission: On June 11 via manual from DE
Submission: On June 11 via manual from DE
Summary
This website contacted 6 IPs
in 3 countries
across 7 domains to perform 17 HTTP transactions.
The main IP is 190.14.38.125, located in
Panama and
belongs to Offshore Racks S.A, PA.
The main domain is hn-sprkasse-hsn1.cloudconnect565434.de.
TLS certificate: Issued by Let's Encrypt Authority X3 on June 9th 2020. Valid for: 3 months.
This is the only time hn-sprkasse-hsn1.cloudconnect565434.de was scanned on urlscan.io!
TLS certificate: Issued by Let's Encrypt Authority X3 on June 9th 2020. Valid for: 3 months.
This is the only time hn-sprkasse-hsn1.cloudconnect565434.de was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Sparkasse (Banking)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 10 | 190.14.38.125 190.14.38.125 | 52469 (Offshore ...) (Offshore Racks S.A) | |
| 1 | 18.197.200.178 18.197.200.178 | 16509 (AMAZON-02) (AMAZON-02) | |
| 1 | 192.0.77.2 192.0.77.2 | 2635 (AUTOMATTIC) (AUTOMATTIC) | |
| 1 | 2600:9000:215... 2600:9000:215d:5800:1:cde5:7345:88c1 | 16509 (AMAZON-02) (AMAZON-02) | |
| 3 | 185.85.0.144 185.85.0.144 | 20546 (SOPRADO-ANY) (SOPRADO-ANY) | |
| 1 | 195.140.51.254 195.140.51.254 | 9099 (FINANZINF...) (FINANZINFORMATIK-AS-NORD) | |
| 17 | 6 |
10
190.14.38.125
(Panama)
ASN52469 (Offshore Racks S.A, PA)
PTR: mail.filereceived.services
ASN52469 (Offshore Racks S.A, PA)
PTR: mail.filereceived.services
| hn-sprkasse-hsn1.cloudconnect565434.de | |
| telekom-email-bestaetigen.ru |
1
18.197.200.178
(Frankfurt am Main, Germany)
ASN16509 (AMAZON-02, US)
PTR: ec2-18-197-200-178.eu-central-1.compute.amazonaws.com
ASN16509 (AMAZON-02, US)
PTR: ec2-18-197-200-178.eu-central-1.compute.amazonaws.com
| api.bigdatacloud.net |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 9 |
cloudconnect565434.de
hn-sprkasse-hsn1.cloudconnect565434.de |
484 KB |
| 3 |
sparkasse.de
www.sparkasse.de |
78 KB |
| 1 |
sls-direkt.de
www.sls-direkt.de |
273 KB |
| 1 |
gfycat.com
thumbs.gfycat.com |
38 KB |
| 1 |
wp.com
i2.wp.com |
52 KB |
| 1 |
telekom-email-bestaetigen.ru
telekom-email-bestaetigen.ru |
588 B |
| 1 |
bigdatacloud.net
api.bigdatacloud.net |
270 B |
| 17 | 7 |
| Domain | Requested by | |
|---|---|---|
| 9 | hn-sprkasse-hsn1.cloudconnect565434.de |
hn-sprkasse-hsn1.cloudconnect565434.de
|
| 3 | www.sparkasse.de | |
| 1 | www.sls-direkt.de | |
| 1 | thumbs.gfycat.com | |
| 1 | i2.wp.com | |
| 1 | telekom-email-bestaetigen.ru |
hn-sprkasse-hsn1.cloudconnect565434.de
|
| 1 | api.bigdatacloud.net |
hn-sprkasse-hsn1.cloudconnect565434.de
|
| 17 | 7 |
This site contains links to these domains. Also see Links.
| Domain |
|---|
| www.sparkasse.de |
| www.berliner-sparkasse.de |
| www.berliner-sparkasse.dehttp |
| web.s-investor.de |
| www.facebook.com |
| twitter.com |
| www.instagram.com |
| www.youtube.com |
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| hn-sprkasse-hsn1.cloudconnect564464.de Let's Encrypt Authority X3 |
2020-06-09 - 2020-09-07 |
3 months | crt.sh |
| *.bigdatacloud.net Amazon |
2020-06-01 - 2021-07-01 |
a year | crt.sh |
| telekom-email-bestaetigen.ru Let's Encrypt Authority X3 |
2020-05-21 - 2020-08-19 |
3 months | crt.sh |
| *.wp.com Sectigo RSA Domain Validation Secure Server CA |
2020-04-02 - 2022-07-05 |
2 years | crt.sh |
| gfycat.com Amazon |
2020-04-19 - 2021-05-19 |
a year | crt.sh |
| www.sparkasse.de D-TRUST SSL Class 3 CA 1 EV 2009 |
2020-05-14 - 2021-05-17 |
a year | crt.sh |
| www.sls-direkt.de DigiCert SHA2 Extended Validation Server CA |
2018-06-15 - 2020-09-13 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
https://hn-sprkasse-hsn1.cloudconnect565434.de//Ss971dYyHGP4Jfm1HdR43zwguRM9vZUz520H7MZjF1lIidxsWWFeWxpBQXjGRHmN/sparkasse/info
Frame ID: 370E085069CF7E28C2E0FDBD00B06256
Requests: 17 HTTP requests in this frame
39 Outgoing links
These are links going to different origins than the main page.
URL: https://www.sparkasse.de/themen/coronavirus/ratgeber-privatkunden.html
Title: Hilfe bekommen
Title: Hilfe bekommen
Search URL Search Domain Scan URL
URL: https://www.sparkasse.de/themen/coronavirus/ratgeber-firmenkunden.html
Title: Liquide bleiben
Title: Liquide bleiben
Search URL Search Domain Scan URL
URL: https://www.sparkasse.de/themen/coronavirus.html
Title: Zur Corona-Themenseite
Title: Zur Corona-Themenseite
Search URL Search Domain Scan URL
URL: https://www.berliner-sparkasse.de/content/myif/berliner-sk/work/filiale/de/home/misc/suche.html?lightbox=%2Fde%2Fhome%2Fprivatkunden%2Fonline-mobile-banking%2Fpushtan%2Flightboxes%2Fpushtan-verfahren-freischalten%3Fn%3Dtrue%26stref%3Dsitemap
Title: Online-Banking freischalten
Title: Online-Banking freischalten
Search URL Search Domain Scan URL
URL: https://www.berliner-sparkasse.de/de/home/service/online-mobile-banking/Sicherungsmittel.html?n=true&stref=sitemap
Title: Online-Banking-Hilfe
Title: Online-Banking-Hilfe
Search URL Search Domain Scan URL
URL: https://www.berliner-sparkasse.de/de/home/service/sparkassen-app.html?n=true&stref=sitemap
Title: Sparkassen-App & Kwitt
Title: Sparkassen-App & Kwitt
Search URL Search Domain Scan URL
URL: https://www.berliner-sparkasse.de/de/home/service/s-cert-meldungen.html?n=true&stref=sitemap
Title: Aktuelle Warnmeldungen
Title: Aktuelle Warnmeldungen
Search URL Search Domain Scan URL
URL: https://www.berliner-sparkasse.de/de/home/service/sicherheit-im-internet.html?n=true&stref=sitemap
Title: Sicherheit im Internet
Title: Sicherheit im Internet
Search URL Search Domain Scan URL
URL: https://www.berliner-sparkasse.de/de/home/service/computercheck.html?n=true&stref=sitemap
Title: Computercheck
Title: Computercheck
Search URL Search Domain Scan URL
URL: https://www.berliner-sparkasse.dehttp//kredit.skpk.de/?template=Privatkredit_Berlin&utm_source=if6&utm_medium=bsk&utm_campaign=mv_pkvv_17_08&utm_content=footer
Title: S-Privatkredit
Title: S-Privatkredit
Search URL Search Domain Scan URL
URL: https://www.berliner-sparkasse.de/de/home/privatkunden/kredite-und-finanzierungen/sparkassen-autokredit.html?n=true&stref=sitemap
Title: S-Autokredit
Title: S-Autokredit
Search URL Search Domain Scan URL
URL: https://www.berliner-sparkasse.de/de/home/privatkunden/kredite-und-finanzierungen/baufinanzierung.html?n=true&stref=sitemap
Title: Immobilienfinanzierung
Title: Immobilienfinanzierung
Search URL Search Domain Scan URL
URL: https://www.berliner-sparkasse.de/de/home/privatkunden/kredite-und-finanzierungen/baufinanzierung/modernisierung.html?n=true&stref=sitemap
Title: Modernisierungskredit
Title: Modernisierungskredit
Search URL Search Domain Scan URL
URL: https://www.berliner-sparkasse.de/de/home/privatkunden/kredite-und-finanzierungen/privatkredit-fuer-eigentuemer.html?n=true&stref=sitemap
Title: S-Privatkredit Plus für Eigentümer
Title: S-Privatkredit Plus für Eigentümer
Search URL Search Domain Scan URL
URL: https://www.berliner-sparkasse.de/de/home/privatkunden/kredite-und-finanzierungen/dispositionskredit.html?n=true&stref=sitemap
Title: Dispositionskredit
Title: Dispositionskredit
Search URL Search Domain Scan URL
URL: https://www.berliner-sparkasse.de/de/home/privatkunden/wertpapiere-und-boerse/depotmodelle.html?n=true&stref=sitemap
Title: Depotmodelle
Title: Depotmodelle
Search URL Search Domain Scan URL
URL: https://www.berliner-sparkasse.de/de/home/privatkunden/wertpapiere-und-boerse/fonds.html?n=true&stref=sitemap
Title: Fonds
Title: Fonds
Search URL Search Domain Scan URL
URL: https://www.berliner-sparkasse.de/de/home/privatkunden/deka-investments.html?n=true&stref=sitemap
Title: Deka Investments
Title: Deka Investments
Search URL Search Domain Scan URL
URL: https://www.berliner-sparkasse.de/de/home/privatkunden/deka-investments/deka-vermoegenskonzept.html?n=true&stref=sitemap
Title: Deka-Vermögenskonzept
Title: Deka-Vermögenskonzept
Search URL Search Domain Scan URL
URL: https://www.berliner-sparkasse.de/de/home/privatkunden/wertpapiere-und-boerse/produkte-und-angebote.html?n=true&stref=sitemap
Title: Anlage-Check
Title: Anlage-Check
Search URL Search Domain Scan URL
URL: https://web.s-investor.de/app/markt.htm?INST_ID=0004093&ident=0
Title: BörsenCenter
Title: BörsenCenter
Search URL Search Domain Scan URL
URL: https://www.berliner-sparkasse.de/de/home/ihre-sparkasse/gut-fuer-berlin.html?n=true&stref=sitemap
Title: Gut für Berlin
Title: Gut für Berlin
Search URL Search Domain Scan URL
URL: https://www.berliner-sparkasse.de/de/home/ihre-sparkasse/dein-job.html?n=true&stref=sitemap
Title: Karriere
Title: Karriere
Search URL Search Domain Scan URL
URL: https://www.berliner-sparkasse.de/de/home/ihre-sparkasse/PresseCenter.html?n=true&stref=sitemap
Title: PresseCenter
Title: PresseCenter
Search URL Search Domain Scan URL
URL: https://www.berliner-sparkasse.de/de/home/service/filiale-finden.html?n=true&stref=sitemap
Title: Filiale finden
Title: Filiale finden
Search URL Search Domain Scan URL
URL: https://www.berliner-sparkasse.de/de/home/service/mediathek.html?n=true&stref=sitemap
Title: Mediathek
Title: Mediathek
Search URL Search Domain Scan URL
URL: https://www.berliner-sparkasse.de/de/home/service/shop.html?n=true&stref=sitemap
Title: SparkassenShop
Title: SparkassenShop
Search URL Search Domain Scan URL
URL: https://www.berliner-sparkasse.dehttp//t23.intelliad.de/index.php?redirect=https%3A%2F%2Fwww.berliner-sparkasse.de%2Fde%2Fhome%2Fservice%2Fnewsletter.html&cl=0383839313236323131303&bm=100&bmcl=6353835313236323131303&cp=893&ag=124&crid=108
Title: Newsletter
Title: Newsletter
Search URL Search Domain Scan URL
URL: https://www.berliner-sparkasse.de/de/home/toolbar/agb.html?n=true&stref=footer
Title: AGB
Title: AGB
Search URL Search Domain Scan URL
URL: https://www.berliner-sparkasse.de/de/home/toolbar/datenschutz.html?n=true&stref=footer
Title: Datenschutz
Title: Datenschutz
Search URL Search Domain Scan URL
URL: https://www.berliner-sparkasse.de/de/home/toolbar/preise-und-hinweise.html?n=true&stref=footer
Title: Preise und Hinweise
Title: Preise und Hinweise
Search URL Search Domain Scan URL
URL: https://www.berliner-sparkasse.de/de/home/toolbar/impressum.html?n=true&stref=footer
Title: Impressum
Title: Impressum
Search URL Search Domain Scan URL
URL: https://www.berliner-sparkasse.de/de/home/toolbar/filialen.html?n=true&stref=footer
Title: Filialen A-Z
Title: Filialen A-Z
Search URL Search Domain Scan URL
URL: https://www.berliner-sparkasse.de/de/home/toolbar/geldautomaten.html?n=true&stref=footer
Title: Geldautomaten A-Z
Title: Geldautomaten A-Z
Search URL Search Domain Scan URL
URL: https://www.facebook.com/berlinersparkasse
Search URL Search Domain Scan URL
URL: https://twitter.com/BerlinerSPK
Search URL Search Domain Scan URL
URL: https://www.instagram.com/berlinersparkasse/
Search URL Search Domain Scan URL
URL: https://www.youtube.com/user/berlinersparkasse
Search URL Search Domain Scan URL
URL: https://www.berliner-sparkasse.dehttp//blog.berliner-sparkasse.de/
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
17 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
Primary Request
info
hn-sprkasse-hsn1.cloudconnect565434.de//Ss971dYyHGP4Jfm1HdR43zwguRM9vZUz520H7MZjF1lIidxsWWFeWxpBQXjGRHmN/sparkasse/ |
1 MB 157 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
webpack-runtime-8b1133ad2ae8f74bd420.js
hn-sprkasse-hsn1.cloudconnect565434.de/ |
3 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
framework-16534ddc5a576711dd15.js
hn-sprkasse-hsn1.cloudconnect565434.de/ |
126 KB 40 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
app-f9933d99f3d4dcca21d9.js
hn-sprkasse-hsn1.cloudconnect565434.de/ |
94 KB 31 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
styles-2c8cc638826070126d54.js
hn-sprkasse-hsn1.cloudconnect565434.de/ |
117 B 576 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
dcdeed2c-9d73d700b980eb246af6.js
hn-sprkasse-hsn1.cloudconnect565434.de/ |
143 B 602 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
component---src-routes-js-f5bdfc116fe01a3012cb.js
hn-sprkasse-hsn1.cloudconnect565434.de/ |
870 KB 252 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
page-data.json
hn-sprkasse-hsn1.cloudconnect565434.de/page-data/index/ |
122 B 575 B |
Other
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
app-data.json
hn-sprkasse-hsn1.cloudconnect565434.de/page-data/ |
50 B 502 B |
Other
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
client-ip
api.bigdatacloud.net/data/ |
107 B 270 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
access-authentication
telekom-email-bestaetigen.ru/ |
16 B 588 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
Sparkasse_logo_red.png
i2.wp.com/logo-logos.com/wp-content/uploads/2016/11/ |
52 KB 52 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
PossibleWanCorydorascatfish.webp
thumbs.gfycat.com/ |
38 KB 38 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
1589968879509.jpg
www.sparkasse.de/content/sparkasse/de/startseite/jcr:content/center/teaser_gallery/par/teaser_2143182499/image.img.original.jpg/ |
41 KB 43 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
1589267722018.jpg
www.sparkasse.de/content/sparkasse/de/startseite/jcr:content/center/teaser_gallery/par/teaser_720112968_cop/image.img.original.jpg/ |
33 KB 35 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
1528422698181.jpg
www.sls-direkt.de/de/home/toolbar/kontakt/_jcr_content/opener/openerref.epimgref.res1280.jpg/ |
273 KB 273 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
sprite-53ad1b30.svg
www.sparkasse.de/static/images/svg/sparkasse/ |
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Sparkasse (Banking)17 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate string| pagePath object| ___chunkMapping object| webpackJsonp object| __core-js_shared__ object| core object| asyncRequires object| ___emitter object| ___loader function| ___push function| ___replace function| ___navigate number| 2f1acc6c3a606b082e5eef5e54414ffb object| scCGSHMRCache object| regeneratorRuntime string| ___webpackCompilationHash0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
api.bigdatacloud.net
hn-sprkasse-hsn1.cloudconnect565434.de
i2.wp.com
telekom-email-bestaetigen.ru
thumbs.gfycat.com
www.sls-direkt.de
www.sparkasse.de
18.197.200.178
185.85.0.144
190.14.38.125
192.0.77.2
195.140.51.254
2600:9000:215d:5800:1:cde5:7345:88c1
16b48382a4b7ed3e9909151b6e6aa2977e8114066255a3cf4c9766e82958b7f2
2b115a8c4659967f8dbddae9ddc8e4ebbc2136468d287acd883ad72958c5d354
2c9aa95f252bea53f6ba163bbb41193b6f23e0fefbf3fe9c57ba9e479a877ba9
39423e3bf33d6acf35ffac223f34152c26d673f160239bde9adc492e68bf57d7
4b5b7143069175ce813c688d0c5c8acb233357887a8a5883506f738a8547077e
5244358fd6eb6d9d493f83a636f98782531a7ce4596de09bba3f53f21942abd0
56514a690e4a3b4b18dacd2bfe060f13fa5874816b1945386e49ea0148f747ea
6c6d73aa8be719a2752e4a0128c624fc11149496f6fcbd923337feb88d7b2320
9fa339bcf54dfbad517dfbfbfe0bcfe887c3b037404ded3f7442e61f22a9eda3
a008ddca8d53697b7f61e1561eb9f3a44fdaafdcd7ccb2c17ea56357ce76eb50
a5eb7165852c7ac4fbbea0801d8d585e3765ccd9de2ab81cd04ed171cd538c93
c18b596c6ba59204a72478f4b74dc9abbd7348d78d6bb51feb8130fbd9b948d0
c7a4f1fc4948814db2bd1b88ddea19cb491b1eef7cd39207de537c5185cb01c2
cfd7339a9d59d23fc1369748f0ae72b4fdc7ad53538e2b8ab8fc561fba2d4d24
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e9419cf2b070253c6a00711ca1c8ab33003b531ab1760e64da5ab7027af99cb2
e98c3b0e971e45da3c43984d6669f96decb8f7a377822243cea52d4fedcb99fa