urlscan.io logo urlscan.io
SecurityTrails logo

cli.careers Open in urlscan Pro
35.182.55.189  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://service34.store/redi/redi.php
Effective URL: https://cli.careers/css/comm/login.html?token=mOTklWgf8eCJ8P4IX68IlfFMAlLGmmhkg1tnB4TbBHe3BtTtnl8gthkT75y32cpMrJQOTT...
Submission: On July 07 via manual from IN — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 12 IPs in 4 countries across 10 domains to perform 29 HTTP transactions. The main IP is 35.182.55.189, located in Montreal, Canada and belongs to AMAZON-02, US. The main domain is cli.careers.
TLS certificate: Issued by R10 on June 14th 2024. Valid for: 3 months.
This is the only time cli.careers was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Commerzbank (Banking)

Domain & IP information

IP Address AS Autonomous System
1 209.17.116.165 19871 (NETWORK-S...)
1 8 35.182.55.189 16509 (AMAZON-02)
6 2606:4700::68... 13335 (CLOUDFLAR...)
2 152.199.19.160 15133 (EDGECAST)
3 193.41.133.18 16107 (COMMERZBANK)
1 2a04:4e42:600... 54113 (FASTLY)
1 104.17.24.14 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2 2606:4700::68... 13335 (CLOUDFLAR...)
2 193.41.132.20 16107 (COMMERZBANK)
1 172.67.134.82 13335 (CLOUDFLAR...)
29 12
1    209.17.116.165 (United States)

ASN19871 (NETWORK-SOLUTIONS-HOSTING, US)
service34.store
8    35.182.55.189 (Montreal, Canada)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-182-55-189.ca-central-1.compute.amazonaws.com
cli.careers
6    2606:4700::6812:bb1f (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.jsdelivr.net
2    152.199.19.160 (United States)

ASN15133 (EDGECAST, US)
ajax.aspnetcdn.com
3    193.41.133.18 (Quickborn, Germany)

ASN16107 (COMMERZBANK, DE)
static.comdirect.de
1    2a04:4e42:600::649 (United States)

ASN54113 (FASTLY, US)
code.jquery.com
1    104.17.24.14 (None, )

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
1    2a00:1450:4001:809::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.gstatic.com
2    2606:4700::6811:f8cb (United States)

ASN13335 (CLOUDFLARENET, US)
unpkg.com
2    193.41.132.20 (Quickborn, Germany)

ASN16107 (COMMERZBANK, DE)
PTR: kunde.comdirect.de
kunde.comdirect.de
1    172.67.134.82 (United States)

ASN13335 (CLOUDFLARENET, US)
json.geoiplookup.io
Apex Domain
Subdomains		 Transfer
8 cli.careers
cli.careers
141 KB
6 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 373
18 KB
5 comdirect.de
kunde.comdirect.de — Cisco Umbrella Rank: 203033 Failed
static.comdirect.de — Cisco Umbrella Rank: 212125
46 KB
2 unpkg.com
unpkg.com — Cisco Umbrella Rank: 1085
23 KB
2 aspnetcdn.com
ajax.aspnetcdn.com — Cisco Umbrella Rank: 3667
30 KB
1 geoiplookup.io
json.geoiplookup.io — Cisco Umbrella Rank: 73692
875 B
1 gstatic.com
www.gstatic.com
114 KB
1 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 277
27 KB
1 jquery.com
code.jquery.com — Cisco Umbrella Rank: 847
30 KB
1 service34.store
service34.store
446 B
29 10
Domain Requested by
8 cli.careers 1 redirects service34.store
cli.careers
6 cdn.jsdelivr.net cli.careers
3 static.comdirect.de cli.careers
2 unpkg.com 1 redirects cli.careers
2 kunde.comdirect.de cli.careers
2 ajax.aspnetcdn.com cli.careers
1 json.geoiplookup.io ajax.aspnetcdn.com
1 www.gstatic.com cli.careers
1 cdnjs.cloudflare.com cli.careers
1 code.jquery.com cli.careers
1 service34.store
29 11
Subject Issuer Validity Valid
cli.careers
R10		 2024-06-14 -
2024-09-12		 3 months crt.sh
*.jsdelivr.net
Sectigo RSA Domain Validation Secure Server CA		 2024-05-04 -
2025-05-04		 a year crt.sh
*.vo.msecnd.net
DigiCert SHA2 Secure Server CA		 2024-06-06 -
2025-06-06		 a year crt.sh
static.comdirect.de
GlobalSign Extended Validation CA - SHA256 - G3		 2023-11-27 -
2024-12-28		 a year crt.sh
*.jquery.com
Sectigo ECC Domain Validation Secure Server CA		 2024-06-25 -
2025-06-25		 a year crt.sh
cdnjs.cloudflare.com
E1		 2024-06-02 -
2024-08-31		 3 months crt.sh
*.gstatic.com
WR2		 2024-06-13 -
2024-09-05		 3 months crt.sh
kunde.comdirect.de
GlobalSign Extended Validation CA - SHA256 - G3		 2023-11-27 -
2024-12-28		 a year crt.sh
geoiplookup.io
WE1		 2024-06-22 -
2024-09-20		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://cli.careers/css/comm/login.html?token=mOTklWgf8eCJ8P4IX68IlfFMAlLGmmhkg1tnB4TbBHe3BtTtnl8gthkT75y32cpMrJQOTTEmGnuxu9lWkHqU9TvFnuLl32qyTT&auth=f6809f85-7092-4aa6-8370-9596c4801e6c
Frame ID: E0A3E8E45BBEF7B2A60A7FAC6DE6D40B
Requests: 31 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

comdirect Login - Ihr Online Banking & Brokerage | comdirect.de

Page URL History Show full URLs

  1. http://service34.store/redi/redi.php HTTP 307
    https://service34.store/redi/redi.php HTTP 307
    http://service34.store/redi/redi.php Page URL
  2. https://cli.careers/css/comm HTTP 301
    https://cli.careers/css/comm/ Page URL
  3. https://cli.careers/css/comm/login.html?token=mOTklWgf8eCJ8P4IX68IlfFMAlLGmmhkg1tnB4TbBHe3BtTtnl... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • /(?:([\d.]+)/)?firebase(?:\.min)?\.js
  • /firebasejs/([\d.]+)/firebase
Overall confidence: 100%
Detected patterns
  • /axios(@|/)([\d.]+)(?:/[a-z]+)?/axios(?:.min)?\.js
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • //cdn\.jsdelivr\.net/

Page Statistics

29
Requests

83 %
HTTPS

36 %
IPv6

10
Domains

11
Subdomains

12
IPs

4
Countries

430 kB
Transfer

1897 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://service34.store/redi/redi.php HTTP 307
    https://service34.store/redi/redi.php HTTP 307
    http://service34.store/redi/redi.php Page URL
  2. https://cli.careers/css/comm HTTP 301
    https://cli.careers/css/comm/ Page URL
  3. https://cli.careers/css/comm/login.html?token=mOTklWgf8eCJ8P4IX68IlfFMAlLGmmhkg1tnB4TbBHe3BtTtnl8gthkT75y32cpMrJQOTTEmGnuxu9lWkHqU9TvFnuLl32qyTT&auth=f6809f85-7092-4aa6-8370-9596c4801e6c Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://service34.store/redi/redi.php HTTP 307
  • https://service34.store/redi/redi.php HTTP 307
  • http://service34.store/redi/redi.php
Request Chain 1
  • https://cli.careers/css/comm HTTP 301
  • https://cli.careers/css/comm/
Request Chain 18
  • https://unpkg.com/axios/dist/axios.min.js HTTP 302
  • https://unpkg.com/axios@1.7.2/dist/axios.min.js

29 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
redi.php
service34.store/redi/
Redirect Chain
  • http://service34.store/redi/redi.php
  • https://service34.store/redi/redi.php
  • http://service34.store/redi/redi.php
177 B
446 B 		Document
General
Check archive.org
Download Go to
Full URL
http://service34.store/redi/redi.php
Protocol
HTTP/1.1
Server
209.17.116.165 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS
Software
openresty/1.25.3.1 /
Resource Hash

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Sun, 07 Jul 2024 13:23:22 GMT
Server
openresty/1.25.3.1
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Webcom-Cache
enabled
X-Webcom-Cache-Status
EXPIRED

Redirect headers

Location
http://service34.store/redi/redi.php
Non-Authoritative-Reason
HttpsUpgrades
/
cli.careers/css/comm/
Redirect Chain
  • https://cli.careers/css/comm
  • https://cli.careers/css/comm/
2 KB
986 B 		Document
General
Check archive.org
Download Go to
Full URL
https://cli.careers/css/comm/
Requested by
Host: service34.store
URL: http://service34.store/redi/redi.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.182.55.189 Montreal, Canada, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-182-55-189.ca-central-1.compute.amazonaws.com
Software
nginx / PleskLin
Resource Hash
6f7352a49a8f1181a380b0b131adbaacd4fb117c7b5547be29c8b01cda0b22c1
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
http://service34.store/redi/redi.php
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

content-encoding
br
content-type
text/html
date
Sun, 07 Jul 2024 13:23:23 GMT
etag
W/"650c1786-87b"
last-modified
Thu, 21 Sep 2023 10:14:30 GMT
server
nginx
strict-transport-security
max-age=15768000; includeSubDomains
x-powered-by
PleskLin

Redirect headers

content-length
237
content-type
text/html; charset=iso-8859-1
date
Sun, 07 Jul 2024 13:23:23 GMT
location
https://cli.careers/css/comm/
server
nginx
strict-transport-security
max-age=15768000; includeSubDomains
x-powered-by
PleskLin
cdn.min.js
cdn.jsdelivr.net/npm/@alpinejs/mask@3.x.x/dist/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/@alpinejs/mask@3.x.x/dist/cdn.min.js
Requested by
Host: cli.careers
URL: https://cli.careers/css/comm/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bb1f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2f7002451d78511fa76aaea453e83b29e339b93a533c238fd0de4f3be367c24f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://cli.careers/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 07 Jul 2024 13:23:23 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
4561
x-jsd-version
3.14.1
x-cache
MISS, MISS
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
1040
x-served-by
cache-fra-etou8220107-FRA, cache-lga21960-LGA
x-jsd-version-type
version
server
cloudflare
etag
W/"878-ku3LoIU+/WbDOm/U/U19w2jl0fE"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7CWB%2FdVZFBd8VeU8Tq2R8a2GoHG3I1RGFBzv8EGjIRt1iwptbi59SGda5dk4ft3m1yw5ANx2wG0pIthnCMzKUDpoIM4trVRmD%2Fv0JCvwyXXrXmCyAIXCDRqbHl7MDkz1W928%2BoefTO1RxYQCTg8%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=604800, s-maxage=43200
accept-ranges
bytes
timing-allow-origin
*
cf-ray
89f82617f97b9749-FRA
cdn.min.js
cdn.jsdelivr.net/npm/alpinejs@3.x.x/dist/ 		44 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/alpinejs@3.x.x/dist/cdn.min.js
Requested by
Host: cli.careers
URL: https://cli.careers/css/comm/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bb1f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
358d9afbb1ab5befa2f48061a30776e5bcd7707f410a606ba985f98bc3b1c034
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://cli.careers/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 07 Jul 2024 13:23:23 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
7809
x-jsd-version
3.14.1
x-cache
HIT, MISS
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
15674
x-served-by
cache-fra-eddf8230068-FRA, cache-lga21949-LGA
x-jsd-version-type
version
server
cloudflare
etag
W/"ae73-fuiCb+eWgx0z9GRcxLGUK6suxFo"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hcykj53DyVUwPPwMvtb23GZsyO2GCHvR0tRmVh5JIRnlV7HeT%2BYGT6PrF%2FBGrwkVc3JcD13t4ggPvEFpkVAyhZ7qDVMqwvt4KLbZ7Y3ADt10AyLeudEEh9HOb314she3gsRlbkBIvHHgiGope0I%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=604800, s-maxage=43200
accept-ranges
bytes
timing-allow-origin
*
cf-ray
89f82617f97e9749-FRA
jquery-3.3.1.min.js
ajax.aspnetcdn.com/ajax/jQuery/ 		85 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.aspnetcdn.com/ajax/jQuery/jquery-3.3.1.min.js
Requested by
Host: cli.careers
URL: https://cli.careers/css/comm/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.19.160 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/4CE1) /
Resource Hash
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://cli.careers/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 07 Jul 2024 13:23:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
9020278
x-cache
HIT
content-length
30394
x-xss-protection
1; mode=block
last-modified
Mon, 22 Jan 2018 19:27:49 GMT
server
ECAcc (frc/4CE1)
etag
"80288516b793d31:0"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public,max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
uuidv4.min.js
cdn.jsdelivr.net/npm/uuid@latest/dist/umd/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/uuid@latest/dist/umd/uuidv4.min.js
Requested by
Host: cli.careers
URL: https://cli.careers/css/comm/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bb1f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4bbb806e743e21bc9f97b62fc0564e0889b7f31ee9d48c3f2b85d4e00fe629cc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://cli.careers/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 07 Jul 2024 13:23:23 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
32532
x-jsd-version
8.3.2
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
674
x-served-by
cache-fra-etou8220065-FRA, cache-lga21982-LGA
x-jsd-version-type
version
server
cloudflare
etag
W/"556-Wdn/VD6mBE6EvolddgVB6g4Ez5g"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Fx8l%2FLyTgqUQVb0PCuXa8kRJsmSwKNyOcsPL0xc0aprUNWsFIeDSdUw3jQk7NK7FUNSFh6%2F6HZZ8qzZRZEdUkHEjlqZs%2FjT0IOuMCLEjUj%2FWYefsvJyD40aHBOcDFb8JUxrg9EfBMmsqYv%2FTdVU%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=604800, s-maxage=43200
accept-ranges
bytes
timing-allow-origin
*
cf-ray
89f82617f97a9749-FRA
Primary Request login.html
cli.careers/css/comm/ 		83 KB
13 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://cli.careers/css/comm/login.html?token=mOTklWgf8eCJ8P4IX68IlfFMAlLGmmhkg1tnB4TbBHe3BtTtnl8gthkT75y32cpMrJQOTTEmGnuxu9lWkHqU9TvFnuLl32qyTT&auth=f6809f85-7092-4aa6-8370-9596c4801e6c
Requested by
Host: cli.careers
URL: https://cli.careers/css/comm/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.182.55.189 Montreal, Canada, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-182-55-189.ca-central-1.compute.amazonaws.com
Software
nginx / PleskLin
Resource Hash
f069e5e757b967ef2a948ccd9078ab97c7ff8e1762c721e3793a6b7bdc150f45
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://cli.careers/css/comm/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

content-encoding
br
content-type
text/html
date
Sun, 07 Jul 2024 13:23:23 GMT
etag
W/"6663ab54-14c12"
last-modified
Sat, 08 Jun 2024 00:52:36 GMT
server
nginx
strict-transport-security
max-age=15768000; includeSubDomains
x-powered-by
PleskLin
favicon_196px.png
kunde.comdirect.de/ 		0
0
MarkWeb-latin-regular.woff2
static.comdirect.de/ccf2/lsg/assets/fonts/ 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://static.comdirect.de/ccf2/lsg/assets/fonts/MarkWeb-latin-regular.woff2?v=1694095058082
Requested by
Host: cli.careers
URL: https://cli.careers/css/comm/login.html?token=mOTklWgf8eCJ8P4IX68IlfFMAlLGmmhkg1tnB4TbBHe3BtTtnl8gthkT75y32cpMrJQOTTEmGnuxu9lWkHqU9TvFnuLl32qyTT&auth=f6809f85-7092-4aa6-8370-9596c4801e6c
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
193.41.133.18 Quickborn, Germany, ASN16107 (COMMERZBANK, DE),
Reverse DNS
Software
nginx /
Resource Hash
21434445c408f9854cbec5c56ba5badf907aa3b6ccac4fca736b1322b8f4b347

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://cli.careers/
Origin
https://cli.careers
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 07 Jul 2024 13:23:24 GMT
last-modified
Sun, 09 Jun 2024 21:49:41 GMT
server
nginx
etag
"66662375-3b64"
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
content-length
15204
MarkWeb-latin-medium.woff2
static.comdirect.de/ccf2/lsg/assets/fonts/ 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://static.comdirect.de/ccf2/lsg/assets/fonts/MarkWeb-latin-medium.woff2?v=1694095058082
Requested by
Host: cli.careers
URL: https://cli.careers/css/comm/login.html?token=mOTklWgf8eCJ8P4IX68IlfFMAlLGmmhkg1tnB4TbBHe3BtTtnl8gthkT75y32cpMrJQOTTEmGnuxu9lWkHqU9TvFnuLl32qyTT&auth=f6809f85-7092-4aa6-8370-9596c4801e6c
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
193.41.133.18 Quickborn, Germany, ASN16107 (COMMERZBANK, DE),
Reverse DNS
Software
nginx /
Resource Hash
cd1af2ed494662d6ac322cf1048707eac9fc53561d1c9b5e0e7074599eb65773

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://cli.careers/
Origin
https://cli.careers
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 07 Jul 2024 13:23:24 GMT
last-modified
Sun, 09 Jun 2024 21:50:04 GMT
server
nginx
etag
"6666238c-3a60"
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
content-length
14944
MarkWeb-latin-bold.woff2
static.comdirect.de/ccf2/lsg/assets/fonts/ 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://static.comdirect.de/ccf2/lsg/assets/fonts/MarkWeb-latin-bold.woff2?v=1694095058082
Requested by
Host: cli.careers
URL: https://cli.careers/css/comm/login.html?token=mOTklWgf8eCJ8P4IX68IlfFMAlLGmmhkg1tnB4TbBHe3BtTtnl8gthkT75y32cpMrJQOTTEmGnuxu9lWkHqU9TvFnuLl32qyTT&auth=f6809f85-7092-4aa6-8370-9596c4801e6c
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
193.41.133.18 Quickborn, Germany, ASN16107 (COMMERZBANK, DE),
Reverse DNS
Software
nginx /
Resource Hash
88f151f26d7582598781390eed26f60abfb543395da97d88c168e1f73a23b2f3

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://cli.careers/
Origin
https://cli.careers
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 07 Jul 2024 13:23:24 GMT
last-modified
Sun, 09 Jun 2024 21:49:41 GMT
server
nginx
etag
"66662375-3c5c"
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
content-length
15452
styleguide-comdirect.css
cli.careers/css/comm/assets/ 		855 KB
88 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cli.careers/css/comm/assets/styleguide-comdirect.css
Requested by
Host: cli.careers
URL: https://cli.careers/css/comm/login.html?token=mOTklWgf8eCJ8P4IX68IlfFMAlLGmmhkg1tnB4TbBHe3BtTtnl8gthkT75y32cpMrJQOTTEmGnuxu9lWkHqU9TvFnuLl32qyTT&auth=f6809f85-7092-4aa6-8370-9596c4801e6c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.182.55.189 Montreal, Canada, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-182-55-189.ca-central-1.compute.amazonaws.com
Software
nginx / PleskLin
Resource Hash
d083435d32e0c97c48e05dd4f75a736b9cc5618d97c3c27072579b5139918caf
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://cli.careers/css/comm/login.html?token=mOTklWgf8eCJ8P4IX68IlfFMAlLGmmhkg1tnB4TbBHe3BtTtnl8gthkT75y32cpMrJQOTTEmGnuxu9lWkHqU9TvFnuLl32qyTT&auth=f6809f85-7092-4aa6-8370-9596c4801e6c
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 07 Jul 2024 13:23:23 GMT
strict-transport-security
max-age=15768000; includeSubDomains
content-encoding
br
last-modified
Wed, 20 Sep 2023 03:51:30 GMT
server
nginx
etag
W/"650a6c42-d5bbf"
x-powered-by
PleskLin
content-type
text/css
cdn.min.js
cdn.jsdelivr.net/npm/@alpinejs/mask@3.x.x/dist/ 		2 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/@alpinejs/mask@3.x.x/dist/cdn.min.js
Requested by
Host: cli.careers
URL: https://cli.careers/css/comm/login.html?token=mOTklWgf8eCJ8P4IX68IlfFMAlLGmmhkg1tnB4TbBHe3BtTtnl8gthkT75y32cpMrJQOTTEmGnuxu9lWkHqU9TvFnuLl32qyTT&auth=f6809f85-7092-4aa6-8370-9596c4801e6c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bb1f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2f7002451d78511fa76aaea453e83b29e339b93a533c238fd0de4f3be367c24f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://cli.careers/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 07 Jul 2024 13:23:23 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
4561
x-jsd-version
3.14.1
x-cache
MISS, MISS
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
1040
x-served-by
cache-fra-etou8220107-FRA, cache-lga21960-LGA
x-jsd-version-type
version
server
cloudflare
etag
W/"878-ku3LoIU+/WbDOm/U/U19w2jl0fE"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7CWB%2FdVZFBd8VeU8Tq2R8a2GoHG3I1RGFBzv8EGjIRt1iwptbi59SGda5dk4ft3m1yw5ANx2wG0pIthnCMzKUDpoIM4trVRmD%2Fv0JCvwyXXrXmCyAIXCDRqbHl7MDkz1W928%2BoefTO1RxYQCTg8%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=604800, s-maxage=43200
accept-ranges
bytes
timing-allow-origin
*
cf-ray
89f82617f97b9749-FRA
cdn.min.js
cdn.jsdelivr.net/npm/alpinejs@3.x.x/dist/ 		44 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/alpinejs@3.x.x/dist/cdn.min.js
Requested by
Host: cli.careers
URL: https://cli.careers/css/comm/login.html?token=mOTklWgf8eCJ8P4IX68IlfFMAlLGmmhkg1tnB4TbBHe3BtTtnl8gthkT75y32cpMrJQOTTEmGnuxu9lWkHqU9TvFnuLl32qyTT&auth=f6809f85-7092-4aa6-8370-9596c4801e6c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bb1f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
358d9afbb1ab5befa2f48061a30776e5bcd7707f410a606ba985f98bc3b1c034
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://cli.careers/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 07 Jul 2024 13:23:23 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
7809
x-jsd-version
3.14.1
x-cache
HIT, MISS
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
15674
x-served-by
cache-fra-eddf8230068-FRA, cache-lga21949-LGA
x-jsd-version-type
version
server
cloudflare
etag
W/"ae73-fuiCb+eWgx0z9GRcxLGUK6suxFo"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hcykj53DyVUwPPwMvtb23GZsyO2GCHvR0tRmVh5JIRnlV7HeT%2BYGT6PrF%2FBGrwkVc3JcD13t4ggPvEFpkVAyhZ7qDVMqwvt4KLbZ7Y3ADt10AyLeudEEh9HOb314she3gsRlbkBIvHHgiGope0I%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=604800, s-maxage=43200
accept-ranges
bytes
timing-allow-origin
*
cf-ray
89f82617f97e9749-FRA
jquery-3.2.1.min.js
code.jquery.com/ 		85 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com/jquery-3.2.1.min.js
Requested by
Host: cli.careers
URL: https://cli.careers/css/comm/login.html?token=mOTklWgf8eCJ8P4IX68IlfFMAlLGmmhkg1tnB4TbBHe3BtTtnl8gthkT75y32cpMrJQOTTEmGnuxu9lWkHqU9TvFnuLl32qyTT&auth=f6809f85-7092-4aa6-8370-9596c4801e6c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:600::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://cli.careers/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 07 Jul 2024 13:23:23 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
age
14907169
x-cache
HIT, HIT
content-length
30125
x-served-by
cache-lga21971-LGA, cache-mxp6941-MXP
last-modified
Fri, 18 Oct 1991 12:00:00 GMT
server
nginx
x-timer
S1720358604.979846,VS0,VE0
etag
W/"28feccc0-15283"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=604800
accept-ranges
bytes
x-cache-hits
79586, 19906
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/ 		84 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
Requested by
Host: cli.careers
URL: https://cli.careers/css/comm/login.html?token=mOTklWgf8eCJ8P4IX68IlfFMAlLGmmhkg1tnB4TbBHe3BtTtnl8gthkT75y32cpMrJQOTTEmGnuxu9lWkHqU9TvFnuLl32qyTT&auth=f6809f85-7092-4aa6-8370-9596c4801e6c
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://cli.careers/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 07 Jul 2024 13:23:23 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
1453810
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
26909
last-modified
Mon, 04 May 2020 16:11:48 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03ec4-14e4a"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=878pDu8fLOFKAnxtvOTxFL57QeCem87U1cBXB4O7JXTkZyua5oQKPdapLhgFagVB9BTHUHQC3cD93SaoPHThDwfUf3oaBPkIxemwWzEAu1W2h%2FOe7OT6GdU47Ugiov6TteGe5wzD"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
89f8261a7d0965b2-FRA
expires
Fri, 27 Jun 2025 13:23:23 GMT
jquery-3.3.1.min.js
ajax.aspnetcdn.com/ajax/jQuery/ 		85 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.aspnetcdn.com/ajax/jQuery/jquery-3.3.1.min.js
Requested by
Host: cli.careers
URL: https://cli.careers/css/comm/login.html?token=mOTklWgf8eCJ8P4IX68IlfFMAlLGmmhkg1tnB4TbBHe3BtTtnl8gthkT75y32cpMrJQOTTEmGnuxu9lWkHqU9TvFnuLl32qyTT&auth=f6809f85-7092-4aa6-8370-9596c4801e6c
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.19.160 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/4CE1) /
Resource Hash
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://cli.careers/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 07 Jul 2024 13:23:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
9020278
x-cache
HIT
content-length
30394
x-xss-protection
1; mode=block
last-modified
Mon, 22 Jan 2018 19:27:49 GMT
server
ECAcc (frc/4CE1)
etag
"80288516b793d31:0"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public,max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
firebase.js
www.gstatic.com/firebasejs/4.7.0/ 		386 KB
114 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/firebasejs/4.7.0/firebase.js
Requested by
Host: cli.careers
URL: https://cli.careers/css/comm/login.html?token=mOTklWgf8eCJ8P4IX68IlfFMAlLGmmhkg1tnB4TbBHe3BtTtnl8gthkT75y32cpMrJQOTTEmGnuxu9lWkHqU9TvFnuLl32qyTT&auth=f6809f85-7092-4aa6-8370-9596c4801e6c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
423767983a6400d05704c2dc21b33d91e6526705a27c84adc142f30f44f02f0f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://cli.careers/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Jul 2024 15:08:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
425704
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
115677
x-xss-protection
0
last-modified
Thu, 30 Nov 2017 21:30:06 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="firebase-js"
vary
Accept-Encoding
report-to
{"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 02 Jul 2025 15:08:19 GMT
uuidv4.min.js
cdn.jsdelivr.net/npm/uuid@latest/dist/umd/ 		1 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/uuid@latest/dist/umd/uuidv4.min.js
Requested by
Host: cli.careers
URL: https://cli.careers/css/comm/login.html?token=mOTklWgf8eCJ8P4IX68IlfFMAlLGmmhkg1tnB4TbBHe3BtTtnl8gthkT75y32cpMrJQOTTEmGnuxu9lWkHqU9TvFnuLl32qyTT&auth=f6809f85-7092-4aa6-8370-9596c4801e6c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bb1f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4bbb806e743e21bc9f97b62fc0564e0889b7f31ee9d48c3f2b85d4e00fe629cc
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://cli.careers/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 07 Jul 2024 13:23:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
32532
x-jsd-version
8.3.2
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
674
x-served-by
cache-fra-etou8220065-FRA, cache-lga21982-LGA
x-jsd-version-type
version
server
cloudflare
etag
W/"556-Wdn/VD6mBE6EvolddgVB6g4Ez5g"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Fx8l%2FLyTgqUQVb0PCuXa8kRJsmSwKNyOcsPL0xc0aprUNWsFIeDSdUw3jQk7NK7FUNSFh6%2F6HZZ8qzZRZEdUkHEjlqZs%2FjT0IOuMCLEjUj%2FWYefsvJyD40aHBOcDFb8JUxrg9EfBMmsqYv%2FTdVU%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=604800, s-maxage=43200
accept-ranges
bytes
timing-allow-origin
*
cf-ray
89f82617f97a9749-FRA
axios.min.js
unpkg.com/axios@1.7.2/dist/
Redirect Chain
  • https://unpkg.com/axios/dist/axios.min.js
  • https://unpkg.com/axios@1.7.2/dist/axios.min.js
51 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://unpkg.com/axios@1.7.2/dist/axios.min.js
Requested by
Host: cli.careers
URL: https://cli.careers/css/comm/login.html?token=mOTklWgf8eCJ8P4IX68IlfFMAlLGmmhkg1tnB4TbBHe3BtTtnl8gthkT75y32cpMrJQOTTEmGnuxu9lWkHqU9TvFnuLl32qyTT&auth=f6809f85-7092-4aa6-8370-9596c4801e6c
Protocol
H2
Server
2606:4700::6811:f8cb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8ad11c4cb079bba93156727270f510292eedcc0716c6f21725074a59ec8b9b96
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://cli.careers/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Sun, 07 Jul 2024 13:23:24 GMT
content-encoding
br
via
1.1 fly.io
cf-cache-status
HIT
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
4047754
last-modified
Sat, 26 Oct 1985 08:15:00 GMT
fly-request-id
01HYE1JEAWYGE0W5JSQJMPZN6T-fra
server
cloudflare
etag
"cc17-STt0F4pjQp//KqsIGzocpz02IIU"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
89f8261b38b61952-FRA

Redirect headers

date
Sun, 07 Jul 2024 13:23:23 GMT
content-encoding
br
via
1.1 fly.io
cf-cache-status
HIT
fly-request-id
01J26NJTYB79NQ9K0WB4660ZC3-fra
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
237
server
cloudflare
vary
Accept, Accept-Encoding
content-type
text/plain; charset=utf-8
access-control-allow-origin
*
location
/axios@1.7.2/dist/axios.min.js
cache-control
public, s-maxage=600, max-age=60
cf-ray
89f8261acfab1952-FRA
allformdata.js
cli.careers/css/comm/assets/js/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cli.careers/css/comm/assets/js/allformdata.js
Requested by
Host: cli.careers
URL: https://cli.careers/css/comm/login.html?token=mOTklWgf8eCJ8P4IX68IlfFMAlLGmmhkg1tnB4TbBHe3BtTtnl8gthkT75y32cpMrJQOTTEmGnuxu9lWkHqU9TvFnuLl32qyTT&auth=f6809f85-7092-4aa6-8370-9596c4801e6c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.182.55.189 Montreal, Canada, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-182-55-189.ca-central-1.compute.amazonaws.com
Software
nginx / PleskLin
Resource Hash
d356a2f1370d58ce3fd546f5fbce0845d5663d43ec0a23dadae85ebb1bcb404e
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://cli.careers/css/comm/login.html?token=mOTklWgf8eCJ8P4IX68IlfFMAlLGmmhkg1tnB4TbBHe3BtTtnl8gthkT75y32cpMrJQOTTEmGnuxu9lWkHqU9TvFnuLl32qyTT&auth=f6809f85-7092-4aa6-8370-9596c4801e6c
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 07 Jul 2024 13:23:23 GMT
strict-transport-security
max-age=15768000; includeSubDomains
content-encoding
br
last-modified
Sat, 06 Jul 2024 09:23:51 GMT
server
nginx
etag
W/"66890d27-d0f"
x-powered-by
PleskLin
content-type
application/javascript
comdirect_fav_1005.svg
kunde.comdirect.de/ 		520 B
1 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://kunde.comdirect.de/comdirect_fav_1005.svg?v=1694095058082
Requested by
Host: cli.careers
URL: https://cli.careers/css/comm/login.html?token=mOTklWgf8eCJ8P4IX68IlfFMAlLGmmhkg1tnB4TbBHe3BtTtnl8gthkT75y32cpMrJQOTTEmGnuxu9lWkHqU9TvFnuLl32qyTT&auth=f6809f85-7092-4aa6-8370-9596c4801e6c
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
193.41.132.20 Quickborn, Germany, ASN16107 (COMMERZBANK, DE),
Reverse DNS
kunde.comdirect.de
Software
nginx /
Resource Hash
c449626c54608700314eeb287ee8621d3918a4a1d0a9245bbd45565922066866

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://cli.careers/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Sun, 07 Jul 2024 13:23:23 GMT
Last-Modified
Sun, 30 Jun 2024 22:19:53 GMT
Server
nginx
ETag
W/"520-1719785993402"
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
520
truncated
/ 		808 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c54773e4f8716a484b784d6ae8446b61799112c777df1e21afc9c3e86f2ebc09

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
MarkWeb-latin-regular.woff2
cli.careers/css/comm/assets/ 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cli.careers/css/comm/assets/MarkWeb-latin-regular.woff2?v=1694095058082
Requested by
Host: cli.careers
URL: https://cli.careers/css/comm/assets/styleguide-comdirect.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.182.55.189 Montreal, Canada, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-182-55-189.ca-central-1.compute.amazonaws.com
Software
nginx / PleskLin
Resource Hash
21434445c408f9854cbec5c56ba5badf907aa3b6ccac4fca736b1322b8f4b347
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://cli.careers/css/comm/assets/styleguide-comdirect.css
Origin
https://cli.careers
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 07 Jul 2024 13:23:24 GMT
strict-transport-security
max-age=15768000; includeSubDomains
last-modified
Wed, 20 Sep 2023 03:48:28 GMT
server
nginx
etag
"650a6b8c-3b64"
x-powered-by
PleskLin
content-type
font/woff2
accept-ranges
bytes
content-length
15204
truncated
/ 		235 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
388e491e4fcbdfefb0c437cf0d0f42f506ed878c8564e6b1817368fc6e49e970

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=UTF-8
MarkWeb-latin-medium.woff2
cli.careers/css/comm/assets/ 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cli.careers/css/comm/assets/MarkWeb-latin-medium.woff2?v=1694095058082
Requested by
Host: cli.careers
URL: https://cli.careers/css/comm/assets/styleguide-comdirect.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.182.55.189 Montreal, Canada, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-182-55-189.ca-central-1.compute.amazonaws.com
Software
nginx / PleskLin
Resource Hash
cd1af2ed494662d6ac322cf1048707eac9fc53561d1c9b5e0e7074599eb65773
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://cli.careers/css/comm/assets/styleguide-comdirect.css
Origin
https://cli.careers
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 07 Jul 2024 13:23:24 GMT
strict-transport-security
max-age=15768000; includeSubDomains
last-modified
Wed, 20 Sep 2023 03:48:52 GMT
server
nginx
etag
"650a6ba4-3a60"
x-powered-by
PleskLin
content-type
font/woff2
accept-ranges
bytes
content-length
14944
Trading_special_sigma-lang_lg-1x.jpg
cli.careers/css/comm/assets/ 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cli.careers/css/comm/assets/Trading_special_sigma-lang_lg-1x.jpg
Requested by
Host: cli.careers
URL: https://cli.careers/css/comm/login.html?token=mOTklWgf8eCJ8P4IX68IlfFMAlLGmmhkg1tnB4TbBHe3BtTtnl8gthkT75y32cpMrJQOTTEmGnuxu9lWkHqU9TvFnuLl32qyTT&auth=f6809f85-7092-4aa6-8370-9596c4801e6c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.182.55.189 Montreal, Canada, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-182-55-189.ca-central-1.compute.amazonaws.com
Software
nginx / PleskLin
Resource Hash
6fdca4199bd6e48e8b52d4e48df50a2c1aa94dcbe721e81eec42920e85916294
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://cli.careers/css/comm/login.html?token=mOTklWgf8eCJ8P4IX68IlfFMAlLGmmhkg1tnB4TbBHe3BtTtnl8gthkT75y32cpMrJQOTTEmGnuxu9lWkHqU9TvFnuLl32qyTT&auth=f6809f85-7092-4aa6-8370-9596c4801e6c
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 07 Jul 2024 13:23:24 GMT
strict-transport-security
max-age=15768000; includeSubDomains
last-modified
Wed, 20 Sep 2023 03:02:24 GMT
server
nginx
etag
"650a60c0-1eec"
x-powered-by
PleskLin
content-type
image/jpeg
accept-ranges
bytes
content-length
7916
/
json.geoiplookup.io/ 		579 B
875 B 		Script
General
Check archive.org
Download Go to
Full URL
https://json.geoiplookup.io/?callback=jQuery33105217445479228562_1720358604258&_=1720358604259
Requested by
Host: ajax.aspnetcdn.com
URL: https://ajax.aspnetcdn.com/ajax/jQuery/jquery-3.3.1.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.134.82 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Octolus
Resource Hash
31e01fbf49c11b15973961abac847d8bffdd22e3b2663df22a18da88876c3973
Security Headers
Name Value
X-Content-Type-Options nosniff, nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://cli.careers/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 07 Jul 2024 13:23:24 GMT
content-encoding
br
x-content-type-options
nosniff, nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by
Octolus
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
server
cloudflare
vary
Accept-Encoding
x-ratelimit-remaining
10000
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mqLlMb92%2BgvAXW6%2B%2FWeIxekaHh80kSHtndnkKY%2FLefPjJWDQyGBZScx9iR%2B%2FBEPgeTaMo16BN4yUWc7FPdudCeFZ3IYW8rC7H2s%2FoIAvVbZCAklFT%2B1WaRtWmVLivNLwVeMU39Pk"}],"group":"cf-nel","max_age":604800}
x-ratelimit-limit
10000
cf-ray
89f8261d2a5968fe-FRA
favicon_196px.png
kunde.comdirect.de/ 		0
0
comdirect_fav_1005.svg
kunde.comdirect.de/ 		520 B
0 		Other
General
Check archive.org
Download Go to
Full URL
https://kunde.comdirect.de/comdirect_fav_1005.svg?v=1694095058082
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
193.41.132.20 Quickborn, Germany, ASN16107 (COMMERZBANK, DE),
Reverse DNS
kunde.comdirect.de
Software
nginx /
Resource Hash
c449626c54608700314eeb287ee8621d3918a4a1d0a9245bbd45565922066866

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://cli.careers/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Sun, 07 Jul 2024 13:23:23 GMT
Last-Modified
Sun, 30 Jun 2024 22:19:53 GMT
Server
nginx
Accept-Ranges
bytes
ETag
W/"520-1719785993402"
Content-Length
520
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
favicon_196px.png
kunde.comdirect.de/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
kunde.comdirect.de
URL
https://kunde.comdirect.de/favicon_196px.png?v=1694095058082
Domain
kunde.comdirect.de
URL
https://kunde.comdirect.de/favicon_196px.png?v=1694095058082
Domain
kunde.comdirect.de
URL
https://kunde.comdirect.de/favicon_196px.png?v=1694095058082

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Commerzbank (Banking)

14 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

undefined| event object| fence object| sharedStorage function| $ function| jQuery object| firebase function| webpackJsonpFirebase function| uuidv4 function| axios string| AuthTokens function| sleep function| getFormData function| makeid object| Alpine

0 Cookies

3 Console Messages

Source Level URL
Text
javascript warning URL: https://cli.careers/css/comm/login.html?token=mOTklWgf8eCJ8P4IX68IlfFMAlLGmmhkg1tnB4TbBHe3BtTtnl8gthkT75y32cpMrJQOTTEmGnuxu9lWkHqU9TvFnuLl32qyTT&auth=f6809f85-7092-4aa6-8370-9596c4801e6c
Message:
The resource https://static.comdirect.de/ccf2/lsg/assets/fonts/MarkWeb-latin-bold.woff2?v=1694095058082 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://cli.careers/css/comm/login.html?token=mOTklWgf8eCJ8P4IX68IlfFMAlLGmmhkg1tnB4TbBHe3BtTtnl8gthkT75y32cpMrJQOTTEmGnuxu9lWkHqU9TvFnuLl32qyTT&auth=f6809f85-7092-4aa6-8370-9596c4801e6c
Message:
The resource https://static.comdirect.de/ccf2/lsg/assets/fonts/MarkWeb-latin-regular.woff2?v=1694095058082 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://cli.careers/css/comm/login.html?token=mOTklWgf8eCJ8P4IX68IlfFMAlLGmmhkg1tnB4TbBHe3BtTtnl8gthkT75y32cpMrJQOTTEmGnuxu9lWkHqU9TvFnuLl32qyTT&auth=f6809f85-7092-4aa6-8370-9596c4801e6c
Message:
The resource https://static.comdirect.de/ccf2/lsg/assets/fonts/MarkWeb-latin-medium.woff2?v=1694095058082 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.aspnetcdn.com
cdn.jsdelivr.net
cdnjs.cloudflare.com
cli.careers
code.jquery.com
json.geoiplookup.io
kunde.comdirect.de
service34.store
static.comdirect.de
unpkg.com
www.gstatic.com
kunde.comdirect.de
104.17.24.14
152.199.19.160
172.67.134.82
193.41.132.20
193.41.133.18
209.17.116.165
2606:4700::6811:f8cb
2606:4700::6812:bb1f
2a00:1450:4001:809::2003
2a04:4e42:600::649
35.182.55.189
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
21434445c408f9854cbec5c56ba5badf907aa3b6ccac4fca736b1322b8f4b347
2f7002451d78511fa76aaea453e83b29e339b93a533c238fd0de4f3be367c24f
31e01fbf49c11b15973961abac847d8bffdd22e3b2663df22a18da88876c3973
358d9afbb1ab5befa2f48061a30776e5bcd7707f410a606ba985f98bc3b1c034
388e491e4fcbdfefb0c437cf0d0f42f506ed878c8564e6b1817368fc6e49e970
423767983a6400d05704c2dc21b33d91e6526705a27c84adc142f30f44f02f0f
4bbb806e743e21bc9f97b62fc0564e0889b7f31ee9d48c3f2b85d4e00fe629cc
6f7352a49a8f1181a380b0b131adbaacd4fb117c7b5547be29c8b01cda0b22c1
6fdca4199bd6e48e8b52d4e48df50a2c1aa94dcbe721e81eec42920e85916294
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
88f151f26d7582598781390eed26f60abfb543395da97d88c168e1f73a23b2f3
8ad11c4cb079bba93156727270f510292eedcc0716c6f21725074a59ec8b9b96
c449626c54608700314eeb287ee8621d3918a4a1d0a9245bbd45565922066866
c54773e4f8716a484b784d6ae8446b61799112c777df1e21afc9c3e86f2ebc09
cd1af2ed494662d6ac322cf1048707eac9fc53561d1c9b5e0e7074599eb65773
d083435d32e0c97c48e05dd4f75a736b9cc5618d97c3c27072579b5139918caf
d356a2f1370d58ce3fd546f5fbce0845d5663d43ec0a23dadae85ebb1bcb404e
f069e5e757b967ef2a948ccd9078ab97c7ff8e1762c721e3793a6b7bdc150f45