a.acadianafriends.com Open in urlscan Pro
143.95.32.194  Malicious Activity! Public Scan

URL: http://a.acadianafriends.com/wachwel/wsalertin/Answers.php
Submission: On April 05 via automatic, source openphish

Summary

This website contacted 6 IPs in 3 countries across 4 domains to perform 21 HTTP transactions. The main IP is 143.95.32.194, located in Los Angeles, United States and belongs to COLO4-CO - Colo4, LLC, US. The main domain is a.acadianafriends.com.
This is the only time a.acadianafriends.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Wells Fargo (Banking)

Domain & IP information

IP Address AS Autonomous System
1 143.95.32.194 36024 (COLO4-CO)
12 159.45.2.154 10837 (WELLSFARG...)
1 2.16.100.155 20940 (AKAMAI-ASN1)
4 2.16.100.138 20940 (AKAMAI-ASN1)
1 63.215.202.68 ()
2 159.45.2.145 10837 (WELLSFARG...)
21 6
Domain Requested by
12 online.wellsfargo.com a.acadianafriends.com
5 a248.e.akamai.net a.acadianafriends.com
2 www.wellsfargo.com
1 adfarm.mediaplex.com a.acadianafriends.com
1 a.acadianafriends.com
21 5

This site contains links to these domains. Also see Links.

Domain
www.wellsfargo.com
online.wellsfargo.com
Subject Issuer Validity Valid
online.wellsfargo.com
Symantec Class 3 Secure Server CA - G4
2016-10-28 -
2018-10-29
2 years crt.sh
a248.e.akamai.net
Symantec Class 3 ECC 256 bit SSL CA - G2
2016-07-28 -
2017-07-28
a year crt.sh
www.wellsfargo.com
Symantec Class 3 Secure Server CA - G4
2017-01-31 -
2019-02-01
2 years crt.sh

This page contains 1 frames:

Primary Page: http://a.acadianafriends.com/wachwel/wsalertin/Answers.php
Frame ID: 25846.1
Requests: 21 HTTP requests in this frame

Screenshot


Page Statistics

21
Requests

90 %
HTTPS

0 %
IPv6

4
Domains

5
Subdomains

6
IPs

3
Countries

31 kB
Transfer

106 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request 17
  • http://ams-login.dotomi.com/commonid/match?rurl=http%3A%2F%2Fadfarm.mediaplex.com%2Fad%2Fbk%2F994-1668-2054-5%3Fmpu_token%3DAAAFvntUCLc56wAFCY46AAAAAAA%26COL01STO%3D1%26Unique_ID%3DO08232011093120-...
  • http://adfarm.mediaplex.com/ad/bk/994-1668-2054-5?mpu_token=AAAFvntUCLc56wAFCY46AAAAAAA&COL01STO=1&Unique_ID=O08232011093120-584310638&status=0

21 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request Answers.php
a.acadianafriends.com/wachwel/wsalertin/
13 KB
3 KB
Document
General
Full URL
http://a.acadianafriends.com/wachwel/wsalertin/Answers.php
Protocol
HTTP/1.1
Server
143.95.32.194 Los Angeles, United States, ASN36024 (COLO4-CO - Colo4, LLC, US),
Reverse DNS
ip-143-95-32-194.iplocal
Software
nginx /
Resource Hash
dfba1d365b3fd421bab412bec6601486ab8826608ef5db8099fd7d7c8b1b3ddd

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate, sdch
Host
a.acadianafriends.com
Accept-Language
en-US,en;q=0.8
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Cache-Control
no-cache
Connection
keep-alive
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36

Response headers

Date
Wed, 05 Apr 2017 06:34:07 GMT
ngpass_ngall
1
Server
nginx
Connection
close
Content-Encoding
gzip
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
Cookie set WEBstyle.css
online.wellsfargo.com/das/common/styles/
34 KB
6 KB
Stylesheet
General
Full URL
https://online.wellsfargo.com/das/common/styles/WEBstyle.css
Requested by
Host: a.acadianafriends.com
URL: http://a.acadianafriends.com/wachwel/wsalertin/Answers.php
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
159.45.2.154 Charlotte, United States, ASN10837 (WELLSFARGO-10837 - Wells Fargo & Company, US),
Reverse DNS
online.wellsfargo.com
Software
KONICHIWA/2.0 /
Resource Hash
790c913cabd779177bd1afe15b75f2756eb285c9f07e7c2d86744a63f1abac60

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate, sdch, br
Host
online.wellsfargo.com
Accept-Language
en-US,en;q=0.8
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36
Accept
text/css,*/*;q=0.1
Referer
http://a.acadianafriends.com/wachwel/wsalertin/Answers.php
Connection
keep-alive
Cache-Control
no-cache
Referer
http://a.acadianafriends.com/wachwel/wsalertin/Answers.php
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36

Response headers

Date
Wed, 05 Apr 2017 06:34:08 GMT
Content-encoding
gzip
Vary
accept-encoding
Last-modified
Mon, 20 Mar 2017 03:24:27 GMT
Server
KONICHIWA/2.0
Etag
W/"89bc-58cf4b6b"
Transfer-encoding
chunked
Content-type
text/css
Set-Cookie
ISD_WIB_COOKIE=!dOhZS5BJFMt2e+yUly+cCoZsX3Favsi2G1zAZtmX4bsBHwlU538vTLZIZsWxULy6szUlspkYJNsDFHI=; path=/
Cookie set WEBWIB.css
online.wellsfargo.com/das/common/styles/
4 KB
1 KB
Stylesheet
General
Full URL
https://online.wellsfargo.com/das/common/styles/WEBWIB.css
Requested by
Host: a.acadianafriends.com
URL: http://a.acadianafriends.com/wachwel/wsalertin/Answers.php
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
159.45.2.154 Charlotte, United States, ASN10837 (WELLSFARGO-10837 - Wells Fargo & Company, US),
Reverse DNS
online.wellsfargo.com
Software
KONICHIWA/2.0 /
Resource Hash
cdc8616f05021a94ecffcbd19d67cda715ba4b93a8ccbf5acac02d25e642bdfd

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate, sdch, br
Host
online.wellsfargo.com
Accept-Language
en-US,en;q=0.8
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36
Accept
text/css,*/*;q=0.1
Referer
http://a.acadianafriends.com/wachwel/wsalertin/Answers.php
Connection
keep-alive
Cache-Control
no-cache
Referer
http://a.acadianafriends.com/wachwel/wsalertin/Answers.php
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36

Response headers

Date
Wed, 05 Apr 2017 06:34:08 GMT
Content-encoding
gzip
Vary
accept-encoding
Last-modified
Mon, 20 Mar 2017 03:24:27 GMT
Server
KONICHIWA/2.0
Etag
W/"115b-58cf4b6b"
Transfer-encoding
chunked
Content-type
text/css
Set-Cookie
ISD_WIB_COOKIE=!maaRhcleMGz7r6KUly+cCoZsX3FavmQtcM+oTbvABb5trkZUDtSqEA4ETgo4kzhj8yKNWSVCflkWDO4=; path=/
Cookie set wfwiblib.js
online.wellsfargo.com/das/common/scripts/
30 KB
7 KB
Script
General
Full URL
https://online.wellsfargo.com/das/common/scripts/wfwiblib.js
Requested by
Host: a.acadianafriends.com
URL: http://a.acadianafriends.com/wachwel/wsalertin/Answers.php
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
159.45.2.154 Charlotte, United States, ASN10837 (WELLSFARGO-10837 - Wells Fargo & Company, US),
Reverse DNS
online.wellsfargo.com
Software
KONICHIWA/2.0 /
Resource Hash
6a60586980d51d5c93f661e7eaf9382ec327185fd1cc5a6722a5cd9a79d6db0e

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate, sdch, br
Host
online.wellsfargo.com
Accept-Language
en-US,en;q=0.8
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36
Accept
*/*
Referer
http://a.acadianafriends.com/wachwel/wsalertin/Answers.php
Connection
keep-alive
Cache-Control
no-cache
Referer
http://a.acadianafriends.com/wachwel/wsalertin/Answers.php
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36

Response headers

Date
Wed, 05 Apr 2017 06:34:08 GMT
Content-encoding
gzip
Vary
accept-encoding
Last-modified
Mon, 20 Mar 2017 03:24:31 GMT
Server
KONICHIWA/2.0
Etag
W/"79d5-58cf4b6f"
Transfer-encoding
chunked
Content-type
application/x-javascript
Set-Cookie
ISD_WIB_COOKIE=!tqGWKVldBdM8QGx0yTeKMaSxlFERkDR/Yhqtq2dBy3+YFzxPc5+CWh+/MdgOBX+9678a5NkB1J0XK2w=; path=/
WEBprint.css
online.wellsfargo.com/das/common/styles/
14 KB
3 KB
Stylesheet
General
Full URL
https://online.wellsfargo.com/das/common/styles/WEBprint.css
Requested by
Host: a.acadianafriends.com
URL: http://a.acadianafriends.com/wachwel/wsalertin/Answers.php
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
159.45.2.154 Charlotte, United States, ASN10837 (WELLSFARGO-10837 - Wells Fargo & Company, US),
Reverse DNS
online.wellsfargo.com
Software
KONICHIWA/2.0 /
Resource Hash
ece73a36b57e049172f6bee9ac55ab6a5a75850c3b707ccf52846b5a92577f7b

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate, sdch, br
Host
online.wellsfargo.com
Accept-Language
en-US,en;q=0.8
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36
Accept
text/css,*/*;q=0.1
Referer
http://a.acadianafriends.com/wachwel/wsalertin/Answers.php
Cookie
ISD_WIB_COOKIE=!tqGWKVldBdM8QGx0yTeKMaSxlFERkDR/Yhqtq2dBy3+YFzxPc5+CWh+/MdgOBX+9678a5NkB1J0XK2w=
Connection
keep-alive
Cache-Control
no-cache
Referer
http://a.acadianafriends.com/wachwel/wsalertin/Answers.php
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36

Response headers

Date
Wed, 05 Apr 2017 06:34:08 GMT
Content-encoding
gzip
Vary
accept-encoding
Last-modified
Mon, 20 Mar 2017 03:24:27 GMT
Server
KONICHIWA/2.0
Etag
W/"3696-58cf4b6b"
Transfer-encoding
chunked
Content-type
text/css
logo_62sq.gif
a248.e.akamai.net/7/248/3608/bb61162e7a787f/online.wellsfargo.com/das/common/images/
616 B
616 B
Image
General
Full URL
https://a248.e.akamai.net/7/248/3608/bb61162e7a787f/online.wellsfargo.com/das/common/images/logo_62sq.gif
Requested by
Host: a.acadianafriends.com
URL: http://a.acadianafriends.com/wachwel/wsalertin/Answers.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2.16.100.155 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a2-16-100-155.deploy.akamaitechnologies.com
Software
KONICHIWA/2.0 /
Resource Hash
ebf4a535fa6a88962621940e780ca0cd6707b6cdaed59f469f0aeada311d09d1

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate, sdch, br
Host
a248.e.akamai.net
Accept-Language
en-US,en;q=0.8
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36
Accept
image/webp,image/*,*/*;q=0.8
Referer
http://a.acadianafriends.com/wachwel/wsalertin/Answers.php
Connection
keep-alive
Cache-Control
no-cache
Referer
http://a.acadianafriends.com/wachwel/wsalertin/Answers.php
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36

Response headers

Date
Wed, 05 Apr 2017 06:34:08 GMT
Last-Modified
Mon, 19 Dec 2016 07:01:09 GMT
Server
KONICHIWA/2.0
ETag
"268-585785b5"
Content-Type
image/gif
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
616
coach.gif
a248.e.akamai.net/7/248/3608/53845d4a1846e7/online.wellsfargo.com/das/common/images/
4 KB
4 KB
Image
General
Full URL
https://a248.e.akamai.net/7/248/3608/53845d4a1846e7/online.wellsfargo.com/das/common/images/coach.gif
Requested by
Host: a.acadianafriends.com
URL: http://a.acadianafriends.com/wachwel/wsalertin/Answers.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2.16.100.138 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a2-16-100-138.deploy.akamaitechnologies.com
Software
KONICHIWA/2.0 /
Resource Hash
4d2ef55ea9a3fd9a2e096d9cb6fcfe5d4b102de152c8799c55d31c43ee9d35e0

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate, sdch, br
Host
a248.e.akamai.net
Accept-Language
en-US,en;q=0.8
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36
Accept
image/webp,image/*,*/*;q=0.8
Referer
http://a.acadianafriends.com/wachwel/wsalertin/Answers.php
Connection
keep-alive
Cache-Control
no-cache
Referer
http://a.acadianafriends.com/wachwel/wsalertin/Answers.php
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36

Response headers

Date
Wed, 05 Apr 2017 06:34:08 GMT
Last-Modified
Mon, 19 Dec 2016 07:01:49 GMT
Server
KONICHIWA/2.0
ETag
"f8d-585785dd"
Content-Type
image/gif
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
3981
shim.gif
a248.e.akamai.net/7/248/3608/1d8352905f2c38/online.wellsfargo.com/das/common/images/
43 B
43 B
Image
General
Full URL
https://a248.e.akamai.net/7/248/3608/1d8352905f2c38/online.wellsfargo.com/das/common/images/shim.gif
Requested by
Host: a.acadianafriends.com
URL: http://a.acadianafriends.com/wachwel/wsalertin/Answers.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2.16.100.138 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a2-16-100-138.deploy.akamaitechnologies.com
Software
KONICHIWA/2.0 /
Resource Hash
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate, sdch, br
Host
a248.e.akamai.net
Accept-Language
en-US,en;q=0.8
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36
Accept
image/webp,image/*,*/*;q=0.8
Referer
http://a.acadianafriends.com/wachwel/wsalertin/Answers.php
Connection
keep-alive
Cache-Control
no-cache
Referer
http://a.acadianafriends.com/wachwel/wsalertin/Answers.php
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36

Response headers

Date
Wed, 05 Apr 2017 06:34:08 GMT
Last-Modified
Mon, 19 Dec 2016 07:01:47 GMT
Server
KONICHIWA/2.0
ETag
"2b-585785db"
Content-Type
image/gif
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
al_search_btn.gif
a248.e.akamai.net/7/248/3608/99050a7dbe666d/online.wellsfargo.com/das/common/images/
285 B
285 B
Image
General
Full URL
https://a248.e.akamai.net/7/248/3608/99050a7dbe666d/online.wellsfargo.com/das/common/images/al_search_btn.gif
Requested by
Host: a.acadianafriends.com
URL: http://a.acadianafriends.com/wachwel/wsalertin/Answers.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2.16.100.138 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a2-16-100-138.deploy.akamaitechnologies.com
Software
KONICHIWA/2.0 /
Resource Hash
e05a15dad724ea72ab77012792e4fada1164176f39ab2c0fee9a46dae5996c87

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate, sdch, br
Host
a248.e.akamai.net
Accept-Language
en-US,en;q=0.8
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36
Accept
image/webp,image/*,*/*;q=0.8
Referer
http://a.acadianafriends.com/wachwel/wsalertin/Answers.php
Connection
keep-alive
Cache-Control
no-cache
Referer
http://a.acadianafriends.com/wachwel/wsalertin/Answers.php
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36

Response headers

Date
Wed, 05 Apr 2017 06:34:08 GMT
Last-Modified
Mon, 19 Dec 2016 07:01:56 GMT
Server
KONICHIWA/2.0
ETag
"11d-585785e4"
Content-Type
image/gif
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
285
shim.gif
a248.e.akamai.net/7/248/3608/1d8352905f2c38/online.wellsfargo.com/common/images/
43 B
43 B
Image
General
Full URL
https://a248.e.akamai.net/7/248/3608/1d8352905f2c38/online.wellsfargo.com/common/images/shim.gif
Requested by
Host: a.acadianafriends.com
URL: http://a.acadianafriends.com/wachwel/wsalertin/Answers.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2.16.100.138 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a2-16-100-138.deploy.akamaitechnologies.com
Software
KONICHIWA/2.0 /
Resource Hash
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate, sdch, br
Host
a248.e.akamai.net
Accept-Language
en-US,en;q=0.8
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36
Accept
image/webp,image/*,*/*;q=0.8
Referer
http://a.acadianafriends.com/wachwel/wsalertin/Answers.php
Connection
keep-alive
Cache-Control
no-cache
Referer
http://a.acadianafriends.com/wachwel/wsalertin/Answers.php
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36

Response headers

Date
Wed, 05 Apr 2017 06:34:08 GMT
Last-Modified
Mon, 19 Dec 2016 07:01:47 GMT
Server
KONICHIWA/2.0
ETag
"2b-585785db"
Content-Type
image/gif
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
mediaplexROI.js
online.wellsfargo.com/das/common/scripts/
695 B
388 B
Script
General
Full URL
https://online.wellsfargo.com/das/common/scripts/mediaplexROI.js
Requested by
Host: a.acadianafriends.com
URL: http://a.acadianafriends.com/wachwel/wsalertin/Answers.php
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
159.45.2.154 Charlotte, United States, ASN10837 (WELLSFARGO-10837 - Wells Fargo & Company, US),
Reverse DNS
online.wellsfargo.com
Software
KONICHIWA/2.0 /
Resource Hash
ed4df624fab7fcc7f6a125df65b9effd932df3f5c3c0f731947e80bcefae93ce

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate, sdch, br
Host
online.wellsfargo.com
Accept-Language
en-US,en;q=0.8
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36
Accept
*/*
Referer
http://a.acadianafriends.com/wachwel/wsalertin/Answers.php
Cookie
ISD_WIB_COOKIE=!dOhZS5BJFMt2e+yUly+cCoZsX3Favsi2G1zAZtmX4bsBHwlU538vTLZIZsWxULy6szUlspkYJNsDFHI=
Connection
keep-alive
Cache-Control
no-cache
Referer
http://a.acadianafriends.com/wachwel/wsalertin/Answers.php
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36

Response headers

Date
Wed, 05 Apr 2017 06:34:08 GMT
Content-encoding
gzip
Vary
accept-encoding
Last-modified
Mon, 20 Mar 2017 03:24:31 GMT
Server
KONICHIWA/2.0
Etag
W/"2b7-58cf4b6f"
Transfer-encoding
chunked
Content-type
application/x-javascript
grey_pix.gif
online.wellsfargo.com/das/common/styles/images/
43 B
43 B
Image
General
Full URL
https://online.wellsfargo.com/das/common/styles/images/grey_pix.gif
Requested by
Host: a.acadianafriends.com
URL: http://a.acadianafriends.com/wachwel/wsalertin/Answers.php
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
159.45.2.154 Charlotte, United States, ASN10837 (WELLSFARGO-10837 - Wells Fargo & Company, US),
Reverse DNS
online.wellsfargo.com
Software
KONICHIWA/2.0 /
Resource Hash
bfd21dab62097e79d0a8736b29a340243e73d1472d427742117cd299f64461ee

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate, sdch, br
Host
online.wellsfargo.com
Accept-Language
en-US,en;q=0.8
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36
Accept
image/webp,image/*,*/*;q=0.8
Referer
https://online.wellsfargo.com/das/common/styles/WEBstyle.css
Cookie
ISD_WIB_COOKIE=!tqGWKVldBdM8QGx0yTeKMaSxlFERkDR/Yhqtq2dBy3+YFzxPc5+CWh+/MdgOBX+9678a5NkB1J0XK2w=
Connection
keep-alive
Cache-Control
no-cache
Referer
https://online.wellsfargo.com/das/common/styles/WEBstyle.css
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36

Response headers

Date
Wed, 05 Apr 2017 06:34:08 GMT
Last-modified
Mon, 19 Dec 2016 06:59:34 GMT
Server
KONICHIWA/2.0
Accept-ranges
bytes
Etag
"2b-58578556"
Content-length
43
Content-type
image/gif
htab_right_off.gif
online.wellsfargo.com/das/common/styles/images/
1000 B
1000 B
Image
General
Full URL
https://online.wellsfargo.com/das/common/styles/images/htab_right_off.gif
Requested by
Host: a.acadianafriends.com
URL: http://a.acadianafriends.com/wachwel/wsalertin/Answers.php
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
159.45.2.154 Charlotte, United States, ASN10837 (WELLSFARGO-10837 - Wells Fargo & Company, US),
Reverse DNS
online.wellsfargo.com
Software
KONICHIWA/2.0 /
Resource Hash
fd6f21e59b5346e23e7aa148fe87a4c8251d0f3cbcd50a8691fd1c49c37de61d

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate, sdch, br
Host
online.wellsfargo.com
Accept-Language
en-US,en;q=0.8
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36
Accept
image/webp,image/*,*/*;q=0.8
Referer
https://online.wellsfargo.com/das/common/styles/WEBstyle.css
Cookie
ISD_WIB_COOKIE=!tqGWKVldBdM8QGx0yTeKMaSxlFERkDR/Yhqtq2dBy3+YFzxPc5+CWh+/MdgOBX+9678a5NkB1J0XK2w=
Connection
keep-alive
Cache-Control
no-cache
Referer
https://online.wellsfargo.com/das/common/styles/WEBstyle.css
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36

Response headers

Date
Wed, 05 Apr 2017 06:34:08 GMT
Last-modified
Mon, 19 Dec 2016 06:59:33 GMT
Server
KONICHIWA/2.0
Accept-ranges
bytes
Etag
"3e8-58578555"
Content-length
1000
Content-type
image/gif
h_tab_left_off.gif
online.wellsfargo.com/das/common/styles/images/
101 B
101 B
Image
General
Full URL
https://online.wellsfargo.com/das/common/styles/images/h_tab_left_off.gif
Requested by
Host: a.acadianafriends.com
URL: http://a.acadianafriends.com/wachwel/wsalertin/Answers.php
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
159.45.2.154 Charlotte, United States, ASN10837 (WELLSFARGO-10837 - Wells Fargo & Company, US),
Reverse DNS
online.wellsfargo.com
Software
KONICHIWA/2.0 /
Resource Hash
e17000dc9e986afa8978aebe8bdb8585931771a7a9cec6a03f40e4fd32df06f8

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate, sdch, br
Host
online.wellsfargo.com
Accept-Language
en-US,en;q=0.8
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36
Accept
image/webp,image/*,*/*;q=0.8
Referer
https://online.wellsfargo.com/das/common/styles/WEBstyle.css
Cookie
ISD_WIB_COOKIE=!tqGWKVldBdM8QGx0yTeKMaSxlFERkDR/Yhqtq2dBy3+YFzxPc5+CWh+/MdgOBX+9678a5NkB1J0XK2w=
Connection
keep-alive
Cache-Control
no-cache
Referer
https://online.wellsfargo.com/das/common/styles/WEBstyle.css
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36

Response headers

Date
Wed, 05 Apr 2017 06:34:08 GMT
Last-modified
Mon, 19 Dec 2016 06:59:41 GMT
Server
KONICHIWA/2.0
Accept-ranges
bytes
Etag
"65-5857855d"
Content-length
101
Content-type
image/gif
lower_tabs_off.gif
online.wellsfargo.com/das/common/styles/images/
201 B
201 B
Image
General
Full URL
https://online.wellsfargo.com/das/common/styles/images/lower_tabs_off.gif
Requested by
Host: a.acadianafriends.com
URL: http://a.acadianafriends.com/wachwel/wsalertin/Answers.php
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
159.45.2.154 Charlotte, United States, ASN10837 (WELLSFARGO-10837 - Wells Fargo & Company, US),
Reverse DNS
online.wellsfargo.com
Software
KONICHIWA/2.0 /
Resource Hash
c39bb1586b66fbd80c77b5859f8237045828cac4efa533603457a0540338d520

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate, sdch, br
Host
online.wellsfargo.com
Accept-Language
en-US,en;q=0.8
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36
Accept
image/webp,image/*,*/*;q=0.8
Referer
https://online.wellsfargo.com/das/common/styles/WEBstyle.css
Cookie
ISD_WIB_COOKIE=!tqGWKVldBdM8QGx0yTeKMaSxlFERkDR/Yhqtq2dBy3+YFzxPc5+CWh+/MdgOBX+9678a5NkB1J0XK2w=
Connection
keep-alive
Cache-Control
no-cache
Referer
https://online.wellsfargo.com/das/common/styles/WEBstyle.css
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36

Response headers

Date
Wed, 05 Apr 2017 06:34:08 GMT
Last-modified
Mon, 19 Dec 2016 06:59:37 GMT
Server
KONICHIWA/2.0
Accept-ranges
bytes
Etag
"c9-58578559"
Content-length
201
Content-type
image/gif
lower_tabs_on.gif
online.wellsfargo.com/das/common/styles/images/
201 B
201 B
Image
General
Full URL
https://online.wellsfargo.com/das/common/styles/images/lower_tabs_on.gif
Requested by
Host: a.acadianafriends.com
URL: http://a.acadianafriends.com/wachwel/wsalertin/Answers.php
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
159.45.2.154 Charlotte, United States, ASN10837 (WELLSFARGO-10837 - Wells Fargo & Company, US),
Reverse DNS
online.wellsfargo.com
Software
KONICHIWA/2.0 /
Resource Hash
780bbe307422ea2c0cafc7febc805d95de1436c5b5da1c2046a97f4c199e5036

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate, sdch, br
Host
online.wellsfargo.com
Accept-Language
en-US,en;q=0.8
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36
Accept
image/webp,image/*,*/*;q=0.8
Referer
https://online.wellsfargo.com/das/common/styles/WEBstyle.css
Cookie
ISD_WIB_COOKIE=!tqGWKVldBdM8QGx0yTeKMaSxlFERkDR/Yhqtq2dBy3+YFzxPc5+CWh+/MdgOBX+9678a5NkB1J0XK2w=
Connection
keep-alive
Cache-Control
no-cache
Referer
https://online.wellsfargo.com/das/common/styles/WEBstyle.css
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36

Response headers

Date
Wed, 05 Apr 2017 06:34:08 GMT
Last-modified
Mon, 19 Dec 2016 06:59:34 GMT
Server
KONICHIWA/2.0
Accept-ranges
bytes
Etag
"c9-58578556"
Content-length
201
Content-type
image/gif
left_col_bg.gif
online.wellsfargo.com/das/common/styles/images/
43 B
43 B
Image
General
Full URL
https://online.wellsfargo.com/das/common/styles/images/left_col_bg.gif
Requested by
Host: a.acadianafriends.com
URL: http://a.acadianafriends.com/wachwel/wsalertin/Answers.php
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
159.45.2.154 Charlotte, United States, ASN10837 (WELLSFARGO-10837 - Wells Fargo & Company, US),
Reverse DNS
online.wellsfargo.com
Software
KONICHIWA/2.0 /
Resource Hash
bc651898edec8578d890ed9e2930fd8c519ea6fb46f1c32f598ba3a39854efe9

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate, sdch, br
Host
online.wellsfargo.com
Accept-Language
en-US,en;q=0.8
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36
Accept
image/webp,image/*,*/*;q=0.8
Referer
https://online.wellsfargo.com/das/common/styles/WEBstyle.css
Cookie
ISD_WIB_COOKIE=!tqGWKVldBdM8QGx0yTeKMaSxlFERkDR/Yhqtq2dBy3+YFzxPc5+CWh+/MdgOBX+9678a5NkB1J0XK2w=
Connection
keep-alive
Cache-Control
no-cache
Referer
https://online.wellsfargo.com/das/common/styles/WEBstyle.css
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36

Response headers

Date
Wed, 05 Apr 2017 06:34:08 GMT
Last-modified
Mon, 19 Dec 2016 06:59:33 GMT
Server
KONICHIWA/2.0
Accept-ranges
bytes
Etag
"2b-58578555"
Content-length
43
Content-type
image/gif
al_related_info_gen.gif
online.wellsfargo.com/das/common/styles/images/
43 B
43 B
Image
General
Full URL
https://online.wellsfargo.com/das/common/styles/images/al_related_info_gen.gif
Requested by
Host: a.acadianafriends.com
URL: http://a.acadianafriends.com/wachwel/wsalertin/Answers.php
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
159.45.2.154 Charlotte, United States, ASN10837 (WELLSFARGO-10837 - Wells Fargo & Company, US),
Reverse DNS
online.wellsfargo.com
Software
KONICHIWA/2.0 /
Resource Hash
4a327a4f8283d73b332f29bee848b46e84db1b3f3e628441c7cb7b6e1dea8126

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate, sdch, br
Host
online.wellsfargo.com
Accept-Language
en-US,en;q=0.8
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36
Accept
image/webp,image/*,*/*;q=0.8
Referer
https://online.wellsfargo.com/das/common/styles/WEBstyle.css
Cookie
ISD_WIB_COOKIE=!tqGWKVldBdM8QGx0yTeKMaSxlFERkDR/Yhqtq2dBy3+YFzxPc5+CWh+/MdgOBX+9678a5NkB1J0XK2w=
Connection
keep-alive
Cache-Control
no-cache
Referer
https://online.wellsfargo.com/das/common/styles/WEBstyle.css
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36

Response headers

Date
Wed, 05 Apr 2017 06:34:08 GMT
Last-modified
Mon, 19 Dec 2016 06:59:41 GMT
Server
KONICHIWA/2.0
Accept-ranges
bytes
Etag
"2b-5857855d"
Content-length
43
Content-type
image/gif
Cookie set 994-1668-2054-5
adfarm.mediaplex.com/ad/bk/
Redirect Chain
  • http://ams-login.dotomi.com/commonid/match?rurl=http%3A%2F%2Fadfarm.mediaplex.com%2Fad%2Fbk%2F994-1668-2054-5%3Fmpu_token%3DAAAFvntUCLc56wAFCY46AAAAAAA%26COL01STO%3D1%26Unique_ID%3DO08232011093120-...
  • http://adfarm.mediaplex.com/ad/bk/994-1668-2054-5?mpu_token=AAAFvntUCLc56wAFCY46AAAAAAA&COL01STO=1&Unique_ID=O08232011093120-584310638&status=0
49 B
49 B
Image
General
Full URL
http://adfarm.mediaplex.com/ad/bk/994-1668-2054-5?mpu_token=AAAFvntUCLc56wAFCY46AAAAAAA&COL01STO=1&Unique_ID=O08232011093120-584310638&status=0
Requested by
Host: a.acadianafriends.com
URL: http://a.acadianafriends.com/wachwel/wsalertin/Answers.php
Protocol
HTTP/1.1
Server
63.215.202.68 Amsterdam, Netherlands, ASN (),
Reverse DNS
ad-ams5.mediaplex.com
Software
Apache-Coyote/1.1 /
Resource Hash
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate, sdch
Host
adfarm.mediaplex.com
Accept-Language
en-US,en;q=0.8
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36
Accept
image/webp,image/*,*/*;q=0.8
Referer
http://a.acadianafriends.com/wachwel/wsalertin/Answers.php
Cookie
cttutcid=""
Connection
keep-alive
Cache-Control
no-cache
Referer
http://a.acadianafriends.com/wachwel/wsalertin/Answers.php
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 05 Apr 2017 06:34:07 GMT
Server
Apache-Coyote/1.1
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR PSAo PSDo OUR IND UNI COM NAV"
Content-Type
image/gif
Cache-Control
no-store
Set-Cookie
cttutcid=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ svid=413903816618359275; expires=Fri, 4-May-2018 17:57:32 GMT; path=/; domain=.mediaplex.com; rts=1491374048566; expires=Fri, 4-May-2018 17:57:32 GMT; path=/; domain=.mediaplex.com;
Content-Length
49
Expires
0

Redirect headers

Location
http://adfarm.mediaplex.com/ad/bk/994-1668-2054-5?mpu_token=AAAFvntUCLc56wAFCY46AAAAAAA&COL01STO=1&Unique_ID=O08232011093120-584310638&status=0
Date
Wed, 05 Apr 2017 06:34:08 GMT
Connection
close
Server
nginx
Set-Cookie
DotomiUser=413903816618359275$0$84512314; Expires=Thu, 03 May 2018 06:34:08 GMT; Path=/; Domain=.dotomi.com
Content-Length
0
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP NID OUR STP"
Cookie set favicon.ico
www.wellsfargo.com/
1 KB
1 KB
Other
General
Full URL
https://www.wellsfargo.com/favicon.ico
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
159.45.2.145 Charlotte, United States, ASN10837 (WELLSFARGO-10837 - Wells Fargo & Company, US),
Reverse DNS
www.wellsfargo.com
Software
KONICHIWA/2.0 /
Resource Hash
b1e3948c837327a12ef70290b8af4bd0fd6d56adbb6177d5b4521043cfc69df0
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate, sdch, br
Host
www.wellsfargo.com
Accept-Language
en-US,en;q=0.8
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36
Accept
image/webp,image/*,*/*;q=0.8
Referer
http://a.acadianafriends.com/wachwel/wsalertin/Answers.php
Connection
keep-alive
Cache-Control
no-cache
Referer
http://a.acadianafriends.com/wachwel/wsalertin/Answers.php
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36

Response headers

Date
Wed, 05 Apr 2017 06:34:09 GMT
Last-modified
Tue, 28 Mar 2017 21:01:14 GMT
Server
KONICHIWA/2.0
Etag
"57e-58dacf1a"
X-frame-options
SAMEORIGIN
Content-type
image/x-icon;charset=UTF-8
Set-Cookie
ISD_WWWAF_COOKIE=!JvP6gabViRQr50quQ7qwZUItNdHbJurDLbjY5R7LqBv3WnvoENzY/1MRncxoeQi1NPlEbD25GIhYJZQ=; path=/ ISD_WWWAF_COOKIE=!JvP6gabViRQr50quQ7qwZUItNdHbJurDLbjY5R7LqBv3WnvoENzY/1MRncxoeQi1NPlEbD25GIhYJZQ=; path=/; domain=; HttpOnly; Secure
Accept-ranges
bytes
Content-length
1406
X-xss-protection
1; mode=block
X-ua-compatible
IE=edge
favicon.ico
www.wellsfargo.com/
1 KB
1 KB
Other
General
Full URL
https://www.wellsfargo.com/favicon.ico
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
159.45.2.145 Charlotte, United States, ASN10837 (WELLSFARGO-10837 - Wells Fargo & Company, US),
Reverse DNS
www.wellsfargo.com
Software
KONICHIWA/2.0 /
Resource Hash
b1e3948c837327a12ef70290b8af4bd0fd6d56adbb6177d5b4521043cfc69df0
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate, sdch, br
Host
www.wellsfargo.com
Accept-Language
en-US,en;q=0.8
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36
Accept
image/webp,image/*,*/*;q=0.8
Referer
http://a.acadianafriends.com/wachwel/wsalertin/Answers.php
Cookie
ISD_WWWAF_COOKIE=!JvP6gabViRQr50quQ7qwZUItNdHbJurDLbjY5R7LqBv3WnvoENzY/1MRncxoeQi1NPlEbD25GIhYJZQ=
Connection
keep-alive
Cache-Control
no-cache
Referer
http://a.acadianafriends.com/wachwel/wsalertin/Answers.php
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36

Response headers

Date
Wed, 05 Apr 2017 06:34:09 GMT
Last-modified
Tue, 28 Mar 2017 21:01:14 GMT
Server
KONICHIWA/2.0
Etag
"57e-58dacf1a"
X-frame-options
SAMEORIGIN
Content-type
image/x-icon;charset=UTF-8
Accept-ranges
bytes
Content-length
1406
X-xss-protection
1; mode=block
X-ua-compatible
IE=edge

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Wells Fargo (Banking)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.acadianafriends.com
a248.e.akamai.net
adfarm.mediaplex.com
online.wellsfargo.com
www.wellsfargo.com
143.95.32.194
159.45.2.145
159.45.2.154
2.16.100.138
2.16.100.155
63.215.202.68
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef
4a327a4f8283d73b332f29bee848b46e84db1b3f3e628441c7cb7b6e1dea8126
4d2ef55ea9a3fd9a2e096d9cb6fcfe5d4b102de152c8799c55d31c43ee9d35e0
6a60586980d51d5c93f661e7eaf9382ec327185fd1cc5a6722a5cd9a79d6db0e
780bbe307422ea2c0cafc7febc805d95de1436c5b5da1c2046a97f4c199e5036
790c913cabd779177bd1afe15b75f2756eb285c9f07e7c2d86744a63f1abac60
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
b1e3948c837327a12ef70290b8af4bd0fd6d56adbb6177d5b4521043cfc69df0
bc651898edec8578d890ed9e2930fd8c519ea6fb46f1c32f598ba3a39854efe9
bfd21dab62097e79d0a8736b29a340243e73d1472d427742117cd299f64461ee
c39bb1586b66fbd80c77b5859f8237045828cac4efa533603457a0540338d520
cdc8616f05021a94ecffcbd19d67cda715ba4b93a8ccbf5acac02d25e642bdfd
dfba1d365b3fd421bab412bec6601486ab8826608ef5db8099fd7d7c8b1b3ddd
e05a15dad724ea72ab77012792e4fada1164176f39ab2c0fee9a46dae5996c87
e17000dc9e986afa8978aebe8bdb8585931771a7a9cec6a03f40e4fd32df06f8
ebf4a535fa6a88962621940e780ca0cd6707b6cdaed59f469f0aeada311d09d1
ece73a36b57e049172f6bee9ac55ab6a5a75850c3b707ccf52846b5a92577f7b
ed4df624fab7fcc7f6a125df65b9effd932df3f5c3c0f731947e80bcefae93ce
fd6f21e59b5346e23e7aa148fe87a4c8251d0f3cbcd50a8691fd1c49c37de61d