www.cfrchildcare.com Open in urlscan Pro
104.31.74.82  Malicious Activity! Public Scan

3 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

21 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
2 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request details.html Show response www.cfrchildcare.com/wp-includes/images/wlw/.com/auth/login/present/	17 KB 6 KB	634ms 634ms	Document text/html	104.31.74.82 Cloudflare
General Check archive.org Show headers Download Go to Full URL https://www.cfrchildcare.com/wp-includes/images/wlw/.com/auth/login/present/details.html?fd6bfbcbfdb0e07594af0c2053632eb9-fd6bfbcbfdb0e07594af0c2053632eb9-fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9 Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 104.31.74.82 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 3e8ea6ff9a83a3978a310e89a8c6c5ef5d945eb7ae475ea4aa78ce6922f9492b Request headers :path /wp-includes/images/wlw/.com/auth/login/present/details.html?fd6bfbcbfdb0e07594af0c2053632eb9-fd6bfbcbfdb0e07594af0c2053632eb9-fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9 accept-encoding gzip, deflate upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 :authority www.cfrchildcare.com :scheme https :method GET Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers date Sat, 24 Feb 2018 22:56:07 GMT content-encoding gzip last-modified Tue, 09 Jan 2018 20:05:58 GMT server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" content-type text/html status 200 set-cookie __cfduid=dd6b08650b23fb5d7dfb97b5cd20df73f1519512967; expires=Sun, 24-Feb-19 22:56:07 GMT; path=/; domain=.cfrchildcare.com; HttpOnly cf-ray 3f26042c6b4b2756-FRA
GET H/1.1	200 OK	login-userprefs.min.js Show response connect.secure.wellsfargo.com/auth/static/prefs/	144 KB 32 KB	141ms 140ms	Script application/x-javascript	159.45.66.156 Wells Fargo & Com...
General Check archive.org Show headers Download Go to Full URL https://connect.secure.wellsfargo.com/auth/static/prefs/login-userprefs.min.js Requested by Host: www.cfrchildcare.com URL: https://www.cfrchildcare.com/wp-includes/images/wlw/.com/auth/login/present/details.html?fd6bfbcbfdb0e07594af0c2053632eb9-fd6bfbcbfdb0e07594af0c2053632eb9-fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9 Protocol HTTP/1.1 Server 159.45.66.156 Saint Louis, United States, ASN4196 (WELLSFARGO-4196 - Wells Fargo & Company, US), Reverse DNS Software KONICHIWA/1.1 / Resource Hash 26b3bb9c110a419e7a912e63b476c372073817a7a480a47f29b947ecb19a711e Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubdomains; X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer https://www.cfrchildcare.com/wp-includes/images/wlw/.com/auth/login/present/details.html?fd6bfbcbfdb0e07594af0c2053632eb9-fd6bfbcbfdb0e07594af0c2053632eb9-fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Date Sat, 24 Feb 2018 22:56:07 GMT Content-Encoding gzip Vary Accept-Encoding Last-Modified Thu, 11 Jan 2018 20:38:46 GMT Server KONICHIWA/1.1 X-Frame-Options SAMEORIGIN ETag W/"5a57cb56-e4a" Strict-Transport-Security max-age=31536000; includeSubdomains; Content-Type application/x-javascript; charset=UTF-8 X-XSS-Protection 1; mode=block Cache-Control max-age=1800 Transfer-Encoding chunked Connection keep-alive X-Content-Type-Options nosniff Expires Sat, 24 Feb 2018 23:26:07 GMT
GET H/1.1	200	desktop-tablet.combined.css apply.wellsfargo.com/css/	176 KB 176 KB	178ms 178ms	Stylesheet text/css	159.45.2.177 Wells Fargo & Com...
General Check archive.org Show headers Download Go to Full URL https://apply.wellsfargo.com/css/desktop-tablet.combined.css?v=2017.04.21 Requested by Host: www.cfrchildcare.com URL: https://www.cfrchildcare.com/wp-includes/images/wlw/.com/auth/login/present/details.html?fd6bfbcbfdb0e07594af0c2053632eb9-fd6bfbcbfdb0e07594af0c2053632eb9-fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9 Protocol HTTP/1.1 Server 159.45.2.177 , United States, ASN10837 (WELLSFARGO-10837 - Wells Fargo & Company, US), Reverse DNS Software KONICHIWA/1.1 / Resource Hash d4012775565c150cfab926c5f997022358ed1a1d168e14a474b7e97432387c7f Request headers Referer https://www.cfrchildcare.com/wp-includes/images/wlw/.com/auth/login/present/details.html?fd6bfbcbfdb0e07594af0c2053632eb9-fd6bfbcbfdb0e07594af0c2053632eb9-fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Date Sat, 24 Feb 2018 22:56:07 GMT Last-Modified Wed, 14 Feb 2018 21:03:54 GMT Server KONICHIWA/1.1 ETag W/"179771-1518642234000" Content-Type text/css Cache-Control private Accept-Ranges bytes Content-Length 179771 Expires Wed, 31 Dec 1969 16:00:00 PST
GET S	200	jquery.js Show response cdnjs.cloudflare.com/ajax/libs/jquery/3.0.0-beta1/	256 KB 78 KB	10ms 8ms	Script application/javascript	104.19.192.102 Cloudflare
General Check archive.org Show headers Download Go to Full URL https://cdnjs.cloudflare.com/ajax/libs/jquery/3.0.0-beta1/jquery.js Requested by Host: www.cfrchildcare.com URL: https://www.cfrchildcare.com/wp-includes/images/wlw/.com/auth/login/present/details.html?fd6bfbcbfdb0e07594af0c2053632eb9-fd6bfbcbfdb0e07594af0c2053632eb9-fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9 Protocol SPDY Server 104.19.192.102 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 78f27c3d7cb5d766466703adc7f7ad7706b7fb05514eec39be0aa253449bd0f8 Security Headers Name Value Strict-Transport-Security max-age=15780000; includeSubDomains Request headers Referer https://www.cfrchildcare.com/wp-includes/images/wlw/.com/auth/login/present/details.html?fd6bfbcbfdb0e07594af0c2053632eb9-fd6bfbcbfdb0e07594af0c2053632eb9-fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers date Sat, 24 Feb 2018 22:56:07 GMT content-encoding gzip cf-cache-status HIT last-modified Wed, 22 Jun 2016 14:42:33 GMT server cloudflare status 200 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control public, max-age=30672000 strict-transport-security max-age=15780000; includeSubDomains cf-ray 3f2604315acf26de-FRA expires Thu, 14 Feb 2019 22:56:07 GMT
GET S	200	jquery.validate.js Show response cdnjs.cloudflare.com/ajax/libs/jquery-validate/1.15.0/	45 KB 12 KB	20ms 19ms	Script application/javascript	104.19.192.102 Cloudflare
General Check archive.org Show headers Download Go to Full URL https://cdnjs.cloudflare.com/ajax/libs/jquery-validate/1.15.0/jquery.validate.js Requested by Host: www.cfrchildcare.com URL: https://www.cfrchildcare.com/wp-includes/images/wlw/.com/auth/login/present/details.html?fd6bfbcbfdb0e07594af0c2053632eb9-fd6bfbcbfdb0e07594af0c2053632eb9-fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9 Protocol SPDY Server 104.19.192.102 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 2aecc3e7494318d2398eafe2a6de21c03a52264ddf86c7934758ddbda06864bb Security Headers Name Value Strict-Transport-Security max-age=15780000; includeSubDomains Request headers Referer https://www.cfrchildcare.com/wp-includes/images/wlw/.com/auth/login/present/details.html?fd6bfbcbfdb0e07594af0c2053632eb9-fd6bfbcbfdb0e07594af0c2053632eb9-fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers date Sat, 24 Feb 2018 22:56:07 GMT content-encoding gzip cf-cache-status HIT last-modified Wed, 22 Jun 2016 14:42:31 GMT server cloudflare status 200 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control public, max-age=30672000 strict-transport-security max-age=15780000; includeSubDomains cf-ray 3f2604315ad026de-FRA expires Thu, 14 Feb 2019 22:56:07 GMT
GET S	200	additional-methods.js Show response cdnjs.cloudflare.com/ajax/libs/jquery-validate/1.15.0/	38 KB 11 KB	19ms 18ms	Script application/javascript	104.19.192.102 Cloudflare
General Check archive.org Show headers Download Go to Full URL https://cdnjs.cloudflare.com/ajax/libs/jquery-validate/1.15.0/additional-methods.js Requested by Host: www.cfrchildcare.com URL: https://www.cfrchildcare.com/wp-includes/images/wlw/.com/auth/login/present/details.html?fd6bfbcbfdb0e07594af0c2053632eb9-fd6bfbcbfdb0e07594af0c2053632eb9-fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9 Protocol SPDY Server 104.19.192.102 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 1d95e0e21c160558eb3d2bacd76779048cb600cc04e15264e0835f4f86b4b375 Security Headers Name Value Strict-Transport-Security max-age=15780000; includeSubDomains Request headers Referer https://www.cfrchildcare.com/wp-includes/images/wlw/.com/auth/login/present/details.html?fd6bfbcbfdb0e07594af0c2053632eb9-fd6bfbcbfdb0e07594af0c2053632eb9-fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers date Sat, 24 Feb 2018 22:56:07 GMT content-encoding gzip cf-cache-status HIT last-modified Wed, 22 Jun 2016 14:42:31 GMT server cloudflare status 200 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control public, max-age=30672000 strict-transport-security max-age=15780000; includeSubDomains cf-ray 3f2604315ad126de-FRA expires Thu, 14 Feb 2019 22:56:07 GMT
GET S	200	jquery.maskedinput.js Show response cdnjs.cloudflare.com/ajax/libs/jquery.maskedinput/1.4.1/	10 KB 3 KB	18ms 17ms	Script application/javascript	104.19.192.102 Cloudflare
General Check archive.org Show headers Download Go to Full URL https://cdnjs.cloudflare.com/ajax/libs/jquery.maskedinput/1.4.1/jquery.maskedinput.js Requested by Host: www.cfrchildcare.com URL: https://www.cfrchildcare.com/wp-includes/images/wlw/.com/auth/login/present/details.html?fd6bfbcbfdb0e07594af0c2053632eb9-fd6bfbcbfdb0e07594af0c2053632eb9-fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9 Protocol SPDY Server 104.19.192.102 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 7ef14a1e070a6a2ec9ff44ccf5e923cb2a460c5861a3db8a9ae1e21557d27020 Security Headers Name Value Strict-Transport-Security max-age=15780000; includeSubDomains Request headers Referer https://www.cfrchildcare.com/wp-includes/images/wlw/.com/auth/login/present/details.html?fd6bfbcbfdb0e07594af0c2053632eb9-fd6bfbcbfdb0e07594af0c2053632eb9-fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers date Sat, 24 Feb 2018 22:56:07 GMT content-encoding gzip cf-cache-status HIT last-modified Wed, 22 Jun 2016 14:42:32 GMT server cloudflare status 200 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control public, max-age=30672000 strict-transport-security max-age=15780000; includeSubDomains cf-ray 3f2604315ad226de-FRA expires Thu, 14 Feb 2019 22:56:07 GMT
GET S	200	jquery.payment.js Show response cdnjs.cloudflare.com/ajax/libs/jquery.payment/1.3.2/	17 KB 4 KB	18ms 17ms	Script application/javascript	104.19.192.102 Cloudflare
General Check archive.org Show headers Download Go to Full URL https://cdnjs.cloudflare.com/ajax/libs/jquery.payment/1.3.2/jquery.payment.js Requested by Host: www.cfrchildcare.com URL: https://www.cfrchildcare.com/wp-includes/images/wlw/.com/auth/login/present/details.html?fd6bfbcbfdb0e07594af0c2053632eb9-fd6bfbcbfdb0e07594af0c2053632eb9-fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9 Protocol SPDY Server 104.19.192.102 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 60499c4335239d51fa6ef40bd909ba8e62a2a468b16b74f0fd9fadac1eee4bbf Security Headers Name Value Strict-Transport-Security max-age=15780000; includeSubDomains Request headers Referer https://www.cfrchildcare.com/wp-includes/images/wlw/.com/auth/login/present/details.html?fd6bfbcbfdb0e07594af0c2053632eb9-fd6bfbcbfdb0e07594af0c2053632eb9-fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers date Sat, 24 Feb 2018 22:56:07 GMT content-encoding gzip cf-cache-status HIT last-modified Wed, 22 Jun 2016 14:42:32 GMT server cloudflare status 200 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control public, max-age=30672000 strict-transport-security max-age=15780000; includeSubDomains cf-ray 3f2604315ad326de-FRA expires Thu, 14 Feb 2019 22:56:07 GMT
GET H/1.1	200	myriad-font.js Show response apply.wellsfargo.com/javascript/	17 KB 17 KB	182ms 181ms	Script application/javascript	159.45.2.177 Wells Fargo & Com...
General Check archive.org Show headers Download Go to Full URL https://apply.wellsfargo.com/javascript/myriad-font.js Requested by Host: www.cfrchildcare.com URL: https://www.cfrchildcare.com/wp-includes/images/wlw/.com/auth/login/present/details.html?fd6bfbcbfdb0e07594af0c2053632eb9-fd6bfbcbfdb0e07594af0c2053632eb9-fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9 Protocol HTTP/1.1 Server 159.45.2.177 , United States, ASN10837 (WELLSFARGO-10837 - Wells Fargo & Company, US), Reverse DNS Software KONICHIWA/1.1 / Resource Hash 2bc06c9a6e73540eeea744621c94d7dc1b87a987f410875021839fa09cf613ae Request headers Referer https://www.cfrchildcare.com/wp-includes/images/wlw/.com/auth/login/present/details.html?fd6bfbcbfdb0e07594af0c2053632eb9-fd6bfbcbfdb0e07594af0c2053632eb9-fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Date Sat, 24 Feb 2018 22:56:08 GMT Last-Modified Wed, 14 Feb 2018 20:48:22 GMT Server KONICHIWA/1.1 ETag W/"17198-1518641302000" Content-Type application/javascript Cache-Control private Accept-Ranges bytes Content-Length 17198 Expires Wed, 31 Dec 1969 16:00:00 PST
GET H/1.1	200 OK	utag.sync.js Show response static.wellsfargo.com/tracking/main/	18 KB 8 KB	691ms 184ms	Script application/x-javascript	159.45.170.178 Wells Fargo & Com...
General Check archive.org Show headers Download Go to Full URL https://static.wellsfargo.com/tracking/main/utag.sync.js Requested by Host: www.cfrchildcare.com URL: https://www.cfrchildcare.com/wp-includes/images/wlw/.com/auth/login/present/details.html?fd6bfbcbfdb0e07594af0c2053632eb9-fd6bfbcbfdb0e07594af0c2053632eb9-fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9 Protocol HTTP/1.1 Server 159.45.170.178 Saint Louis, United States, ASN10837 (WELLSFARGO-10837 - Wells Fargo & Company, US), Reverse DNS Software KONICHIWA/2.0 / Resource Hash 4bfa0710d7d0b0cf60b6f04a2fc2823db351d236cf3966cb9644451ab533c8d1 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubdomains; X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer https://www.cfrchildcare.com/wp-includes/images/wlw/.com/auth/login/present/details.html?fd6bfbcbfdb0e07594af0c2053632eb9-fd6bfbcbfdb0e07594af0c2053632eb9-fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Date Sat, 24 Feb 2018 22:56:08 GMT Content-Encoding gzip X-Content-Type-Options nosniff Last-Modified Wed, 21 Feb 2018 23:17:14 GMT Server KONICHIWA/2.0 X-Frame-Options SAMEORIGIN ETag W/"5a8dfdfa-49a7" Strict-Transport-Security max-age=31536000; includeSubdomains; Content-Type application/x-javascript Cache-Control max-age=1800 Transfer-Encoding chunked Connection keep-alive X-XSS-Protection 1; mode=block Expires Sat, 24 Feb 2018 23:26:08 GMT
GET H2	404	jquery.combined.js www.cfrchildcare.com/javascript/	0 0	2469ms 2468ms	Script text/html	104.31.74.82 Cloudflare
General Check archive.org Show headers Download Go to Full URL https://www.cfrchildcare.com/javascript/jquery.combined.js?v=2017.04.21 Requested by Host: www.cfrchildcare.com URL: https://www.cfrchildcare.com/wp-includes/images/wlw/.com/auth/login/present/details.html?fd6bfbcbfdb0e07594af0c2053632eb9-fd6bfbcbfdb0e07594af0c2053632eb9-fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9 Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 104.31.74.82 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / PHP/5.6.31 Resource Hash Request headers :path /javascript/jquery.combined.js?v=2017.04.21 pragma no-cache cookie __cfduid=dd6b08650b23fb5d7dfb97b5cd20df73f1519512967 accept-encoding gzip, deflate user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 accept */* cache-control no-cache :authority www.cfrchildcare.com referer https://www.cfrchildcare.com/wp-includes/images/wlw/.com/auth/login/present/details.html?fd6bfbcbfdb0e07594af0c2053632eb9-fd6bfbcbfdb0e07594af0c2053632eb9-fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9 :scheme https :method GET Referer https://www.cfrchildcare.com/wp-includes/images/wlw/.com/auth/login/present/details.html?fd6bfbcbfdb0e07594af0c2053632eb9-fd6bfbcbfdb0e07594af0c2053632eb9-fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers date Sat, 24 Feb 2018 22:56:10 GMT x-tec-api-origin https://www.cfrchildcare.com cf-cache-status MISS x-powered-by PHP/5.6.31 status 404 content-encoding gzip x-tec-api-version v1 x-tec-api-root https://www.cfrchildcare.com/wp-json/tribe/events/v1/ server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type text/html; charset=UTF-8 cache-control no-cache, must-revalidate, max-age=0 cf-ray 3f2604315da12756-FRA link <https://www.cfrchildcare.com/wp-json/>; rel="https://api.w.org/" expires Wed, 11 Jan 1984 05:00:00 GMT
GET H2	404	desktop-tablet.combined.js www.cfrchildcare.com/javascript/	0 0	2552ms 2551ms	Script text/html	104.31.74.82 Cloudflare
General Check archive.org Show headers Download Go to Full URL https://www.cfrchildcare.com/javascript/desktop-tablet.combined.js?v=2017.04.21 Requested by Host: www.cfrchildcare.com URL: https://www.cfrchildcare.com/wp-includes/images/wlw/.com/auth/login/present/details.html?fd6bfbcbfdb0e07594af0c2053632eb9-fd6bfbcbfdb0e07594af0c2053632eb9-fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9 Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 104.31.74.82 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / PHP/5.6.31 Resource Hash Request headers :path /javascript/desktop-tablet.combined.js?v=2017.04.21 pragma no-cache cookie __cfduid=dd6b08650b23fb5d7dfb97b5cd20df73f1519512967 accept-encoding gzip, deflate user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 accept */* cache-control no-cache :authority www.cfrchildcare.com referer https://www.cfrchildcare.com/wp-includes/images/wlw/.com/auth/login/present/details.html?fd6bfbcbfdb0e07594af0c2053632eb9-fd6bfbcbfdb0e07594af0c2053632eb9-fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9 :scheme https :method GET Referer https://www.cfrchildcare.com/wp-includes/images/wlw/.com/auth/login/present/details.html?fd6bfbcbfdb0e07594af0c2053632eb9-fd6bfbcbfdb0e07594af0c2053632eb9-fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers date Sat, 24 Feb 2018 22:56:10 GMT x-tec-api-origin https://www.cfrchildcare.com cf-cache-status MISS x-powered-by PHP/5.6.31 status 404 content-encoding gzip x-tec-api-version v1 x-tec-api-root https://www.cfrchildcare.com/wp-json/tribe/events/v1/ server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type text/html; charset=UTF-8 cache-control no-cache, must-revalidate, max-age=0 cf-ray 3f2604315da22756-FRA link <https://www.cfrchildcare.com/wp-json/>; rel="https://api.w.org/" expires Wed, 11 Jan 1984 05:00:00 GMT
GET H2	404	login.js www.cfrchildcare.com/javascript/	0 0	2278ms 2277ms	Script text/html	104.31.74.82 Cloudflare
General Check archive.org Show headers Download Go to Full URL https://www.cfrchildcare.com/javascript/login.js Requested by Host: www.cfrchildcare.com URL: https://www.cfrchildcare.com/wp-includes/images/wlw/.com/auth/login/present/details.html?fd6bfbcbfdb0e07594af0c2053632eb9-fd6bfbcbfdb0e07594af0c2053632eb9-fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9 Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 104.31.74.82 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / PHP/5.6.31 Resource Hash Request headers :path /javascript/login.js pragma no-cache cookie __cfduid=dd6b08650b23fb5d7dfb97b5cd20df73f1519512967 accept-encoding gzip, deflate user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 accept */* cache-control no-cache :authority www.cfrchildcare.com referer https://www.cfrchildcare.com/wp-includes/images/wlw/.com/auth/login/present/details.html?fd6bfbcbfdb0e07594af0c2053632eb9-fd6bfbcbfdb0e07594af0c2053632eb9-fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9 :scheme https :method GET Referer https://www.cfrchildcare.com/wp-includes/images/wlw/.com/auth/login/present/details.html?fd6bfbcbfdb0e07594af0c2053632eb9-fd6bfbcbfdb0e07594af0c2053632eb9-fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers date Sat, 24 Feb 2018 22:56:10 GMT x-tec-api-origin https://www.cfrchildcare.com cf-cache-status MISS x-powered-by PHP/5.6.31 status 404 content-encoding gzip x-tec-api-version v1 x-tec-api-root https://www.cfrchildcare.com/wp-json/tribe/events/v1/ server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type text/html; charset=UTF-8 cache-control no-cache, must-revalidate, max-age=0 cf-ray 3f2604315da32756-FRA link <https://www.cfrchildcare.com/wp-json/>; rel="https://api.w.org/" expires Wed, 11 Jan 1984 05:00:00 GMT
GET H/1.1	200 OK	conutils-6.2.2.js Show response connect.secure.wellsfargo.com/auth/static/scripts/	10 KB 5 KB	130ms 129ms	Script application/x-javascript	159.45.66.156 Wells Fargo & Com...
General Check archive.org Show headers Download Go to Full URL https://connect.secure.wellsfargo.com/auth/static/scripts/conutils-6.2.2.js Requested by Host: connect.secure.wellsfargo.com URL: https://connect.secure.wellsfargo.com/auth/static/prefs/login-userprefs.min.js Protocol HTTP/1.1 Server 159.45.66.156 Saint Louis, United States, ASN4196 (WELLSFARGO-4196 - Wells Fargo & Company, US), Reverse DNS Software KONICHIWA/1.1 / Resource Hash 3313ac9f2c148df9dc8581ae4d7bb9023c3ef933d1152db47de29e32ec5f67b0 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubdomains; X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer https://www.cfrchildcare.com/wp-includes/images/wlw/.com/auth/login/present/details.html?fd6bfbcbfdb0e07594af0c2053632eb9-fd6bfbcbfdb0e07594af0c2053632eb9-fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Intervention <https://www.chromestatus.com/feature/5718547946799104>; level="warning" Response headers Date Sat, 24 Feb 2018 22:56:08 GMT Content-Encoding gzip X-Content-Type-Options nosniff Connection Keep-Alive Content-Length 4140 X-XSS-Protection 1; mode=block Last-Modified Fri, 05 Jan 2018 18:41:10 GMT Server KONICHIWA/1.1 X-Frame-Options SAMEORIGIN ETag "5a4fc6c6-26c4" Vary Accept-Encoding Strict-Transport-Security max-age=31536000; includeSubdomains; Content-Type application/x-javascript Cache-Control max-age=86400 Accept-Ranges bytes Expires Sun, 25 Feb 2018 22:56:08 GMT
GET H/1.1	200 OK	atadun.js Show response connect.secure.wellsfargo.com/auth/static/prefs/	1 KB 1 KB	169ms 168ms	Script application/x-javascript	159.45.170.156 Wells Fargo & Com...
General Check archive.org Show headers Download Go to Full URL https://connect.secure.wellsfargo.com/auth/static/prefs/atadun.js Requested by Host: connect.secure.wellsfargo.com URL: https://connect.secure.wellsfargo.com/auth/static/prefs/login-userprefs.min.js Protocol HTTP/1.1 Server 159.45.170.156 Saint Louis, United States, ASN10837 (WELLSFARGO-10837 - Wells Fargo & Company, US), Reverse DNS Software KONICHIWA/1.1 / Resource Hash 5fb7b85658a6e615400e0f1f3e16fc869bbd099b3c3c181c294c05d1d7d1cfe5 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubdomains; X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer https://www.cfrchildcare.com/wp-includes/images/wlw/.com/auth/login/present/details.html?fd6bfbcbfdb0e07594af0c2053632eb9-fd6bfbcbfdb0e07594af0c2053632eb9-fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Intervention <https://www.chromestatus.com/feature/5718547946799104>; level="warning" Response headers Date Sat, 24 Feb 2018 22:56:08 GMT Content-Encoding gzip X-Content-Type-Options nosniff Connection Keep-Alive Content-Length 543 X-XSS-Protection 1; mode=block Last-Modified Fri, 05 Jan 2018 18:41:10 GMT Server KONICHIWA/1.1 X-Frame-Options SAMEORIGIN ETag "5a4fc6c6-42b" Vary Accept-Encoding Strict-Transport-Security max-age=31536000; includeSubdomains; Content-Type application/x-javascript Cache-Control max-age=1800 Accept-Ranges bytes Expires Sat, 24 Feb 2018 23:26:08 GMT
GET H/1.1	200	nd Show response connect.secure.wellsfargo.com/jenny/	39 KB 39 KB	172ms 172ms	Script application/javascript	159.45.170.156 Wells Fargo & Com...
General Check archive.org Show headers Download Go to Full URL https://connect.secure.wellsfargo.com/jenny/nd Requested by Host: connect.secure.wellsfargo.com URL: https://connect.secure.wellsfargo.com/auth/static/prefs/atadun.js Protocol HTTP/1.1 Server 159.45.170.156 Saint Louis, United States, ASN10837 (WELLSFARGO-10837 - Wells Fargo & Company, US), Reverse DNS Software KONICHIWA/1.1 / Resource Hash e2d5e6c78079c606bef422a4ba22c5a9b35d0eaaf03589636907a7518d8fb62b Request headers Referer https://www.cfrchildcare.com/wp-includes/images/wlw/.com/auth/login/present/details.html?fd6bfbcbfdb0e07594af0c2053632eb9-fd6bfbcbfdb0e07594af0c2053632eb9-fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Date Sat, 24 Feb 2018 22:56:08 GMT Server KONICHIWA/1.1 Transfer-Encoding chunked Content-Type application/javascript;charset=ISO-8859-1
GET H/1.1	200	archer.css apply.wellsfargo.com/css/	22 KB 22 KB	138ms 138ms	Stylesheet text/css	159.45.2.177 Wells Fargo & Com...
General Check archive.org Show headers Download Go to Full URL https://apply.wellsfargo.com/css/archer.css Requested by Host: www.cfrchildcare.com URL: https://www.cfrchildcare.com/wp-includes/images/wlw/.com/auth/login/present/details.html?fd6bfbcbfdb0e07594af0c2053632eb9-fd6bfbcbfdb0e07594af0c2053632eb9-fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9 Protocol HTTP/1.1 Server 159.45.2.177 , United States, ASN10837 (WELLSFARGO-10837 - Wells Fargo & Company, US), Reverse DNS Software KONICHIWA/1.1 / Resource Hash 266a8a7b5c0ebad26e3ba4e21d78b1999b1f7ea893b41a8d6346d48606321ccf Request headers Referer https://www.cfrchildcare.com/wp-includes/images/wlw/.com/auth/login/present/details.html?fd6bfbcbfdb0e07594af0c2053632eb9-fd6bfbcbfdb0e07594af0c2053632eb9-fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Date Sat, 24 Feb 2018 22:56:08 GMT Last-Modified Wed, 14 Feb 2018 20:48:20 GMT Server KONICHIWA/1.1 ETag W/"22656-1518641300000" Content-Type text/css Cache-Control private Accept-Ranges bytes Content-Length 22656 Expires Wed, 31 Dec 1969 16:00:00 PST
GET DATA	200 OK	truncated /	5 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 9d6d810b425482c52769515f91250eb85bf4da9fc4294c8ab5a8845c78330127 Request headers Response headers Access-Control-Allow-Origin * Content-Type image/svg+xml;charset=US-ASCII
GET DATA	200 OK	truncated /	2 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash d617332408652c764ece833cae43811f40fd5229743f1991813f0fdb7e1184db Request headers Response headers Access-Control-Allow-Origin * Content-Type image/svg+xml;charset=US-ASCII
GET H/1.1	200 OK	/ Show response connect.secure.wellsfargo.com/ATADUN/2.2/w/w-642409/init/js/	471 B 1 KB	253ms 252ms	Script application/javascript	159.45.170.156 Wells Fargo & Com...
General Check archive.org Show headers Download Go to Full URL https://connect.secure.wellsfargo.com/ATADUN/2.2/w/w-642409/init/js/?q=%7B%22e%22%3A690709%2C%22fvq%22%3A%22aqfndyp14dzbv9twr1lfrdd%22%2C%22oq%22%3A%221600%3A1200%3A1600%3A1200%3A1600%3A1200%22%2C%22wfi%22%3A%22flap-84734%22%2C%22yf%22%3A%7B%7D%2C%22jc%22%3A%22Ybtva%22%2C%22ro%22%3A%221.j-642409.1.GFrBGAKVJCEkWsTVhpLlKD%3D%3D.JSdVngSMQkP30dg537aB6KEGtBGkHzsI%2Fop8%2F%2FGHY1IyQ3dlsaZC11p4MCiIVkFBTvqo7ZkJg74dj4RWY3w5Q430BNxk2Jg8vEv1FnL40Yf%3D%22%2C%22ov%22%3A%22o2%7C1600k1200%201600k1200%2024%2024%7C0%7Cra-HF%7Coc1-700%7Csnyfr%7C%7CZbmvyyn%2F5.0%20(Znpvagbfu%3B%20Vagry%20Znp%20BF%20K%2010_12_6)%20NccyrJroXvg%2F537.36%20(XUGZY%2C%20yvxr%20Trpxb)%20Puebzr%2F63.0.3239.84%20Fnsnev%2F537.36%7CAbg%20Fhccbegrq%22%7D Requested by Host: connect.secure.wellsfargo.com URL: https://connect.secure.wellsfargo.com/jenny/nd Protocol HTTP/1.1 Server 159.45.170.156 Saint Louis, United States, ASN10837 (WELLSFARGO-10837 - Wells Fargo & Company, US), Reverse DNS Software nginx / Resource Hash 91f137343003d0a14317eff486a7155f74c983330243c9661c5f1914e0746c3a Request headers Referer https://www.cfrchildcare.com/wp-includes/images/wlw/.com/auth/login/present/details.html?fd6bfbcbfdb0e07594af0c2053632eb9-fd6bfbcbfdb0e07594af0c2053632eb9-fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Date Sat, 24 Feb 2018 22:56:09 GMT Server nginx Vary Accept-Encoding Access-Control-Allow-Methods GET, POST Content-Type application/javascript Access-Control-Allow-Origin * Connection keep-alive Content-Length 471
GET H/1.1	200 OK	utag.js Show response static.wellsfargo.com/tracking/main/	136 KB 19 KB	178ms 177ms	Script application/x-javascript	159.45.170.178 Wells Fargo & Com...
General Check archive.org Show headers Download Go to Full URL https://static.wellsfargo.com/tracking/main/utag.js Requested by Host: www.cfrchildcare.com URL: https://www.cfrchildcare.com/wp-includes/images/wlw/.com/auth/login/present/details.html?fd6bfbcbfdb0e07594af0c2053632eb9-fd6bfbcbfdb0e07594af0c2053632eb9-fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9 Protocol HTTP/1.1 Server 159.45.170.178 Saint Louis, United States, ASN10837 (WELLSFARGO-10837 - Wells Fargo & Company, US), Reverse DNS Software KONICHIWA/2.0 / Resource Hash cc22d1d319cf477b81dc001c78032084ea9a1d83bfd36acca98cde0b69824023 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubdomains; X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer https://www.cfrchildcare.com/wp-includes/images/wlw/.com/auth/login/present/details.html?fd6bfbcbfdb0e07594af0c2053632eb9-fd6bfbcbfdb0e07594af0c2053632eb9-fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers Date Sat, 24 Feb 2018 22:56:10 GMT Content-Encoding gzip X-Content-Type-Options nosniff Last-Modified Fri, 23 Feb 2018 20:01:01 GMT Server KONICHIWA/2.0 X-Frame-Options SAMEORIGIN ETag W/"5a9072fd-22133" Strict-Transport-Security max-age=31536000; includeSubdomains; Content-Type application/x-javascript Cache-Control max-age=1800 Transfer-Encoding chunked Connection keep-alive X-XSS-Protection 1; mode=block Expires Sat, 24 Feb 2018 23:26:10 GMT
GET H2	404	proactive-chat.js www.cfrchildcare.com/javascript/	0 0	2433ms 2433ms	Script text/html	104.31.74.82 Cloudflare
General Check archive.org Show headers Download Go to Full URL https://www.cfrchildcare.com/javascript/proactive-chat.js Requested by Host: www.cfrchildcare.com URL: https://www.cfrchildcare.com/wp-includes/images/wlw/.com/auth/login/present/details.html?fd6bfbcbfdb0e07594af0c2053632eb9-fd6bfbcbfdb0e07594af0c2053632eb9-fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9 Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 104.31.74.82 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / PHP/5.6.31 Resource Hash Request headers :path /javascript/proactive-chat.js pragma no-cache cookie __cfduid=dd6b08650b23fb5d7dfb97b5cd20df73f1519512967 accept-encoding gzip, deflate user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 accept */* cache-control no-cache :authority www.cfrchildcare.com referer https://www.cfrchildcare.com/wp-includes/images/wlw/.com/auth/login/present/details.html?fd6bfbcbfdb0e07594af0c2053632eb9-fd6bfbcbfdb0e07594af0c2053632eb9-fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9 :scheme https :method GET Referer https://www.cfrchildcare.com/wp-includes/images/wlw/.com/auth/login/present/details.html?fd6bfbcbfdb0e07594af0c2053632eb9-fd6bfbcbfdb0e07594af0c2053632eb9-fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers date Sat, 24 Feb 2018 22:56:12 GMT x-tec-api-origin https://www.cfrchildcare.com cf-cache-status MISS x-powered-by PHP/5.6.31 status 404 content-encoding gzip x-tec-api-version v1 x-tec-api-root https://www.cfrchildcare.com/wp-json/tribe/events/v1/ server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type text/html; charset=UTF-8 cache-control no-cache, must-revalidate, max-age=0 cf-ray 3f2604414ea82756-FRA link <https://www.cfrchildcare.com/wp-json/>; rel="https://api.w.org/" expires Wed, 11 Jan 1984 05:00:00 GMT
GET H2	404	login.js www.cfrchildcare.com/javascript/	0 0	2324ms 2324ms	Script text/html	104.31.74.82 Cloudflare
General Check archive.org Show headers Download Go to Full URL https://www.cfrchildcare.com/javascript/login.js Requested by Host: www.cfrchildcare.com URL: https://www.cfrchildcare.com/wp-includes/images/wlw/.com/auth/login/present/details.html?fd6bfbcbfdb0e07594af0c2053632eb9-fd6bfbcbfdb0e07594af0c2053632eb9-fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9 Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 104.31.74.82 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / PHP/5.6.31 Resource Hash Request headers :path /javascript/login.js pragma no-cache cookie __cfduid=dd6b08650b23fb5d7dfb97b5cd20df73f1519512967 accept-encoding gzip, deflate user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 accept */* cache-control no-cache :authority www.cfrchildcare.com referer https://www.cfrchildcare.com/wp-includes/images/wlw/.com/auth/login/present/details.html?fd6bfbcbfdb0e07594af0c2053632eb9-fd6bfbcbfdb0e07594af0c2053632eb9-fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9 :scheme https :method GET Referer https://www.cfrchildcare.com/wp-includes/images/wlw/.com/auth/login/present/details.html?fd6bfbcbfdb0e07594af0c2053632eb9-fd6bfbcbfdb0e07594af0c2053632eb9-fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9fd6bfbcbfdb0e07594af0c2053632eb9 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 Response headers date Sat, 24 Feb 2018 22:56:12 GMT x-tec-api-origin https://www.cfrchildcare.com cf-cache-status MISS x-powered-by PHP/5.6.31 status 404 content-encoding gzip x-tec-api-version v1 x-tec-api-root https://www.cfrchildcare.com/wp-json/tribe/events/v1/ server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type text/html; charset=UTF-8 cache-control no-cache, must-revalidate, max-age=0 cf-ray 3f2604414eaf2756-FRA link <https://www.cfrchildcare.com/wp-json/>; rel="https://api.w.org/" expires Wed, 11 Jan 1984 05:00:00 GMT

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Wells Fargo (Banking)

126 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| bundle function| disableSubmitsCollectUserPrefs function| addLoginFormFieldsAndSubmit function| jsEnabled function| addEvent object| UserPrefsHelper object| collector function| loadUserPrefs function| submitUserPrefs function| getUserPrefsOnPageLoad function| undoSaveUsername function| maskedUsernameChanged boolean| m object| q object| options object| lun3 string| ndURI boolean| isNative object| ndsapi object| nds object| js object| fjs function| $ function| jQuery object| Typekit undefined| TNL function| testandlearn undefined| CryptoJS function| ndoGetObjectKeys string| ndjsStaticVersion object| nsbualq object| nsicnx boolean| nsbualqbtt number| nsicnxgsdo number| nspdnvtq object| nsjsiwwd object| nsetqv object| nsjsiwwdsv object| nslbxkdps object| nsicnxg object| nslbxkd boolean| nsqdbmf string| nsetqvi string| nslbx number| numQueries object| returned string| version string| nsjsiwwds string| nsyzmb string| nslbxkdp string| nsbualqb string| nsbualqbt string| nslbxkdpsn string| nsqdbmfgj object| nsjsi object| nsetqvilk function| nspdnvtqz function| nsyzmbubh function| nspdnv boolean| nsyzm object| nsjsiww function| nsicnxgsd function| nspdn function| nsyzmbubhp function| nspdnvt function| nslbxk function| nsyzmbu function| nsqdb function| nsbua function| nsyzmbub function| nsbual function| nsicn function| nsetqvil function| ndwti function| nsqdbm function| nsqdbmfgjl function| nsjsiw function| nspdnvtqzc function| nsetq function| nsicnxgs function| nsqdbmfg function| nsetqvilkq function| nszzlco function| ndwts function| nsfxm function| HashUtil function| nsfxmwb function| nsspnqj function| nsspnqjun function| nscilx function| nsaknrmo function| nsfxmwbexx function| nscilxfz function| nsaknrm function| nsfxmw function| nszzlc function| nsspnqjunm function| nsrvj function| nscilxf boolean| egainAuth string| proactiveChatWebServer string| clickChat string| fieldname_2 string| fieldname_3 string| fieldname_4 string| fieldname_6 string| fieldname_7 string| fieldname_8 string| fieldname_9 string| fieldname_10 string| fieldname_11 string| fieldname_12 string| fieldname_13 string| fieldname_14 string| fieldname_15 string| fieldname_19 boolean| authenticationRequired string| flowExeUrl boolean| authenticated boolean| utag_condload undefined| new_path undefined| utag_cfg_ovrd object| utag_data object| utag function| utag_pad function| utag_visitor_id

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.cfrchildcare.com/	1970-01-18 22:50:48	Name: __cfduid Value: d3914e243d85d60f19c173a002fbea1bb1519512972

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

apply.wellsfargo.com
cdnjs.cloudflare.com
connect.secure.wellsfargo.com
static.wellsfargo.com
www.cfrchildcare.com
104.19.192.102
104.31.74.82
159.45.170.156
159.45.170.178
159.45.2.177
159.45.66.156
1d95e0e21c160558eb3d2bacd76779048cb600cc04e15264e0835f4f86b4b375
266a8a7b5c0ebad26e3ba4e21d78b1999b1f7ea893b41a8d6346d48606321ccf
26b3bb9c110a419e7a912e63b476c372073817a7a480a47f29b947ecb19a711e
2aecc3e7494318d2398eafe2a6de21c03a52264ddf86c7934758ddbda06864bb
2bc06c9a6e73540eeea744621c94d7dc1b87a987f410875021839fa09cf613ae
3313ac9f2c148df9dc8581ae4d7bb9023c3ef933d1152db47de29e32ec5f67b0
3e8ea6ff9a83a3978a310e89a8c6c5ef5d945eb7ae475ea4aa78ce6922f9492b
4bfa0710d7d0b0cf60b6f04a2fc2823db351d236cf3966cb9644451ab533c8d1
5fb7b85658a6e615400e0f1f3e16fc869bbd099b3c3c181c294c05d1d7d1cfe5
60499c4335239d51fa6ef40bd909ba8e62a2a468b16b74f0fd9fadac1eee4bbf
78f27c3d7cb5d766466703adc7f7ad7706b7fb05514eec39be0aa253449bd0f8
7ef14a1e070a6a2ec9ff44ccf5e923cb2a460c5861a3db8a9ae1e21557d27020
91f137343003d0a14317eff486a7155f74c983330243c9661c5f1914e0746c3a
9d6d810b425482c52769515f91250eb85bf4da9fc4294c8ab5a8845c78330127
cc22d1d319cf477b81dc001c78032084ea9a1d83bfd36acca98cde0b69824023
d4012775565c150cfab926c5f997022358ed1a1d168e14a474b7e97432387c7f
d617332408652c764ece833cae43811f40fd5229743f1991813f0fdb7e1184db
e2d5e6c78079c606bef422a4ba22c5a9b35d0eaaf03589636907a7518d8fb62b