urlscan.io logo urlscan.io
SecurityTrails logo

ecomshop.promoda.ca Open in urlscan Pro
192.254.236.240  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: http://ecomshop.promoda.ca/wp-admin/schwab/index.html
Submission: On October 25 via automatic, source openphish — Scanned from CA
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 10 IPs in 1 countries across 7 domains to perform 20 HTTP transactions. The main IP is 192.254.236.240, located in United States and belongs to UNIFIEDLAYER-AS-1, US. The main domain is ecomshop.promoda.ca.
This is the only time ecomshop.promoda.ca was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Charles Schwab (Financial)

Domain & IP information

IP Address AS Autonomous System
2 192.254.236.240 46606 (UNIFIEDLA...)
1 23.73.242.191 16625 (AKAMAI-AS)
5 23.73.239.129 16625 (AKAMAI-AS)
1 2600:141b:13:... 20940 (AKAMAI-ASN1)
2 23.208.216.220 16625 (AKAMAI-AS)
1 2600:141b:13:... 20940 (AKAMAI-ASN1)
2 5 54.205.127.85 14618 (AMAZON-AES)
2 63.140.36.137 16509 (AMAZON-02)
1 23.55.243.213 20940 (AKAMAI-ASN1)
2 2 52.4.86.119 14618 (AMAZON-AES)
20 10
2    192.254.236.240 (United States)

ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: gator3275.hostgator.com
ecomshop.promoda.ca
1    23.73.242.191 (Edison, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-73-242-191.deploy.static.akamaitechnologies.com
client.schwabcdn.com
5    23.73.239.129 (Edison, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-73-239-129.deploy.static.akamaitechnologies.com
content.schwab.com
1    2600:141b:13:789::11a6 (Secaucus, United States)

ASN20940 (AKAMAI-ASN1, NL)
s.go-mpulse.net
2    23.208.216.220 (Edison, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-208-216-220.deploy.static.akamaitechnologies.com
tags.tiqcdn.com
1    2600:141b:13:68e::11a6 (Secaucus, United States)

ASN20940 (AKAMAI-ASN1, NL)
c.go-mpulse.net
5    54.205.127.85 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-205-127-85.compute-1.amazonaws.com
dpm.demdex.net
2    63.140.36.137 (United States)

ASN16509 (AMAZON-02, US)
PTR: ip-63-140-36-137.data.adobedc.net
metric.schwab.com
1    23.55.243.213 (Edison, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-55-243-213.deploy.static.akamaitechnologies.com
fast.schwab.demdex.net
2    52.4.86.119 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-4-86-119.compute-1.amazonaws.com
cm.everesttech.net
Apex Domain
Subdomains		 Transfer
7 schwab.com
content.schwab.com — Cisco Umbrella Rank: 36555
metric.schwab.com
163 KB
6 demdex.net
dpm.demdex.net — Cisco Umbrella Rank: 214
fast.schwab.demdex.net
8 KB
2 everesttech.net
cm.everesttech.net — Cisco Umbrella Rank: 1073
772 B
2 tiqcdn.com
tags.tiqcdn.com — Cisco Umbrella Rank: 968
89 KB
2 go-mpulse.net
s.go-mpulse.net — Cisco Umbrella Rank: 1300
c.go-mpulse.net — Cisco Umbrella Rank: 595
50 KB
2 promoda.ca
ecomshop.promoda.ca
14 KB
1 schwabcdn.com
client.schwabcdn.com — Cisco Umbrella Rank: 213127
9 KB
20 7
Domain Requested by
5 dpm.demdex.net 2 redirects tags.tiqcdn.com
5 content.schwab.com ecomshop.promoda.ca
client.schwabcdn.com
2 cm.everesttech.net 2 redirects
2 metric.schwab.com tags.tiqcdn.com
2 tags.tiqcdn.com ecomshop.promoda.ca
tags.tiqcdn.com
2 ecomshop.promoda.ca ecomshop.promoda.ca
1 fast.schwab.demdex.net tags.tiqcdn.com
1 c.go-mpulse.net s.go-mpulse.net
1 s.go-mpulse.net ecomshop.promoda.ca
1 client.schwabcdn.com ecomshop.promoda.ca
client.schwabcdn.com
20 10
Subject Issuer Validity Valid
client.schwabcdn.com
DigiCert SHA2 Extended Validation Server CA		 2022-03-01 -
2023-03-23		 a year crt.sh
content.schwab.com
DigiCert SHA2 Extended Validation Server CA		 2022-06-07 -
2023-07-08		 a year crt.sh
akstat.io
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-04-15 -
2023-04-19		 a year crt.sh

This page contains 3 frames:

Primary Page: http://ecomshop.promoda.ca/wp-admin/schwab/index.html
Frame ID: A38081C75307C9B780E7C9B5485C4A02
Requests: 18 HTTP requests in this frame

Frame: https://s.go-mpulse.net/boomerang/EX83G-QNMSL-P9787-NRSC7-7EJJ3
Frame ID: A666D4B292DA0549898FF61F2491BC58
Requests: 2 HTTP requests in this frame

Frame: http://fast.schwab.demdex.net/dest5.html?d_nsid=0
Frame ID: 45AFD9F313D5111CCB1D7018B2268239
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Login | Charles Schwab

Page Statistics

20
Requests

40 %
HTTPS

20 %
IPv6

7
Domains

10
Subdomains

10
IPs

1
Countries

332 kB
Transfer

783 kB
Size

8
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 13
  • http://dpm.demdex.net/id?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=5DB5123F5245B1D20A490D45%40AdobeOrg&d_nsid=0&ts=1666710119550 HTTP 302
  • http://dpm.demdex.net/id/rd?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=5DB5123F5245B1D20A490D45%40AdobeOrg&d_nsid=0&ts=1666710119550
Request Chain 19
  • http://cm.everesttech.net/cm/dd?d_uuid=89663522948086620531005799929217246969 HTTP 301
  • https://cm.everesttech.net/cm/dd?d_uuid=89663522948086620531005799929217246969 HTTP 302
  • https://dpm.demdex.net/ibs:dpid=411&dpuuid=Y1f6aQAAAD5ypwNz HTTP 302
  • https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y1f6aQAAAD5ypwNz

20 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request index.html
ecomshop.promoda.ca/wp-admin/schwab/ 		41 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://ecomshop.promoda.ca/wp-admin/schwab/index.html
Protocol
HTTP/1.1
Server
192.254.236.240 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
gator3275.hostgator.com
Software
Apache /
Resource Hash
d968d0709b453e854b212afd8ed00cc81859e0b8b3d858f071bd286ce72dce87

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

Accept-Ranges
bytes
Connection
Upgrade
Content-Encoding
gzip
Content-Length
14055
Content-Type
text/html
Date
Tue, 25 Oct 2022 15:01:58 GMT
Last-Modified
Thu, 22 Sep 2022 19:09:36 GMT
Server
Apache
Upgrade
h2,h2c
Vary
Accept-Encoding
login.css
client.schwabcdn.com/cssmerged/ 		32 KB
9 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://client.schwabcdn.com/cssmerged/login.css?v=22.8.1
Requested by
Host: ecomshop.promoda.ca
URL: http://ecomshop.promoda.ca/wp-admin/schwab/index.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.73.242.191 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-73-242-191.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
fd421867e5ce9ea8dfb7e5edc9409828d0db1496cda495677e51c9d2355c6cb0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
http://ecomshop.promoda.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
date
Tue, 25 Oct 2022 15:01:59 GMT
last-modified
Fri, 07 Oct 2022 21:34:42 GMT
etag
"05519c94dad81:0"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css;charset=utf-8
accept-ranges
bytes
content-length
9160
x-xss-protection
1; mode=block
Getty_1166830366_PTS_pro_trustee.jpg
content.schwab.com/drupal_dependencies/DECA/ 		25 KB
26 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://content.schwab.com/drupal_dependencies/DECA/Getty_1166830366_PTS_pro_trustee.jpg
Requested by
Host: ecomshop.promoda.ca
URL: http://ecomshop.promoda.ca/wp-admin/schwab/index.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.73.239.129 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-73-239-129.deploy.static.akamaitechnologies.com
Software
Akamai Image Manager /
Resource Hash
29025d67938492b29200c972d92f8d9effa35a032b3e01cf483477d5ee6e20fd

Request headers

accept-language
en-CA,en;q=0.9
Referer
http://ecomshop.promoda.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date
Tue, 25 Oct 2022 15:01:58 GMT
Last-Modified
Tue, 05 Jul 2022 19:23:55 GMT
Server
Akamai Image Manager
ETag
"a5efd459f49f763ebab13b7636c32db3:1651677795.711328"
Access-Control-Allow-Methods
GET, GET
Content-Type
image/webp
Access-Control-Allow-Origin
*
Cache-Control
private, no-transform, max-age=43200
Connection
keep-alive
Content-Length
25816
Expires
Wed, 26 Oct 2022 03:01:58 GMT
amex_inv_369x185.png
content.schwab.com/drupal_dependencies/DECA/ 		7 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://content.schwab.com/drupal_dependencies/DECA/amex_inv_369x185.png
Requested by
Host: ecomshop.promoda.ca
URL: http://ecomshop.promoda.ca/wp-admin/schwab/index.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.73.239.129 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-73-239-129.deploy.static.akamaitechnologies.com
Software
Akamai Image Manager /
Resource Hash
4df5695830fbe3dedc90773d8732aacfaaa2f6405b9adc182d0ae69793dfcd11

Request headers

accept-language
en-CA,en;q=0.9
Referer
http://ecomshop.promoda.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date
Tue, 25 Oct 2022 15:01:59 GMT
Last-Modified
Tue, 22 Mar 2022 21:13:27 GMT
Server
Akamai Image Manager
ETag
"a12cdd52949fd4af704d86c8ebd1b083:1641930102.761204"
Access-Control-Allow-Methods
GET, GET
Content-Type
image/webp
Access-Control-Allow-Origin
*
Cache-Control
private, no-transform, max-age=43200
Connection
keep-alive
Content-Length
7258
Expires
Wed, 26 Oct 2022 03:01:59 GMT
LogIn_rocketmortgage_kitchen.png
content.schwab.com/drupal_dependencies/DECA/ 		16 KB
16 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://content.schwab.com/drupal_dependencies/DECA/LogIn_rocketmortgage_kitchen.png
Requested by
Host: ecomshop.promoda.ca
URL: http://ecomshop.promoda.ca/wp-admin/schwab/index.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.73.239.129 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-73-239-129.deploy.static.akamaitechnologies.com
Software
Akamai Image Manager /
Resource Hash
827bb042eb352e91a1103878f45d2174dfd8e341706de68a6d5f535483469b2b

Request headers

accept-language
en-CA,en;q=0.9
Referer
http://ecomshop.promoda.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date
Tue, 25 Oct 2022 15:01:59 GMT
Last-Modified
Wed, 18 May 2022 21:58:41 GMT
Server
Akamai Image Manager
X-Serial
1350
X-Check-Cacheable
YES
ETag
"3cb28c3d0a705db5885e3b81209de580:1651677877.28765"
Access-Control-Allow-Methods
GET, GET
Content-Type
image/webp
Access-Control-Allow-Origin
*
Cache-Control
private, no-transform, max-age=43200
Connection
keep-alive
Content-Length
15996
Expires
Wed, 26 Oct 2022 03:01:59 GMT
H1RST2c
ecomshop.promoda.ca/K_hNxcC7U2lQ/6EMdJx42_e/Ff/paN9LXwp/NVNVOTdpKgY/F2FR/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
http://ecomshop.promoda.ca/K_hNxcC7U2lQ/6EMdJx42_e/Ff/paN9LXwp/NVNVOTdpKgY/F2FR/H1RST2c
Requested by
Host: ecomshop.promoda.ca
URL: http://ecomshop.promoda.ca/wp-admin/schwab/index.html
Protocol
HTTP/1.1
Server
192.254.236.240 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
gator3275.hostgator.com
Software
nginx/1.21.6 /
Resource Hash

Request headers

accept-language
en-CA,en;q=0.9
Referer
http://ecomshop.promoda.ca/wp-admin/schwab/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date
Tue, 25 Oct 2022 15:01:58 GMT
Server
nginx/1.21.6
Connection
close
Content-Length
0
Content-Type
text/html; charset=UTF-8
EX83G-QNMSL-P9787-NRSC7-7EJJ3
s.go-mpulse.net/boomerang/ Frame A666 		205 KB
49 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.go-mpulse.net/boomerang/EX83G-QNMSL-P9787-NRSC7-7EJJ3
Requested by
Host: ecomshop.promoda.ca
URL: http://ecomshop.promoda.ca/wp-admin/schwab/index.html
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2600:141b:13:789::11a6 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
09ebd7f407439990aac227e70da23e1a819e8e30282928e324370805f480bec4

Request headers

accept-language
en-CA,en;q=0.9
Referer
http://ecomshop.promoda.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Tue, 25 Oct 2022 15:01:59 GMT
content-encoding
br
last-modified
Fri, 14 Oct 2022 00:08:35 GMT
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
max-age=604800
x-n
S
timing-allow-origin
*
content-length
50393
truncated
/ 		5 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
2ccc4d3be744a29473fefe2f313fdae488f460b85a47e8427f748358a54ba048

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Content-Type
image/svg+xml
Login_Background.jpg
content.schwab.com/web/login/ 		110 KB
110 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://content.schwab.com/web/login/Login_Background.jpg
Requested by
Host: client.schwabcdn.com
URL: https://client.schwabcdn.com/cssmerged/login.css?v=22.8.1
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.73.239.129 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-73-239-129.deploy.static.akamaitechnologies.com
Software
Akamai Image Manager /
Resource Hash
3c1e405db9fdc7ea43f4ac748a546bd54161bdecec8b8756b4e29b1359f2c856

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://client.schwabcdn.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date
Tue, 25 Oct 2022 15:01:59 GMT
Last-Modified
Mon, 18 Jul 2022 14:43:48 GMT
Server
Akamai Image Manager
X-Serial
1706
X-Check-Cacheable
YES
ETag
"ddd5e02fd4df958d8da39b113223dd11:1638552670.165418"
Access-Control-Allow-Methods
GET, GET
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Cache-Control
private, no-transform, max-age=43200
Connection
keep-alive
Content-Length
112358
Expires
Wed, 26 Oct 2022 03:01:59 GMT
CharlesModern-Light.woff
client.schwabcdn.com/fonts/ 		0
0
utag.js
tags.tiqcdn.com/utag/schwab/client-center/prod/ 		333 KB
89 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://tags.tiqcdn.com/utag/schwab/client-center/prod/utag.js
Requested by
Host: ecomshop.promoda.ca
URL: http://ecomshop.promoda.ca/wp-admin/schwab/index.html
Protocol
HTTP/1.1
Server
23.208.216.220 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-208-216-220.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
10b9665a419b9034e35d3ab86358c8279de7e6ceb5f6d38cff967e470dbd7810

Request headers

accept-language
en-CA,en;q=0.9
Referer
http://ecomshop.promoda.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date
Tue, 25 Oct 2022 15:01:59 GMT
Content-Encoding
gzip
Last-Modified
Mon, 24 Oct 2022 21:30:14 GMT
Server
AkamaiNetStorage
ETag
"4d5613a56fa815d34b0d6db2cbb52f66:1666647014.312645"
Vary
Accept-Encoding
Transfer-Encoding
chunked
Content-Type
application/x-javascript
Cache-Control
max-age=300
Connection
keep-alive, Transfer-Encoding
Accept-Ranges
bytes
Expires
Tue, 25 Oct 2022 15:06:59 GMT
schwabsafe_logo.svg
content.schwab.com/web/login/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://content.schwab.com/web/login/schwabsafe_logo.svg
Requested by
Host: client.schwabcdn.com
URL: https://client.schwabcdn.com/cssmerged/login.css?v=22.8.1
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.73.239.129 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-73-239-129.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
0c1f7d2d3fa4ed7ec3cf2519cd017ddb5bc8de757e00ed8f84cd8991059a0631

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://client.schwabcdn.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date
Tue, 25 Oct 2022 15:01:59 GMT
Last-Modified
Tue, 20 Jun 2017 20:14:24 GMT
Server
AkamaiNetStorage
ETag
"7449c161258eba54600debcbd1229b1d:1497989664"
Access-Control-Allow-Methods
GET
Content-Type
image/svg+xml
Access-Control-Allow-Origin
*
Cache-Control
max-age=900
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
2058
CharlesModern-Light.ttf
client.schwabcdn.com/fonts/ 		0
0
config.json
c.go-mpulse.net/api/ Frame A666 		111 B
390 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.go-mpulse.net/api/config.json?key=EX83G-QNMSL-P9787-NRSC7-7EJJ3&d=ecomshop.promoda.ca&t=5555700&v=1.720.0&if=&sl=0&si=c7cc9b53-4377-4995-a204-bb1af49a9bf4-rkbdra&plugins=AK,ConfigOverride,Continuity,PageParams,IFrameDelay,AutoXHR,SPA,History,Angular,Backbone,Ember,RT,CrossDomain,BW,PaintTiming,NavigationTiming,ResourceTiming,Memory,CACHE_RELOAD,Errors,TPAnalytics,UserTiming,Akamai,Early,EventTiming,LOGN&acao=&ak.ai=179881
Requested by
Host: s.go-mpulse.net
URL: https://s.go-mpulse.net/boomerang/EX83G-QNMSL-P9787-NRSC7-7EJJ3
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2600:141b:13:68e::11a6 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
8925bebe2b33d73dc1decf23ca6752ee99f8a0d5429fcbe328ee7d93e1fe1a40

Request headers

accept-language
en-CA,en;q=0.9
Referer
http://ecomshop.promoda.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Tue, 25 Oct 2022 15:01:59 GMT
Cache-Control
public, max-age=300, stale-while-revalidate=60, stale-if-error=120
Connection
keep-alive
Timing-Allow-Origin
*
Content-Length
111
Content-Type
application/json
rd
dpm.demdex.net/id/
Redirect Chain
  • http://dpm.demdex.net/id?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=5DB5123F5245B1D20A490D45%40AdobeOrg&d_nsid=0&ts=1666710119550
  • http://dpm.demdex.net/id/rd?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=5DB5123F5245B1D20A490D45%40AdobeOrg&d_nsid=0&ts=1666710119550
110 B
719 B 		XHR
General
Check archive.org
Download Go to
Full URL
http://dpm.demdex.net/id/rd?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=5DB5123F5245B1D20A490D45%40AdobeOrg&d_nsid=0&ts=1666710119550
Protocol
HTTP/1.1
Server
54.205.127.85 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-205-127-85.compute-1.amazonaws.com
Software
/
Resource Hash
95c9fc80eb0fd2a2887aa596301c1e03e623058a2f7f4e92d525e8ae9a8e40b8

Request headers

accept-language
en-CA,en;q=0.9
Referer
http://ecomshop.promoda.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

DCS
dcs-prod-va6-1-v043-0d473cfc6.edge-va6.demdex.com 0 ms
Pragma
no-cache
content-encoding
gzip
X-TID
Z5zeDMlbTWA=
Vary
Origin
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin
http://ecomshop.promoda.ca
Content-Type
application/json;charset=utf-8
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials
true
X-Error
172
Connection
keep-alive
Content-Length
123
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

DCS
dcs-prod-va6-2-v043-008f17d32.edge-va6.demdex.com 0 ms
Pragma
no-cache
X-TID
bIeHTAY0Tcg=
Vary
Origin
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin
http://ecomshop.promoda.ca
Location
http://dpm.demdex.net/id/rd?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=5DB5123F5245B1D20A490D45%40AdobeOrg&d_nsid=0&ts=1666710119550
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 UTC
utag.v.js
tags.tiqcdn.com/utag/tiqapp/ 		2 B
375 B 		Script
General
Check archive.org
Download Go to
Full URL
http://tags.tiqcdn.com/utag/tiqapp/utag.v.js?a=schwab/client-center/202210241644&cb=1666710119564
Requested by
Host: tags.tiqcdn.com
URL: http://tags.tiqcdn.com/utag/schwab/client-center/prod/utag.js
Protocol
HTTP/1.1
Server
23.208.216.220 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-208-216-220.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb

Request headers

accept-language
en-CA,en;q=0.9
Referer
http://ecomshop.promoda.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Unused62
8096267
Date
Tue, 25 Oct 2022 15:01:59 GMT
Last-Modified
Thu, 14 Apr 2016 16:57:51 GMT
Server
AkamaiNetStorage
ETag
"7bc0ee636b3b83484fc3b9348863bd22:1460653071"
Content-Type
application/x-javascript
Cache-Control
max-age=600
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
2
Expires
Tue, 25 Oct 2022 15:11:59 GMT
id
metric.schwab.com/ 		48 B
829 B 		XHR
General
Check archive.org
Download Go to
Full URL
http://metric.schwab.com/id?d_visid_ver=4.4.0&d_fieldgroup=MC&mcorgid=5DB5123F5245B1D20A490D45%40AdobeOrg&ts=1666710119921
Requested by
Host: tags.tiqcdn.com
URL: http://tags.tiqcdn.com/utag/schwab/client-center/prod/utag.js
Protocol
HTTP/1.1
Server
63.140.36.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-63-140-36-137.data.adobedc.net
Software
jag /
Resource Hash
c71bcfd2850a4f9f3d0a2427cb911d98051ef856c06685a7a90106832af64e43
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
http://ecomshop.promoda.ca/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Tue, 25 Oct 2022 15:02:00 GMT
x-content-type-options
nosniff
server
jag
vary
Origin
content-type
application/x-javascript;charset=utf-8
access-control-allow-origin
http://ecomshop.promoda.ca
p3p
CP="This is not a P3P policy"
cache-control
no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials
true
content-length
48
x-xss-protection
1; mode=block
id
dpm.demdex.net/ 		938 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
http://dpm.demdex.net/id?d_visid_ver=4.4.0&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=5DB5123F5245B1D20A490D45%40AdobeOrg&d_nsid=0&d_mid=85909907558756053620478196091379916206&ts=1666710120354
Requested by
Host: tags.tiqcdn.com
URL: http://tags.tiqcdn.com/utag/schwab/client-center/prod/utag.js
Protocol
HTTP/1.1
Server
54.205.127.85 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-205-127-85.compute-1.amazonaws.com
Software
/
Resource Hash
9ed2fafbeb1e28e1bb569872121b75cbf0f175d03db3193d67ad05e5570bf16c

Request headers

Referer
http://ecomshop.promoda.ca/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

DCS
dcs-prod-va6-2-v043-0a0ea1a5a.edge-va6.demdex.com 7 ms
Pragma
no-cache
content-encoding
gzip
X-TID
9sBysyNiRo4=
Vary
Origin
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin
http://ecomshop.promoda.ca
Content-Type
application/json;charset=utf-8
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
539
Expires
Thu, 01 Jan 1970 00:00:00 UTC
s54232911487283
metric.schwab.com/b/ss/cschwabschwabprod/10/JS-2.1.0/ 		146 B
739 B 		Script
General
Check archive.org
Download Go to
Full URL
http://metric.schwab.com/b/ss/cschwabschwabprod/10/JS-2.1.0/s54232911487283?AQB=1&ndh=1&pf=1&callback=s_c_il[1].doPostbacks&et=1&t=25%2F9%2F2022%2015%3A2%3A0%202%200&sdid=4896038DE00D4821-47ED45227D1867B0&mid=85909907558756053620478196091379916206&aamlh=7&ce=UTF8&ns=charlesschwab&cdp=2&fpCookieDomainPeriods=2&pageName=%2Fprospects%2FLogin%2FSignOn%2FCustomerCenterLogin.aspx&g=http%3A%2F%2Fecomshop.promoda.ca%2Fwp-admin%2Fschwab%2Findex.html&cc=USD&ch=%2Fprospects&aamb=j8Odv6LonN4r3an7LhD3WZrU1bUpAkFkkiY1ncBR96t2PTI&c1=%2Fprospects%2FLogin%2FSignOn%2F&v1=D%3Dc1&h1=D%3Dc3&c3=http%3A%2F%2Fecomshop.promoda.ca%2Fwp-admin%2Fschwab%2Findex.html&v3=D%3Dc3&c4=Login%20%7C%20Charles%20Schwab&v4=D%3Dc4&c5=http%3A%2F%2Fecomshop.promoda.ca%2Fwp-admin%2Fschwab%2Findex.html&v5=http%3A%2F%2Fecomshop.promoda.ca%2Fwp-admin%2Fschwab%2Findex.html&c7=1&v7=1&c11=1&v11=1&c14=en-US&c15=Tuesday&v15=Tuesday&c16=11%3A00AM&v16=11%3A00AM&v18=D%3DpageName&v36=%2B1&v39=%2B1&c40=not%20supported&v52=%2B1&v56=Av6iHMYpx%2BcKru7Fmmri%2B73pijZid7Xy%2BdDc4%2FH7s1wM%3D&v67=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F106.0.5249.119%20Safari%2F537.36&c69=VisitorAPI%20Present&v69=VisitorAPI%20Present&v71=85909907558756053620478196091379916206&v86=prospect&v88=secure&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=5DB5123F5245B1D20A490D45%40AdobeOrg&AQE=1
Requested by
Host: tags.tiqcdn.com
URL: http://tags.tiqcdn.com/utag/schwab/client-center/prod/utag.js
Protocol
HTTP/1.1
Server
63.140.36.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-63-140-36-137.data.adobedc.net
Software
jag /
Resource Hash
343d62060174a17ee3da63bf99a9800314f3d24d650e3a99e10bcf2f2d5ac5cd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
http://ecomshop.promoda.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-aam-tid
HxWIrZgcR3k=
date
Tue, 25 Oct 2022 15:02:00 GMT
x-content-type-options
nosniff
p3p
CP="This is not a P3P policy"
content-length
146
x-xss-protection
1; mode=block
dcs
dcs-prod-va6-2-v043-0e44cd8eb.edge-va6.demdex.com 4 ms
pragma
no-cache
last-modified
Wed, 26 Oct 2022 15:02:00 GMT
server
jag
etag
3579232729109889024-4619757245038532290
vary
*
content-type
application/x-javascript;charset=utf-8
access-control-allow-origin
*
cache-control
no-cache, no-store, max-age=0, no-transform, private
expires
Mon, 24 Oct 2022 15:02:00 GMT
dest5.html
fast.schwab.demdex.net/ Frame 45AF 		7 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://fast.schwab.demdex.net/dest5.html?d_nsid=0
Requested by
Host: tags.tiqcdn.com
URL: http://tags.tiqcdn.com/utag/schwab/client-center/prod/utag.js
Protocol
HTTP/1.1
Server
23.55.243.213 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-55-243-213.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8

Request headers

Referer
http://ecomshop.promoda.ca/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

Accept-Ranges
bytes
Cache-Control
max-age=21600
Connection
keep-alive
Content-Encoding
gzip
Content-Length
2785
Content-Type
text/html
Date
Tue, 25 Oct 2022 15:02:00 GMT
ETag
"2c9c2ee145ee280b85a217ad7045fae5:1580750826.437238"
Last-Modified
Mon, 03 Feb 2020 17:27:06 GMT
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Server
AkamaiNetStorage
Unused62
8096267
Vary
Accept-Encoding
demconf.jpg
dpm.demdex.net/
Redirect Chain
  • http://cm.everesttech.net/cm/dd?d_uuid=89663522948086620531005799929217246969
  • https://cm.everesttech.net/cm/dd?d_uuid=89663522948086620531005799929217246969
  • https://dpm.demdex.net/ibs:dpid=411&dpuuid=Y1f6aQAAAD5ypwNz
  • https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y1f6aQAAAD5ypwNz
42 B
940 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y1f6aQAAAD5ypwNz
Protocol
HTTP/1.1
Server
54.205.127.85 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-205-127-85.compute-1.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
http://ecomshop.promoda.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

DCS
dcs-prod-va6-1-v043-07429bd48.edge-va6.demdex.com 6 ms
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-TID
OxD5ATAkQE4=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type
image/gif
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

DCS
dcs-prod-va6-2-v043-067d1942f.edge-va6.demdex.com 10 ms
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-TID
YNrKQ7JmSIc=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y1f6aQAAAD5ypwNz
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
client.schwabcdn.com
URL
https://client.schwabcdn.com/fonts/CharlesModern-Light.woff?v=1.0.0
Domain
client.schwabcdn.com
URL
https://client.schwabcdn.com/fonts/CharlesModern-Light.ttf?v=1.0.0

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Charles Schwab (Financial)

129 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch object| navigation string| waEnvId string| waCategoryName string| waPageName string| BOOMR_API_key object| BOOMR number| BOOMR_lstart boolean| wa_enable number| hexcase string| b64pad number| chrsz string| sendBid boolean| wa_global_disable function| SHA256 function| getCookie function| fetchBrowserId function| base64ToAscii function| mkTmsCookie function| str2ab function| bin2String function| createGuid object| scatAccounts object| utag_data object| TagParameters string| waClassicHeader string| pnlError function| ShowMessage string| displayType object| cardsClicked function| sendFeedback function| fireFeedbackRequest string| utagLibPath string| waClassicFooter object| BOOMR_mq boolean| utag_condload boolean| GUTtransition boolean| isInFrame boolean| isOnSchwab boolean| isHgTools undefined| isTMSInitialized undefined| tmsQueue undefined| initIdx undefined| item object| utag function| e object| s function| AppMeasurement function| s_gi function| s_pgicq function| AppMeasurement_Module_Integrate function| AppMeasurement_Module_Media object| _aaq string| bot_traffic object| utag_cfg_ovrd function| FuncQueue object| tms object| GUT function| waCleanStr function| waPageNameFix function| schwab_trackAnalytics function| optimizely_sendCampaignsToAdobe object| optimizely boolean| optimizely_adobe_integration_loaded object| adobe function| Visitor object| s_c_il number| s_c_in number| s_objectID number| s_giq number| sizmekTagId number| doubleClickTagId string| gtagRename object| dataLayer function| gtag number| adWordsTagId number| BOOMR_onload function| SzOnClickTracking function| mmConversionTag function| mmRedirect function| mmExecutePublisherCode function| mmDelayLink function| trackSizmek function| scatDiagnose function| scatAutoHandler function| scatAutoTrackFileDownloads function| scatAutoTrackExitLinks function| scatTagOverlay function| waTagOverlay function| scatSetCustom23 function| DcVideoTagging function| waMediaOpen function| waMediaPause function| waMediaPlay function| waMediaClose function| waMediaStop function| waMediaScrub function| waMediaComplete function| waMediaPercentComplete function| scatSetCategoryAndPageName function| scatSendAsync function| scatUpdateCeid function| scatTrackFileDL function| scatCustomLinkTrack function| scatShareLinkTrack function| scatPrintTrack function| scatChatSuccessTrack function| trackAdobe function| marketoTrackLink function| trackMarketo function| GetRefrid function| DcOnClickTracking function| trackDoubleClick function| AwOnClickTracking function| trackAdWords object| setTaggingArray function| GUTtrack boolean| iflset string| j string| k number| slo object| s_i_cschwabschwabprod

8 Cookies

Domain/Path Name / Value
.promoda.ca/ Name: utag_main
Value: v_id:01840faa246b007adbaee017a8a803074003506c00b08$_sn:1$_ss:1$_st:1666711919532$ses_id:1666710119532%3Bexp-session$_pn:1%3Bexp-session$_prevpage:%2Fprospects%2FLogin%2FSignOn%2FCustomerCenterLogin.aspx%3Bexp-1666713719537$vapi_domain:promoda.ca
.promoda.ca/ Name: AMCVS_5DB5123F5245B1D20A490D45%40AdobeOrg
Value: 1
.promoda.ca/ Name: s_pers
Value: %20s_vnum%3D2098710120420%2526vn%253D1%7C2098710120420%3B%20s_invisit%3Dtrue%7C1666711920420%3B%20s_prevCh%3D%252Fprospects%7C1666711920425%3B%20s_depth%3D1%7C1666711920426%3B%20s_prevUrl%3Dhttp%253A%252F%252Fecomshop.promoda.ca%252Fwp-admin%252Fschwab%252Findex.html%7C1666711920427%3B%20s_gpv_pn%3D%252Fprospects%252FLogin%252FSignOn%252FCustomerCenterLogin.aspx%7C1666711920429%3B
.promoda.ca/ Name: s_sess
Value: %20s_linkTracking%3D%3B%20s_cc%3Dtrue%3B
.everesttech.net/ Name: everest_g_v2
Value: g_surferid~Y1f6aQAAAD5ypwNz
.demdex.net/ Name: demdex
Value: 49345195164057142134182274744523703902
.dpm.demdex.net/ Name: dpm
Value: 49345195164057142134182274744523703902
.promoda.ca/ Name: AMCV_5DB5123F5245B1D20A490D45%40AdobeOrg
Value: 1585540135%7CMCIDTS%7C19291%7CMCMID%7C85909907558756053620478196091379916206%7CMCAID%7CNONE%7CMCOPTOUT-1666717320s%7CNONE%7CMCAAMLH-1667314920%7C7%7CMCAAMB-1667314920%7Cj8Odv6LonN4r3an7LhD3WZrU1bUpAkFkkiY1ncBR96t2PTI%7CMCSYNCSOP%7C411-19298%7CvVersion%7C4.4.0

6 Console Messages

Source Level URL
Text
network error URL: http://ecomshop.promoda.ca/K_hNxcC7U2lQ/6EMdJx42_e/Ff/paN9LXwp/NVNVOTdpKgY/F2FR/H1RST2c
Message:
Failed to load resource: the server responded with a status of 500 (Internal Server Error)
javascript error URL: http://ecomshop.promoda.ca/wp-admin/schwab/index.html
Message:
Access to font at 'https://client.schwabcdn.com/fonts/CharlesModern-Light.woff?v=1.0.0' from origin 'http://ecomshop.promoda.ca' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header has a value 'https://client.schwab.com' that is not equal to the supplied origin.
network error URL: https://client.schwabcdn.com/fonts/CharlesModern-Light.woff?v=1.0.0
Message:
Failed to load resource: net::ERR_FAILED
javascript error URL: http://ecomshop.promoda.ca/wp-admin/schwab/index.html
Message:
Access to font at 'https://client.schwabcdn.com/fonts/CharlesModern-Light.ttf?v=1.0.0' from origin 'http://ecomshop.promoda.ca' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header has a value 'https://client.schwab.com' that is not equal to the supplied origin.
network error URL: https://client.schwabcdn.com/fonts/CharlesModern-Light.ttf?v=1.0.0
Message:
Failed to load resource: net::ERR_FAILED
network error URL: https://c.go-mpulse.net/api/config.json?key=EX83G-QNMSL-P9787-NRSC7-7EJJ3&d=ecomshop.promoda.ca&t=5555700&v=1.720.0&if=&sl=0&si=c7cc9b53-4377-4995-a204-bb1af49a9bf4-rkbdra&plugins=AK,ConfigOverride,Continuity,PageParams,IFrameDelay,AutoXHR,SPA,History,Angular,Backbone,Ember,RT,CrossDomain,BW,PaintTiming,NavigationTiming,ResourceTiming,Memory,CACHE_RELOAD,Errors,TPAnalytics,UserTiming,Akamai,Early,EventTiming,LOGN&acao=&ak.ai=179881
Message:
Failed to load resource: the server responded with a status of 403 (Forbidden)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

c.go-mpulse.net
client.schwabcdn.com
cm.everesttech.net
content.schwab.com
dpm.demdex.net
ecomshop.promoda.ca
fast.schwab.demdex.net
metric.schwab.com
s.go-mpulse.net
tags.tiqcdn.com
client.schwabcdn.com
192.254.236.240
23.208.216.220
23.55.243.213
23.73.239.129
23.73.242.191
2600:141b:13:68e::11a6
2600:141b:13:789::11a6
52.4.86.119
54.205.127.85
63.140.36.137
09ebd7f407439990aac227e70da23e1a819e8e30282928e324370805f480bec4
0c1f7d2d3fa4ed7ec3cf2519cd017ddb5bc8de757e00ed8f84cd8991059a0631
10b9665a419b9034e35d3ab86358c8279de7e6ceb5f6d38cff967e470dbd7810
29025d67938492b29200c972d92f8d9effa35a032b3e01cf483477d5ee6e20fd
2ccc4d3be744a29473fefe2f313fdae488f460b85a47e8427f748358a54ba048
343d62060174a17ee3da63bf99a9800314f3d24d650e3a99e10bcf2f2d5ac5cd
3c1e405db9fdc7ea43f4ac748a546bd54161bdecec8b8756b4e29b1359f2c856
4df5695830fbe3dedc90773d8732aacfaaa2f6405b9adc182d0ae69793dfcd11
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
827bb042eb352e91a1103878f45d2174dfd8e341706de68a6d5f535483469b2b
8925bebe2b33d73dc1decf23ca6752ee99f8a0d5429fcbe328ee7d93e1fe1a40
95c9fc80eb0fd2a2887aa596301c1e03e623058a2f7f4e92d525e8ae9a8e40b8
9ed2fafbeb1e28e1bb569872121b75cbf0f175d03db3193d67ad05e5570bf16c
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb
c71bcfd2850a4f9f3d0a2427cb911d98051ef856c06685a7a90106832af64e43
d968d0709b453e854b212afd8ed00cc81859e0b8b3d858f071bd286ce72dce87
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
fd421867e5ce9ea8dfb7e5edc9409828d0db1496cda495677e51c9d2355c6cb0