urlscan.io logo urlscan.io
SecurityTrails logo

candynearme.com Open in urlscan Pro
162.241.124.43  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://candynearme.com/
Submission: On February 11 via manual from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 12 IPs in 4 countries across 7 domains to perform 31 HTTP transactions. The main IP is 162.241.124.43, located in Provo, United States and belongs to UNIFIEDLAYER-AS-1, US. The main domain is candynearme.com.
TLS certificate: Issued by cPanel, Inc. Certification Authority on February 9th 2021. Valid for: 3 months.
This is the only time candynearme.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Charles Schwab (Financial)

Domain & IP information

IP Address AS Autonomous System
5 162.241.124.43 46606 (UNIFIEDLA...)
6 23.79.147.58 16625 (AKAMAI-AS)
1 6 23.79.157.84 16625 (AKAMAI-AS)
2 23.79.130.82 16625 (AKAMAI-AS)
2 23.79.147.199 16625 (AKAMAI-AS)
1 2a02:26f0:710... 20940 (AKAMAI-ASN1)
1 2a02:26f0:64:... 20940 (AKAMAI-ASN1)
2 23.79.129.43 16625 (AKAMAI-AS)
1 3 54.195.23.91 16509 (AMAZON-02)
1 54.228.36.34 16509 (AMAZON-02)
2 15.237.76.117 16509 (AMAZON-02)
1 1 99.81.11.244 16509 (AMAZON-02)
31 12
5    162.241.124.43 (Provo, United States)

ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: ads.fynedge.co.zw
candynearme.com
6    23.79.147.58 (United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-79-147-58.deploy.static.akamaitechnologies.com
client.schwabcdn.com
6    23.79.157.84 (United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-79-157-84.deploy.static.akamaitechnologies.com
client.schwab.com
www.schwab.com
2    23.79.130.82 (United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-79-130-82.deploy.static.akamaitechnologies.com
lms.schwab.com
2    23.79.147.199 (United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-79-147-199.deploy.static.akamaitechnologies.com
content.schwab.com
1    2a02:26f0:7100:199::11a6 (Ascension Island)

ASN20940 (AKAMAI-ASN1, NL)
s.go-mpulse.net
1    2a02:26f0:64:699::11a6 (Ascension Island)

ASN20940 (AKAMAI-ASN1, NL)
c.go-mpulse.net
2    23.79.129.43 (United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-79-129-43.deploy.static.akamaitechnologies.com
tags.tiqcdn.com
3    54.195.23.91 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-195-23-91.eu-west-1.compute.amazonaws.com
dpm.demdex.net
1    54.228.36.34 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-228-36-34.eu-west-1.compute.amazonaws.com
schwab.demdex.net
2    15.237.76.117 (Paris, France)

ASN16509 (AMAZON-02, US)
PTR: ec2-15-237-76-117.eu-west-3.compute.amazonaws.com
smetric.schwab.com
1    99.81.11.244 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-99-81-11-244.eu-west-1.compute.amazonaws.com
cm.everesttech.net
Domain Requested by
6 client.schwabcdn.com candynearme.com
client.schwabcdn.com
5 candynearme.com candynearme.com
3 dpm.demdex.net 1 redirects candynearme.com
3 www.schwab.com 1 redirects candynearme.com
3 client.schwab.com candynearme.com
2 smetric.schwab.com tags.tiqcdn.com
2 tags.tiqcdn.com candynearme.com
tags.tiqcdn.com
2 content.schwab.com candynearme.com
www.schwab.com
2 lms.schwab.com candynearme.com
1 cm.everesttech.net 1 redirects
1 schwab.demdex.net tags.tiqcdn.com
1 c.go-mpulse.net s.go-mpulse.net
1 s.go-mpulse.net candynearme.com
31 13
Subject Issuer Validity Valid
candynearme.com
cPanel, Inc. Certification Authority		 2021-02-09 -
2021-05-10		 3 months crt.sh
client.schwabcdn.com
DigiCert SHA2 Extended Validation Server CA		 2020-07-15 -
2021-03-08		 8 months crt.sh
www.schwab.com
DigiCert SHA2 Extended Validation Server CA		 2020-04-20 -
2021-05-13		 a year crt.sh
lms.schwab.com
DigiCert SHA2 Extended Validation Server CA		 2020-09-04 -
2021-04-03		 7 months crt.sh
content.schwab.com
DigiCert SHA2 Extended Validation Server CA		 2020-07-07 -
2021-07-19		 a year crt.sh
akstat.io
DigiCert Secure Site ECC CA-1		 2020-05-06 -
2021-08-05		 a year crt.sh
*.tiqcdn.com
DigiCert SHA2 Secure Server CA		 2020-03-16 -
2021-06-15		 a year crt.sh
*.demdex.net
DigiCert TLS RSA SHA256 2020 CA1		 2020-12-02 -
2022-01-02		 a year crt.sh
smetric.schwab.com
DigiCert SHA2 Extended Validation Server CA		 2020-07-16 -
2021-06-10		 a year crt.sh

This page contains 3 frames:

Primary Page: https://candynearme.com/
Frame ID: E431DE4D88F4832753631F7140C90376
Requests: 29 HTTP requests in this frame

Frame: https://s.go-mpulse.net/boomerang/EX83G-QNMSL-P9787-NRSC7-7EJJ3
Frame ID: CF5AF4BA912C0BB510BDC475E7551687
Requests: 2 HTTP requests in this frame

Frame: https://schwab.demdex.net/dest5.html?d_nsid=0
Frame ID: FC7938C3BA9DAA8CFB41E4BE447CD104
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Overall confidence: 100%
Detected patterns
  • script /^(?:https?:)?\/\/tags\.tiqcdn\.com\//i

Page Statistics

31
Requests

94 %
HTTPS

17 %
IPv6

7
Domains

13
Subdomains

12
IPs

4
Countries

463 kB
Transfer

1262 kB
Size

7
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 7
  • https://www.schwab.com/public/file?cmsid=LOGIN-STYLES&filename=main.css?v=20.22 HTTP 301
  • https://www.schwab.com/public/file/LOGIN-STYLES/main.css?v=20.22
Request Chain 25
  • https://dpm.demdex.net/id?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=5DB5123F5245B1D20A490D45%40AdobeOrg&d_nsid=0&ts=1613002099488 HTTP 302
  • https://dpm.demdex.net/id/rd?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=5DB5123F5245B1D20A490D45%40AdobeOrg&d_nsid=0&ts=1613002099488
Request Chain 29
  • https://cm.everesttech.net/cm/dd?d_uuid=75561428882587830282841304698000703311 HTTP 302
  • https://dpm.demdex.net/ibs:dpid=411&dpuuid=YCR1cwAAADceD08a

31 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
candynearme.com/ 		61 KB
61 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://candynearme.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.241.124.43 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
ads.fynedge.co.zw
Software
Apache /
Resource Hash
c7460e7688bd8bc00b292818b5de98a14fddadd1b9a2218b1e0823b6f7e384e7

Request headers

Host
candynearme.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 11 Feb 2021 00:08:17 GMT
Server
Apache
Last-Modified
Wed, 10 Feb 2021 15:42:50 GMT
Accept-Ranges
bytes
Content-Length
62691
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Content-Type
text/html
loginbase.js
client.schwabcdn.com/scripts/merge/ 		174 KB
57 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://client.schwabcdn.com/scripts/merge/loginbase.js?v=20.22
Requested by
Host: candynearme.com
URL: https://candynearme.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.79.147.58 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-79-147-58.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
211d376b8e8c5648f408e2fff70ddcb5174d322a8738a6e4e00c87197fc6d7d1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://candynearme.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000
Content-Encoding
gzip
Last-Modified
Mon, 25 Jan 2021 16:59:00 GMT
X-Frame-Options
SAMEORIGIN
ETag
"02267603bf3d61:0"
Vary
Accept-Encoding
Content-Type
application/javascript;charset=utf-8
Date
Thu, 11 Feb 2021 00:08:18 GMT
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
58159
X-XSS-Protection
1; mode=block
signon.js
client.schwabcdn.com/login/signon/scripts/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://client.schwabcdn.com/login/signon/scripts/signon.js?v=20.22
Requested by
Host: candynearme.com
URL: https://candynearme.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.79.147.58 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-79-147-58.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
ec85f6f2ee937da8ef7b334f2994850d5832db97c9807e393368412af445c69e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://candynearme.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000
Content-Encoding
gzip
Last-Modified
Mon, 25 Jan 2021 16:38:08 GMT
X-Frame-Options
SAMEORIGIN
ETag
"018277638f3d61:0"
Vary
Accept-Encoding
Content-Type
application/javascript;charset=utf-8
Date
Thu, 11 Feb 2021 00:08:18 GMT
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1360
X-XSS-Protection
1; mode=block
layout.css
client.schwabcdn.com/css/ 		124 KB
25 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://client.schwabcdn.com/css/layout.css?v=20.22
Requested by
Host: candynearme.com
URL: https://candynearme.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.79.147.58 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-79-147-58.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
8eb77a16c1eb72c1103964d3507af8679d54a0b128ce1cf07ad75b40bc470a90
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://candynearme.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000
Content-Encoding
gzip
Last-Modified
Mon, 25 Jan 2021 16:38:06 GMT
X-Frame-Options
SAMEORIGIN
ETag
"0ebf57438f3d61:0"
Vary
Accept-Encoding
Content-Type
text/css;charset=utf-8
Date
Thu, 11 Feb 2021 00:08:18 GMT
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
25603
X-XSS-Protection
1; mode=block
content.css
client.schwabcdn.com/css/ 		42 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://client.schwabcdn.com/css/content.css?v=20.22
Requested by
Host: candynearme.com
URL: https://candynearme.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.79.147.58 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-79-147-58.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
e6549315fcce2a76314ef5112c36d711dda397bbe2209acb22c44eae7e3c7405
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://candynearme.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000
Content-Encoding
gzip
Last-Modified
Mon, 25 Jan 2021 16:38:06 GMT
X-Frame-Options
SAMEORIGIN
ETag
"0ebf57438f3d61:0"
Vary
Accept-Encoding
Content-Type
text/css;charset=utf-8
Date
Thu, 11 Feb 2021 00:08:18 GMT
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
7068
X-XSS-Protection
1; mode=block
master.css
client.schwabcdn.com/css/ 		125 KB
28 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://client.schwabcdn.com/css/master.css?v=20.22
Requested by
Host: candynearme.com
URL: https://candynearme.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.79.147.58 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-79-147-58.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
73f17b3f47eebac13baa22e96210929daaaa83eaf2c5620febd8997ccae9cbc4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://candynearme.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000
Content-Encoding
gzip
Last-Modified
Mon, 25 Jan 2021 16:38:06 GMT
X-Frame-Options
SAMEORIGIN
ETag
"0ebf57438f3d61:0"
Vary
Accept-Encoding
Content-Type
text/css;charset=utf-8
Date
Thu, 11 Feb 2021 00:08:18 GMT
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
28617
X-XSS-Protection
1; mode=block
3b3a8fbc
client.schwab.com/akam/11/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://client.schwab.com/akam/11/3b3a8fbc
Requested by
Host: candynearme.com
URL: https://candynearme.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.79.157.84 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-79-157-84.deploy.static.akamaitechnologies.com
Software
/
Resource Hash

Request headers

Referer
https://candynearme.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 11 Feb 2021 00:08:18 GMT
server-timing
cdn-cache; desc=HIT, edge; dur=1
content-length
9
content-type
text/html
ps.css
www.schwab.com/public/file/PROSPECT-CSS/ 		83 KB
19 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.schwab.com/public/file/PROSPECT-CSS/ps.css?v=20.22
Requested by
Host: candynearme.com
URL: https://candynearme.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.79.157.84 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-79-157-84.deploy.static.akamaitechnologies.com
Software
Microsoft-IIS/10.0 /
Resource Hash
efb1ee3164bafe7de5c391b40be6ae51d0fc8de8ed7c76cd729dd6a38d5de05e
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' http://*.schwabplan.com https://*.schwabplan.com http://*.schwab.com https://*.schwab.com https://content.schwab.com http://content.schwab.com https://client.schwab.com https://lms.schwab.com https://www.schwabcdn.com https://*.schwabinstitutional.com https://*.dev-schwab.acsitefactory.com https://*.test-schwab.acsitefactory.com https://*.train-schwab.acsitefactory.com https://*.schwab.acsitefactory.com https://*.schwab.co.uk https://*.schwab.com.hk https://*.schwab.com.sg https://*.schwab.com.au https://*.schwabcharitable.org https://*.schwabmoneywise.com https://*.schwabsavingsfundamentals.com https://*.schwabbankfunds.com https://*.schwabadvisorcenter.com https://*.schwabfunds.com https://*.schwabpt.com https://*.windhaveninvestments.com https://*.schwab.tech http://www.schwabintelligenttechnologies.com https://www.schwabintelligenttechnologies.com https://*.wallst.com http://*.wallst.com https://*.aboutschwab.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

Referer
https://candynearme.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
server
Microsoft-IIS/10.0
x-frame-options
sameorigin
date
Thu, 11 Feb 2021 00:08:18 GMT
vary
Accept-Encoding
content-type
text/css
cache-control
private, max-age=900
content-security-policy
frame-ancestors 'self' http://*.schwabplan.com https://*.schwabplan.com http://*.schwab.com https://*.schwab.com https://content.schwab.com http://content.schwab.com https://client.schwab.com https://lms.schwab.com https://www.schwabcdn.com https://*.schwabinstitutional.com https://*.dev-schwab.acsitefactory.com https://*.test-schwab.acsitefactory.com https://*.train-schwab.acsitefactory.com https://*.schwab.acsitefactory.com https://*.schwab.co.uk https://*.schwab.com.hk https://*.schwab.com.sg https://*.schwab.com.au https://*.schwabcharitable.org https://*.schwabmoneywise.com https://*.schwabsavingsfundamentals.com https://*.schwabbankfunds.com https://*.schwabadvisorcenter.com https://*.schwabfunds.com https://*.schwabpt.com https://*.windhaveninvestments.com https://*.schwab.tech http://www.schwabintelligenttechnologies.com https://www.schwabintelligenttechnologies.com https://*.wallst.com http://*.wallst.com https://*.aboutschwab.com
server-timing
cdn-cache; desc=HIT, edge; dur=9
content-length
18539
x-xss-protection
1; mode=block
expires
Thu, 11 Feb 2021 00:23:18 GMT
main.css
www.schwab.com/public/file/LOGIN-STYLES/
Redirect Chain
  • https://www.schwab.com/public/file?cmsid=LOGIN-STYLES&filename=main.css?v=20.22
  • https://www.schwab.com/public/file/LOGIN-STYLES/main.css?v=20.22
26 KB
8 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.schwab.com/public/file/LOGIN-STYLES/main.css?v=20.22
Requested by
Host: candynearme.com
URL: https://candynearme.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.79.157.84 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-79-157-84.deploy.static.akamaitechnologies.com
Software
Microsoft-IIS/10.0 /
Resource Hash
e87107962df2fa9db2bfb003dcb609f364cc8964242f1a7f8af98239e44ca472
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' http://*.schwabplan.com https://*.schwabplan.com http://*.schwab.com https://*.schwab.com https://content.schwab.com http://content.schwab.com https://client.schwab.com https://lms.schwab.com https://www.schwabcdn.com https://*.schwabinstitutional.com https://*.dev-schwab.acsitefactory.com https://*.test-schwab.acsitefactory.com https://*.train-schwab.acsitefactory.com https://*.schwab.acsitefactory.com https://*.schwab.co.uk https://*.schwab.com.hk https://*.schwab.com.sg https://*.schwab.com.au https://*.schwabcharitable.org https://*.schwabmoneywise.com https://*.schwabsavingsfundamentals.com https://*.schwabbankfunds.com https://*.schwabadvisorcenter.com https://*.schwabfunds.com https://*.schwabpt.com https://*.windhaveninvestments.com https://*.schwab.tech http://www.schwabintelligenttechnologies.com https://www.schwabintelligenttechnologies.com https://*.wallst.com http://*.wallst.com https://*.aboutschwab.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

Referer
https://candynearme.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
server
Microsoft-IIS/10.0
x-frame-options
sameorigin
date
Thu, 11 Feb 2021 00:08:18 GMT
vary
Accept-Encoding
content-type
text/css
cache-control
private, max-age=581
content-security-policy
frame-ancestors 'self' http://*.schwabplan.com https://*.schwabplan.com http://*.schwab.com https://*.schwab.com https://content.schwab.com http://content.schwab.com https://client.schwab.com https://lms.schwab.com https://www.schwabcdn.com https://*.schwabinstitutional.com https://*.dev-schwab.acsitefactory.com https://*.test-schwab.acsitefactory.com https://*.train-schwab.acsitefactory.com https://*.schwab.acsitefactory.com https://*.schwab.co.uk https://*.schwab.com.hk https://*.schwab.com.sg https://*.schwab.com.au https://*.schwabcharitable.org https://*.schwabmoneywise.com https://*.schwabsavingsfundamentals.com https://*.schwabbankfunds.com https://*.schwabadvisorcenter.com https://*.schwabfunds.com https://*.schwabpt.com https://*.windhaveninvestments.com https://*.schwab.tech http://www.schwabintelligenttechnologies.com https://www.schwabintelligenttechnologies.com https://*.wallst.com http://*.wallst.com https://*.aboutschwab.com
server-timing
cdn-cache; desc=HIT, edge; dur=3
content-length
7682
x-xss-protection
1; mode=block
expires
Thu, 11 Feb 2021 00:17:59 GMT

Redirect headers

pragma
no-cache
content-security-policy
frame-ancestors 'self' http://*.schwabplan.com https://*.schwabplan.com http://*.schwab.com https://*.schwab.com https://content.schwab.com http://content.schwab.com https://client.schwab.com https://lms.schwab.com https://www.schwabcdn.com https://*.schwabinstitutional.com https://*.dev-schwab.acsitefactory.com https://*.test-schwab.acsitefactory.com https://*.train-schwab.acsitefactory.com https://*.schwab.acsitefactory.com https://*.schwab.co.uk https://*.schwab.com.hk https://*.schwab.com.sg https://*.schwab.com.au https://*.schwabcharitable.org https://*.schwabmoneywise.com https://*.schwabsavingsfundamentals.com https://*.schwabbankfunds.com https://*.schwabadvisorcenter.com https://*.schwabfunds.com https://*.schwabpt.com https://*.windhaveninvestments.com https://*.schwab.tech http://www.schwabintelligenttechnologies.com https://www.schwabintelligenttechnologies.com https://*.wallst.com http://*.wallst.com https://*.aboutschwab.com
strict-transport-security
max-age=31536000; includeSubDomains
location
/public/file/LOGIN-STYLES/main.css?v=20.22
x-edgeconnect-midmile-rtt
152
date
Thu, 11 Feb 2021 00:08:18 GMT
x-frame-options
sameorigin
content-type
text/html; charset=utf-8
x-edgeconnect-origin-mex-latency
24
cache-control
no-cache
server-timing
cdn-cache; desc=MISS, edge; dur=159, origin; dur=24
content-length
159
x-xss-protection
1; mode=block
expires
-1
style.css
client.schwab.com/Login/SignOn/CSS/ 		3 KB
942 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://client.schwab.com/Login/SignOn/CSS/style.css?v=20.22
Requested by
Host: candynearme.com
URL: https://candynearme.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.79.157.84 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-79-157-84.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
dcce7d414cc17c26693cce9959f87a1a085ef66cbc2c4483c7a12b2c1aab1ede
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://candynearme.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000
content-encoding
gzip
last-modified
Mon, 25 Jan 2021 16:38:08 GMT
x-frame-options
SAMEORIGIN
etag
"018277638f3d61:0"
vary
Accept-Encoding
content-type
text/css;charset=utf-8
cache-control
max-age=0, no-cache, no-store
date
Thu, 11 Feb 2021 00:08:18 GMT
server-timing
cdn-cache; desc=HIT, edge; dur=1
accept-ranges
bytes
content-length
617
x-xss-protection
1; mode=block
expires
Thu, 11 Feb 2021 00:08:18 GMT
schwab-mweb-schwabsafe.png
lms.schwab.com/Content/Images/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lms.schwab.com/Content/Images/schwab-mweb-schwabsafe.png
Requested by
Host: candynearme.com
URL: https://candynearme.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.79.130.82 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-79-130-82.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
ae0b1ac6ab8fa33be75f361366836761b41f5b38863a2bcf62400263a33a6daa
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Referer
https://candynearme.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 11 Feb 2021 00:08:19 GMT
last-modified
Wed, 02 Dec 2020 16:29:20 GMT
etag
"0302249c8c8d61:0"
content-type
image/png
cache-control
max-age=864000
accept-ranges
bytes
content-length
3270
x-xss-protection
1; mode=block
login-full-component-mobile-web
candynearme.com/bundles/scripts/cam/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://candynearme.com/bundles/scripts/cam/login-full-component-mobile-web?v=B07b5pXKmMJiyh3kaILDcDWWojDW_BsVMkcTpIgiqmk1
Requested by
Host: candynearme.com
URL: https://candynearme.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.241.124.43 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
ads.fynedge.co.zw
Software
Apache /
Resource Hash

Request headers

Referer
https://candynearme.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 11 Feb 2021 00:08:18 GMT
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=5, max=99
Content-Length
315
Content-Type
text/html; charset=iso-8859-1
GlanceCobrowseLoader_3.2.2M.js
content.schwab.com/glance/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://content.schwab.com/glance/GlanceCobrowseLoader_3.2.2M.js
Requested by
Host: candynearme.com
URL: https://candynearme.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.79.147.199 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-79-147-199.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
ce18412ac1c6650c3ec74f0b04e93765c09d932c363cb934630854155db80403

Request headers

Referer
https://candynearme.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 11 Feb 2021 00:08:18 GMT
Content-Encoding
gzip
Last-Modified
Tue, 02 Feb 2016 19:14:17 GMT
Server
AkamaiNetStorage
ETag
"32ede0528eb83a1f6c98c3cef4ce0a85:1454440457"
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET
Content-Type
application/x-javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=900
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
2784
bd-1-30
candynearme.com/_bm/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://candynearme.com/_bm/bd-1-30
Requested by
Host: candynearme.com
URL: https://candynearme.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.241.124.43 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
ads.fynedge.co.zw
Software
Apache /
Resource Hash

Request headers

Referer
https://candynearme.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 11 Feb 2021 00:08:18 GMT
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=5, max=98
Content-Length
315
Content-Type
text/html; charset=iso-8859-1
EX83G-QNMSL-P9787-NRSC7-7EJJ3
s.go-mpulse.net/boomerang/ Frame CF5A 		205 KB
49 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.go-mpulse.net/boomerang/EX83G-QNMSL-P9787-NRSC7-7EJJ3
Requested by
Host: candynearme.com
URL: https://candynearme.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2a02:26f0:7100:199::11a6 , Ascension Island, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
09ebd7f407439990aac227e70da23e1a819e8e30282928e324370805f480bec4

Request headers

Referer
https://candynearme.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 11 Feb 2021 00:08:18 GMT
content-encoding
br
last-modified
Thu, 28 Jan 2021 22:59:50 GMT
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
max-age=604800
timing-allow-origin
*
content-length
50393
truncated
/ 		5 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
2ccc4d3be744a29473fefe2f313fdae488f460b85a47e8427f748358a54ba048

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/svg+xml
schwabsafe_logo.svg
content.schwab.com/web/login/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://content.schwab.com/web/login/schwabsafe_logo.svg
Requested by
Host: www.schwab.com
URL: https://www.schwab.com/public/file/LOGIN-STYLES/main.css?v=20.22
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.79.147.199 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-79-147-199.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
0c1f7d2d3fa4ed7ec3cf2519cd017ddb5bc8de757e00ed8f84cd8991059a0631

Request headers

Referer
https://www.schwab.com/public/file/LOGIN-STYLES/main.css?v=20.22
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 11 Feb 2021 00:08:18 GMT
Last-Modified
Tue, 20 Jun 2017 20:14:24 GMT
Server
AkamaiNetStorage
ETag
"7449c161258eba54600debcbd1229b1d:1497989664"
Content-Type
image/svg+xml
Cache-Control
max-age=900
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
2058
icons.png
client.schwab.com/images/ 		46 KB
46 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://client.schwab.com/images/icons.png
Requested by
Host: candynearme.com
URL: https://candynearme.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.79.157.84 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-79-157-84.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
4f5b35239a5b6cdaeac327f090a14bdcc0957d526250ca369762fa0e74c23f30
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://candynearme.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000
last-modified
Mon, 25 Jan 2021 16:38:08 GMT
etag
"018277638f3d61:0"
x-frame-options
SAMEORIGIN
content-type
image/png
cache-control
max-age=0, no-cache, no-store
date
Thu, 11 Feb 2021 00:08:18 GMT
server-timing
cdn-cache; desc=HIT, edge; dur=1
accept-ranges
bytes
content-length
46782
x-xss-protection
1; mode=block
expires
Thu, 11 Feb 2021 00:08:18 GMT
schwab-mweb-bg.jpg
lms.schwab.com//Content/Images/ 		20 KB
20 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lms.schwab.com//Content/Images/schwab-mweb-bg.jpg
Requested by
Host: candynearme.com
URL: https://candynearme.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.79.130.82 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-79-130-82.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
1fa95b7b9273857545aa8fadfd7cad569d5d87f269b75030549ce615b7fb220d
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Referer
https://candynearme.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 11 Feb 2021 00:08:19 GMT
last-modified
Wed, 02 Dec 2020 16:29:20 GMT
etag
"0302249c8c8d61:0"
content-type
image/jpeg
cache-control
max-age=864000
accept-ranges
bytes
content-length
20062
x-xss-protection
1; mode=block
CharlesModern-Light.woff
lms.schwab.com//fonts/CharlesModern/ 		0
0
login-full-component-mobile-web
candynearme.com/bundles/scripts/cam/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://candynearme.com/bundles/scripts/cam/login-full-component-mobile-web?v=B07b5pXKmMJiyh3kaILDcDWWojDW_BsVMkcTpIgiqmk1
Requested by
Host: candynearme.com
URL: https://candynearme.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.241.124.43 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
ads.fynedge.co.zw
Software
Apache /
Resource Hash

Request headers

Referer
https://candynearme.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 11 Feb 2021 00:08:18 GMT
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=5, max=97
Content-Length
315
Content-Type
text/html; charset=iso-8859-1
config.json
c.go-mpulse.net/api/ Frame CF5A 		68 B
346 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.go-mpulse.net/api/config.json?key=EX83G-QNMSL-P9787-NRSC7-7EJJ3&d=candynearme.com&t=5376674&v=1.720.0&if=&sl=0&si=ede4a16d-008c-4ac7-b981-24ce4c116dd1-qoc8du&plugins=AK,ConfigOverride,Continuity,PageParams,IFrameDelay,AutoXHR,SPA,History,Angular,Backbone,Ember,RT,CrossDomain,BW,PaintTiming,NavigationTiming,ResourceTiming,Memory,CACHE_RELOAD,Errors,TPAnalytics,UserTiming,Akamai,Early,EventTiming,LOGN&acao=&ak.ai=179881
Requested by
Host: s.go-mpulse.net
URL: https://s.go-mpulse.net/boomerang/EX83G-QNMSL-P9787-NRSC7-7EJJ3
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2a02:26f0:64:699::11a6 , Ascension Island, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
3217a6955b600825965f424d1cf73bc156ade880bcb4e16760cfe1771e2da89e

Request headers

Referer
https://candynearme.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Thu, 11 Feb 2021 00:08:19 GMT
Cache-Control
public, max-age=300, stale-while-revalidate=60, stale-if-error=120
Connection
keep-alive
Timing-Allow-Origin
*
Content-Length
68
Content-Type
application/json
CharlesModern-Light.ttf
lms.schwab.com//fonts/CharlesModern/ 		0
0
bd-1-30
candynearme.com/_bm/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://candynearme.com/_bm/bd-1-30
Requested by
Host: candynearme.com
URL: https://candynearme.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.241.124.43 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
ads.fynedge.co.zw
Software
Apache /
Resource Hash

Request headers

Referer
https://candynearme.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 11 Feb 2021 00:08:18 GMT
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=5, max=96
Content-Length
315
Content-Type
text/html; charset=iso-8859-1
utag.js
tags.tiqcdn.com/utag/schwab/client-center/prod/ 		286 KB
79 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/schwab/client-center/prod/utag.js
Requested by
Host: candynearme.com
URL: https://candynearme.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.79.129.43 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-79-129-43.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
308cc991e1ca941643165c402a4b520518c2fdca03c036009708878c4877a8ba

Request headers

Referer
https://candynearme.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 11 Feb 2021 00:08:19 GMT
content-encoding
gzip
last-modified
Mon, 25 Jan 2021 21:42:12 GMT
server
AkamaiNetStorage
etag
"0a4bdd84f08ac12a47aa0b0ccbffe6f9:1611610932.519208"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=300
accept-ranges
bytes
expires
Thu, 11 Feb 2021 00:13:19 GMT
icons.png
client.schwabcdn.com/images/ 		46 KB
46 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://client.schwabcdn.com/images/icons.png?v=14.2
Requested by
Host: client.schwabcdn.com
URL: https://client.schwabcdn.com/css/master.css?v=20.22
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.79.147.58 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-79-147-58.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
4f5b35239a5b6cdaeac327f090a14bdcc0957d526250ca369762fa0e74c23f30
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://client.schwabcdn.com/css/master.css?v=20.22
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000
Last-Modified
Mon, 25 Jan 2021 16:38:08 GMT
ETag
"018277638f3d61:0"
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
Date
Thu, 11 Feb 2021 00:08:19 GMT
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
46782
X-XSS-Protection
1; mode=block
rd
dpm.demdex.net/id/
Redirect Chain
  • https://dpm.demdex.net/id?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=5DB5123F5245B1D20A490D45%40AdobeOrg&d_nsid=0&ts=1613002099488
  • https://dpm.demdex.net/id/rd?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=5DB5123F5245B1D20A490D45%40AdobeOrg&d_nsid=0&ts=1613002099488
916 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://dpm.demdex.net/id/rd?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=5DB5123F5245B1D20A490D45%40AdobeOrg&d_nsid=0&ts=1613002099488
Requested by
Host: candynearme.com
URL: https://candynearme.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.195.23.91 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-195-23-91.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
4c386e9bc6ac48f852934740acadb7ec85dc0c8177102c24172b58241f26f665
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://candynearme.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

DCS
dcs-prod-irl1-v088-0f605d4b7.edge-irl1.demdex.com 5.80.5.20210120122710 2ms (+1ms)
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Encoding
gzip
X-TID
ejWnoAPvQVk=
Vary
Origin, Accept-Encoding, User-Agent
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin
https://candynearme.com
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json;charset=utf-8
Content-Length
520
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
Access-Control-Allow-Origin
https://candynearme.com
X-TID
874gaVy2QyU=
Vary
Origin
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location
https://dpm.demdex.net/id/rd?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=5DB5123F5245B1D20A490D45%40AdobeOrg&d_nsid=0&ts=1613002099488
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
utag.v.js
tags.tiqcdn.com/utag/tiqapp/ 		2 B
202 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/tiqapp/utag.v.js?a=schwab/client-center/202101222151&cb=1613002099502
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/schwab/client-center/prod/utag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.79.129.43 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-79-129-43.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb

Request headers

Referer
https://candynearme.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 11 Feb 2021 00:08:19 GMT
last-modified
Thu, 14 Apr 2016 16:57:51 GMT
server
AkamaiNetStorage
etag
"7bc0ee636b3b83484fc3b9348863bd22:1460653071"
content-type
application/x-javascript
cache-control
max-age=600
accept-ranges
bytes
content-length
2
expires
Thu, 11 Feb 2021 00:18:19 GMT
Cookie set dest5.html
schwab.demdex.net/ Frame FC79 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://schwab.demdex.net/dest5.html?d_nsid=0
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/schwab/client-center/prod/utag.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.228.36.34 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-228-36-34.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Host
schwab.demdex.net
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://candynearme.com/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Cookie
demdex=75561428882587830282841304698000703311
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://candynearme.com/

Response headers

Accept-Ranges
bytes
Cache-Control
max-age=21600
Content-Encoding
gzip
Content-Type
text/html
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Last-Modified
Wed, 10 Feb 2021 11:30:51 GMT
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma
no-cache
Set-Cookie
demdex=75561428882587830282841304698000703311;Path=/;Domain=.demdex.net;Expires=Tue, 10-Aug-2021 00:08:19 GMT;Max-Age=15552000;Secure;SameSite=None
Strict-Transport-Security
max-age=31536000; includeSubDomains
Vary
Accept-Encoding, User-Agent
X-TID
3wslnQ+/Tf8=
Content-Length
2785
Connection
keep-alive
id
smetric.schwab.com/ 		48 B
506 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://smetric.schwab.com/id?d_visid_ver=4.4.0&d_fieldgroup=A&mcorgid=5DB5123F5245B1D20A490D45%40AdobeOrg&mid=71729616221115014113186827710040081432&ts=1613002099694
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/schwab/client-center/prod/utag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
15.237.76.117 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-15-237-76-117.eu-west-3.compute.amazonaws.com
Software
jag /
Resource Hash
f7627d753b4a186512a5d50f4c8af4d3cfafcdea9ca313a4e938fdf0d29d27a8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://candynearme.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Thu, 11 Feb 2021 00:08:19 GMT
x-content-type-options
nosniff
server
jag
xserver
anedge-5955cb7dcf-9zldx
vary
Origin
x-c
main-1422.I3bac54.M0-478
p3p
CP="This is not a P3P policy"
access-control-allow-origin
https://candynearme.com
cache-control
no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/x-javascript;charset=utf-8
content-length
48
x-xss-protection
1; mode=block
ibs:dpid=411&dpuuid=YCR1cwAAADceD08a
dpm.demdex.net/
Redirect Chain
  • https://cm.everesttech.net/cm/dd?d_uuid=75561428882587830282841304698000703311
  • https://dpm.demdex.net/ibs:dpid=411&dpuuid=YCR1cwAAADceD08a
42 B
915 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/ibs:dpid=411&dpuuid=YCR1cwAAADceD08a
Requested by
Host: candynearme.com
URL: https://candynearme.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.195.23.91 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-195-23-91.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://candynearme.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

DCS
dcs-prod-irl1-v088-06b843d8e.edge-irl1.demdex.com 5.80.5.20210120122710 0ms (+1ms)
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
X-TID
KbSKfnZqQDg=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Type
image/gif
Content-Length
42
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location
https://dpm.demdex.net/ibs:dpid=411&dpuuid=YCR1cwAAADceD08a
Date
Thu, 11 Feb 2021 00:08:19 GMT
Cache-Control
no-cache
Server
AMO-cookiemap/1.1
Connection
keep-alive
Content-Length
0
P3P
CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
s21840178991866
smetric.schwab.com/b/ss/cschwabschwabprod/10/JS-2.1.0/ 		146 B
393 B 		Script
General
Check archive.org
Download Go to
Full URL
https://smetric.schwab.com/b/ss/cschwabschwabprod/10/JS-2.1.0/s21840178991866?AQB=1&ndh=1&pf=1&callback=s_c_il[1].doPostbacks&et=1&t=11%2F1%2F2021%201%3A8%3A19%204%20-60&sdid=0F2A9CA377C11525-4D83CF3E4CE910D8&mid=71729616221115014113186827710040081432&aamlh=6&ce=UTF8&ns=charlesschwab&cdp=2&fpCookieDomainPeriods=2&pageName=%2Fprospects%2FLogin%2FSignOn%2FCustomerCenterLogin.aspx&g=https%3A%2F%2Fcandynearme.com%2F&cc=USD&ch=%2Fprospects&aamb=RKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y&c1=%2Fprospects%2FLogin%2FSignOn%2F&v1=D%3Dc1&h1=D%3Dc3&c2=%2Fprospects%2FLogin%2FSignOn%2F&v2=D%3Dc2&c3=%2Fprospects%2FLogin%2FSignOn%2F&v3=D%3Dc3&c4=Login%20%7C%20Charles%20Schwab&v4=D%3Dc4&c5=D%3Dg&v5=D%3Dg&c7=1&v7=1&c11=1&v11=1&c14=en-US&c15=Wednesday&v15=Wednesday&c16=7%3A00PM&v16=7%3A00PM&v18=D%3DpageName&v36=%2B1&v39=%2B1&c40=not%20supported&v40=%2B1&v52=%2B1&v56=AjHVx6JhgATc0PBQqTHczxK5dpG8WShX5d2HaIQsjCQs%3D&v67=Mozilla%2F5.0%20%28Macintosh%3B%20Intel%20Mac%20OS%20X%2010_14_5%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F83.0.4103.61%20Safari%2F537.36&c69=VisitorAPI%20Present&v69=VisitorAPI%20Present&v71=71729616221115014113186827710040081432&v86=prospect&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=5DB5123F5245B1D20A490D45%40AdobeOrg&AQE=1
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/schwab/client-center/prod/utag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
15.237.76.117 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-15-237-76-117.eu-west-3.compute.amazonaws.com
Software
jag /
Resource Hash
b6dd66f42779715e6a6c17d814250c46706e7d174f9e2cd38c34f4b31ef07bd0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://candynearme.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-aam-tid
xesZqz3rQ1g=
date
Thu, 11 Feb 2021 00:08:19 GMT
x-content-type-options
nosniff
x-c
main-1422.I3bac54.M0-478
p3p
CP="This is not a P3P policy"
vary
*
content-length
146
x-xss-protection
1; mode=block
dcs
dcs-prod-irl1-v088-02ac6c2be.edge-irl1.demdex.com 5.80.5.20210120122710 4ms (+1ms)
pragma
no-cache
last-modified
Fri, 12 Feb 2021 00:08:19 GMT
server
jag
xserver
anedge-5955cb7dcf-v8kgv
etag
3463895633590648832-4621772546010932366
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/x-javascript;charset=utf-8
access-control-allow-origin
*
cache-control
no-cache, no-store, max-age=0, no-transform, private
expires
Wed, 10 Feb 2021 00:08:19 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
lms.schwab.com
URL
https://lms.schwab.com//fonts/CharlesModern/CharlesModern-Light.woff
Domain
lms.schwab.com
URL
https://lms.schwab.com//fonts/CharlesModern/CharlesModern-Light.ttf

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Charles Schwab (Financial)

252 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated object| tempArr function| SelectedPositionChange function| AddFootNoteRow function| AddTableData function| GetQuantityValue function| SetDivElementHeight function| SetHeaderAndDataTableWidth function| LoadPositions function| truncate function| GetCashRow function| GetResourceText function| CheckRestrictedStock function| ShowFootNotes function| ShowEmptyPositionMessage function| ShowServiceErrorMessage function| HideAllPanel function| AddErrorTable function| GetSuperScriptNumber function| LoadPositionData function| GetSuperScriptId function| addEvent function| Autocomplete function| autoSelect function| hideDrp function| FirmNameOnFocus function| FirmNameOnBlur function| fnReadMsg function| AutocompleteLimit object| woms boolean| flagDiv function| showHideData function| ResizeIframe function| CallIntermediatePage function| checkAccBrokPanelStatus function| AutoComplete_GetLeft function| AutoComplete_GetTop function| expandCollapsePnl function| showTab function| expandCollapsePnlsAndLinks function| expandCollapsePnls function| expandCollapsePnlsInsideIFrame function| expandCollapsePnlsOnLoad function| printit function| openPop function| openEmailBounce function| openPopSMWin function| loadTransparentIFrame function| setIFramePos function| showDivIframe function| hideDiv function| womGo function| womAdd function| handleDocumentClick function| getCookieVal function| PopupPrintScript function| hideSelectAccount function| AdjustQlinksLength function| setQLinksOnWindowResize function| setQLinksPos function| PrintPreviewScript function| clearMutualFund string| ie_var string| moz_var string| dataDir string| resource_key undefined| sl_DataDir undefined| sl_Resx function| setDataDir_txt function| setDataDir_lnk function| CreateEvents function| AttachEvents function| SetAdvanceSearchURL function| AttachOnWindowLoad function| CalQuote function| OpenSuperBond function| fnSubmitEnter undefined| SBwin function| openPopup function| isValidUrl function| JSAlert undefined| prevTooltip function| getWindowWidth function| mouseX function| mouseY function| tooltip boolean| hasSubmitted function| CheckContinue function| getCookieIndex function| setCookieIndex function| setCookie function| trim function| BeginTransaction function| EndTransaction function| getTransactionStatus function| setControlsState function| enableDisableControls function| HideOrDisplayBody function| MarketStorm function| MarginDetailsDefaultView function| ChangeMarginDetails function| BindPositionsDropdown function| PositionOnChange function| hideQuickLinks function| changeAccount function| Redirect function| saToolTip function| ShowSpinner function| HideError function| closeAccountSelector function| highlightRow function| unHighlightRow function| checkAccBrokPanelStatusPanel function| showHideDataPanel function| expandCollapsePanelLink function| SetCursorLast function| StringBuffer function| getOverlayScript function| OverlayUpdateEmail function| DCDoWebAnalyticsLevel3Links function| AdobeTagging function| toOpenPopup string| capsKeyPress object| capLockNs function| $ function| jQuery string| waEnvId string| waCategoryName string| waPageName string| BOOMR_API_key object| BOOMR number| BOOMR_lstart string| bazadebezolkohpepadr object| BOOMR_mq boolean| wa_enable number| hexcase string| b64pad number| chrsz string| sendBid boolean| wa_global_disable function| SHA256 function| getCookie function| fetchBrowserId function| base64ToAscii function| mkTmsCookie function| str2ab function| bin2String function| createGuid object| scatAccounts object| utag_data object| TagParameters string| pnlError string| lblError undefined| objpnlError undefined| objlblError function| DisplayError function| ObjInitialization function| ShowMessage function| onAbrSubmit function| abrPost object| schwab object| _cf object| GLANCE string| displayType string| utagLibPath boolean| utag_condload boolean| GUTtransition boolean| isInFrame boolean| isOnSchwab boolean| isHgTools object| utag function| e object| s function| AppMeasurement function| s_gi function| s_pgicq function| AppMeasurement_Module_Integrate function| AppMeasurement_Module_Media object| _aaq function| waCleanStr function| waPageNameFix string| bot_traffic object| utag_cfg_ovrd object| tms object| GUT object| adobe function| Visitor object| s_c_il number| s_c_in number| s_objectID number| s_giq number| sizmekTagId number| doubleClickTagId string| gtagRename object| dataLayer function| gtag number| adWordsTagId function| SzOnClickTracking function| mmConversionTag function| mmRedirect function| mmExecutePublisherCode function| mmDelayLink function| trackSizmek function| scatAutoHandler function| scatAutoTrackFileDownloads function| scatAutoTrackExitLinks function| scatTagOverlay function| waTagOverlay function| scatSearchEvent function| scatSetCustom23 function| DcVideoTagging function| waMediaOpen function| waMediaPause function| waMediaPlay function| waMediaClose function| waMediaStop function| waMediaScrub function| waMediaComplete function| waMediaPercentComplete function| scatSetCategoryAndPageName function| scatSendAsync function| scatUpdateCeid function| scatTrackFileDL function| scatCustomLinkTrack function| scatShareLinkTrack function| scatPrintTrack function| scatChatSuccessTrack function| marketoTrackLink function| trackAdobe function| trackMarketo function| GetRefrid function| DcOnClickTracking function| trackDoubleClick function| AwOnClickTracking function| trackAdWords function| GUTtrack boolean| iflset string| j string| k number| slo object| s_i_cschwabschwabprod number| BOOMR_onload

7 Cookies

Domain/Path Name / Value
.demdex.net/ Name: dextp
Value: 477-1-1613002099876
.demdex.net/ Name: demdex
Value: 75561428882587830282841304698000703311
.candynearme.com/ Name: AMCV_5DB5123F5245B1D20A490D45%40AdobeOrg
Value: 1585540135%7CMCIDTS%7C18670%7CMCMID%7C71729616221115014113186827710040081432%7CMCAAMLH-1613606899%7C6%7CMCAAMB-1613606899%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1613009299s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-18677%7CvVersion%7C4.4.0
.candynearme.com/ Name: s_sess
Value: %20s_linkTracking%3D%3B%20s_cc%3Dtrue%3B
.candynearme.com/ Name: s_pers
Value: %20s_vnum%3D2045002099848%2526vn%253D1%7C2045002099848%3B%20s_invisit%3Dtrue%7C1613003899848%3B%20s_prevCh%3D%252Fprospects%7C1613003899853%3B%20s_depth%3D1%7C1613003899854%3B%20s_gpv_pn%3D%252Fprospects%252FLogin%252FSignOn%252FCustomerCenterLogin.aspx%7C1613003899856%3B
.candynearme.com/ Name: AMCVS_5DB5123F5245B1D20A490D45%40AdobeOrg
Value: 1
.candynearme.com/ Name: utag_main
Value: v_id:01778e6acb14000244e69b751f4500078001807000b08$_sn:1$_ss:1$_st:1613003899476$ses_id:1613002099476%3Bexp-session$_pn:1%3Bexp-session$vapi_domain:candynearme.com

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

c.go-mpulse.net
candynearme.com
client.schwab.com
client.schwabcdn.com
cm.everesttech.net
content.schwab.com
dpm.demdex.net
lms.schwab.com
s.go-mpulse.net
schwab.demdex.net
smetric.schwab.com
tags.tiqcdn.com
www.schwab.com
lms.schwab.com
15.237.76.117
162.241.124.43
23.79.129.43
23.79.130.82
23.79.147.199
23.79.147.58
23.79.157.84
2a02:26f0:64:699::11a6
2a02:26f0:7100:199::11a6
54.195.23.91
54.228.36.34
99.81.11.244
09ebd7f407439990aac227e70da23e1a819e8e30282928e324370805f480bec4
0c1f7d2d3fa4ed7ec3cf2519cd017ddb5bc8de757e00ed8f84cd8991059a0631
1fa95b7b9273857545aa8fadfd7cad569d5d87f269b75030549ce615b7fb220d
211d376b8e8c5648f408e2fff70ddcb5174d322a8738a6e4e00c87197fc6d7d1
2ccc4d3be744a29473fefe2f313fdae488f460b85a47e8427f748358a54ba048
308cc991e1ca941643165c402a4b520518c2fdca03c036009708878c4877a8ba
3217a6955b600825965f424d1cf73bc156ade880bcb4e16760cfe1771e2da89e
4c386e9bc6ac48f852934740acadb7ec85dc0c8177102c24172b58241f26f665
4f5b35239a5b6cdaeac327f090a14bdcc0957d526250ca369762fa0e74c23f30
73f17b3f47eebac13baa22e96210929daaaa83eaf2c5620febd8997ccae9cbc4
8eb77a16c1eb72c1103964d3507af8679d54a0b128ce1cf07ad75b40bc470a90
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb
ae0b1ac6ab8fa33be75f361366836761b41f5b38863a2bcf62400263a33a6daa
b6dd66f42779715e6a6c17d814250c46706e7d174f9e2cd38c34f4b31ef07bd0
c7460e7688bd8bc00b292818b5de98a14fddadd1b9a2218b1e0823b6f7e384e7
ce18412ac1c6650c3ec74f0b04e93765c09d932c363cb934630854155db80403
dcce7d414cc17c26693cce9959f87a1a085ef66cbc2c4483c7a12b2c1aab1ede
e6549315fcce2a76314ef5112c36d711dda397bbe2209acb22c44eae7e3c7405
e87107962df2fa9db2bfb003dcb609f364cc8964242f1a7f8af98239e44ca472
ec85f6f2ee937da8ef7b334f2994850d5832db97c9807e393368412af445c69e
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efb1ee3164bafe7de5c391b40be6ae51d0fc8de8ed7c76cd729dd6a38d5de05e
f7627d753b4a186512a5d50f4c8af4d3cfafcdea9ca313a4e938fdf0d29d27a8