accounts-google.caddy.workers.dev
Open in
urlscan Pro
2606:4700:3036::ac43:d8e9
Malicious Activity!
Public Scan
Effective URL: https://accounts-google.caddy.workers.dev/
Submission: On August 24 via api from IT — Scanned from IT
Summary
TLS certificate: Issued by GTS CA 1P5 on July 22nd 2023. Valid for: 3 months.
This is the only time accounts-google.caddy.workers.dev was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Google (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 2606:4700:303... 2606:4700:3036::ac43:d8e9 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
10 | 2a00:1450:400... 2a00:1450:4001:829::2003 | 15169 (GOOGLE) (GOOGLE) | |
4 | 2a00:1450:400... 2a00:1450:4001:812::2003 | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:1450:400... 2a00:1450:4001:810::200e | 15169 (GOOGLE) (GOOGLE) | |
7 | 2a00:1450:400... 2a00:1450:4001:811::200d | 15169 (GOOGLE) (GOOGLE) | |
30 | 6 |
ASN13335 (CLOUDFLARENET, US)
accounts-google.caddy.workers.dev |
Apex Domain Subdomains |
Transfer | |
---|---|---|
14 |
gstatic.com
www.gstatic.com fonts.gstatic.com |
425 KB |
7 |
google.com
accounts.google.com — Cisco Umbrella Rank: 33 play.google.com Failed |
5 KB |
1 |
youtube.com
accounts.youtube.com — Cisco Umbrella Rank: 362 |
|
1 |
workers.dev
accounts-google.caddy.workers.dev |
97 KB |
30 | 4 |
Domain | Requested by | |
---|---|---|
10 | www.gstatic.com |
accounts-google.caddy.workers.dev
www.gstatic.com |
7 | accounts.google.com |
www.gstatic.com
accounts-google.caddy.workers.dev |
4 | fonts.gstatic.com |
accounts-google.caddy.workers.dev
|
1 | accounts.youtube.com |
www.gstatic.com
|
1 | accounts-google.caddy.workers.dev | |
0 | play.google.com Failed |
www.gstatic.com
|
30 | 6 |
This site contains links to these domains. Also see Links.
Domain |
---|
support.google.com |
accounts.google.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
caddy.workers.dev GTS CA 1P5 |
2023-07-22 - 2023-10-20 |
3 months | crt.sh |
*.gstatic.com GTS CA 1C3 |
2023-08-07 - 2023-10-30 |
3 months | crt.sh |
*.google.com GTS CA 1C3 |
2023-08-07 - 2023-10-30 |
3 months | crt.sh |
accounts.google.com GTS CA 1C3 |
2023-08-07 - 2023-10-30 |
3 months | crt.sh |
This page contains 7 frames:
Primary Page:
https://accounts-google.caddy.workers.dev/
Frame ID: 68B04C97E0653DF3E9E90E9F0BA4FCC3
Requests: 23 HTTP requests in this frame
Frame:
https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=-181720732×tamp=1692884489615
Frame ID: 44485816611970842D4169AA745376A4
Requests: 1 HTTP requests in this frame
Frame:
https://accounts.google.com/_/bscframe
Frame ID: 0E7D200EE91D1CD9501F2AAD5DB5CF38
Requests: 1 HTTP requests in this frame
Frame:
https://accounts.google.com/_/bscframe
Frame ID: 5DE6F807FF69AC5D25ADE326473C75D3
Requests: 1 HTTP requests in this frame
Frame:
https://accounts.google.com/_/bscframe
Frame ID: F97B5B5EBF51FED3687DB0B3DBFE002A
Requests: 1 HTTP requests in this frame
Frame:
https://accounts.google.com/_/bscframe
Frame ID: 411026E94DB1E00BCD7ACF6AA61CA595
Requests: 1 HTTP requests in this frame
Frame:
https://accounts.google.com/_/bscframe
Frame ID: F5B664AC082DAD9A9262475AB315502B
Requests: 1 HTTP requests in this frame
Screenshot
Page Title
Accedi - Account GooglePage URL History Show full URLs
-
http://accounts-google.caddy.workers.dev/
HTTP 307
https://accounts-google.caddy.workers.dev/ Page URL
Page Statistics
4 Outgoing links
These are links going to different origins than the main page.
Title: Scopri di piĆ¹
Search URL Search Domain Scan URL
Title: Guida
Search URL Search Domain Scan URL
Title: Privacy
Search URL Search Domain Scan URL
Title: Termini
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://accounts-google.caddy.workers.dev/
HTTP 307
https://accounts-google.caddy.workers.dev/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
30 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
accounts-google.caddy.workers.dev/ Redirect Chain
|
572 KB 97 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
m=_b,_tp,_r
www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.it.WrB_FDXrj_c.es5.O/am=FwdAyIzHBhD_U53vGSeHAQAAAAAAAAAAFsMd/d=1/excm=_b,_r,_tp,identifierview/ed=1/dg=0/wt=2/ujg=1/rs=AOaEml... |
202 KB 71 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
267 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2
fonts.gstatic.com/s/googlesans/v14/ |
21 KB 21 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ |
15 KB 15 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ |
15 KB 15 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2
fonts.gstatic.com/s/googlesans/v14/ |
21 KB 21 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
m=byfTOb,lsjVmc,LEikZe
www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.it.WrB_FDXrj_c.es5.O/ck=boq-identity.AccountsSignInUi.ONkpXETo5XM.L.B1.O/am=FwdAyIzHBhD_U53vGSeHAQAAAAAAAAAAFsMd/d=1/exm=_b,_... |
38 KB 14 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
m=n73qwf,SCuOPb,IZT63,vfuNJf,UUJqVe,ws9Tlc,siKnQd,STuCOe,njlZCf,XVq9Qb,xUdipf,OTA3Ae,COQbmf,fKUV3e,aurFic,U0aPgd,kibjWe,nnwwYc,ANCJdb,V3dDOb,G0cNrd,zsCYJ,mWLH9d,NOeYWe,O6y8ed,t2srLd,fqEYIb,PrPYRd,M...
www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.it.WrB_FDXrj_c.es5.O/ck=boq-identity.AccountsSignInUi.ONkpXETo5XM.L.B1.O/am=FwdAyIzHBhD_U53vGSeHAQAAAAAAAAAAFsMd/d=1/exm=LEik... |
722 KB 218 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
m=ltDFwf,Rusgnf,Ctsu,UPKV3d,wGM7Jc,IZ1fbc,i5dxUd,m9oV,kSPLL,NTMZac,bTi8wc,i5H9N,SzsEAf,RAnnUd,qPfo0c,PHUIyb,bPkrc,pxq3x,uu7UOe,yRXbo,qNG0Fc,soHxf,ywOR5c,W2YXuc
www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.it.WrB_FDXrj_c.es5.O/ck=boq-identity.AccountsSignInUi.ONkpXETo5XM.L.B1.O/am=FwdAyIzHBhD_U53vGSeHAQAAAAAAAAAAFsMd/d=1/exm=A2sI... |
112 KB 34 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
m=RqjULd
www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.it.WrB_FDXrj_c.es5.O/ck=boq-identity.AccountsSignInUi.ONkpXETo5XM.L.B1.O/am=FwdAyIzHBhD_U53vGSeHAQAAAAAAAAAAFsMd/d=1/exm=A2sI... |
19 KB 6 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
m=ZwDk9d,RMhBfe
www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.it.WrB_FDXrj_c.es5.O/ck=boq-identity.AccountsSignInUi.ONkpXETo5XM.L.B1.O/am=FwdAyIzHBhD_U53vGSeHAQAAAAAAAAAAFsMd/d=1/exm=A2sI... |
3 KB 1 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
m=bm51tf
www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.it.WrB_FDXrj_c.es5.O/ck=boq-identity.AccountsSignInUi.ONkpXETo5XM.L.B1.O/am=FwdAyIzHBhD_U53vGSeHAQAAAAAAAAAAFsMd/d=1/exm=A2sI... |
1 KB 740 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
m=sOXFj,q0xTif,ZZ4WUe
www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.it.WrB_FDXrj_c.es5.O/ck=boq-identity.AccountsSignInUi.ONkpXETo5XM.L.B1.O/am=FwdAyIzHBhD_U53vGSeHAQAAAAAAAAAAFsMd/d=1/exm=A2sI... |
3 KB 2 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
CheckConnection
accounts.youtube.com/accounts/ Frame 4448 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H2 |
batchexecute
accounts.google.com/v3/signin/_/AccountsSignInUi/data/ Frame |
0 0 |
Preflight
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST |
batchexecute
accounts.google.com/v3/signin/_/AccountsSignInUi/data/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bscframe
accounts.google.com/_/ Frame 0E7D |
2 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST |
log
play.google.com/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
m=wg1P6b
www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.it.WrB_FDXrj_c.es5.O/ck=boq-identity.AccountsSignInUi.ONkpXETo5XM.L.B1.O/am=FwdAyIzHBhD_U53vGSeHAQAAAAAAAAAAFsMd/d=1/exm=A2sI... |
10 KB 4 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bscframe
accounts.google.com/_/ Frame 5DE6 |
2 KB 901 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
m=Wt6vjf,hhhU8,FCpbqb,WhJNk
www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.it.WrB_FDXrj_c.es5.O/ck=boq-identity.AccountsSignInUi.ONkpXETo5XM.L.B1.O/am=FwdAyIzHBhD_U53vGSeHAQAAAAAAAAAAFsMd/d=1/exm=A2sI... |
3 KB 2 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST |
log
play.google.com/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bscframe
accounts.google.com/_/ Frame F97B |
2 KB 852 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bscframe
accounts.google.com/_/ Frame 4110 |
2 KB 851 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bscframe
accounts.google.com/_/ Frame F5B6 |
2 KB 851 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST |
log
play.google.com/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST |
log
play.google.com/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H2 |
browserinfo
accounts.google.com/v3/signin/_/AccountsSignInUi/ Frame |
0 0 |
Preflight
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST |
browserinfo
accounts.google.com/v3/signin/_/AccountsSignInUi/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST |
log
play.google.com/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- accounts.google.com
- URL
- https://accounts.google.com/v3/signin/_/AccountsSignInUi/data/batchexecute?rpcids=UEkKwb&source-path=%2F&f.sid=-1175713536287332944&bl=boq_identityfrontendauthuiserver_20230813.08_p2&hl=it&_reqid=56490&rt=c
- Domain
- play.google.com
- URL
- https://play.google.com/log?format=json&hasfast=true
- Domain
- play.google.com
- URL
- https://play.google.com/log?format=json&hasfast=true
- Domain
- play.google.com
- URL
- https://play.google.com/log?format=json&hasfast=true
- Domain
- play.google.com
- URL
- https://play.google.com/log?format=json&hasfast=true
- Domain
- accounts.google.com
- URL
- https://accounts.google.com/v3/signin/_/AccountsSignInUi/browserinfo?f.sid=-1175713536287332944&bl=boq_identityfrontendauthuiserver_20230813.08_p2&hl=it&_reqid=156490&rt=j
- Domain
- play.google.com
- URL
- https://play.google.com/log?format=json&hasfast=true
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Google (Online)43 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| documentPictureInPicture object| WIZ_global_data number| cc_latency_start_time function| onaft function| _isLazyImage string| cc_aid number| iml_start number| css_size object| cc_latency function| ccTick function| onJsLoad function| onCssLoad function| _isVisible function| _recordImlEl number| prt function| wiz_tick string| _F_cssRowKey string| _F_combinedSignature function| _DumpException object| BOQ_wizbind object| AF_initDataKeys object| AF_dataServiceRequests object| AF_initDataChunkQueue function| AF_initDataCallback undefined| AF_initDataInitializeCallback object| aft_counter function| initAft object| IJ_values object| _wjdd object| default_AccountsSignInUi boolean| BOQ_loadedInitialJS function| _F_installCss function| _B_err object| closure_lm_557321 function| wiz_progress function| _F_getIjData object| _mxNDff boolean| ly11Pc number| closure_uid_303234771 function| nativePrimaryActionHit function| nativeSecondaryActionHit object| botguard2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
accounts-google.caddy.workers.dev/ | Name: __Host-GAPS Value: 1:9dlHFg1LoxofNEJds7GZsMgBjEgF_g:3MyM9HAVBuJQsqDG |
|
accounts-google.caddy.workers.dev/ | Name: OTZ Value: 7176342_48_52_123900_48_436380 |
26 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=31536000; includeSubDomains |
X-Content-Type-Options | nosniff |
X-Frame-Options | DENY |
X-Xss-Protection | 0 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
accounts-google.caddy.workers.dev
accounts.google.com
accounts.youtube.com
fonts.gstatic.com
play.google.com
www.gstatic.com
accounts.google.com
play.google.com
2606:4700:3036::ac43:d8e9
2a00:1450:4001:810::200e
2a00:1450:4001:811::200d
2a00:1450:4001:812::2003
2a00:1450:4001:829::2003
1a1ebd2f16a08121be929ff43d4c33cbdfdc7cecacc61c07e12375c2f9800804
1bf195083d060f35e9a28954c5f2e3c0f26c7a3e7ccbc74af0840fe379d655d1
1e6c9bc1bf9d1bfee73510b27123b2600a764a9f6a766a96932474e956a99085
2a28a533faad22b31a6cde29def91c6b5975038e7d3ba90596808cbad6cf844b
36d5e6a9544699699ab7db62a80366526c698cec11c2af7c835fa378b252fce6
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
5a3e230c5e2670df5d7a81f23385597824f98067e188973c4a12ed0d2b40053c
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
5bf4826fa3988a5263776a82081d2c53610a05d32dee341ff64df68186267694
6164b0deecdd0bb5a718893405df58ee43e8c9fc37a043fb2d909a66c7768ebf
6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
9ff07603222f3050e1fb9edf0c4606113df946819ff615fd15317d8dca851e00
a88695fcc2cdb92e3cb0662e59b8d23c803c5189607334959a5e70e497a354a3
abfe5b27310a016303a0ede1f41a67d4adb8886b7c0ade3474cd44f60be50548
ac9985e61f82cd74b8575b984c30e8321560d0bb6da5b00e363ffe807b1bd582
bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
cf86a53ac60fc32898a4cfe6ae792a46e3a958906a3bec8f649e6ac8131a6edf
df0f5d697e43d4785b9848d76a9fc1040f20612d1e8672d8d66cdee6c46b038d
ec494781acbedb3bfeeaf63a51f227b068185f95889c545af2993fc6d72b2455
ede75984672b104a67f6546a1105cb2e9351427be3178c4fdcc616a340396fd9
f03633fcd4971bee136532469ddb2aba81f98868f096a48c7428a31976ba672d