ecomshop.promoda.ca Open in urlscan Pro
192.254.236.240  Malicious Activity! Public Scan

URL: http://ecomshop.promoda.ca/wp-admin/schwab/next.html
Submission: On October 25 via automatic, source openphish — Scanned from CA

Summary

This website contacted 10 IPs in 1 countries across 7 domains to perform 20 HTTP transactions. The main IP is 192.254.236.240, located in United States and belongs to UNIFIEDLAYER-AS-1, US. The main domain is ecomshop.promoda.ca.
This is the only time ecomshop.promoda.ca was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Charles Schwab (Financial)

Domain & IP information

IP Address AS Autonomous System
2 192.254.236.240 46606 (UNIFIEDLA...)
1 23.73.242.191 16625 (AKAMAI-AS)
5 23.73.239.129 16625 (AKAMAI-AS)
1 2600:141b:500... 20940 (AKAMAI-ASN1)
2 23.208.216.220 16625 (AKAMAI-AS)
1 2600:141b:500... 20940 (AKAMAI-ASN1)
2 5 54.152.121.76 14618 (AMAZON-AES)
2 63.140.38.186 14618 (AMAZON-AES)
1 23.55.243.213 20940 (AKAMAI-ASN1)
2 2 3.209.236.212 14618 (AMAZON-AES)
20 10
Apex Domain
Subdomains
Transfer
7 schwab.com
content.schwab.com — Cisco Umbrella Rank: 36555
metric.schwab.com
163 KB
6 demdex.net
dpm.demdex.net — Cisco Umbrella Rank: 214
fast.schwab.demdex.net
8 KB
2 everesttech.net
cm.everesttech.net — Cisco Umbrella Rank: 1073
772 B
2 tiqcdn.com
tags.tiqcdn.com — Cisco Umbrella Rank: 968
89 KB
2 go-mpulse.net
s.go-mpulse.net — Cisco Umbrella Rank: 1300
c.go-mpulse.net — Cisco Umbrella Rank: 595
50 KB
2 promoda.ca
ecomshop.promoda.ca
14 KB
1 schwabcdn.com
client.schwabcdn.com — Cisco Umbrella Rank: 213127
9 KB
20 7
Domain Requested by
5 dpm.demdex.net 2 redirects tags.tiqcdn.com
5 content.schwab.com ecomshop.promoda.ca
client.schwabcdn.com
2 cm.everesttech.net 2 redirects
2 metric.schwab.com tags.tiqcdn.com
2 tags.tiqcdn.com ecomshop.promoda.ca
tags.tiqcdn.com
2 ecomshop.promoda.ca ecomshop.promoda.ca
1 fast.schwab.demdex.net tags.tiqcdn.com
1 c.go-mpulse.net s.go-mpulse.net
1 s.go-mpulse.net ecomshop.promoda.ca
1 client.schwabcdn.com ecomshop.promoda.ca
client.schwabcdn.com
20 10
Subject Issuer Validity Valid
client.schwabcdn.com
DigiCert SHA2 Extended Validation Server CA
2022-03-01 -
2023-03-23
a year crt.sh
content.schwab.com
DigiCert SHA2 Extended Validation Server CA
2022-06-07 -
2023-07-08
a year crt.sh
akstat.io
DigiCert TLS Hybrid ECC SHA384 2020 CA1
2022-04-15 -
2023-04-19
a year crt.sh

This page contains 3 frames:

Primary Page: http://ecomshop.promoda.ca/wp-admin/schwab/next.html
Frame ID: BA9FA93FD2B65C37D0F8AB083BB52307
Requests: 18 HTTP requests in this frame

Frame: https://s.go-mpulse.net/boomerang/EX83G-QNMSL-P9787-NRSC7-7EJJ3
Frame ID: 4F720E2E90C1331CDB4E94738FB3FEC1
Requests: 2 HTTP requests in this frame

Frame: http://fast.schwab.demdex.net/dest5.html?d_nsid=0
Frame ID: 5BE48429088F206528853F0A0285AE94
Requests: 1 HTTP requests in this frame

Screenshot

Page Title

Login | Charles Schwab

Page Statistics

20
Requests

40 %
HTTPS

20 %
IPv6

7
Domains

10
Subdomains

10
IPs

1
Countries

332 kB
Transfer

784 kB
Size

8
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 13
  • http://dpm.demdex.net/id?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=5DB5123F5245B1D20A490D45%40AdobeOrg&d_nsid=0&ts=1666710113846 HTTP 302
  • http://dpm.demdex.net/id/rd?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=5DB5123F5245B1D20A490D45%40AdobeOrg&d_nsid=0&ts=1666710113846
Request Chain 19
  • http://cm.everesttech.net/cm/dd?d_uuid=80035662212491669242200726226723576918 HTTP 301
  • https://cm.everesttech.net/cm/dd?d_uuid=80035662212491669242200726226723576918 HTTP 302
  • https://dpm.demdex.net/ibs:dpid=411&dpuuid=Y1f6YgAAAF2BRwMv HTTP 302
  • https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y1f6YgAAAF2BRwMv

20 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request next.html
ecomshop.promoda.ca/wp-admin/schwab/
42 KB
14 KB
Document
General
Full URL
http://ecomshop.promoda.ca/wp-admin/schwab/next.html
Protocol
HTTP/1.1
Server
192.254.236.240 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
gator3275.hostgator.com
Software
Apache /
Resource Hash
53ec7d123f1b1c9e50305f4002100ad0216ab4c0cea1299b9f6d1021b639dba7

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

Accept-Ranges
bytes
Connection
Upgrade
Content-Encoding
gzip
Content-Length
14117
Content-Type
text/html
Date
Tue, 25 Oct 2022 15:01:53 GMT
Last-Modified
Thu, 22 Sep 2022 19:09:40 GMT
Server
Apache
Upgrade
h2,h2c
Vary
Accept-Encoding
login.css
client.schwabcdn.com/cssmerged/
32 KB
9 KB
Stylesheet
General
Full URL
https://client.schwabcdn.com/cssmerged/login.css?v=22.8.1
Requested by
Host: ecomshop.promoda.ca
URL: http://ecomshop.promoda.ca/wp-admin/schwab/next.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.73.242.191 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-73-242-191.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
fd421867e5ce9ea8dfb7e5edc9409828d0db1496cda495677e51c9d2355c6cb0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
http://ecomshop.promoda.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
date
Tue, 25 Oct 2022 15:01:53 GMT
last-modified
Fri, 07 Oct 2022 21:34:42 GMT
etag
"05519c94dad81:0"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css;charset=utf-8
accept-ranges
bytes
content-length
9160
x-xss-protection
1; mode=block
Getty_1166830366_PTS_pro_trustee.jpg
content.schwab.com/drupal_dependencies/DECA/
25 KB
26 KB
Image
General
Full URL
https://content.schwab.com/drupal_dependencies/DECA/Getty_1166830366_PTS_pro_trustee.jpg
Requested by
Host: ecomshop.promoda.ca
URL: http://ecomshop.promoda.ca/wp-admin/schwab/next.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.73.239.129 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-73-239-129.deploy.static.akamaitechnologies.com
Software
Akamai Image Manager /
Resource Hash
29025d67938492b29200c972d92f8d9effa35a032b3e01cf483477d5ee6e20fd

Request headers

accept-language
en-CA,en;q=0.9
Referer
http://ecomshop.promoda.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date
Tue, 25 Oct 2022 15:01:53 GMT
Last-Modified
Tue, 05 Jul 2022 19:23:55 GMT
Server
Akamai Image Manager
ETag
"a5efd459f49f763ebab13b7636c32db3:1651677795.711328"
Access-Control-Allow-Methods
GET, GET
Content-Type
image/webp
Access-Control-Allow-Origin
*
Cache-Control
private, no-transform, max-age=43200
Connection
keep-alive
Content-Length
25816
Expires
Wed, 26 Oct 2022 03:01:53 GMT
amex_inv_369x185.png
content.schwab.com/drupal_dependencies/DECA/
7 KB
8 KB
Image
General
Full URL
https://content.schwab.com/drupal_dependencies/DECA/amex_inv_369x185.png
Requested by
Host: ecomshop.promoda.ca
URL: http://ecomshop.promoda.ca/wp-admin/schwab/next.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.73.239.129 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-73-239-129.deploy.static.akamaitechnologies.com
Software
Akamai Image Manager /
Resource Hash
4df5695830fbe3dedc90773d8732aacfaaa2f6405b9adc182d0ae69793dfcd11

Request headers

accept-language
en-CA,en;q=0.9
Referer
http://ecomshop.promoda.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date
Tue, 25 Oct 2022 15:01:53 GMT
Last-Modified
Tue, 22 Mar 2022 21:13:27 GMT
Server
Akamai Image Manager
ETag
"a12cdd52949fd4af704d86c8ebd1b083:1641930102.761204"
Access-Control-Allow-Methods
GET, GET
Content-Type
image/webp
Access-Control-Allow-Origin
*
Cache-Control
private, no-transform, max-age=43200
Connection
keep-alive
Content-Length
7258
Expires
Wed, 26 Oct 2022 03:01:53 GMT
LogIn_rocketmortgage_kitchen.png
content.schwab.com/drupal_dependencies/DECA/
16 KB
16 KB
Image
General
Full URL
https://content.schwab.com/drupal_dependencies/DECA/LogIn_rocketmortgage_kitchen.png
Requested by
Host: ecomshop.promoda.ca
URL: http://ecomshop.promoda.ca/wp-admin/schwab/next.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.73.239.129 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-73-239-129.deploy.static.akamaitechnologies.com
Software
Akamai Image Manager /
Resource Hash
827bb042eb352e91a1103878f45d2174dfd8e341706de68a6d5f535483469b2b

Request headers

accept-language
en-CA,en;q=0.9
Referer
http://ecomshop.promoda.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date
Tue, 25 Oct 2022 15:01:53 GMT
Last-Modified
Wed, 18 May 2022 21:58:41 GMT
Server
Akamai Image Manager
X-Serial
1350
X-Check-Cacheable
YES
ETag
"3cb28c3d0a705db5885e3b81209de580:1651677877.28765"
Access-Control-Allow-Methods
GET, GET
Content-Type
image/webp
Access-Control-Allow-Origin
*
Cache-Control
private, no-transform, max-age=43200
Connection
keep-alive
Content-Length
15996
Expires
Wed, 26 Oct 2022 03:01:53 GMT
H1RST2c
ecomshop.promoda.ca/K_hNxcC7U2lQ/6EMdJx42_e/Ff/paN9LXwp/NVNVOTdpKgY/F2FR/
0
0
Script
General
Full URL
http://ecomshop.promoda.ca/K_hNxcC7U2lQ/6EMdJx42_e/Ff/paN9LXwp/NVNVOTdpKgY/F2FR/H1RST2c
Requested by
Host: ecomshop.promoda.ca
URL: http://ecomshop.promoda.ca/wp-admin/schwab/next.html
Protocol
HTTP/1.1
Server
192.254.236.240 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
gator3275.hostgator.com
Software
nginx/1.21.6 /
Resource Hash

Request headers

accept-language
en-CA,en;q=0.9
Referer
http://ecomshop.promoda.ca/wp-admin/schwab/next.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date
Tue, 25 Oct 2022 15:01:52 GMT
Server
nginx/1.21.6
Connection
close
Content-Length
0
Content-Type
text/html; charset=UTF-8
EX83G-QNMSL-P9787-NRSC7-7EJJ3
s.go-mpulse.net/boomerang/ Frame 4F72
205 KB
50 KB
Script
General
Full URL
https://s.go-mpulse.net/boomerang/EX83G-QNMSL-P9787-NRSC7-7EJJ3
Requested by
Host: ecomshop.promoda.ca
URL: http://ecomshop.promoda.ca/wp-admin/schwab/next.html
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2600:141b:5000:684::11a6 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
09ebd7f407439990aac227e70da23e1a819e8e30282928e324370805f480bec4

Request headers

accept-language
en-CA,en;q=0.9
Referer
http://ecomshop.promoda.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Tue, 25 Oct 2022 15:01:53 GMT
content-encoding
br
last-modified
Fri, 14 Oct 2022 00:08:35 GMT
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
max-age=604800
x-n
S
timing-allow-origin
*
content-length
50393
truncated
/
5 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
2ccc4d3be744a29473fefe2f313fdae488f460b85a47e8427f748358a54ba048

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Content-Type
image/svg+xml
Login_Background.jpg
content.schwab.com/web/login/
110 KB
110 KB
Image
General
Full URL
https://content.schwab.com/web/login/Login_Background.jpg
Requested by
Host: client.schwabcdn.com
URL: https://client.schwabcdn.com/cssmerged/login.css?v=22.8.1
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.73.239.129 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-73-239-129.deploy.static.akamaitechnologies.com
Software
Akamai Image Manager /
Resource Hash
3c1e405db9fdc7ea43f4ac748a546bd54161bdecec8b8756b4e29b1359f2c856

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://client.schwabcdn.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date
Tue, 25 Oct 2022 15:01:53 GMT
Last-Modified
Mon, 18 Jul 2022 14:43:48 GMT
Server
Akamai Image Manager
X-Serial
1706
X-Check-Cacheable
YES
ETag
"ddd5e02fd4df958d8da39b113223dd11:1638552670.165418"
Access-Control-Allow-Methods
GET, GET
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Cache-Control
private, no-transform, max-age=43200
Connection
keep-alive
Content-Length
112358
Expires
Wed, 26 Oct 2022 03:01:53 GMT
CharlesModern-Light.woff
client.schwabcdn.com/fonts/
0
0

utag.js
tags.tiqcdn.com/utag/schwab/client-center/prod/
333 KB
89 KB
Script
General
Full URL
http://tags.tiqcdn.com/utag/schwab/client-center/prod/utag.js
Requested by
Host: ecomshop.promoda.ca
URL: http://ecomshop.promoda.ca/wp-admin/schwab/next.html
Protocol
HTTP/1.1
Server
23.208.216.220 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-208-216-220.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
10b9665a419b9034e35d3ab86358c8279de7e6ceb5f6d38cff967e470dbd7810

Request headers

accept-language
en-CA,en;q=0.9
Referer
http://ecomshop.promoda.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date
Tue, 25 Oct 2022 15:01:53 GMT
Content-Encoding
gzip
Last-Modified
Mon, 24 Oct 2022 21:30:14 GMT
Server
AkamaiNetStorage
ETag
"4d5613a56fa815d34b0d6db2cbb52f66:1666647014.312645"
Vary
Accept-Encoding
Transfer-Encoding
chunked
Content-Type
application/x-javascript
Cache-Control
max-age=300
Connection
keep-alive, Transfer-Encoding
Accept-Ranges
bytes
Expires
Tue, 25 Oct 2022 15:06:53 GMT
schwabsafe_logo.svg
content.schwab.com/web/login/
2 KB
2 KB
Image
General
Full URL
https://content.schwab.com/web/login/schwabsafe_logo.svg
Requested by
Host: client.schwabcdn.com
URL: https://client.schwabcdn.com/cssmerged/login.css?v=22.8.1
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.73.239.129 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-73-239-129.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
0c1f7d2d3fa4ed7ec3cf2519cd017ddb5bc8de757e00ed8f84cd8991059a0631

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://client.schwabcdn.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date
Tue, 25 Oct 2022 15:01:53 GMT
Last-Modified
Tue, 20 Jun 2017 20:14:24 GMT
Server
AkamaiNetStorage
ETag
"7449c161258eba54600debcbd1229b1d:1497989664"
Access-Control-Allow-Methods
GET
Content-Type
image/svg+xml
Access-Control-Allow-Origin
*
Cache-Control
max-age=900
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
2058
CharlesModern-Light.ttf
client.schwabcdn.com/fonts/
0
0

config.json
c.go-mpulse.net/api/ Frame 4F72
111 B
390 B
XHR
General
Full URL
https://c.go-mpulse.net/api/config.json?key=EX83G-QNMSL-P9787-NRSC7-7EJJ3&d=ecomshop.promoda.ca&t=5555700&v=1.720.0&if=&sl=0&si=ea9e71a6-e1d2-4181-924b-efb3d6e0bbc9-rkbdr5&plugins=AK,ConfigOverride,Continuity,PageParams,IFrameDelay,AutoXHR,SPA,History,Angular,Backbone,Ember,RT,CrossDomain,BW,PaintTiming,NavigationTiming,ResourceTiming,Memory,CACHE_RELOAD,Errors,TPAnalytics,UserTiming,Akamai,Early,EventTiming,LOGN&acao=&ak.ai=179881
Requested by
Host: s.go-mpulse.net
URL: https://s.go-mpulse.net/boomerang/EX83G-QNMSL-P9787-NRSC7-7EJJ3
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2600:141b:5000:58a::11a6 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
8925bebe2b33d73dc1decf23ca6752ee99f8a0d5429fcbe328ee7d93e1fe1a40

Request headers

accept-language
en-CA,en;q=0.9
Referer
http://ecomshop.promoda.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Tue, 25 Oct 2022 15:01:53 GMT
Cache-Control
public, max-age=300, stale-while-revalidate=60, stale-if-error=120
Connection
keep-alive
Timing-Allow-Origin
*
Content-Length
111
Content-Type
application/json
rd
dpm.demdex.net/id/
Redirect Chain
  • http://dpm.demdex.net/id?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=5DB5123F5245B1D20A490D45%40AdobeOrg&d_nsid=0&ts=1666710113846
  • http://dpm.demdex.net/id/rd?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=5DB5123F5245B1D20A490D45%40AdobeOrg&d_nsid=0&ts=1666710113846
110 B
719 B
XHR
General
Full URL
http://dpm.demdex.net/id/rd?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=5DB5123F5245B1D20A490D45%40AdobeOrg&d_nsid=0&ts=1666710113846
Protocol
HTTP/1.1
Server
54.152.121.76 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-152-121-76.compute-1.amazonaws.com
Software
/
Resource Hash
95c9fc80eb0fd2a2887aa596301c1e03e623058a2f7f4e92d525e8ae9a8e40b8

Request headers

accept-language
en-CA,en;q=0.9
Referer
http://ecomshop.promoda.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

DCS
dcs-prod-va6-1-v043-041e1144d.edge-va6.demdex.com 0 ms
Pragma
no-cache
content-encoding
gzip
X-TID
vlrxbLNCSGg=
Vary
Origin
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin
http://ecomshop.promoda.ca
Content-Type
application/json;charset=utf-8
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials
true
X-Error
172
Connection
keep-alive
Content-Length
123
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

DCS
dcs-prod-va6-1-v043-0899b8301.edge-va6.demdex.com 0 ms
Pragma
no-cache
X-TID
wA3lLcT8Sr0=
Vary
Origin
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin
http://ecomshop.promoda.ca
Location
http://dpm.demdex.net/id/rd?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=5DB5123F5245B1D20A490D45%40AdobeOrg&d_nsid=0&ts=1666710113846
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 UTC
utag.v.js
tags.tiqcdn.com/utag/tiqapp/
2 B
375 B
Script
General
Full URL
http://tags.tiqcdn.com/utag/tiqapp/utag.v.js?a=schwab/client-center/202210241644&cb=1666710113865
Requested by
Host: tags.tiqcdn.com
URL: http://tags.tiqcdn.com/utag/schwab/client-center/prod/utag.js
Protocol
HTTP/1.1
Server
23.208.216.220 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-208-216-220.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb

Request headers

accept-language
en-CA,en;q=0.9
Referer
http://ecomshop.promoda.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Unused62
8096267
Date
Tue, 25 Oct 2022 15:01:53 GMT
Last-Modified
Thu, 14 Apr 2016 16:57:51 GMT
Server
AkamaiNetStorage
ETag
"7bc0ee636b3b83484fc3b9348863bd22:1460653071"
Content-Type
application/x-javascript
Cache-Control
max-age=600
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
2
Expires
Tue, 25 Oct 2022 15:11:53 GMT
id
metric.schwab.com/
48 B
829 B
XHR
General
Full URL
http://metric.schwab.com/id?d_visid_ver=4.4.0&d_fieldgroup=MC&mcorgid=5DB5123F5245B1D20A490D45%40AdobeOrg&ts=1666710113978
Requested by
Host: tags.tiqcdn.com
URL: http://tags.tiqcdn.com/utag/schwab/client-center/prod/utag.js
Protocol
HTTP/1.1
Server
63.140.38.186 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ip-63-140-38-186.data.adobedc.net
Software
jag /
Resource Hash
a5721d81eb73d6483ae2a9166aec867985608db4b55405c5bfc01ba3ae2bd4ef
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://ecomshop.promoda.ca/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Tue, 25 Oct 2022 15:01:54 GMT
x-content-type-options
nosniff
server
jag
vary
Origin
content-type
application/x-javascript;charset=utf-8
access-control-allow-origin
http://ecomshop.promoda.ca
p3p
CP="This is not a P3P policy"
cache-control
no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials
true
content-length
48
x-xss-protection
1; mode=block
id
dpm.demdex.net/
938 B
1 KB
XHR
General
Full URL
http://dpm.demdex.net/id?d_visid_ver=4.4.0&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=5DB5123F5245B1D20A490D45%40AdobeOrg&d_nsid=0&d_mid=72254147268775949071575478857829181185&ts=1666710114142
Requested by
Host: tags.tiqcdn.com
URL: http://tags.tiqcdn.com/utag/schwab/client-center/prod/utag.js
Protocol
HTTP/1.1
Server
54.152.121.76 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-152-121-76.compute-1.amazonaws.com
Software
/
Resource Hash
6c74bb4a198608f971a7ad0fe74dcb13051193dc594c053c78a70f66aea4dbcf

Request headers

Referer
http://ecomshop.promoda.ca/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

DCS
dcs-prod-va6-1-v043-0fcdf4e93.edge-va6.demdex.com 32 ms
Pragma
no-cache
content-encoding
gzip
X-TID
ozXW+xniRy8=
Vary
Origin
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin
http://ecomshop.promoda.ca
Content-Type
application/json;charset=utf-8
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
539
Expires
Thu, 01 Jan 1970 00:00:00 UTC
s59176924611158
metric.schwab.com/b/ss/cschwabschwabprod/10/JS-2.1.0/
146 B
739 B
Script
General
Full URL
http://metric.schwab.com/b/ss/cschwabschwabprod/10/JS-2.1.0/s59176924611158?AQB=1&ndh=1&pf=1&callback=s_c_il[1].doPostbacks&et=1&t=25%2F9%2F2022%2015%3A1%3A54%202%200&sdid=67C23EC132DD73DE-6089AC6F1E142503&mid=72254147268775949071575478857829181185&aamlh=7&ce=UTF8&ns=charlesschwab&cdp=2&fpCookieDomainPeriods=2&pageName=%2Fprospects%2FLogin%2FSignOn%2FCustomerCenterLogin.aspx&g=http%3A%2F%2Fecomshop.promoda.ca%2Fwp-admin%2Fschwab%2Fnext.html&cc=USD&ch=%2Fprospects&aamb=j8Odv6LonN4r3an7LhD3WZrU1bUpAkFkkiY1ncBR96t2PTI&c1=%2Fprospects%2FLogin%2FSignOn%2F&v1=D%3Dc1&h1=D%3Dc3&c3=http%3A%2F%2Fecomshop.promoda.ca%2Fwp-admin%2Fschwab%2Fnext.html&v3=D%3Dc3&c4=Login%20%7C%20Charles%20Schwab&v4=D%3Dc4&c5=http%3A%2F%2Fecomshop.promoda.ca%2Fwp-admin%2Fschwab%2Fnext.html&v5=http%3A%2F%2Fecomshop.promoda.ca%2Fwp-admin%2Fschwab%2Fnext.html&c7=1&v7=1&c11=1&v11=1&c14=en-US&c15=Tuesday&v15=Tuesday&c16=11%3A00AM&v16=11%3A00AM&v18=D%3DpageName&v36=%2B1&v39=%2B1&c40=not%20supported&v52=%2B1&v56=A4t5R0FrbrMjdhrOuJchcgufy6X%2FBWJl%2B%2FMd%2F%2FTBxfAA%3D&v67=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F106.0.5249.119%20Safari%2F537.36&c69=VisitorAPI%20Present&v69=VisitorAPI%20Present&v71=72254147268775949071575478857829181185&v86=prospect&v88=secure&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=5DB5123F5245B1D20A490D45%40AdobeOrg&AQE=1
Requested by
Host: tags.tiqcdn.com
URL: http://tags.tiqcdn.com/utag/schwab/client-center/prod/utag.js
Protocol
HTTP/1.1
Server
63.140.38.186 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ip-63-140-38-186.data.adobedc.net
Software
jag /
Resource Hash
34993af787ff407e49c4990f8d2fe0e512f4a6394548e2058f351e2c665bca5b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
http://ecomshop.promoda.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-aam-tid
meIA6G4aQTk=
date
Tue, 25 Oct 2022 15:01:54 GMT
x-content-type-options
nosniff
p3p
CP="This is not a P3P policy"
content-length
146
x-xss-protection
1; mode=block
dcs
dcs-prod-va6-1-v043-0b306d8b2.edge-va6.demdex.com 4 ms
pragma
no-cache
last-modified
Wed, 26 Oct 2022 15:01:54 GMT
server
jag
etag
3579232716629737472-4619635355472479193
vary
*
content-type
application/x-javascript;charset=utf-8
access-control-allow-origin
*
cache-control
no-cache, no-store, max-age=0, no-transform, private
expires
Mon, 24 Oct 2022 15:01:54 GMT
dest5.html
fast.schwab.demdex.net/ Frame 5BE4
7 KB
3 KB
Document
General
Full URL
http://fast.schwab.demdex.net/dest5.html?d_nsid=0
Requested by
Host: tags.tiqcdn.com
URL: http://tags.tiqcdn.com/utag/schwab/client-center/prod/utag.js
Protocol
HTTP/1.1
Server
23.55.243.213 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-55-243-213.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8

Request headers

Referer
http://ecomshop.promoda.ca/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

Accept-Ranges
bytes
Cache-Control
max-age=21600
Connection
keep-alive
Content-Encoding
gzip
Content-Length
2785
Content-Type
text/html
Date
Tue, 25 Oct 2022 15:01:54 GMT
ETag
"2c9c2ee145ee280b85a217ad7045fae5:1580750826.437238"
Last-Modified
Mon, 03 Feb 2020 17:27:06 GMT
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Server
AkamaiNetStorage
Unused62
8096267
Vary
Accept-Encoding
demconf.jpg
dpm.demdex.net/
Redirect Chain
  • http://cm.everesttech.net/cm/dd?d_uuid=80035662212491669242200726226723576918
  • https://cm.everesttech.net/cm/dd?d_uuid=80035662212491669242200726226723576918
  • https://dpm.demdex.net/ibs:dpid=411&dpuuid=Y1f6YgAAAF2BRwMv
  • https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y1f6YgAAAF2BRwMv
42 B
941 B
Image
General
Full URL
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y1f6YgAAAF2BRwMv
Protocol
HTTP/1.1
Server
54.152.121.76 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-152-121-76.compute-1.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
http://ecomshop.promoda.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

DCS
dcs-prod-va6-1-v043-0557981de.edge-va6.demdex.com 15 ms
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-TID
jk/5Tf/lSoQ=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type
image/gif
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

DCS
dcs-prod-va6-1-v043-0d2a9a5e5.edge-va6.demdex.com 0 ms
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-TID
BWczyczfTK4=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y1f6YgAAAF2BRwMv
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
client.schwabcdn.com
URL
https://client.schwabcdn.com/fonts/CharlesModern-Light.woff?v=1.0.0
Domain
client.schwabcdn.com
URL
https://client.schwabcdn.com/fonts/CharlesModern-Light.ttf?v=1.0.0

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Charles Schwab (Financial)

129 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch object| navigation string| waEnvId string| waCategoryName string| waPageName string| BOOMR_API_key object| BOOMR number| BOOMR_lstart boolean| wa_enable number| hexcase string| b64pad number| chrsz string| sendBid boolean| wa_global_disable function| SHA256 function| getCookie function| fetchBrowserId function| base64ToAscii function| mkTmsCookie function| str2ab function| bin2String function| createGuid object| scatAccounts object| utag_data object| TagParameters string| waClassicHeader string| pnlError function| ShowMessage string| displayType object| cardsClicked function| sendFeedback function| fireFeedbackRequest string| utagLibPath string| waClassicFooter object| BOOMR_mq boolean| utag_condload boolean| GUTtransition boolean| isInFrame boolean| isOnSchwab boolean| isHgTools undefined| isTMSInitialized undefined| tmsQueue undefined| initIdx undefined| item object| utag function| e object| s function| AppMeasurement function| s_gi function| s_pgicq function| AppMeasurement_Module_Integrate function| AppMeasurement_Module_Media object| _aaq string| bot_traffic object| utag_cfg_ovrd function| FuncQueue object| tms object| GUT function| waCleanStr function| waPageNameFix function| schwab_trackAnalytics function| optimizely_sendCampaignsToAdobe object| optimizely boolean| optimizely_adobe_integration_loaded object| adobe function| Visitor object| s_c_il number| s_c_in number| s_objectID number| s_giq number| sizmekTagId number| doubleClickTagId string| gtagRename object| dataLayer function| gtag number| adWordsTagId number| BOOMR_onload function| SzOnClickTracking function| mmConversionTag function| mmRedirect function| mmExecutePublisherCode function| mmDelayLink function| trackSizmek function| scatDiagnose function| scatAutoHandler function| scatAutoTrackFileDownloads function| scatAutoTrackExitLinks function| scatTagOverlay function| waTagOverlay function| scatSetCustom23 function| DcVideoTagging function| waMediaOpen function| waMediaPause function| waMediaPlay function| waMediaClose function| waMediaStop function| waMediaScrub function| waMediaComplete function| waMediaPercentComplete function| scatSetCategoryAndPageName function| scatSendAsync function| scatUpdateCeid function| scatTrackFileDL function| scatCustomLinkTrack function| scatShareLinkTrack function| scatPrintTrack function| scatChatSuccessTrack function| trackAdobe function| marketoTrackLink function| trackMarketo function| GetRefrid function| DcOnClickTracking function| trackDoubleClick function| AwOnClickTracking function| trackAdWords object| setTaggingArray function| GUTtrack boolean| iflset string| j string| k number| slo object| s_i_cschwabschwabprod

8 Cookies

Domain/Path Name / Value
.promoda.ca/ Name: utag_main
Value: v_id:01840faa0e210019ed03eef6005703074003406c00b08$_sn:1$_ss:1$_st:1666711913826$ses_id:1666710113826%3Bexp-session$_pn:1%3Bexp-session$_prevpage:%2Fprospects%2FLogin%2FSignOn%2FCustomerCenterLogin.aspx%3Bexp-1666713713833$vapi_domain:promoda.ca
.promoda.ca/ Name: AMCVS_5DB5123F5245B1D20A490D45%40AdobeOrg
Value: 1
.promoda.ca/ Name: s_pers
Value: %20s_vnum%3D2098710114212%2526vn%253D1%7C2098710114212%3B%20s_invisit%3Dtrue%7C1666711914212%3B%20s_prevCh%3D%252Fprospects%7C1666711914218%3B%20s_depth%3D1%7C1666711914220%3B%20s_prevUrl%3Dhttp%253A%252F%252Fecomshop.promoda.ca%252Fwp-admin%252Fschwab%252Fnext.html%7C1666711914222%3B%20s_gpv_pn%3D%252Fprospects%252FLogin%252FSignOn%252FCustomerCenterLogin.aspx%7C1666711914225%3B
.promoda.ca/ Name: s_sess
Value: %20s_linkTracking%3D%3B%20s_cc%3Dtrue%3B
.everesttech.net/ Name: everest_g_v2
Value: g_surferid~Y1f6YgAAAF2BRwMv
.demdex.net/ Name: demdex
Value: 20704944201373616531538642156837178493
.dpm.demdex.net/ Name: dpm
Value: 20704944201373616531538642156837178493
.promoda.ca/ Name: AMCV_5DB5123F5245B1D20A490D45%40AdobeOrg
Value: 1585540135%7CMCIDTS%7C19291%7CMCMID%7C72254147268775949071575478857829181185%7CMCAID%7CNONE%7CMCOPTOUT-1666717314s%7CNONE%7CMCAAMLH-1667314914%7C7%7CMCAAMB-1667314914%7Cj8Odv6LonN4r3an7LhD3WZrU1bUpAkFkkiY1ncBR96t2PTI%7CMCSYNCSOP%7C411-19298%7CvVersion%7C4.4.0

6 Console Messages

Source Level URL
Text
javascript error URL: http://ecomshop.promoda.ca/wp-admin/schwab/next.html
Message:
Access to font at 'https://client.schwabcdn.com/fonts/CharlesModern-Light.woff?v=1.0.0' from origin 'http://ecomshop.promoda.ca' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header has a value 'https://client.schwab.com' that is not equal to the supplied origin.
network error URL: https://client.schwabcdn.com/fonts/CharlesModern-Light.woff?v=1.0.0
Message:
Failed to load resource: net::ERR_FAILED
network error URL: http://ecomshop.promoda.ca/K_hNxcC7U2lQ/6EMdJx42_e/Ff/paN9LXwp/NVNVOTdpKgY/F2FR/H1RST2c
Message:
Failed to load resource: the server responded with a status of 500 (Internal Server Error)
javascript error URL: http://ecomshop.promoda.ca/wp-admin/schwab/next.html
Message:
Access to font at 'https://client.schwabcdn.com/fonts/CharlesModern-Light.ttf?v=1.0.0' from origin 'http://ecomshop.promoda.ca' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header has a value 'https://client.schwab.com' that is not equal to the supplied origin.
network error URL: https://client.schwabcdn.com/fonts/CharlesModern-Light.ttf?v=1.0.0
Message:
Failed to load resource: net::ERR_FAILED
network error URL: https://c.go-mpulse.net/api/config.json?key=EX83G-QNMSL-P9787-NRSC7-7EJJ3&d=ecomshop.promoda.ca&t=5555700&v=1.720.0&if=&sl=0&si=ea9e71a6-e1d2-4181-924b-efb3d6e0bbc9-rkbdr5&plugins=AK,ConfigOverride,Continuity,PageParams,IFrameDelay,AutoXHR,SPA,History,Angular,Backbone,Ember,RT,CrossDomain,BW,PaintTiming,NavigationTiming,ResourceTiming,Memory,CACHE_RELOAD,Errors,TPAnalytics,UserTiming,Akamai,Early,EventTiming,LOGN&acao=&ak.ai=179881
Message:
Failed to load resource: the server responded with a status of 403 (Forbidden)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

c.go-mpulse.net
client.schwabcdn.com
cm.everesttech.net
content.schwab.com
dpm.demdex.net
ecomshop.promoda.ca
fast.schwab.demdex.net
metric.schwab.com
s.go-mpulse.net
tags.tiqcdn.com
client.schwabcdn.com
192.254.236.240
23.208.216.220
23.55.243.213
23.73.239.129
23.73.242.191
2600:141b:5000:58a::11a6
2600:141b:5000:684::11a6
3.209.236.212
54.152.121.76
63.140.38.186
09ebd7f407439990aac227e70da23e1a819e8e30282928e324370805f480bec4
0c1f7d2d3fa4ed7ec3cf2519cd017ddb5bc8de757e00ed8f84cd8991059a0631
10b9665a419b9034e35d3ab86358c8279de7e6ceb5f6d38cff967e470dbd7810
29025d67938492b29200c972d92f8d9effa35a032b3e01cf483477d5ee6e20fd
2ccc4d3be744a29473fefe2f313fdae488f460b85a47e8427f748358a54ba048
34993af787ff407e49c4990f8d2fe0e512f4a6394548e2058f351e2c665bca5b
3c1e405db9fdc7ea43f4ac748a546bd54161bdecec8b8756b4e29b1359f2c856
4df5695830fbe3dedc90773d8732aacfaaa2f6405b9adc182d0ae69793dfcd11
53ec7d123f1b1c9e50305f4002100ad0216ab4c0cea1299b9f6d1021b639dba7
6c74bb4a198608f971a7ad0fe74dcb13051193dc594c053c78a70f66aea4dbcf
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
827bb042eb352e91a1103878f45d2174dfd8e341706de68a6d5f535483469b2b
8925bebe2b33d73dc1decf23ca6752ee99f8a0d5429fcbe328ee7d93e1fe1a40
95c9fc80eb0fd2a2887aa596301c1e03e623058a2f7f4e92d525e8ae9a8e40b8
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb
a5721d81eb73d6483ae2a9166aec867985608db4b55405c5bfc01ba3ae2bd4ef
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
fd421867e5ce9ea8dfb7e5edc9409828d0db1496cda495677e51c9d2355c6cb0