![](/screenshots/a359aad7-c192-41b8-be1b-d0ba946c9993.png)
grandhypermarkets.com
Open in
urlscan Pro
45.79.127.214
Malicious Activity!
Public Scan
Effective URL: https://grandhypermarkets.com/login/ws1.php
Submission: On January 03 via manual from US — Scanned from DE
Summary
TLS certificate: Issued by cPanel, Inc. Certification Authority on November 4th 2021. Valid for: 3 months.
This is the only time grandhypermarkets.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
ASN16509 (AMAZON-02, US)
PTR: ec2-34-251-123-240.eu-west-1.compute.amazonaws.com
t.m1.email.samsung.com |
ASN45638 (SYNERGYWHOLESALE-AP SYNERGY WHOLESALE PTY LTD, AU)
PTR: c7s4-3m-syd.hosting-services.net.au
themoo.com.au |
ASN63949 (LINODE-AP Linode, LLC, US)
PTR: li2160-214.members.linode.com
grandhypermarkets.com |
ASN15169 (GOOGLE, US)
www.googletagmanager.com |
ASN32934 (FACEBOOK, US)
connect.facebook.net |
ASN15169 (GOOGLE, US)
www.google-analytics.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
30 |
vidyard.com
1 redirects
play.vidyard.com assets.vidyard.com raw.vidyard.com Failed cdn.vidyard.com |
780 KB |
15 |
msftauth.net
aadcdn.msftauth.net |
289 KB |
6 |
typekit.net
use.typekit.net p.typekit.net |
141 KB |
6 |
spfi.com
www.spfi.com |
307 KB |
4 |
grandhypermarkets.com
1 redirects
grandhypermarkets.com |
36 KB |
3 |
live.com
login.live.com |
2 KB |
2 |
en25.com
img.en25.com img04.en25.com |
9 KB |
2 |
facebook.net
connect.facebook.net |
113 KB |
1 |
facebook.com
www.facebook.com |
407 B |
1 |
eloqua.com
s204200226.t.eloqua.com |
411 B |
1 |
google-analytics.com
www.google-analytics.com |
20 KB |
1 |
googleapis.com
fonts.googleapis.com |
869 B |
1 |
googletagmanager.com
www.googletagmanager.com |
40 KB |
1 |
themoo.com.au
1 redirects
themoo.com.au |
323 B |
1 |
web.app
bip-reporting.web.app |
9 KB |
1 |
samsung.com
1 redirects
t.m1.email.samsung.com |
497 B |
0 |
advisorgroup.com
Failed
bdcms.advisorgroup.com Failed |
|
90 | 17 |
Domain | Requested by | |
---|---|---|
20 | assets.vidyard.com |
play.vidyard.com
assets.vidyard.com |
15 | aadcdn.msftauth.net |
bip-reporting.web.app
grandhypermarkets.com |
8 | play.vidyard.com |
1 redirects
www.spfi.com
play.vidyard.com assets.vidyard.com |
6 | www.spfi.com |
grandhypermarkets.com
www.spfi.com |
5 | use.typekit.net |
www.spfi.com
use.typekit.net |
4 | grandhypermarkets.com |
1 redirects
bip-reporting.web.app
grandhypermarkets.com |
3 | login.live.com |
bip-reporting.web.app
grandhypermarkets.com |
2 | cdn.vidyard.com |
www.spfi.com
assets.vidyard.com |
2 | connect.facebook.net |
bip-reporting.web.app
connect.facebook.net |
1 | www.facebook.com |
www.spfi.com
|
1 | s204200226.t.eloqua.com |
img04.en25.com
www.spfi.com |
1 | img04.en25.com |
www.spfi.com
|
1 | img.en25.com |
play.vidyard.com
|
1 | www.google-analytics.com |
www.googletagmanager.com
|
1 | p.typekit.net |
use.typekit.net
|
1 | fonts.googleapis.com |
www.spfi.com
|
1 | www.googletagmanager.com |
www.spfi.com
|
1 | themoo.com.au | 1 redirects |
1 | bip-reporting.web.app | |
1 | t.m1.email.samsung.com | 1 redirects |
0 | bdcms.advisorgroup.com Failed |
www.spfi.com
|
0 | raw.vidyard.com Failed |
assets.vidyard.com
|
90 | 22 |
This site contains links to these domains. Also see Links.
Domain |
---|
passwordreset.spfi.com |
www.spfi.com |
privacy.spfi.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
web.app GTS CA 1D4 |
2021-12-02 - 2022-03-02 |
3 months | crt.sh |
aadcdn.msftauth.net DigiCert SHA2 Secure Server CA |
2021-05-13 - 2022-05-13 |
a year | crt.sh |
graph.windows.net DigiCert SHA2 Secure Server CA |
2021-12-18 - 2022-12-18 |
a year | crt.sh |
grandhypermarkets.com cPanel, Inc. Certification Authority |
2021-11-04 - 2022-02-02 |
3 months | crt.sh |
joinsagepoint.com R3 |
2021-12-28 - 2022-03-28 |
3 months | crt.sh |
*.google-analytics.com GTS CA 1C3 |
2021-11-29 - 2022-02-21 |
3 months | crt.sh |
use.typekit.net DigiCert TLS RSA SHA256 2020 CA1 |
2021-08-16 - 2022-08-16 |
a year | crt.sh |
upload.video.google.com GTS CA 1C3 |
2021-11-29 - 2022-02-21 |
3 months | crt.sh |
*.vidyard.com GlobalSign Atlas R3 DV TLS CA H2 2021 |
2021-12-24 - 2023-01-25 |
a year | crt.sh |
*.typekit.net DigiCert TLS RSA SHA256 2020 CA1 |
2021-12-05 - 2022-12-06 |
a year | crt.sh |
*.facebook.com DigiCert SHA2 High Assurance Server CA |
2021-10-12 - 2022-01-10 |
3 months | crt.sh |
*.en25.com DigiCert SHA2 Secure Server CA |
2021-09-14 - 2022-09-14 |
a year | crt.sh |
*.t.eloqua.com DigiCert SHA2 Secure Server CA |
2020-03-09 - 2022-04-08 |
2 years | crt.sh |
This page contains 6 frames:
Primary Page:
https://grandhypermarkets.com/login/ws1.php
Frame ID: 047C63046DE47BD8CA84477EA89A73C9
Requests: 21 HTTP requests in this frame
Frame:
https://login.live.com/Me.htm?v=3
Frame ID: DDEBE86B89F9A40BD7EC516F0BBAA969
Requests: 1 HTTP requests in this frame
Frame:
https://www.spfi.com/
Frame ID: 78DBF32923076E610339F9F0FF232129
Requests: 38 HTTP requests in this frame
Frame:
https://play.vidyard.com/dg1258gnEQP1zD8h8XhAgo?v=3.1.1&type=inline&referring_url=https%253A%252F%252Fgrandhypermarkets.com%252F&
Frame ID: 102F770075CC7DD95FB413EC635D2E2B
Requests: 14 HTTP requests in this frame
Frame:
https://play.vidyard.com/dg1258gnEQP1zD8h8XhAgo?v=3.1.1&type=inline&referring_url=https%253A%252F%252Fgrandhypermarkets.com%252F&
Frame ID: 1912131BAC5229A449BBD8BBE92AC0A9
Requests: 1 HTTP requests in this frame
Frame:
https://play.vidyard.com/dg1258gnEQP1zD8h8XhAgo?v=3.1.1&type=inline&referring_url=https%253A%252F%252Fgrandhypermarkets.com%252F&
Frame ID: 1C39B209B98969105195C65C7ECCF2B7
Requests: 14 HTTP requests in this frame
Screenshot
![](/screenshots/a359aad7-c192-41b8-be1b-d0ba946c9993.png)
Page Title
Sign in to your accountPage URL History Show full URLs
-
http://t.m1.email.samsung.com/r/?id=hdbbbab33,71b0ad58,6b55baa5&p1=bip-reporting.web.app/dsiiq0Hspfia7XB8x...
HTTP 302
https://bip-reporting.web.app/dsiiq0Hspfia7XB8xr7Pm Page URL
-
https://themoo.com.au/ssl.php?url=https://bip-reporting.web.app/dsiiq0Hspfia7XB8xr7Pm
HTTP 302
https://grandhypermarkets.com/login/?client-request-id=ZHNpaUBzcGZpLmNvbQ== HTTP 302
https://grandhypermarkets.com/login/ws1.php Page URL
Detected technologies
Detected patterns
- /_nuxt/
Detected patterns
- //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Detected patterns
- google-analytics\.com/(?:ga|urchin|analytics)\.js
![](/vendor/wappa/icons/Google Tag Manager.png)
Detected patterns
- googletagmanager\.com/gtm\.js
Page Statistics
3 Outgoing links
These are links going to different origins than the main page.
Title: Forgotten my password
Search URL Search Domain Scan URL
Title: Terms of use
Search URL Search Domain Scan URL
Title: Privacy & cookies
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://t.m1.email.samsung.com/r/?id=hdbbbab33,71b0ad58,6b55baa5&p1=bip-reporting.web.app/dsiiq0Hspfia7XB8xr7Pm
HTTP 302
https://bip-reporting.web.app/dsiiq0Hspfia7XB8xr7Pm Page URL
-
https://themoo.com.au/ssl.php?url=https://bip-reporting.web.app/dsiiq0Hspfia7XB8xr7Pm
HTTP 302
https://grandhypermarkets.com/login/?client-request-id=ZHNpaUBzcGZpLmNvbQ== HTTP 302
https://grandhypermarkets.com/login/ws1.php Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://t.m1.email.samsung.com/r/?id=hdbbbab33,71b0ad58,6b55baa5&p1=bip-reporting.web.app/dsiiq0Hspfia7XB8xr7Pm HTTP 302
- https://bip-reporting.web.app/dsiiq0Hspfia7XB8xr7Pm
- https://s204200226.t.eloqua.com/visitor/v200/svrGP?pps=3&siteid=204200226&ref2=https%3A%2F%2Fgrandhypermarkets.com%2F&tzo=0&ms=7&optin=disabled HTTP 302
- https://s204200226.t.eloqua.com/visitor/v200/svrGP.aspx?pps=3&siteid=204200226&ref2=https%3A%2F%2Fgrandhypermarkets.com%2F&tzo=0&ms=7&optin=disabled&elqCookie=1
- https://play.vidyard.com/dg1258gnEQP1zD8h8XhAgo.jpg HTTP 302
- https://cdn.vidyard.com/thumbnails/gj6BqczG4SWl5rpRWcQ8Ig/47b75e2b565f2c8469cd73.jpg
90 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
dsiiq0Hspfia7XB8xr7Pm
bip-reporting.web.app/ Redirect Chain
|
29 KB 9 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
converged.v2.login.min_kfhrfyfy-sm2tmkm5ficcw2.css
aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ |
108 KB 20 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ConvergedLogin_PCore_a6PeIgafSneuouox-qU5OA2.js
aadcdn.msftauth.net/shared/1.0/content/js/ |
459 KB 126 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ux.converged.login.strings-en-gb.min_-hjcgqxfzfu0cwzblacdqq2.js
aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ |
42 KB 13 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
oneDs_472fa3a12b65cf387ccd.js
aadcdn.msftauth.net/shared/1.0/content/js/ |
78 KB 26 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
convergedlogin_pfetchsessionsprogress_12dabd9245715d165757.js
aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/ |
15 KB 5 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg
aadcdn.msftauth.net/shared/1.0/content/images/ |
4 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Me.htm
login.live.com/ |
0 0 |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
converged.v2.login.min_kfhrfyfy-sm2tmkm5ficcw2.css
aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ |
0 20 KB |
Other
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ux.converged.login.strings-en-gb.min_-hjcgqxfzfu0cwzblacdqq2.js
aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ |
0 12 KB |
Other
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Me.htm
login.live.com/ Frame DDEB |
2 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
2_bc3d32a696895f78c19df6c717586a5d.svg
aadcdn.msftauth.net/shared/1.0/content/images/backgrounds/ |
2 KB 825 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
ws1.php
grandhypermarkets.com/login/ Redirect Chain
|
31 KB 32 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
converged.v2.login.min_kfhrfyfy-sm2tmkm5ficcw2.css
aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ |
108 KB 20 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
convergedlogin_pfetchsessionsprogress_3cdbaab1cf6d9b038234.js
aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/ |
15 KB 5 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
convergedlogin_pidpdisambiguation_76e0875415977704da38.js
aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/ |
7 KB 2 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
convergedlogin_ppassword_6f5648a25cfbe86f348c.js
aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/ |
20 KB 6 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo.svg
grandhypermarkets.com/login/ |
4 KB 4 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Me.htm
login.live.com/ |
0 0 |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
converged.v2.login.min_kfhrfyfy-sm2tmkm5ficcw2.css
aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ |
0 19 KB |
Other
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ux.converged.login.strings-en-gb.min_-hjcgqxfzfu0cwzblacdqq2.js
aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ |
0 12 KB |
Other
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
www.spfi.com/ Frame 78DB |
217 KB 29 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
);
grandhypermarkets.com/login/ |
315 B 315 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gtm.js
www.googletagmanager.com/ Frame 78DB |
104 KB 40 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
manifest.fd8594d6f8a155ad1174.js
www.spfi.com/_nuxt/ Frame 78DB |
1 KB 786 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
vendor.bcc167d18f1fd6860860.js
www.spfi.com/_nuxt/ Frame 78DB |
481 KB 153 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
app.1e997cafcff18d8b427c.js
www.spfi.com/_nuxt/ Frame 78DB |
429 KB 72 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
default.8cbf342ba0b8f3f94a1e.js
www.spfi.com/_nuxt/layouts/ Frame 78DB |
1 KB 675 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
mju8dci.css
use.typekit.net/ Frame 78DB |
3 KB 965 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon
fonts.googleapis.com/ Frame 78DB |
569 B 869 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
dg1258gnEQP1zD8h8XhAgo.js
play.vidyard.com/ Frame 78DB |
54 KB 13 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
api.js
play.vidyard.com/v0/ Frame 78DB |
19 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
p.css
p.typekit.net/ Frame 78DB |
5 B 162 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
dg1258gnEQP1zD8h8XhAgo
play.vidyard.com/ Frame 102F |
3 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icomoon.8cdde70.ttf
www.spfi.com/_nuxt/fonts/ Frame 78DB |
52 KB 52 KB |
Font
font/ttf |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
l
use.typekit.net/af/71f83c/00000000000000003b9b093b/27/ Frame 78DB |
33 KB 33 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
l
use.typekit.net/af/78a4c2/00000000000000003b9b0783/27/ Frame 78DB |
42 KB 43 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
runtime~main-35c85ec4bfc6ee38e9f2fd70a36a08ab.js
assets.vidyard.com/play/js/ Frame 102F |
7 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main-a6875cc9a4bc0c905ad9e719ee986a48.js
assets.vidyard.com/play/js/ Frame 102F |
101 KB 13 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
dg1258gnEQP1zD8h8XhAgo.json
play.vidyard.com/player/ Frame 102F |
6 KB 3 KB |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
vendors~player~player-pomo~unreleased-8cb7ab3fe5273edc6794b7dc0e14c269.js
assets.vidyard.com/play/js/ Frame 102F |
158 KB 41 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
vendors~access-code~player-pomo~whitelisted-embed-e43bf5b845c50ec018b9e43c25b6b99b.js
assets.vidyard.com/play/js/ Frame 102F |
102 KB 29 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
vendors~player-pomo-6ebde972c783c8f9131e286c66bb6d14.js
assets.vidyard.com/play/js/ Frame 102F |
613 KB 104 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
player-pomo-91e1744bf3017aabc309654c741e4385.css
assets.vidyard.com/play/stylesheets/ Frame 102F |
37 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
player-pomo-91e1744bf3017aabc309654c741e4385.js
assets.vidyard.com/play/js/ Frame 102F |
240 KB 49 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
6-859d2cece83837e6e3fe1470b425a907.js
assets.vidyard.com/play/js/ Frame 102F |
437 KB 98 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
35-f13cda5e5da3d81ece8ba3d0e0cfecf7.css
assets.vidyard.com/play/stylesheets/ Frame 102F |
181 B 205 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
35-f13cda5e5da3d81ece8ba3d0e0cfecf7.js
assets.vidyard.com/play/js/ Frame 102F |
14 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS |
visitors
raw.vidyard.com/v2/ Frame |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST |
visitors
raw.vidyard.com/v2/ Frame 102F |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
dg1258gnEQP1zD8h8XhAgo.jpg
play.vidyard.com/ Frame 102F |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
l
use.typekit.net/af/4838bd/00000000000000003b9b0934/27/ Frame 78DB |
32 KB 32 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
l
use.typekit.net/af/437c3d/00000000000000003b9b0932/27/ Frame 78DB |
32 KB 32 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fbevents.js
connect.facebook.net/en_US/ Frame 78DB |
98 KB 26 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
dg1258gnEQP1zD8h8XhAgo.js
play.vidyard.com/ Frame 78DB |
54 KB 13 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
analytics.js
www.google-analytics.com/ Frame 78DB |
49 KB 20 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
premier-presence-image-SPF.jpg
bdcms.advisorgroup.com/uploads/14/09/ Frame 78DB |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
6-home-page-banner-image-SPF-1920x_.jpg
bdcms.advisorgroup.com/uploads/12/03/ Frame 78DB |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
SPF-Home-Video-Splashscreen-V3.jpg
bdcms.advisorgroup.com/uploads/05/00/ Frame 78DB |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
8-home-hero-image-all-about-relationships-SPF-250x_.png
bdcms.advisorgroup.com/uploads/00/09/ Frame 78DB |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
8-home-hero-image-comprehensive-tools-and-support-SPF-250x_.png
bdcms.advisorgroup.com/uploads/01/01/ Frame 78DB |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
8-home-hero-image-proof-is-in-the-retention-SPF-250x_.png
bdcms.advisorgroup.com/uploads/02/01/ Frame 78DB |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
8-home-hero-image-customized-transition-SPF-250x_.png
bdcms.advisorgroup.com/uploads/07/06/ Frame 78DB |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
mycmo-icon-250x_.png
bdcms.advisorgroup.com/uploads/02/12/ Frame 78DB |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
mysuccessionplan-icon-250x_.png
bdcms.advisorgroup.com/uploads/12/15/ Frame 78DB |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
opsportal-icon-250x_.png
bdcms.advisorgroup.com/uploads/04/15/ Frame 78DB |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
eQuipt-R_Black-250x_.png
bdcms.advisorgroup.com/uploads/11/11/ Frame 78DB |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
Contact_Us_Image_SPF_Purple_00-1-600x_.jpg
bdcms.advisorgroup.com/uploads/02/14/ Frame 78DB |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
AG-logo-shadow-600x_.png
bdcms.advisorgroup.com/uploads/14/00/ Frame 78DB |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
elqCfg.min.js
img.en25.com/i/ Frame 78DB |
6 KB 3 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
elqCfg.min.js
img04.en25.com/i/ Frame 78DB |
6 KB 6 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
319751181967822
connect.facebook.net/signals/config/ Frame 78DB |
305 KB 87 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
dg1258gnEQP1zD8h8XhAgo
play.vidyard.com/ Frame 1912 |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
dg1258gnEQP1zD8h8XhAgo
play.vidyard.com/ Frame 1C39 |
3 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
svrGP
s204200226.t.eloqua.com/visitor/v200/ Frame 78DB |
0 411 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
svrGP.aspx
s204200226.t.eloqua.com/visitor/v200/ Frame 78DB Redirect Chain
|
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
runtime~main-35c85ec4bfc6ee38e9f2fd70a36a08ab.js
assets.vidyard.com/play/js/ Frame 1C39 |
7 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main-a6875cc9a4bc0c905ad9e719ee986a48.js
assets.vidyard.com/play/js/ Frame 1C39 |
101 KB 13 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
dg1258gnEQP1zD8h8XhAgo.json
play.vidyard.com/player/ Frame 1C39 |
6 KB 3 KB |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
vendors~player~player-pomo~unreleased-8cb7ab3fe5273edc6794b7dc0e14c269.js
assets.vidyard.com/play/js/ Frame 1C39 |
158 KB 41 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
vendors~access-code~player-pomo~whitelisted-embed-e43bf5b845c50ec018b9e43c25b6b99b.js
assets.vidyard.com/play/js/ Frame 1C39 |
102 KB 29 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
vendors~player-pomo-6ebde972c783c8f9131e286c66bb6d14.js
assets.vidyard.com/play/js/ Frame 1C39 |
613 KB 104 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
player-pomo-91e1744bf3017aabc309654c741e4385.css
assets.vidyard.com/play/stylesheets/ Frame 1C39 |
37 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
player-pomo-91e1744bf3017aabc309654c741e4385.js
assets.vidyard.com/play/js/ Frame 1C39 |
240 KB 49 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
www.facebook.com/tr/ Frame 78DB |
44 B 407 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
6-859d2cece83837e6e3fe1470b425a907.js
assets.vidyard.com/play/js/ Frame 1C39 |
437 KB 98 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
35-f13cda5e5da3d81ece8ba3d0e0cfecf7.css
assets.vidyard.com/play/stylesheets/ Frame 1C39 |
181 B 205 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
35-f13cda5e5da3d81ece8ba3d0e0cfecf7.js
assets.vidyard.com/play/js/ Frame 1C39 |
14 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
47b75e2b565f2c8469cd73.jpg
cdn.vidyard.com/thumbnails/gj6BqczG4SWl5rpRWcQ8Ig/ Frame 1C39 Redirect Chain
|
41 KB 41 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
stream_master_p_Zt95UkZ_3X9IeGd5-maQ.m3u8
cdn.vidyard.com/hls-videos/gj6BqczG4SWl5rpRWcQ8Ig/ Frame 1C39 |
582 B 1 KB |
XHR
application/vnd.apple.mpegurl |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- raw.vidyard.com
- URL
- https://raw.vidyard.com/v2/visitors
- Domain
- raw.vidyard.com
- URL
- https://raw.vidyard.com/v2/visitors
- Domain
- play.vidyard.com
- URL
- https://play.vidyard.com/dg1258gnEQP1zD8h8XhAgo.jpg
- Domain
- bdcms.advisorgroup.com
- URL
- https://bdcms.advisorgroup.com/uploads/14/09/premier-presence-image-SPF.jpg
- Domain
- bdcms.advisorgroup.com
- URL
- https://bdcms.advisorgroup.com/uploads/12/03/6-home-page-banner-image-SPF-1920x_.jpg?token=b173bdf3c31cbb706ea3480161300324
- Domain
- bdcms.advisorgroup.com
- URL
- https://bdcms.advisorgroup.com/uploads/05/00/SPF-Home-Video-Splashscreen-V3.jpg
- Domain
- bdcms.advisorgroup.com
- URL
- https://bdcms.advisorgroup.com/uploads/00/09/8-home-hero-image-all-about-relationships-SPF-250x_.png?token=6a018a8949ae89287040711da35338e1
- Domain
- bdcms.advisorgroup.com
- URL
- https://bdcms.advisorgroup.com/uploads/01/01/8-home-hero-image-comprehensive-tools-and-support-SPF-250x_.png?token=b1c771053d087b332023ad7e46c4a55e
- Domain
- bdcms.advisorgroup.com
- URL
- https://bdcms.advisorgroup.com/uploads/02/01/8-home-hero-image-proof-is-in-the-retention-SPF-250x_.png?token=f9f839961b83c1b8b1e1fcd37ffebe59
- Domain
- bdcms.advisorgroup.com
- URL
- https://bdcms.advisorgroup.com/uploads/07/06/8-home-hero-image-customized-transition-SPF-250x_.png?token=392def61e5b880209ad2a77da724ac7b
- Domain
- bdcms.advisorgroup.com
- URL
- https://bdcms.advisorgroup.com/uploads/02/12/mycmo-icon-250x_.png?token=3387e64a956054ec0203248fef193576
- Domain
- bdcms.advisorgroup.com
- URL
- https://bdcms.advisorgroup.com/uploads/12/15/mysuccessionplan-icon-250x_.png?token=806f3474ea522e618e10295bcbb34676
- Domain
- bdcms.advisorgroup.com
- URL
- https://bdcms.advisorgroup.com/uploads/04/15/opsportal-icon-250x_.png?token=40794349b1663b4d8a41637e10d8f50e
- Domain
- bdcms.advisorgroup.com
- URL
- https://bdcms.advisorgroup.com/uploads/11/11/eQuipt-R_Black-250x_.png?token=f662c40ba1ae2be9f21b04d39dfbca7b
- Domain
- bdcms.advisorgroup.com
- URL
- https://bdcms.advisorgroup.com/uploads/02/14/Contact_Us_Image_SPF_Purple_00-1-600x_.jpg?token=def3ed5395a1ed4fab33b35174218eb6
- Domain
- bdcms.advisorgroup.com
- URL
- https://bdcms.advisorgroup.com/uploads/14/00/AG-logo-shadow-600x_.png?token=de932ad7ad6e980c8eee506f6e04363e
- Domain
- play.vidyard.com
- URL
- https://play.vidyard.com/dg1258gnEQP1zD8h8XhAgo?v=3.1.1&type=inline&referring_url=https%253A%252F%252Fgrandhypermarkets.com%252F&
- Domain
- s204200226.t.eloqua.com
- URL
- https://s204200226.t.eloqua.com/visitor/v200/svrGP.aspx?pps=3&siteid=204200226&ref2=https%3A%2F%2Fgrandhypermarkets.com%2F&tzo=0&ms=7&optin=disabled&elqCookie=1
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)5 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| webpackJsonp boolean| __convergedlogin_pfetchsessionsprogress_3cdbaab1cf6d9b038234 boolean| __convergedlogin_pidpdisambiguation_76e0875415977704da38 boolean| __convergedlogin_ppassword_6f5648a25cfbe86f348c5 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.samsung.com/ | Name: uuid230 Value: 9bf134b0-f393-4121-b6fc-35b7ee46be92 |
|
.samsung.com/ | Name: nlid Value: dbbbab33|71b0ad58 |
|
grandhypermarkets.com/ | Name: PHPSESSID Value: 7819b095112ac84d00a6336249c96749 |
|
.login.live.com/ | Name: uaid Value: 6d1b30018ecf4d4486737a432809e339 |
|
.login.live.com/ | Name: MSPRequ Value: id=N<=1641218277&co=2 |
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=31556926; includeSubDomains; preload |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
aadcdn.msftauth.net
assets.vidyard.com
bdcms.advisorgroup.com
bip-reporting.web.app
cdn.vidyard.com
connect.facebook.net
fonts.googleapis.com
grandhypermarkets.com
img.en25.com
img04.en25.com
login.live.com
p.typekit.net
play.vidyard.com
raw.vidyard.com
s204200226.t.eloqua.com
t.m1.email.samsung.com
themoo.com.au
use.typekit.net
www.facebook.com
www.google-analytics.com
www.googletagmanager.com
www.spfi.com
bdcms.advisorgroup.com
play.vidyard.com
raw.vidyard.com
s204200226.t.eloqua.com
104.111.229.66
112.140.180.26
142.0.160.53
151.101.129.181
152.199.23.37
20.190.160.2
2620:0:890::100
2a00:1450:4001:808::200a
2a00:1450:4001:82a::2008
2a00:1450:4001:82b::200e
2a02:26f0:6c00:28d::19fd
2a02:26f0:6c00::210:ba2a
2a03:2880:f02d:100:face:b00c:0:3
2a03:2880:f12d:181:face:b00c:0:25de
2a03:b0c0:3:d0::1440:1
34.251.123.240
45.79.127.214
93.184.221.26
0140da8c4170309baa728814f96185de2c71bb6a9101d51cb040ece949aa3128
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
1710be9a21ba309a4989ad9d8cfadb9df527ce4bd54f34edf1a56326644584bd
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb
1f0097af97e1c602d42f1bd66e2799bb7500acef90b1a16ccfe5fa537b789d5a
235b558b77ab36f63c1439a68ac2410aaf8f42f7b9c93c0bfdc9af662abab8b6
24a88c345a2ae827062fd9467741e4ecdcca04ea7042b801ea697fbf0d2cc969
259ca84f380e0a4a327867ce595dbb02ea8f3fe8ae0e96f902e0051fc44c194c
2b3df4d53882fba74216d365e7344c782145f2faf8e08a2d69c548f5fbc7fbf5
3346de8e2ae1bfde250c7ac5c06f79a0a60c7faef8e5e08a2c9e8fbf5ec2c9e8
344851c60b017b209bf5979a9898fdc538151cab017e6b0834a8ff3a02cc8bc3
481039e26b5f7c67ad8148491f4203e8fe43942fa2730ec286fb2d6b77a26e62
54fc19961a2b6966e06e76645163fdd6f027179a00cb64abba13ae491e3a41a0
5699e013691a2460bdcebe00745286497a4face6d66390bab8cfc6f320f3bfb3
6980eadbd6f6d6233ea9b987e9ae462b25726871e9797c51e0d550aef3cc861d
7699009136d90e3cbfa0701b49d252b52cbd3189eef172fa2d3f690f3b15dc55
7cb7621f3eb49c78b89d119106cf42981a3075da154dc96af6ca24f8f68c6f53
7e358467df1b0ca6badff7ca214043a08def4975d305c9c31c64f9f7e722d2b7
7e5ee2d6937d2b58dce581879e5d829cd7f4d753884ee0af38a62187307ab8a9
801cbe9f65582d8dabe100ab7e405522233ef803655d8233ad5909d5f6fc1d16
8318c2c967eb9274c78fb22f2742975238f7bc5713dfcd11cda7d00d58540140
85fee71e0a0c8314149faf317b7b37b4740b13c680cf0db24b17584cb7b7f1e1
8b6a3b17737161e5fe8c29e401372a94b8e650226cf0cd17b4c3c4de5b380b11
8cae2500518b647558d059faaad884a16a3e29db606db34a5d0151a98f1d6e75
917922f314775180d49112af968063dd2726f064cf18ba39080b28a615ac4578
94cf4b4a7d988f8784f7314c826d4c3862bdb22f1c17d955c0fff098a05af256
99c1697bfc05f8e00314bc2aa32c60b123b311965e94e91801d3876d86d72fdd
a00a0c69a3f147bd06bca191ceaf28b256ca7ae299df488380a9c33e2b72b0e2
a170a845a7a20edcedacef2638fd6e8550c6fc052aad221568c2182a9f3b1d28
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a423ac7e2310bc44a1defeb1f6df180cab8a59442e7f41d093f21649fcc86e69
a88a7077e363f3ff1ecda9340795286b4e88f6a6b5395aa47deb827cd62132a3
b02a9c2805929fa163391296f9889dbef7e4256dce3f42fc215f9a18fc602026
b23807a4c5d90afca0dc47d688c0a05302779429dab75f5e6182562dcc2970f6
b44ce95b6fac6715bf575a155f1c2934d882b69e698efcddfcaa628d49c96f44
b6320e221b61f50fdfee02e86288aca6b426795dd014c5add80fcef7632ac6f8
b87ef2efd898acfddc8308449b24a558eca1e77f8e66802f03fab8c5d063d92a
c3f985449a09524eebebf4bf9821a6b2ab97e51ed4f95dd4f38fe43299db28f1
cd0c07da1fe840ecf9bfea269f276131187910a0b4f0e2588303714564a29f81
ce768e83be373f5303ce3117cba6e60874a328c5fb740fb4dbc14989105e0a0d
ceb4ce0bba67a12e21af094eb24293d7ea8bffaffc237a1cd90394c7588eaec9
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e9b270d2a6af5d01dd798963a97d66ce020da7501b55c0239c0b5d7c1d5d2375
ecfe5dfed661954e8d7ee40b5d43e114d49f5494a767485240a42ce7f6bfc5b7
f478166bc665ac832fc71b8d6352678d45f1acf66bdafce9df4b655bef295ce6
f746c8be44189a324ffcd77398e29286bd7a1b7a6e61455f209b7cd9a924cfa1