urlscan.io logo urlscan.io
SecurityTrails logo

ntek.online Open in urlscan Pro
208.109.23.144  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://die-unfallgutachter.com/n4b7t7xnlvqyur381uj7tidpl
Effective URL: http://ntek.online/Postale/Dir/Identification.html
Submission: On November 23 via automatic, source openphish — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 2 countries across 6 domains to perform 8 HTTP transactions. The main IP is 208.109.23.144, located in United States and belongs to GO-DADDY-COM-LLC, US. The main domain is ntek.online.
This is the only time ntek.online was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Banque Postale (Banking)

Domain & IP information

IP Address AS Autonomous System
1 1 138.201.207.54 24940 (HETZNER-AS)
3 208.109.23.144 398101 (GO-DADDY-...)
1 1 2606:4700:20:... 13335 (CLOUDFLAR...)
1 2a06:98c1:312... 13335 (CLOUDFLAR...)
2 4 2.22.144.209 20940 (AKAMAI-ASN1)
2 2a02:26f0:170... 20940 (AKAMAI-ASN1)
8 4
1    138.201.207.54 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.54.207.201.138.clients.your-server.de
die-unfallgutachter.com
3    208.109.23.144 (United States)

ASN398101 (GO-DADDY-COM-LLC, US)
PTR: 144.23.109.208.host.secureserver.net
ntek.online
1    2606:4700:20::681a:49b (United States)

ASN13335 (CLOUDFLARENET, US)
www.jqueryscript.net
1    2a06:98c1:3120::3 (United States)

ASN13335 (CLOUDFLARENET, US)
jquery.app
4    2.22.144.209 (Düsseldorf, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-22-144-209.deploy.static.akamaitechnologies.com
img1.wsimg.com
img6.wsimg.com
2    2a02:26f0:1700:11::b856:678c (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
events.api.secureserver.net
Apex Domain
Subdomains		 Transfer
4 wsimg.com
img1.wsimg.com — Cisco Umbrella Rank: 9159
img6.wsimg.com — Cisco Umbrella Rank: 11386
19 KB
3 ntek.online
ntek.online
48 KB
2 secureserver.net
events.api.secureserver.net — Cisco Umbrella Rank: 13397
574 B
1 jquery.app
jquery.app — Cisco Umbrella Rank: 76628
1 KB
1 jqueryscript.net
www.jqueryscript.net — Cisco Umbrella Rank: 58618
494 B
1 die-unfallgutachter.com
die-unfallgutachter.com
259 B
8 6
Domain Requested by
3 ntek.online ntek.online
2 events.api.secureserver.net img1.wsimg.com
2 img6.wsimg.com ntek.online
2 img1.wsimg.com 2 redirects
1 jquery.app ntek.online
1 www.jqueryscript.net 1 redirects
1 die-unfallgutachter.com 1 redirects
8 7

This site contains no links.

Subject Issuer Validity Valid
*.api.secureserver.net
Starfield Secure Certificate Authority - G2		 2022-08-05 -
2023-09-06		 a year crt.sh

This page contains 1 frames:

Primary Page: http://ntek.online/Postale/Dir/Identification.html
Frame ID: 83A1AC03A23F39D500C2B3353EF0E2E4
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Identification - La Banque Postale

Page URL History Show full URLs

  1. https://die-unfallgutachter.com/n4b7t7xnlvqyur381uj7tidpl HTTP 302
    http://ntek.online/Postale/Dir/Identification.html Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

8
Requests

25 %
HTTPS

50 %
IPv6

6
Domains

7
Subdomains

4
IPs

2
Countries

69 kB
Transfer

135 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://die-unfallgutachter.com/n4b7t7xnlvqyur381uj7tidpl HTTP 302
    http://ntek.online/Postale/Dir/Identification.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://www.jqueryscript.net/css/jquerysctipttop.css HTTP 302
  • https://jquery.app/jqueryscripttop.css
Request Chain 2
  • https://img1.wsimg.com/traffic-assets/js/tccl.min.js HTTP 302
  • https://img6.wsimg.com/wrhs/362d20193a8fed115f99b16a157b7fc4/tccl.min.js
Request Chain 3
  • https://img1.wsimg.com/traffic-assets/js/tccl-tti.min.js HTTP 302
  • https://img6.wsimg.com/wrhs/ce554d2333f3801abafb32da18213ff7/tti.min.js

8 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Identification.html
ntek.online/Postale/Dir/
Redirect Chain
  • https://die-unfallgutachter.com/n4b7t7xnlvqyur381uj7tidpl
  • http://ntek.online/Postale/Dir/Identification.html
5 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://ntek.online/Postale/Dir/Identification.html
Protocol
HTTP/1.1
Server
208.109.23.144 , United States, ASN398101 (GO-DADDY-COM-LLC, US),
Reverse DNS
144.23.109.208.host.secureserver.net
Software
Apache /
Resource Hash
6fffced4297a6ddecfdbaaa9ad1a1718010ae6713c5a8b71f1f65b3d60f02176

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Connection
Upgrade, Keep-Alive
Content-Encoding
gzip
Content-Length
1509
Content-Type
text/html
Date
Wed, 23 Nov 2022 12:23:34 GMT
ETag
"4fa2a78-13b7-5b66652b3fc80-gzip"
Keep-Alive
timeout=5
Last-Modified
Mon, 14 Dec 2020 05:57:54 GMT
Server
Apache
Upgrade
h2,h2c
Vary
Accept-Encoding

Redirect headers

Connection
Keep-Alive
Content-Length
234
Content-Type
text/html; charset=iso-8859-1
Date
Wed, 23 Nov 2022 12:23:34 GMT
Keep-Alive
timeout=5, max=100
Location
http://ntek.online/Postale/Dir/Identification.html
Server
Apache
jqueryscripttop.css
jquery.app/
Redirect Chain
  • https://www.jqueryscript.net/css/jquerysctipttop.css
  • https://jquery.app/jqueryscripttop.css
1 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://jquery.app/jqueryscripttop.css
Requested by
Host: ntek.online
URL: http://ntek.online/Postale/Dir/Identification.html
Protocol
H2
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9705cd86bd3c80505ba34630f14a1efad2b8e48a006a8cef97f07dfa268b741a

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://ntek.online/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-fastly-request-id
d017625b7860ff11d99be77b1477059347eeb31c
date
Wed, 23 Nov 2022 12:23:35 GMT
via
1.1 varnish
content-encoding
br
expires
Sat, 19 Nov 2022 00:29:37 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
521
x-cache
HIT
x-proxy-cache
MISS
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by
cache-fra-eddf8230109-FRA
last-modified
Fri, 18 Nov 2022 02:28:44 GMT
server
cloudflare
x-github-request-id
CDDC:31D4:4A7BB7:4C9608:6376EE6C
x-timer
S1668738845.899395,VS0,VE1
etag
W/"6376eddc-5e7"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B%2B5jLSQapFdJAQJU2PtUD7A6tssl9err%2BOiTKSbbvuq3P4MFub1jUPq5nknUrx6A76B5USxdLMeBqGrLLy7SriP4PBvGixelXgguNpf6a%2F4x9q71h4%2B9%2BYTqEPgcbZQVB05PW5Mr8WWY"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=14400
cf-ray
76e9e07d1da8995d-FRA
x-cache-hits
1

Redirect headers

date
Wed, 23 Nov 2022 12:23:35 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gZW3bqqx2zPwknTXZsspUU2%2FT07IWrZda7bi7fNkjqFYbngXyoIvK5bOvRtY67d4FEhaaNt%2Bj4z0P0EYwsK9yYHQDitml35%2Bbg%2Bnz81y7HFXogGg5lO1AbjwqE2gI%2F%2FUghOxPjxrBVfDG%2FfXtlTowIZR"}],"group":"cf-nel","max_age":604800}
location
https://jquery.app/jqueryscripttop.css
cache-control
private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray
76e9e07c8f0a698b-FRA
expires
Thu, 01 Jan 1970 00:00:01 GMT
image.css
ntek.online/Postale/Dir/files/ 		15 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://ntek.online/Postale/Dir/files/image.css
Requested by
Host: ntek.online
URL: http://ntek.online/Postale/Dir/Identification.html
Protocol
HTTP/1.1
Server
208.109.23.144 , United States, ASN398101 (GO-DADDY-COM-LLC, US),
Reverse DNS
144.23.109.208.host.secureserver.net
Software
Apache /
Resource Hash
e64b658f4d09bcb031b7a45cd6931a5f431ee4a65b28fd138f4b486144753cec

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://ntek.online/Postale/Dir/Identification.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Date
Wed, 23 Nov 2022 12:23:35 GMT
Content-Encoding
gzip
Last-Modified
Mon, 14 Dec 2020 08:01:46 GMT
Server
Apache
ETag
"4fa2d22-3b28-5b6680daf4e80-gzip"
Vary
Accept-Encoding
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5
Content-Length
1498
tccl.min.js
img6.wsimg.com/wrhs/362d20193a8fed115f99b16a157b7fc4/
Redirect Chain
  • https://img1.wsimg.com/traffic-assets/js/tccl.min.js
  • https://img6.wsimg.com/wrhs/362d20193a8fed115f99b16a157b7fc4/tccl.min.js
44 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://img6.wsimg.com/wrhs/362d20193a8fed115f99b16a157b7fc4/tccl.min.js
Requested by
Host: ntek.online
URL: http://ntek.online/Postale/Dir/Identification.html
Protocol
H2
Server
2.22.144.209 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-22-144-209.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
6cb0efedc1729d965016a35584cb00b03aa46e1a5e170f4b3ce092c7c3e99ec7

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://ntek.online/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-edgeconnect-origin-mex-latency
135
x-amz-version-id
Z0H0F1CdjRUI_nRMydHHi17Rv0HOw5tB
content-encoding
br
date
Wed, 23 Nov 2022 12:23:35 GMT
x-amz-request-id
N5JSXGJTVEFZM8E9
x-edgeconnect-midmile-rtt
15
x-amz-server-side-encryption
AES256
server-timing
cdn-cache; desc=HIT, edge; dur=1
content-length
11155
x-amz-id-2
73c+ZpWNgBh9xtilh6Nj22iH/BmUfkHwAgj9PgWHmvdTmSCUhi96da6Ell5SKHaif06RANK80zY=
last-modified
Mon, 11 Apr 2022 14:15:53 GMT
etag
"362d20193a8fed115f99b16a157b7fc4"
x-edgeconnect-cache-status
1
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
timing-allow-origin
*

Redirect headers

location
https://img6.wsimg.com/wrhs/362d20193a8fed115f99b16a157b7fc4/tccl.min.js
access-control-allow-origin
*
date
Wed, 23 Nov 2022 12:23:35 GMT
cache-control
max-age=1800
timing-allow-origin
*
content-length
0
expires
Wed, 23 Nov 2022 12:53:35 GMT
tti.min.js
img6.wsimg.com/wrhs/ce554d2333f3801abafb32da18213ff7/
Redirect Chain
  • https://img1.wsimg.com/traffic-assets/js/tccl-tti.min.js
  • https://img6.wsimg.com/wrhs/ce554d2333f3801abafb32da18213ff7/tti.min.js
24 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://img6.wsimg.com/wrhs/ce554d2333f3801abafb32da18213ff7/tti.min.js
Requested by
Host: ntek.online
URL: http://ntek.online/Postale/Dir/Identification.html
Protocol
H2
Server
2.22.144.209 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-22-144-209.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
6e74c12390bdb48bf5b0bb295ceed4f68add11467d2472d983a42e3023ecf312

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://ntek.online/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-amz-version-id
F4fYptXBkP0fCCCWFLfVGE1HXlZmORny
content-encoding
br
date
Wed, 23 Nov 2022 12:23:35 GMT
x-amz-request-id
MN6YE7R2QYB3VNPM
x-amz-server-side-encryption
AES256
server-timing
cdn-cache; desc=HIT, edge; dur=1
content-length
7498
x-amz-id-2
Gj864Qjmq93jcEZuHoW24pggVZNYla9J0qIknWJmS1/a54ajkEAEn4NJX1U7ILOl1QvRdYwDDqw=
last-modified
Tue, 30 Aug 2022 13:33:22 GMT
etag
"ce554d2333f3801abafb32da18213ff7"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
timing-allow-origin
*

Redirect headers

location
https://img6.wsimg.com/wrhs/ce554d2333f3801abafb32da18213ff7/tti.min.js
access-control-allow-origin
*
date
Wed, 23 Nov 2022 12:23:35 GMT
cache-control
max-age=1800
timing-allow-origin
*
content-length
0
expires
Wed, 23 Nov 2022 12:53:35 GMT
back.PNG
ntek.online/Postale/Dir/files/ 		44 KB
44 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://ntek.online/Postale/Dir/files/back.PNG
Requested by
Host: ntek.online
URL: http://ntek.online/Postale/Dir/files/image.css
Protocol
HTTP/1.1
Server
208.109.23.144 , United States, ASN398101 (GO-DADDY-COM-LLC, US),
Reverse DNS
144.23.109.208.host.secureserver.net
Software
Apache /
Resource Hash
c68c92933c6be4672a5817c286911619cc603f8fc7bde39ef1e0b4dfcf5f80cb

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://ntek.online/Postale/Dir/files/image.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Date
Wed, 23 Nov 2022 12:23:35 GMT
Last-Modified
Mon, 14 Dec 2020 08:02:52 GMT
Server
Apache
ETag
"4fa2d25-b0a8-5b668119e6300"
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5
Content-Length
45224
event
events.api.secureserver.net/t/1/tl/ 		43 B
287 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://events.api.secureserver.net/t/1/tl/event?cts=1669206215286&dh=ntek.online&dr=&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F107.0.5304.110%20Safari%2F537.36&vci=115463658&cv=2.0.0&z=1768624084&vg=18cb123b-7e3e-59be-88e4-a1ff87e1905c&vtg=18cb123b-7e3e-59be-88e4-a1ff87e1905c&dp=%2FPostale%2FDir%2FIdentification.html&ap=cpsh-oh&trfd=%7B%22ap%22%3A%22cpsh-oh%22%2C%22server%22%3A%22p3plzcpnl491158%22%2C%22dcenter%22%3A%22p3%22%2C%22id%22%3A%228829629%22%7D&hit_id=215f35bd-bb45-51b3-873c-644ed935adb4&ht=pageview
Requested by
Host: img1.wsimg.com
URL: https://img1.wsimg.com/traffic-assets/js/tccl-tti.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:1700:11::b856:678c Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://ntek.online/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

strict-transport-security
max-age=31536000 ; includeSubDomains
date
Wed, 23 Nov 2022 12:23:35 GMT
x-content-type-options
nosniff
x-frame-options
DENY
content-type
image/gif
access-control-allow-origin
http://ntek.online
cache-control
private
access-control-allow-credentials
true
x-robots-tag
noindex, nofollow
content-length
43
x-xss-protection
1; mode=block
event
events.api.secureserver.net/t/1/tl/ 		43 B
287 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://events.api.secureserver.net/t/1/tl/event?cts=1669206215724&dh=ntek.online&dr=&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F107.0.5304.110%20Safari%2F537.36&vci=115463658&cv=2.0.0&z=2116764711&vg=18cb123b-7e3e-59be-88e4-a1ff87e1905c&vtg=18cb123b-7e3e-59be-88e4-a1ff87e1905c&dp=%2FPostale%2FDir%2FIdentification.html&ap=cpsh-oh&trfd=%7B%22ap%22%3A%22cpsh-oh%22%2C%22server%22%3A%22p3plzcpnl491158%22%2C%22dcenter%22%3A%22p3%22%2C%22id%22%3A%228829629%22%7D&hit_id=c267227d-e1c1-53ff-8ac0-a2994396968c&ht=perf&tce=1669206214776&tcs=1669206214625&tdc=1669206215711&tdclee=1669206215292&tdcles=1669206215292&tdi=1669206215292&tdl=1669206215072&tdle=1669206214625&tdls=1669206214607&tfs=1669206214607&tns=1669206214526&trqs=1669206214776&tre=1669206215068&trps=1669206215066&tles=1669206215711&tlee=0&nt=navigate&nav_type=hard
Requested by
Host: img1.wsimg.com
URL: https://img1.wsimg.com/traffic-assets/js/tccl-tti.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:1700:11::b856:678c Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://ntek.online/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

strict-transport-security
max-age=31536000 ; includeSubDomains
date
Wed, 23 Nov 2022 12:23:35 GMT
x-content-type-options
nosniff
x-frame-options
DENY
content-type
image/gif
access-control-allow-origin
http://ntek.online
cache-control
private
access-control-allow-credentials
true
x-robots-tag
noindex, nofollow
content-length
43
x-xss-protection
1; mode=block

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Banque Postale (Banking)

18 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

string| clavier function| myFunction0 function| myFunction1 function| myFunction2 function| myFunction3 function| myFunction4 function| myFunction5 function| myFunction6 function| myFunction7 function| myFunction8 function| myFunction9 object| _trfd boolean| _tcclPageReqFired object| _tcclInternal object| _expDataLayer object| _trfq object| tccl object| tti

2 Cookies

Domain/Path Name / Value
.ntek.online/ Name: _tccl_visitor
Value: 18cb123b-7e3e-59be-88e4-a1ff87e1905c
.ntek.online/ Name: _tccl_visit
Value: 18cb123b-7e3e-59be-88e4-a1ff87e1905c