Submitted URL: https://support.pw.pub.cambridgeassociates.cloud/
Effective URL: https://login.microsoftonline.com/4b1c6b54-4031-481e-b9c8-9000b4e3b2c2/oauth2/v2.0/authorize?client_id=24f53a55-bdb2-412a-8a0d-4b4...
Submission: On December 11 via automatic, source certstream-suspicious — Scanned from DE

Summary

This website contacted 7 IPs in 5 countries across 8 domains to perform 23 HTTP transactions. The main IP is 40.126.32.140, located in Amsterdam, Netherlands and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is login.microsoftonline.com. The Cisco Umbrella rank of the primary domain is 10.
TLS certificate: Issued by DigiCert SHA2 Secure Server CA on September 3rd 2024. Valid for: 6 months.
This is the only time login.microsoftonline.com was scanned on urlscan.io!

urlscan.io Verdict: No classification


Live information

Domain & IP information

IP Address AS Autonomous System
10 52.222.214.112 16509 (AMAZON-02)
1 104.21.27.152 13335 (CLOUDFLAR...)
1 142.250.185.195 15169 (GOOGLE)
1 1 54.82.38.204 14618 (AMAZON-AES)
1 40.126.32.140 8075 (MICROSOFT...)
8 13.107.246.45 8075 (MICROSOFT...)
1 20.190.159.71 8075 (MICROSOFT...)
1 152.199.21.175 15133 (EDGECAST)
23 7
Apex Domain
Subdomains
Transfer
10 cambridgeassociates.cloud
support.pw.pub.cambridgeassociates.cloud
855 KB
8 msauth.net
aadcdn.msauth.net — Cisco Umbrella Rank: 871
387 KB
1 msauthimages.net
aadcdn.msauthimages.net — Cisco Umbrella Rank: 3379
16 KB
1 live.com
login.live.com — Cisco Umbrella Rank: 61
1 microsoftonline.com
login.microsoftonline.com — Cisco Umbrella Rank: 10
19 KB
1 amazoncognito.com
ca-support-prod.auth.us-east-1.amazoncognito.com
2 KB
1 gstatic.com
fonts.gstatic.com
42 KB
1 fontawesome.com
use.fontawesome.com — Cisco Umbrella Rank: 1331
12 KB
23 8
Domain Requested by
10 support.pw.pub.cambridgeassociates.cloud support.pw.pub.cambridgeassociates.cloud
8 aadcdn.msauth.net login.microsoftonline.com
aadcdn.msauth.net
1 aadcdn.msauthimages.net
1 login.live.com login.microsoftonline.com
1 login.microsoftonline.com support.pw.pub.cambridgeassociates.cloud
1 ca-support-prod.auth.us-east-1.amazoncognito.com 1 redirects
1 fonts.gstatic.com support.pw.pub.cambridgeassociates.cloud
1 use.fontawesome.com support.pw.pub.cambridgeassociates.cloud
23 8

This site contains links to these domains. Also see Links.

Domain
www.microsoft.com
privacy.microsoft.com
Subject Issuer Validity Valid
support.pw.pub.cambridgeassociates.cloud
Amazon RSA 2048 M03
2024-01-11 -
2025-02-08
a year crt.sh
use.fontawesome.com
WE1
2024-11-07 -
2025-02-06
3 months crt.sh
*.gstatic.com
WR2
2024-11-04 -
2025-01-27
3 months crt.sh
stamp2.login.microsoftonline.com
DigiCert SHA2 Secure Server CA
2024-09-03 -
2025-03-03
6 months crt.sh
aadcdn.msauth.net
DigiCert SHA2 Secure Server CA
2024-10-29 -
2025-10-29
a year crt.sh
login.live.com
DigiCert SHA2 Secure Server CA
2024-11-13 -
2025-05-13
6 months crt.sh
aadcdn.msauthimages.net
Microsoft Azure RSA TLS Issuing CA 03
2024-06-04 -
2025-05-30
a year crt.sh

This page contains 1 frames:

Primary Page: https://login.microsoftonline.com/4b1c6b54-4031-481e-b9c8-9000b4e3b2c2/oauth2/v2.0/authorize?client_id=24f53a55-bdb2-412a-8a0d-4b4d14e0fd26&redirect_uri=https%3A%2F%2Fca-support-prod.auth.us-east-1.amazoncognito.com%2Foauth2%2Fidpresponse&scope=openid+email+profile&response_type=code&state=H4sIAAAAAAAAAD2RW4_aMBBG_4ufSTb3C29AlnuAEKBAVSHbuYfEJrbDQtX_Xq9U9e1I852Z0cxvAMEQCKakkHFFvz1KWLxmpM7AACBZgW_RpZKxZIc-nMIv_JyX9sOvNatzdJH0qZnLQCIDBeeUDT8-mKCUdFylT5UKpGLYoK5McjmCEVxCnjIV34lIpJZKDZPke0QmcbsIJhJzMPwJCE3bMgG_BqCQlU0ejw-zZWSNZpP2S1wb5Idf5K1XddOlDrOlVcrYuZr4u821z0Ixva64ngXbNVvUdD2nL3e0zX3PcKcl3L4eTBqVNGLDdiTWEq1uf75HK2aUx1O2PM3ONVk0iJiXwHRFnET4cxnuw35zmEXxJ4twOqlX610wNRXUVEeDazuTOOg0rW4japacnk5jgfavNe_F2Y9hkdzLK3TGR_70RICUttfncWmhxYH2Qa_Ele4Vu3m4MQLRrzW_rX9gFPHb5HhL0aWah-hJlqPLa9H2y5Hc-P59Oqj8O7ZCO5KoUPBC_f9NFTbwTVpM8rbkRMWkkVoDhrprmp7n2rY9ABQMM3hn6QB0sh_yEuzpnqMYGnIUCyZYgb6GFIQsR8O66yLogj9_AbXJYGU1AgAA.H4sIAAAAAAAAAAv9IL74MNfzrF0Mvn8WrpevqNb2bzG--k9Mc8OqnuYNHpIAYfy36SAAAAA.4
Frame ID: 743351AD7ABA9BB468F1333724D50EC4
Requests: 23 HTTP requests in this frame

Screenshot

Page Title

Bei Ihrem Konto anmelden

Page URL History Show full URLs

  1. https://support.pw.pub.cambridgeassociates.cloud/ Page URL
  2. https://ca-support-prod.auth.us-east-1.amazoncognito.com/oauth2/authorize?redirect_uri=https%3A%2F%2Fsupport.pw.pub.cambridgeassociat... HTTP 302
    https://login.microsoftonline.com/4b1c6b54-4031-481e-b9c8-9000b4e3b2c2/oauth2/v2.0/authorize?client_id=24f53a5... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Page Statistics

23
Requests

100 %
HTTPS

0 %
IPv6

8
Domains

8
Subdomains

7
IPs

5
Countries

1331 kB
Transfer

4821 kB
Size

13
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://support.pw.pub.cambridgeassociates.cloud/ Page URL
  2. https://ca-support-prod.auth.us-east-1.amazoncognito.com/oauth2/authorize?redirect_uri=https%3A%2F%2Fsupport.pw.pub.cambridgeassociates.cloud&response_type=code&client_id=6pq6h9h9gti5q9k04r61udve3g&identity_provider=azure&scope=openid&state=NgSBTGJQ4AGCnxuZmb9Mxoz1jkmre6s5&code_challenge=XjC9PNZvfMuFZKt1fDOLsIkpLHpy7AOg9827FiaOyqs&code_challenge_method=S256 HTTP 302
    https://login.microsoftonline.com/4b1c6b54-4031-481e-b9c8-9000b4e3b2c2/oauth2/v2.0/authorize?client_id=24f53a55-bdb2-412a-8a0d-4b4d14e0fd26&redirect_uri=https%3A%2F%2Fca-support-prod.auth.us-east-1.amazoncognito.com%2Foauth2%2Fidpresponse&scope=openid+email+profile&response_type=code&state=H4sIAAAAAAAAAD2RW4_aMBBG_4ufSTb3C29AlnuAEKBAVSHbuYfEJrbDQtX_Xq9U9e1I852Z0cxvAMEQCKakkHFFvz1KWLxmpM7AACBZgW_RpZKxZIc-nMIv_JyX9sOvNatzdJH0qZnLQCIDBeeUDT8-mKCUdFylT5UKpGLYoK5McjmCEVxCnjIV34lIpJZKDZPke0QmcbsIJhJzMPwJCE3bMgG_BqCQlU0ejw-zZWSNZpP2S1wb5Idf5K1XddOlDrOlVcrYuZr4u821z0Ixva64ngXbNVvUdD2nL3e0zX3PcKcl3L4eTBqVNGLDdiTWEq1uf75HK2aUx1O2PM3ONVk0iJiXwHRFnET4cxnuw35zmEXxJ4twOqlX610wNRXUVEeDazuTOOg0rW4japacnk5jgfavNe_F2Y9hkdzLK3TGR_70RICUttfncWmhxYH2Qa_Ele4Vu3m4MQLRrzW_rX9gFPHb5HhL0aWah-hJlqPLa9H2y5Hc-P59Oqj8O7ZCO5KoUPBC_f9NFTbwTVpM8rbkRMWkkVoDhrprmp7n2rY9ABQMM3hn6QB0sh_yEuzpnqMYGnIUCyZYgb6GFIQsR8O66yLogj9_AbXJYGU1AgAA.H4sIAAAAAAAAAAv9IL74MNfzrF0Mvn8WrpevqNb2bzG--k9Mc8OqnuYNHpIAYfy36SAAAAA.4 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

23 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
/
support.pw.pub.cambridgeassociates.cloud/
29 KB
4 KB
Document
General
Full URL
https://support.pw.pub.cambridgeassociates.cloud/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.222.214.112 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-214-112.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
8983d23ee15fce07bcabb9119c962c0ec38399ce73e325aa1fce25deb15256ff

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

age
10312
content-encoding
gzip
content-type
text/html
date
Wed, 11 Dec 2024 03:25:53 GMT
etag
W/"135df8e87ef125806b589bb0db9470c4"
last-modified
Thu, 15 Aug 2024 20:16:06 GMT
server
AmazonS3
vary
accept-encoding
via
1.1 920a6dce56a0ee957dbaa3bf4429f8fe.cloudfront.net (CloudFront)
x-amz-cf-id
P9N0esJauds7mLJUR-Xi6DFzFNHBRYEm5HgBjWtcX1tqYfpJLWJ68Q==
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
x-amz-version-id
snfhLuthoGL.mi5anXwmTv2jfS.SHYOi
x-cache
Hit from cloudfront
all.css
use.fontawesome.com/releases/v5.5.0/css/
50 KB
12 KB
Stylesheet
General
Full URL
https://use.fontawesome.com/releases/v5.5.0/css/all.css
Requested by
Host: support.pw.pub.cambridgeassociates.cloud
URL: https://support.pw.pub.cambridgeassociates.cloud/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.21.27.152 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9e4cac65c7a5ee0bd0743afefcabdd3e73854e1284ac9ac433813d6231f550f2

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://support.pw.pub.cambridgeassociates.cloud
Referer
https://support.pw.pub.cambridgeassociates.cloud/

Response headers

cache-control
max-age=31556926
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
zstd
cf-cache-status
MISS
etag
W/"1cc6c92172d124fbd305ba3d8e263333"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OldIE87kuaT6QPt1%2FtTvmG0qwgfmDPgYDUNCCEAun8BAVf9rBuddNjPZ5kAfiV7%2BkpKSj7lJR0X4ZcqGQ8xZLLHyKf7F%2BAB2c5DJ26rnKhHkHUygK32laZnVT%2F4KkQ10lBMYkhXE"}],"group":"cf-nel","max_age":604800}
cf-ray
8f025ebb0a32bb79-FRA
access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=TCP&rtt=1520&min_rtt=949&rtt_var=1222&sent=7&recv=10&lost=0&retrans=0&sent_bytes=4033&recv_bytes=2264&delivery_rate=4374622&cwnd=254&unsent_bytes=0&cid=8397b50de8f10635&ts=161&x=0"
date
Wed, 11 Dec 2024 03:25:53 GMT
content-type
text/css
last-modified
Fri, 22 Sep 2023 01:45:37 GMT
vary
Origin, Accept-Encoding
server
cloudflare
runtime.31b8fe8048b9c7df.js
support.pw.pub.cambridgeassociates.cloud/
1 KB
1 KB
Script
General
Full URL
https://support.pw.pub.cambridgeassociates.cloud/runtime.31b8fe8048b9c7df.js
Requested by
Host: support.pw.pub.cambridgeassociates.cloud
URL: https://support.pw.pub.cambridgeassociates.cloud/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.222.214.112 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-214-112.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
6345abc75184dd877c77f97c9263cce1bfaaa115fef618e7b9168487e1457e12

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://support.pw.pub.cambridgeassociates.cloud
Referer
https://support.pw.pub.cambridgeassociates.cloud/

Response headers

vary
accept-encoding
content-encoding
br
etag
W/"5d0f3cc47ca64a795d84884fb8b2272c"
x-amz-version-id
et5H2Nhog_1Vz06qCRAhh_2q.XVqeqsy
via
1.1 920a6dce56a0ee957dbaa3bf4429f8fe.cloudfront.net (CloudFront)
x-cache
Miss from cloudfront
x-amz-cf-id
iDo5K4yEZRc6wJlEHK6tkWgWqWedtqwAx4cLL3CgzeKikCrK1rJm2Q==
date
Wed, 11 Dec 2024 03:25:55 GMT
content-type
application/javascript
last-modified
Thu, 15 Aug 2024 20:16:07 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
polyfills.d6a14a9076dbba65.js
support.pw.pub.cambridgeassociates.cloud/
145 KB
52 KB
Script
General
Full URL
https://support.pw.pub.cambridgeassociates.cloud/polyfills.d6a14a9076dbba65.js
Requested by
Host: support.pw.pub.cambridgeassociates.cloud
URL: https://support.pw.pub.cambridgeassociates.cloud/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.222.214.112 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-214-112.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
f0e013d80fe46ce1ad338712734241c67bdacc7f1f68ec40113a5cee696c4dce

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://support.pw.pub.cambridgeassociates.cloud
Referer
https://support.pw.pub.cambridgeassociates.cloud/

Response headers

vary
accept-encoding
content-encoding
br
etag
W/"15cd1d8b66300a5a4cd6293f25464384"
x-amz-version-id
ta5Ury6kh5Kl5dV4K5F7SddujSHlGhV2
via
1.1 920a6dce56a0ee957dbaa3bf4429f8fe.cloudfront.net (CloudFront)
x-cache
Miss from cloudfront
x-amz-cf-id
HHdBRZGRBqMmM2ue5vZcGxMjB6FWTjWAjdPijjBi-Gm4i-_61RCefA==
date
Wed, 11 Dec 2024 03:25:55 GMT
content-type
application/javascript
last-modified
Thu, 15 Aug 2024 20:16:08 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
scripts.b6c735f859c9d417.js
support.pw.pub.cambridgeassociates.cloud/
149 KB
50 KB
Script
General
Full URL
https://support.pw.pub.cambridgeassociates.cloud/scripts.b6c735f859c9d417.js
Requested by
Host: support.pw.pub.cambridgeassociates.cloud
URL: https://support.pw.pub.cambridgeassociates.cloud/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.222.214.112 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-214-112.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
dd05099b0bf693c3d39667074c20c232845ca983df98ace9a4a4c997c60c9dc4

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://support.pw.pub.cambridgeassociates.cloud/

Response headers

vary
accept-encoding
content-encoding
br
etag
W/"4f452239201b87793dc95c1bef3a793c"
x-amz-version-id
xSEwh3Jwk1CqdxNaTYyWa821lYZWuENi
via
1.1 920a6dce56a0ee957dbaa3bf4429f8fe.cloudfront.net (CloudFront)
x-cache
Miss from cloudfront
x-amz-cf-id
8rCVtKPKdcfhE8CT24rBG6I32XJwjr6Or9WXYyXlHOIk538UZ5Mdgw==
date
Wed, 11 Dec 2024 03:25:55 GMT
content-type
application/javascript
last-modified
Thu, 15 Aug 2024 20:16:08 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
main.6b05e3d2be139650.js
support.pw.pub.cambridgeassociates.cloud/
2 MB
536 KB
Script
General
Full URL
https://support.pw.pub.cambridgeassociates.cloud/main.6b05e3d2be139650.js
Requested by
Host: support.pw.pub.cambridgeassociates.cloud
URL: https://support.pw.pub.cambridgeassociates.cloud/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.222.214.112 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-214-112.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
2e12d042887febc613e1e5c6c848dda188cbf347e0a34defed1df1469e897a72

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://support.pw.pub.cambridgeassociates.cloud
Referer
https://support.pw.pub.cambridgeassociates.cloud/

Response headers

vary
accept-encoding
content-encoding
br
etag
W/"686b15dc0c2a2535cbddc432edcb2831"
x-amz-version-id
porYKiAnPnmVVa2im9o7BNSvPhX8Al6W
via
1.1 920a6dce56a0ee957dbaa3bf4429f8fe.cloudfront.net (CloudFront)
x-cache
Miss from cloudfront
x-amz-cf-id
Eazy8xy67lqVxO1_YtPd8qSEza6b33hKkgZJHXud_vjldOM3A_iXcA==
date
Wed, 11 Dec 2024 03:25:55 GMT
content-type
application/javascript
last-modified
Thu, 15 Aug 2024 20:16:08 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
styles.9674fa1932e7944c.css
support.pw.pub.cambridgeassociates.cloud/
958 KB
205 KB
Stylesheet
General
Full URL
https://support.pw.pub.cambridgeassociates.cloud/styles.9674fa1932e7944c.css
Requested by
Host: support.pw.pub.cambridgeassociates.cloud
URL: https://support.pw.pub.cambridgeassociates.cloud/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.222.214.112 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-214-112.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
02391674983c7874d655f5fa93fba0ce95bd98a6dccde15983b41e0f3dddb15e

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://support.pw.pub.cambridgeassociates.cloud/

Response headers

vary
accept-encoding
content-encoding
br
etag
W/"91b8bfa55daf82a4aae41827101e25d4"
x-amz-version-id
FpYczv.vhsrknSD7u2o6rK.goiHjL4PP
via
1.1 920a6dce56a0ee957dbaa3bf4429f8fe.cloudfront.net (CloudFront)
x-cache
RefreshHit from cloudfront
x-amz-cf-id
Jx8nJ25ZsEguXqyPJ2sj0gNhX0uOiqL3WxKVJ71ZvpVh8VTaRqW60g==
date
Wed, 11 Dec 2024 03:25:55 GMT
content-type
text/css
last-modified
Thu, 15 Aug 2024 20:16:08 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-mu0SC55I.woff2
fonts.gstatic.com/s/opensans/v40/
42 KB
42 KB
Font
General
Full URL
https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-mu0SC55I.woff2
Requested by
Host: support.pw.pub.cambridgeassociates.cloud
URL: https://support.pw.pub.cambridgeassociates.cloud/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.195 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f3.1e100.net
Software
sffe /
Resource Hash
94a23e7f96fbde62943e5fc93c59212f68a57d2587fe51f056d20ce802e8249c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://support.pw.pub.cambridgeassociates.cloud
Referer
https://support.pw.pub.cambridgeassociates.cloud/

Response headers

age
522450
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options
nosniff
expires
Fri, 05 Dec 2025 02:18:23 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Thu, 05 Dec 2024 02:18:23 GMT
last-modified
Thu, 14 Dec 2023 02:05:10 GMT
content-type
font/woff2
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="apps-themes"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges
bytes
access-control-allow-origin
*
content-length
43068
x-xss-protection
0
server
sffe
config.json
support.pw.pub.cambridgeassociates.cloud/static/json/
349 B
743 B
XHR
General
Full URL
https://support.pw.pub.cambridgeassociates.cloud/static/json/config.json?random=1733887554897
Requested by
Host: support.pw.pub.cambridgeassociates.cloud
URL: https://support.pw.pub.cambridgeassociates.cloud/polyfills.d6a14a9076dbba65.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.222.214.112 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-214-112.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
05c887eee57095ddb87852866a546d05632339eadd71cfad8918899ff4a56e96

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept
application/json, text/plain, */*
Referer
https://support.pw.pub.cambridgeassociates.cloud/

Response headers

x-amz-version-id
IFtCsCKQbaYKAUIbj_49XAfJlbBa4gGN
etag
"397e03e0a52b46457c852d676567eedd"
via
1.1 920a6dce56a0ee957dbaa3bf4429f8fe.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Miss from cloudfront
content-length
349
x-amz-cf-id
he5FZAB1CxMdAqeANBFSoI1IO-tDUsuGCPlRLpryiOYZ-RkHGZLETQ==
date
Wed, 11 Dec 2024 03:25:56 GMT
content-type
binary/octet-stream
last-modified
Thu, 15 Aug 2024 20:16:39 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
aws.json
support.pw.pub.cambridgeassociates.cloud/static/json/
303 B
696 B
XHR
General
Full URL
https://support.pw.pub.cambridgeassociates.cloud/static/json/aws.json
Requested by
Host: support.pw.pub.cambridgeassociates.cloud
URL: https://support.pw.pub.cambridgeassociates.cloud/polyfills.d6a14a9076dbba65.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.222.214.112 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-214-112.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept
application/json, text/plain, */*
Referer
https://support.pw.pub.cambridgeassociates.cloud/

Response headers

x-amz-version-id
ZoflpuIU9aVmHOvFxewsYiqnZjxWWSvO
etag
"8cf67505a178fa06c398e54b125d1e65"
via
1.1 920a6dce56a0ee957dbaa3bf4429f8fe.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Miss from cloudfront
content-length
303
x-amz-cf-id
C3_hwceWyRI-KYWMMGZcJvbl4OHYZlr3g0lGImo0fV_SkPKqN13A7A==
date
Wed, 11 Dec 2024 03:25:56 GMT
content-type
binary/octet-stream
last-modified
Thu, 15 Aug 2024 20:16:43 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
favicon.ico
support.pw.pub.cambridgeassociates.cloud/
4 KB
4 KB
Other
General
Full URL
https://support.pw.pub.cambridgeassociates.cloud/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.222.214.112 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-214-112.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://support.pw.pub.cambridgeassociates.cloud/

Response headers

x-amz-version-id
CVe0ql4xsKiq1jW62ipO2dss8wzNRXEK
etag
"dc0b4498ad2b37da968414d7d8457a2e"
via
1.1 920a6dce56a0ee957dbaa3bf4429f8fe.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Miss from cloudfront
content-length
3638
x-amz-cf-id
w7lC7zsTOSnoisu-H5fYOBRtOTMHMlcIxeHR5EboixbuVQUmi9uovg==
date
Wed, 11 Dec 2024 03:25:56 GMT
content-type
image/vnd.microsoft.icon
last-modified
Thu, 15 Aug 2024 20:16:08 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
Primary Request authorize
login.microsoftonline.com/4b1c6b54-4031-481e-b9c8-9000b4e3b2c2/oauth2/v2.0/
Redirect Chain
  • https://ca-support-prod.auth.us-east-1.amazoncognito.com/oauth2/authorize?redirect_uri=https%3A%2F%2Fsupport.pw.pub.cambridgeassociates.cloud&response_type=code&client_id=6pq6h9h9gti5q9k04r61udve3g...
  • https://login.microsoftonline.com/4b1c6b54-4031-481e-b9c8-9000b4e3b2c2/oauth2/v2.0/authorize?client_id=24f53a55-bdb2-412a-8a0d-4b4d14e0fd26&redirect_uri=https%3A%2F%2Fca-support-prod.auth.us-east-1...
48 KB
19 KB
Document
General
Full URL
https://login.microsoftonline.com/4b1c6b54-4031-481e-b9c8-9000b4e3b2c2/oauth2/v2.0/authorize?client_id=24f53a55-bdb2-412a-8a0d-4b4d14e0fd26&redirect_uri=https%3A%2F%2Fca-support-prod.auth.us-east-1.amazoncognito.com%2Foauth2%2Fidpresponse&scope=openid+email+profile&response_type=code&state=H4sIAAAAAAAAAD2RW4_aMBBG_4ufSTb3C29AlnuAEKBAVSHbuYfEJrbDQtX_Xq9U9e1I852Z0cxvAMEQCKakkHFFvz1KWLxmpM7AACBZgW_RpZKxZIc-nMIv_JyX9sOvNatzdJH0qZnLQCIDBeeUDT8-mKCUdFylT5UKpGLYoK5McjmCEVxCnjIV34lIpJZKDZPke0QmcbsIJhJzMPwJCE3bMgG_BqCQlU0ejw-zZWSNZpP2S1wb5Idf5K1XddOlDrOlVcrYuZr4u821z0Ixva64ngXbNVvUdD2nL3e0zX3PcKcl3L4eTBqVNGLDdiTWEq1uf75HK2aUx1O2PM3ONVk0iJiXwHRFnET4cxnuw35zmEXxJ4twOqlX610wNRXUVEeDazuTOOg0rW4japacnk5jgfavNe_F2Y9hkdzLK3TGR_70RICUttfncWmhxYH2Qa_Ele4Vu3m4MQLRrzW_rX9gFPHb5HhL0aWah-hJlqPLa9H2y5Hc-P59Oqj8O7ZCO5KoUPBC_f9NFTbwTVpM8rbkRMWkkVoDhrprmp7n2rY9ABQMM3hn6QB0sh_yEuzpnqMYGnIUCyZYgb6GFIQsR8O66yLogj9_AbXJYGU1AgAA.H4sIAAAAAAAAAAv9IL74MNfzrF0Mvn8WrpevqNb2bzG--k9Mc8OqnuYNHpIAYfy36SAAAAA.4
Requested by
Host: support.pw.pub.cambridgeassociates.cloud
URL: https://support.pw.pub.cambridgeassociates.cloud/main.6b05e3d2be139650.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
40.126.32.140 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
f7a81ce8ad59f0da404a638c7233fb91f1683398845f9452b2f3e60c373e2a7e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://support.pw.pub.cambridgeassociates.cloud/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

cache-control
no-store, no-cache
content-encoding
gzip
content-length
16981
content-security-policy-report-only
object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-HiOltzyA4RqUWQRC-3NrPg' 'unsafe-inline' 'unsafe-eval' https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; img-src 'self' data: https://*.msauth.net https://*.msftauth.net https://*.msftauthimages.net https://*.msauthimages.net https://*.msidentity.com https://*.microsoftonline-p.com https://*.microsoftazuread-sso.com https://*.azureedge.net https://*.outlook.com https://*.office.com https://*.office365.com https://*.microsoft.com https://*.bing.com 'report-sample'; report-uri https://csp.microsoft.com/report/ESTS-UX-All
content-type
text/html; charset=utf-8
date
Wed, 11 Dec 2024 03:25:56 GMT
expires
-1
link
<https://aadcdn.msauth.net>; rel=preconnect; crossorigin,<https://aadcdn.msauth.net>; rel=dns-prefetch,<https://aadcdn.msftauth.net>; rel=dns-prefetch
nel
{"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
p3p
CP="DSP CUR OTPi IND OTRi ONL FIN"
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
report-to
{"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+ams2"}]}
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
x-content-type-options
nosniff
x-dns-prefetch-control
on
x-frame-options
DENY
x-ms-ests-server
2.1.19683.3 - EUS ProdSlices
x-ms-request-id
e9c78e7b-2e89-4b63-860b-c6a0f7910100
x-ms-srs
1.P
x-xss-protection
0

Redirect headers

cache-control
no-cache, no-store, max-age=0, must-revalidate
content-length
0
date
Wed, 11 Dec 2024 03:25:55 GMT
location
https://login.microsoftonline.com/4b1c6b54-4031-481e-b9c8-9000b4e3b2c2/oauth2/v2.0/authorize?client_id=24f53a55-bdb2-412a-8a0d-4b4d14e0fd26&redirect_uri=https%3A%2F%2Fca-support-prod.auth.us-east-1.amazoncognito.com%2Foauth2%2Fidpresponse&scope=openid+email+profile&response_type=code&state=H4sIAAAAAAAAAD2RW4_aMBBG_4ufSTb3C29AlnuAEKBAVSHbuYfEJrbDQtX_Xq9U9e1I852Z0cxvAMEQCKakkHFFvz1KWLxmpM7AACBZgW_RpZKxZIc-nMIv_JyX9sOvNatzdJH0qZnLQCIDBeeUDT8-mKCUdFylT5UKpGLYoK5McjmCEVxCnjIV34lIpJZKDZPke0QmcbsIJhJzMPwJCE3bMgG_BqCQlU0ejw-zZWSNZpP2S1wb5Idf5K1XddOlDrOlVcrYuZr4u821z0Ixva64ngXbNVvUdD2nL3e0zX3PcKcl3L4eTBqVNGLDdiTWEq1uf75HK2aUx1O2PM3ONVk0iJiXwHRFnET4cxnuw35zmEXxJ4twOqlX610wNRXUVEeDazuTOOg0rW4japacnk5jgfavNe_F2Y9hkdzLK3TGR_70RICUttfncWmhxYH2Qa_Ele4Vu3m4MQLRrzW_rX9gFPHb5HhL0aWah-hJlqPLa9H2y5Hc-P59Oqj8O7ZCO5KoUPBC_f9NFTbwTVpM8rbkRMWkkVoDhrprmp7n2rY9ABQMM3hn6QB0sh_yEuzpnqMYGnIUCyZYgb6GFIQsR8O66yLogj9_AbXJYGU1AgAA.H4sIAAAAAAAAAAv9IL74MNfzrF0Mvn8WrpevqNb2bzG--k9Mc8OqnuYNHpIAYfy36SAAAAA.4
pragma
no-cache
server
Server
strict-transport-security
max-age=31536000 ; includeSubDomains
x-amz-cognito-request-id
b8dc8186-20b6-4adc-a90b-bb460c177ba7
x-content-type-options
nosniff
x-frame-options
DENY
x-xss-protection
1; mode=block
ca-logo.04ff1ddeb9fa91df.png
support.pw.pub.cambridgeassociates.cloud/
2 KB
2 KB
Image
General
Full URL
https://support.pw.pub.cambridgeassociates.cloud/ca-logo.04ff1ddeb9fa91df.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.222.214.112 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-214-112.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://support.pw.pub.cambridgeassociates.cloud/

Response headers

x-amz-version-id
dlsZ1YBiyY5BW08_JKuOKqYbcr2aJSNR
etag
"dde583cd31e2cefbca9a26431c558968"
via
1.1 920a6dce56a0ee957dbaa3bf4429f8fe.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Miss from cloudfront
content-length
1926
x-amz-cf-id
0w0EAPQtYOzhQbOmFJ9qiRCwT6SnonF46pECG1rOcggbCSfuzePYIw==
date
Wed, 11 Dec 2024 03:25:56 GMT
content-type
image/png
last-modified
Thu, 15 Aug 2024 20:16:06 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-P3
x-amz-server-side-encryption
AES256
converged.v2.login.min_81imvbluez-v5hbzpkxfcg2.css
aadcdn.msauth.net/ests/2.1/content/cdnbundles/
111 KB
20 KB
Stylesheet
General
Full URL
https://aadcdn.msauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_81imvbluez-v5hbzpkxfcg2.css
Requested by
Host: login.microsoftonline.com
URL: https://login.microsoftonline.com/4b1c6b54-4031-481e-b9c8-9000b4e3b2c2/oauth2/v2.0/authorize?client_id=24f53a55-bdb2-412a-8a0d-4b4d14e0fd26&redirect_uri=https%3A%2F%2Fca-support-prod.auth.us-east-1.amazoncognito.com%2Foauth2%2Fidpresponse&scope=openid+email+profile&response_type=code&state=H4sIAAAAAAAAAD2RW4_aMBBG_4ufSTb3C29AlnuAEKBAVSHbuYfEJrbDQtX_Xq9U9e1I852Z0cxvAMEQCKakkHFFvz1KWLxmpM7AACBZgW_RpZKxZIc-nMIv_JyX9sOvNatzdJH0qZnLQCIDBeeUDT8-mKCUdFylT5UKpGLYoK5McjmCEVxCnjIV34lIpJZKDZPke0QmcbsIJhJzMPwJCE3bMgG_BqCQlU0ejw-zZWSNZpP2S1wb5Idf5K1XddOlDrOlVcrYuZr4u821z0Ixva64ngXbNVvUdD2nL3e0zX3PcKcl3L4eTBqVNGLDdiTWEq1uf75HK2aUx1O2PM3ONVk0iJiXwHRFnET4cxnuw35zmEXxJ4twOqlX610wNRXUVEeDazuTOOg0rW4japacnk5jgfavNe_F2Y9hkdzLK3TGR_70RICUttfncWmhxYH2Qa_Ele4Vu3m4MQLRrzW_rX9gFPHb5HhL0aWah-hJlqPLa9H2y5Hc-P59Oqj8O7ZCO5KoUPBC_f9NFTbwTVpM8rbkRMWkkVoDhrprmp7n2rY9ABQMM3hn6QB0sh_yEuzpnqMYGnIUCyZYgb6GFIQsR8O66yLogj9_AbXJYGU1AgAA.H4sIAAAAAAAAAAv9IL74MNfzrF0Mvn8WrpevqNb2bzG--k9Mc8OqnuYNHpIAYfy36SAAAAA.4
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
13.107.246.45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
6cc79c59f00478ce5d8eaa982efdd8fc3cc205a7ea023a564bb2688fa206a087

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://login.microsoftonline.com
Referer
https://login.microsoftonline.com/

Response headers

access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
x-ms-version
2009-09-19
etag
0x8DCFFB21E496F3A
x-ms-lease-status
unlocked
x-fd-int-roxy-purgeid
0
x-cache
TCP_HIT
date
Wed, 11 Dec 2024 03:25:56 GMT
content-type
text/css
last-modified
Fri, 08 Nov 2024 04:59:25 GMT
cache-control
public, max-age=31536000
x-ms-request-id
3fd8e526-901e-007a-51f7-4ae1bb000000
accept-ranges
bytes
access-control-allow-origin
*
content-length
20410
x-azure-ref
20241211T032556Z-r1bf9c55697gxlm5hC1FRA6das00000001h000000000c81s
x-ms-blob-type
BlockBlob
ConvergedLogin_PCore_kAx9qZOSH4g90FNHstHMCA2.js
aadcdn.msauth.net/shared/1.0/content/js/
440 KB
120 KB
Script
General
Full URL
https://aadcdn.msauth.net/shared/1.0/content/js/ConvergedLogin_PCore_kAx9qZOSH4g90FNHstHMCA2.js
Requested by
Host: login.microsoftonline.com
URL: https://login.microsoftonline.com/4b1c6b54-4031-481e-b9c8-9000b4e3b2c2/oauth2/v2.0/authorize?client_id=24f53a55-bdb2-412a-8a0d-4b4d14e0fd26&redirect_uri=https%3A%2F%2Fca-support-prod.auth.us-east-1.amazoncognito.com%2Foauth2%2Fidpresponse&scope=openid+email+profile&response_type=code&state=H4sIAAAAAAAAAD2RW4_aMBBG_4ufSTb3C29AlnuAEKBAVSHbuYfEJrbDQtX_Xq9U9e1I852Z0cxvAMEQCKakkHFFvz1KWLxmpM7AACBZgW_RpZKxZIc-nMIv_JyX9sOvNatzdJH0qZnLQCIDBeeUDT8-mKCUdFylT5UKpGLYoK5McjmCEVxCnjIV34lIpJZKDZPke0QmcbsIJhJzMPwJCE3bMgG_BqCQlU0ejw-zZWSNZpP2S1wb5Idf5K1XddOlDrOlVcrYuZr4u821z0Ixva64ngXbNVvUdD2nL3e0zX3PcKcl3L4eTBqVNGLDdiTWEq1uf75HK2aUx1O2PM3ONVk0iJiXwHRFnET4cxnuw35zmEXxJ4twOqlX610wNRXUVEeDazuTOOg0rW4japacnk5jgfavNe_F2Y9hkdzLK3TGR_70RICUttfncWmhxYH2Qa_Ele4Vu3m4MQLRrzW_rX9gFPHb5HhL0aWah-hJlqPLa9H2y5Hc-P59Oqj8O7ZCO5KoUPBC_f9NFTbwTVpM8rbkRMWkkVoDhrprmp7n2rY9ABQMM3hn6QB0sh_yEuzpnqMYGnIUCyZYgb6GFIQsR8O66yLogj9_AbXJYGU1AgAA.H4sIAAAAAAAAAAv9IL74MNfzrF0Mvn8WrpevqNb2bzG--k9Mc8OqnuYNHpIAYfy36SAAAAA.4
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
13.107.246.45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
3bb35e786c5ef0186c1202ce43b9745d0ea7315c2158259bdfbdf9cc028780c6

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://login.microsoftonline.com
Referer
https://login.microsoftonline.com/

Response headers

access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
x-ms-version
2009-09-19
etag
0x8DD0A95D1F56318
x-ms-lease-status
unlocked
x-fd-int-roxy-purgeid
4554691
x-cache
TCP_HIT
date
Wed, 11 Dec 2024 03:25:56 GMT
content-type
application/x-javascript
last-modified
Fri, 22 Nov 2024 01:34:34 GMT
cache-control
public, max-age=31536000
x-ms-request-id
1714d48a-301e-004f-650d-4bb202000000
accept-ranges
bytes
access-control-allow-origin
*
content-length
122515
x-azure-ref
20241211T032556Z-r1bf9c55697gxlm5hC1FRA6das00000001h000000000c81t
x-ms-blob-type
BlockBlob
ux.converged.login.strings-de.min_jtrkqqoseo84fk0jpgcina2.js
aadcdn.msauth.net/ests/2.1/content/cdnbundles/
63 KB
18 KB
Script
General
Full URL
https://aadcdn.msauth.net/ests/2.1/content/cdnbundles/ux.converged.login.strings-de.min_jtrkqqoseo84fk0jpgcina2.js
Requested by
Host: login.microsoftonline.com
URL: https://login.microsoftonline.com/4b1c6b54-4031-481e-b9c8-9000b4e3b2c2/oauth2/v2.0/authorize?client_id=24f53a55-bdb2-412a-8a0d-4b4d14e0fd26&redirect_uri=https%3A%2F%2Fca-support-prod.auth.us-east-1.amazoncognito.com%2Foauth2%2Fidpresponse&scope=openid+email+profile&response_type=code&state=H4sIAAAAAAAAAD2RW4_aMBBG_4ufSTb3C29AlnuAEKBAVSHbuYfEJrbDQtX_Xq9U9e1I852Z0cxvAMEQCKakkHFFvz1KWLxmpM7AACBZgW_RpZKxZIc-nMIv_JyX9sOvNatzdJH0qZnLQCIDBeeUDT8-mKCUdFylT5UKpGLYoK5McjmCEVxCnjIV34lIpJZKDZPke0QmcbsIJhJzMPwJCE3bMgG_BqCQlU0ejw-zZWSNZpP2S1wb5Idf5K1XddOlDrOlVcrYuZr4u821z0Ixva64ngXbNVvUdD2nL3e0zX3PcKcl3L4eTBqVNGLDdiTWEq1uf75HK2aUx1O2PM3ONVk0iJiXwHRFnET4cxnuw35zmEXxJ4twOqlX610wNRXUVEeDazuTOOg0rW4japacnk5jgfavNe_F2Y9hkdzLK3TGR_70RICUttfncWmhxYH2Qa_Ele4Vu3m4MQLRrzW_rX9gFPHb5HhL0aWah-hJlqPLa9H2y5Hc-P59Oqj8O7ZCO5KoUPBC_f9NFTbwTVpM8rbkRMWkkVoDhrprmp7n2rY9ABQMM3hn6QB0sh_yEuzpnqMYGnIUCyZYgb6GFIQsR8O66yLogj9_AbXJYGU1AgAA.H4sIAAAAAAAAAAv9IL74MNfzrF0Mvn8WrpevqNb2bzG--k9Mc8OqnuYNHpIAYfy36SAAAAA.4
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
13.107.246.45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
d56a1462121f73741276881b4d9fcea3c8b2a89fc38e8eb64eb69743b4e24b96

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://login.microsoftonline.com
Referer
https://login.microsoftonline.com/

Response headers

access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
x-ms-version
2009-09-19
etag
0x8DCF86B2397F02E
x-ms-lease-status
unlocked
x-fd-int-roxy-purgeid
0
x-cache
TCP_HIT
date
Wed, 11 Dec 2024 03:25:56 GMT
content-type
application/x-javascript
last-modified
Tue, 29 Oct 2024 22:43:42 GMT
cache-control
public, max-age=31536000
x-ms-request-id
807f8bd4-601e-0041-31f7-4aa41f000000
accept-ranges
bytes
access-control-allow-origin
*
content-length
18023
x-azure-ref
20241211T032556Z-r1bf9c55697gxlm5hC1FRA6das00000001h000000000c81u
x-ms-blob-type
BlockBlob
Me.htm
login.live.com/
0
0
Other
General
Full URL
https://login.live.com/Me.htm?v=3
Requested by
Host: login.microsoftonline.com
URL: https://login.microsoftonline.com/4b1c6b54-4031-481e-b9c8-9000b4e3b2c2/oauth2/v2.0/authorize?client_id=24f53a55-bdb2-412a-8a0d-4b4d14e0fd26&redirect_uri=https%3A%2F%2Fca-support-prod.auth.us-east-1.amazoncognito.com%2Foauth2%2Fidpresponse&scope=openid+email+profile&response_type=code&state=H4sIAAAAAAAAAD2RW4_aMBBG_4ufSTb3C29AlnuAEKBAVSHbuYfEJrbDQtX_Xq9U9e1I852Z0cxvAMEQCKakkHFFvz1KWLxmpM7AACBZgW_RpZKxZIc-nMIv_JyX9sOvNatzdJH0qZnLQCIDBeeUDT8-mKCUdFylT5UKpGLYoK5McjmCEVxCnjIV34lIpJZKDZPke0QmcbsIJhJzMPwJCE3bMgG_BqCQlU0ejw-zZWSNZpP2S1wb5Idf5K1XddOlDrOlVcrYuZr4u821z0Ixva64ngXbNVvUdD2nL3e0zX3PcKcl3L4eTBqVNGLDdiTWEq1uf75HK2aUx1O2PM3ONVk0iJiXwHRFnET4cxnuw35zmEXxJ4twOqlX610wNRXUVEeDazuTOOg0rW4japacnk5jgfavNe_F2Y9hkdzLK3TGR_70RICUttfncWmhxYH2Qa_Ele4Vu3m4MQLRrzW_rX9gFPHb5HhL0aWah-hJlqPLa9H2y5Hc-P59Oqj8O7ZCO5KoUPBC_f9NFTbwTVpM8rbkRMWkkVoDhrprmp7n2rY9ABQMM3hn6QB0sh_yEuzpnqMYGnIUCyZYgb6GFIQsR8O66yLogj9_AbXJYGU1AgAA.H4sIAAAAAAAAAAv9IL74MNfzrF0Mvn8WrpevqNb2bzG--k9Mc8OqnuYNHpIAYfy36SAAAAA.4
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.190.159.71 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://login.microsoftonline.com/

Response headers

oneDs_f2e0f4a029670f10d892.js
aadcdn.msauth.net/shared/1.0/content/js/
186 KB
60 KB
Script
General
Full URL
https://aadcdn.msauth.net/shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.js
Requested by
Host: aadcdn.msauth.net
URL: https://aadcdn.msauth.net/shared/1.0/content/js/ConvergedLogin_PCore_kAx9qZOSH4g90FNHstHMCA2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
13.107.246.45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
8405362eb8f09df13ae244de155b51b1577274673d9728b6c81cd0278a63c8b0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://login.microsoftonline.com/

Response headers

access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
x-ms-version
2009-09-19
etag
0x8DB5D44A8CEE4F4
x-ms-lease-status
unlocked
x-fd-int-roxy-purgeid
0
x-cache
TCP_HIT
date
Wed, 11 Dec 2024 03:25:56 GMT
content-type
application/x-javascript
last-modified
Thu, 25 May 2023 17:22:47 GMT
cache-control
public, max-age=31536000
x-ms-request-id
39b7f251-f01e-0015-3bf7-4aa35a000000
accept-ranges
bytes
access-control-allow-origin
*
content-length
61052
x-azure-ref
20241211T032556Z-r1bf9c55697nqp5phC1FRAtx640000000250000000008rd1
x-ms-blob-type
BlockBlob
convergedlogin_pcustomizationloader_27cef08ca792f8e8b149.js
aadcdn.msauth.net/shared/1.0/content/js/asyncchunk/
397 KB
114 KB
Script
General
Full URL
https://aadcdn.msauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_27cef08ca792f8e8b149.js
Requested by
Host: aadcdn.msauth.net
URL: https://aadcdn.msauth.net/shared/1.0/content/js/ConvergedLogin_PCore_kAx9qZOSH4g90FNHstHMCA2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
13.107.246.45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
54b34ea260d9dcf6d7961a60c9b540673312a965f9ddc2f1ab9855d622bfa07c

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://login.microsoftonline.com/

Response headers

access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
x-ms-version
2009-09-19
etag
0x8DD05A546E5C15E
x-ms-lease-status
unlocked
x-fd-int-roxy-purgeid
0
x-cache
TCP_HIT
date
Wed, 11 Dec 2024 03:25:56 GMT
content-type
application/x-javascript
last-modified
Fri, 15 Nov 2024 18:42:37 GMT
cache-control
public, max-age=31536000
x-ms-request-id
4f80be0f-f01e-0043-3df7-4a1aa7000000
accept-ranges
bytes
access-control-allow-origin
*
content-length
116343
x-azure-ref
20241211T032556Z-r1bf9c55697nqp5phC1FRAtx640000000250000000008rd4
x-ms-blob-type
BlockBlob
favicon_a_eupayfgghqiai7k9sol6lg2.ico
aadcdn.msauth.net/shared/1.0/content/images/
17 KB
17 KB
Other
General
Full URL
https://aadcdn.msauth.net/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
13.107.246.45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://login.microsoftonline.com/

Response headers

access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version
2009-09-19
x-ms-lease-status
unlocked
etag
0x8D8731230C851A6
x-fd-int-roxy-purgeid
0
x-cache
TCP_HIT
date
Wed, 11 Dec 2024 03:25:56 GMT
content-type
image/x-icon
last-modified
Sun, 18 Oct 2020 03:02:03 GMT
cache-control
public, max-age=31536000
x-ms-request-id
68d18434-c01e-0053-4e04-4b97dd000000
accept-ranges
bytes
access-control-allow-origin
*
content-length
17174
x-azure-ref
20241211T032556Z-r1bf9c55697nqp5phC1FRAtx640000000250000000008rd7
x-ms-blob-type
BlockBlob
bannerlogo
aadcdn.msauthimages.net/dbd5a2dd-vkbk9efujdrcuo8w8d0hywc8hvvz3zk6leesiho6sxe/logintenantbranding/0/
16 KB
16 KB
Image
General
Full URL
https://aadcdn.msauthimages.net/dbd5a2dd-vkbk9efujdrcuo8w8d0hywc8hvvz3zk6leesiho6sxe/logintenantbranding/0/bannerlogo?ts=638600359402597895
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.21.175 , Germany, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/4C8C) /
Resource Hash
8ebf8ae74bfa24e9a24b273eb948ddb898736b8eaa898774916c8b5d39fea46f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://login.microsoftonline.com/

Response headers

content-md5
UzhUjeV+4B48H4ADxp3iiQ==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
x-ms-lease-status
unlocked
x-ms-version
2009-09-19
etag
0x8DCC3A4B819BA1A
age
6140
x-content-type-options
nosniff
x-cache
HIT
date
Wed, 11 Dec 2024 03:25:56 GMT
content-type
image/*
last-modified
Fri, 23 Aug 2024 18:52:21 GMT
cache-control
public, max-age=86400
x-ms-request-id
521098ea-e01e-0014-446e-4b0b8d000000
accept-ranges
bytes
access-control-allow-origin
*
content-length
16179
x-ms-blob-type
BlockBlob
server
ECAcc (frc/4C8C)
convergedlogin_pstringcustomizationhelper_cc2c59f5ef2c09e14b08.js
aadcdn.msauth.net/shared/1.0/content/js/asyncchunk/
111 KB
35 KB
Script
General
Full URL
https://aadcdn.msauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_cc2c59f5ef2c09e14b08.js
Requested by
Host: aadcdn.msauth.net
URL: https://aadcdn.msauth.net/shared/1.0/content/js/ConvergedLogin_PCore_kAx9qZOSH4g90FNHstHMCA2.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
13.107.246.45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
c30fd6bb912661057ec2eea9a2f135303a6d0f8d110bf11493b369286f0587ae

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://login.microsoftonline.com/

Response headers

access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
x-ms-version
2009-09-19
etag
0x8DD05A5479BC1A5
x-ms-lease-status
unlocked
x-fd-int-roxy-purgeid
0
x-cache
TCP_HIT
date
Wed, 11 Dec 2024 03:25:56 GMT
content-type
application/x-javascript
last-modified
Fri, 15 Nov 2024 18:42:38 GMT
cache-control
public, max-age=31536000
x-ms-request-id
9b79c837-a01e-0061-4bf7-4adfb8000000
accept-ranges
bytes
access-control-allow-origin
*
content-length
35170
x-azure-ref
20241211T032556Z-r1bf9c55697nqp5phC1FRAtx640000000250000000008rde
x-ms-blob-type
BlockBlob
signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg
aadcdn.msauth.net/shared/1.0/content/images/
2 KB
1 KB
Image
General
Full URL
https://aadcdn.msauth.net/shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
13.107.246.45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
8e6db1634f1812d42516778fc890010aa57f3e39914fb4803df2c38abbf56d93

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://login.microsoftonline.com/

Response headers

access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
x-ms-version
2009-09-19
etag
0x8DB5C3F49ED96E0
x-ms-lease-status
unlocked
x-fd-int-roxy-purgeid
0
x-cache
TCP_HIT
date
Wed, 11 Dec 2024 03:25:56 GMT
content-type
image/svg+xml
last-modified
Wed, 24 May 2023 10:11:49 GMT
cache-control
public, max-age=31536000
x-ms-request-id
eaaac603-201e-005b-26fb-4a8dd2000000
accept-ranges
bytes
access-control-allow-origin
*
content-length
621
x-azure-ref
20241211T032556Z-r1bf9c55697nqp5phC1FRAtx640000000250000000008rdy
x-ms-blob-type
BlockBlob

Verdicts & Comments Add Verdict or Comment

20 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| $Config object| $Debug object| $Do function| $Loader object| $WebWatson function| GetString function| GetErrorString function| GetUrl object| $B object| ServerData object| webpackJsonp object| ko object| PROOF object| StringRepository object| Telemetry object| telemetry_webpackJsonp boolean| __ConvergedLogin_PCore boolean| __ boolean| __convergedlogin_pcustomizationloader_27cef08ca792f8e8b149 boolean| __convergedlogin_pstringcustomizationhelper_cc2c59f5ef2c09e14b08

13 Cookies

Domain/Path Name / Value
ca-support-prod.auth.us-east-1.amazoncognito.com/ Name: XSRF-TOKEN
Value: f619fa6b-8fe2-473b-aef1-fdb2b8a18455
ca-support-prod.auth.us-east-1.amazoncognito.com/ Name: csrf-state
Value: 4rRXlQKs2iUVfJVGXkoImbo3YD37uSdQcEJMRMvNTGQSEsQceCkKLPDF3-bmjU2t0P3o6bVFj_Ap3itpVVBubRyLtvuX9SahdliZa6BUtw8uDb-nv1HSi4bITpvDv-Sj18hPHMN2DuvL09nkWcbQt_CU_ebYjHMbwoJAYyInvJA
ca-support-prod.auth.us-east-1.amazoncognito.com/ Name: csrf-state-legacy
Value: 4rRXlQKs2iUVfJVGXkoImbo3YD37uSdQcEJMRMvNTGQSEsQceCkKLPDF3-bmjU2t0P3o6bVFj_Ap3itpVVBubRyLtvuX9SahdliZa6BUtw8uDb-nv1HSi4bITpvDv-Sj18hPHMN2DuvL09nkWcbQt_CU_ebYjHMbwoJAYyInvJA
login.microsoftonline.com/ Name: buid
Value: 1.AUUAVGscSzFAHki5yJAAtOOywlU69SSyvSpBig1LTRTg_SZfAQBFAA.AQABGgEAAADW6jl31mB3T7ugrWTT8pFexaj1EEBzFrvS4ygqKwJpA6gweItmx57zG_LqMDoEq4uxSevJ715Zabjzs1jypL7a3KaDuMsKnrPGgJynOi7oTElFvuEbIUqoq6QEp5DUEV8gAA
.login.microsoftonline.com/ Name: esctx
Value: PAQABBwEAAADW6jl31mB3T7ugrWTT8pFefQhDJM7M4ZWj8b45yObATm5lfJKunvV50qdfgQk7EalVVVgHelwh1GLd8pagx45CgnSX2ws-S16ISOhQMB7HzPm0LfJEQIdzaO8TRAIzDP0aeKkfHEwP4xE2oX24eW_2C9gsP3Uutw_Hj8b--dqEg-jwvsiXOPgRlxk1M7j-hyogAA
.login.microsoftonline.com/ Name: esctx-5i34nK9tgVw
Value: AQABCQEAAADW6jl31mB3T7ugrWTT8pFeC4zfLDFesk418x1Q1-QjDIZbMR6423Wb3aNizJvhEsJkUVWGjQ01hqG2O54arE7bSJ7S8FSYm9NqxkAbWepHq28_a3vMmn0NEjXypH-130neNsOyhyC0z8lVNRW4K58_FxA29kgMj8ipY6qlhXdckiAA
login.microsoftonline.com/ Name: fpc
Value: AjuRnkxUP29PlQjRlDe113CNdEJ1AQAAAEP96t4OAAAA
login.microsoftonline.com/ Name: x-ms-gateway-slice
Value: estsfd
login.microsoftonline.com/ Name: stsservicecookie
Value: estsfd
login.microsoftonline.com/ Name: MicrosoftApplicationsTelemetryDeviceId
Value: 02d36573-e332-4169-a5fd-00958980845b
.login.microsoftonline.com/ Name: brcap
Value: 0
.login.live.com/ Name: uaid
Value: 3c122ed9f1594a85b66be133c7e12cff
.login.live.com/ Name: MSPRequ
Value: id=N&lt=1733887556&co=1

1 Console Messages

Source Level URL
Text
recommendation verbose URL: https://login.microsoftonline.com/4b1c6b54-4031-481e-b9c8-9000b4e3b2c2/oauth2/v2.0/authorize?client_id=24f53a55-bdb2-412a-8a0d-4b4d14e0fd26&redirect_uri=https%3A%2F%2Fca-support-prod.auth.us-east-1.amazoncognito.com%2Foauth2%2Fidpresponse&scope=openid+email+profile&response_type=code&state=H4sIAAAAAAAAAD2RW4_aMBBG_4ufSTb3C29AlnuAEKBAVSHbuYfEJrbDQtX_Xq9U9e1I852Z0cxvAMEQCKakkHFFvz1KWLxmpM7AACBZgW_RpZKxZIc-nMIv_JyX9sOvNatzdJH0qZnLQCIDBeeUDT8-mKCUdFylT5UKpGLYoK5McjmCEVxCnjIV34lIpJZKDZPke0QmcbsIJhJzMPwJCE3bMgG_BqCQlU0ejw-zZWSNZpP2S1wb5Idf5K1XddOlDrOlVcrYuZr4u821z0Ixva64ngXbNVvUdD2nL3e0zX3PcKcl3L4eTBqVNGLDdiTWEq1uf75HK2aUx1O2PM3ONVk0iJiXwHRFnET4cxnuw35zmEXxJ4twOqlX610wNRXUVEeDazuTOOg0rW4japacnk5jgfavNe_F2Y9hkdzLK3TGR_70RICUttfncWmhxYH2Qa_Ele4Vu3m4MQLRrzW_rX9gFPHb5HhL0aWah-hJlqPLa9H2y5Hc-P59Oqj8O7ZCO5KoUPBC_f9NFTbwTVpM8rbkRMWkkVoDhrprmp7n2rY9ABQMM3hn6QB0sh_yEuzpnqMYGnIUCyZYgb6GFIQsR8O66yLogj9_AbXJYGU1AgAA.H4sIAAAAAAAAAAv9IL74MNfzrF0Mvn8WrpevqNb2bzG--k9Mc8OqnuYNHpIAYfy36SAAAAA.4
Message:
[DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aadcdn.msauth.net
aadcdn.msauthimages.net
ca-support-prod.auth.us-east-1.amazoncognito.com
fonts.gstatic.com
login.live.com
login.microsoftonline.com
support.pw.pub.cambridgeassociates.cloud
use.fontawesome.com
104.21.27.152
13.107.246.45
142.250.185.195
152.199.21.175
20.190.159.71
40.126.32.140
52.222.214.112
54.82.38.204
02391674983c7874d655f5fa93fba0ce95bd98a6dccde15983b41e0f3dddb15e
05c887eee57095ddb87852866a546d05632339eadd71cfad8918899ff4a56e96
2e12d042887febc613e1e5c6c848dda188cbf347e0a34defed1df1469e897a72
3bb35e786c5ef0186c1202ce43b9745d0ea7315c2158259bdfbdf9cc028780c6
54b34ea260d9dcf6d7961a60c9b540673312a965f9ddc2f1ab9855d622bfa07c
6345abc75184dd877c77f97c9263cce1bfaaa115fef618e7b9168487e1457e12
6cc79c59f00478ce5d8eaa982efdd8fc3cc205a7ea023a564bb2688fa206a087
8405362eb8f09df13ae244de155b51b1577274673d9728b6c81cd0278a63c8b0
8983d23ee15fce07bcabb9119c962c0ec38399ce73e325aa1fce25deb15256ff
8e6db1634f1812d42516778fc890010aa57f3e39914fb4803df2c38abbf56d93
8ebf8ae74bfa24e9a24b273eb948ddb898736b8eaa898774916c8b5d39fea46f
90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21
94a23e7f96fbde62943e5fc93c59212f68a57d2587fe51f056d20ce802e8249c
9e4cac65c7a5ee0bd0743afefcabdd3e73854e1284ac9ac433813d6231f550f2
c30fd6bb912661057ec2eea9a2f135303a6d0f8d110bf11493b369286f0587ae
d56a1462121f73741276881b4d9fcea3c8b2a89fc38e8eb64eb69743b4e24b96
dd05099b0bf693c3d39667074c20c232845ca983df98ace9a4a4c997c60c9dc4
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f0e013d80fe46ce1ad338712734241c67bdacc7f1f68ec40113a5cee696c4dce
f7a81ce8ad59f0da404a638c7233fb91f1683398845f9452b2f3e60c373e2a7e