portaladmin.nitroflow.com
Open in
urlscan Pro
209.216.247.83
Public Scan
Submission Tags: phishingrod
Submission: On July 10 via api from DE — Scanned from DE
Summary
TLS certificate: Issued by R3 on May 11th 2024. Valid for: 3 months.
This is the only time portaladmin.nitroflow.com was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
7 | 209.216.247.83 209.216.247.83 | 11320 (LIGHTEDGE...) (LIGHTEDGE-AS-02) | |
14 | 209.216.247.82 209.216.247.82 | 11320 (LIGHTEDGE...) (LIGHTEDGE-AS-02) | |
1 | 2a00:1450:400... 2a00:1450:4001:80b::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:1450:400... 2a00:1450:4001:80e::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:1450:400... 2a00:1450:4001:810::2008 | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a02:26f0:350... 2a02:26f0:3500:10::210:a9a | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
1 | 2a00:1450:400... 2a00:1450:4001:829::2003 | 15169 (GOOGLE) (GOOGLE) | |
1 3 | 2620:1ec:21::14 2620:1ec:21::14 | 8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
1 | 13.107.42.14 13.107.42.14 | 8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
31 | 10 |
ASN11320 (LIGHTEDGE-AS-02, US)
PTR: stgi.net
portaladmin.nitroflow.com | |
app.salesdrip.com |
ASN15169 (GOOGLE, US)
www.googletagmanager.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
20 |
nitroflow.com
portaladmin.nitroflow.com app.nitroflow.com |
2 MB |
4 |
linkedin.com
1 redirects
px.ads.linkedin.com — Cisco Umbrella Rank: 671 px4.ads.linkedin.com — Cisco Umbrella Rank: 7218 |
2 KB |
2 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 108 ajax.googleapis.com — Cisco Umbrella Rank: 607 |
32 KB |
1 |
gstatic.com
fonts.gstatic.com |
33 KB |
1 |
licdn.com
snap.licdn.com — Cisco Umbrella Rank: 1900 |
14 KB |
1 |
salesdrip.com
app.salesdrip.com |
19 KB |
1 |
googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 110 |
86 KB |
31 | 7 |
Domain | Requested by | |
---|---|---|
14 | app.nitroflow.com |
portaladmin.nitroflow.com
app.nitroflow.com |
6 | portaladmin.nitroflow.com |
portaladmin.nitroflow.com
|
3 | px.ads.linkedin.com |
1 redirects
snap.licdn.com
|
1 | px4.ads.linkedin.com |
portaladmin.nitroflow.com
|
1 | fonts.gstatic.com |
fonts.googleapis.com
|
1 | snap.licdn.com |
portaladmin.nitroflow.com
|
1 | app.salesdrip.com |
portaladmin.nitroflow.com
|
1 | www.googletagmanager.com |
portaladmin.nitroflow.com
|
1 | ajax.googleapis.com |
portaladmin.nitroflow.com
|
1 | fonts.googleapis.com |
portaladmin.nitroflow.com
|
31 | 10 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.nitroflow.com |
app.nitroflow.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
s2023091211.stgi.net R3 |
2024-05-11 - 2024-08-09 |
3 months | crt.sh |
upload.video.google.com WR2 |
2024-06-24 - 2024-09-16 |
3 months | crt.sh |
*.google-analytics.com WR2 |
2024-06-24 - 2024-09-16 |
3 months | crt.sh |
app.salesdrip.com R3 |
2024-05-08 - 2024-08-06 |
3 months | crt.sh |
snap.licdn.com DigiCert SHA2 Secure Server CA |
2023-12-13 - 2024-12-12 |
a year | crt.sh |
*.gstatic.com WR2 |
2024-06-24 - 2024-09-16 |
3 months | crt.sh |
www.linkedin.com DigiCert SHA2 Secure Server CA |
2024-07-01 - 2025-01-01 |
6 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://portaladmin.nitroflow.com/
Frame ID: 26CC9605BAD229873C2796301C3B4EC4
Requests: 31 HTTP requests in this frame
Screenshot
Page Title
NitroFlow - Visibility, Efficiency, Control.Detected technologies
Google Font API (Font Scripts) ExpandDetected patterns
- <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Google Tag Manager (Tag Managers) Expand
Detected patterns
- googletagmanager\.com/gtag/js
Linkedin Insight Tag (Analytics) Expand
Detected patterns
- snap\.licdn\.com/li\.lms-analytics/insight\.min\.js
jQuery (JavaScript Libraries) Expand
Detected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
jQuery UI (JavaScript Libraries) Expand
Detected patterns
- jquery-ui.*\.js
Page Statistics
4 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Title: Account Login
Search URL Search Domain Scan URL
Title: Schedule a Demo
Search URL Search Domain Scan URL
Title: Compare Us
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 26- https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=5953668&time=1720608771901&url=https%3A%2F%2Fportaladmin.nitroflow.com%2F HTTP 302
- https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=5953668&time=1720608771901&url=https%3A%2F%2Fportaladmin.nitroflow.com%2F&e_ipv6=AQLhddt2aa7-mAAAAZCcRk-86T9PGK1Ib6WHyVj4oVHr9Qy-Mdq1_gBZ2rSqUc2OvnEEILScxg
31 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
portaladmin.nitroflow.com/ |
27 KB 28 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-latest.js
portaladmin.nitroflow.com/app2/js/jquery/ |
85 KB 86 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-ui-latest.js
portaladmin.nitroflow.com/app2/js/jquery/ |
249 KB 249 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Master.css
portaladmin.nitroflow.com/CSS%20Files/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Media86.css
app.nitroflow.com/users/myteam48573/ |
37 KB 37 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css2
fonts.googleapis.com/ |
13 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.6.4/ |
88 KB 31 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fansite_scripts.min.js
portaladmin.nitroflow.com/scripts/ |
32 KB 33 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
www.googletagmanager.com/gtag/ |
241 KB 86 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Media68.png
app.nitroflow.com/users/myteam48573/ |
24 KB 24 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Media78.png
app.nitroflow.com/users/myteam48573/ |
46 KB 46 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Media81.webp
app.nitroflow.com/users/myteam48573/ |
218 KB 218 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Media79.webp
app.nitroflow.com/users/myteam48573/ |
185 KB 186 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Media80.webp
app.nitroflow.com/users/myteam48573/ |
183 KB 184 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Media83.webp
app.nitroflow.com/users/myteam48573/ |
169 KB 170 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Media82.webp
app.nitroflow.com/users/myteam48573/ |
181 KB 182 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Media84.webp
app.nitroflow.com/users/myteam48573/ |
409 KB 410 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Media85.webp
app.nitroflow.com/users/myteam48573/ |
247 KB 248 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Media74.png
app.nitroflow.com/users/myteam48573/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Media852.webp
app.salesdrip.com/users/myteam45561/ |
19 KB 19 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Media58.js
app.nitroflow.com/users/myteam48573/ |
14 KB 14 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
innerCSS6.min.css
portaladmin.nitroflow.com/app2/styles/innerCSS6/ |
43 KB 44 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
insight.min.js
snap.licdn.com/li.lms-analytics/ |
38 KB 14 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
Media18.png
app.nitroflow.com/users/myteam48573/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Media107.webp
app.nitroflow.com/users/myteam48573/ |
216 KB 216 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
fonts.gstatic.com/s/montserrat/v26/ |
32 KB 33 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
attribution_trigger
px.ads.linkedin.com/ |
2 B 814 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
collect
px4.ads.linkedin.com/ Redirect Chain
|
0 264 B |
Image
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
t.js
app.nitroflow.com/ |
25 KB 25 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
/
px.ads.linkedin.com/wa/ |
0 203 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
wt.pl
app.nitroflow.com/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- app.nitroflow.com
- URL
- https://app.nitroflow.com/users/myteam48573/Media18.png
- Domain
- app.nitroflow.com
- URL
- https://app.nitroflow.com/wt.pl?a=48573&f=13967105&q=0&c=&p=https%3A%2F%2Fportaladmin.nitroflow.com%2F&r=
Verdicts & Comments Add Verdict or Comment
125 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery object| divBorder object| divBackground function| ReadCookie function| setCookie function| highlightDivID function| unhighlightDivID function| highlightClass function| unhighlightClass function| showSection function| showCalendar function| showWeeklyCalendar function| showDailyCalendar function| showPublicEvent function| showEventDetails function| register function| showGroupRegistrants function| registerPublicEvent function| requestAppointment function| updateEventTypesComments function| updateAppointmentEnd function| updateAppointmentClock function| makeAppointmentRequest function| cancelAppointmentRequest function| showGoalChart function| loadScroller function| scrollscroller function| showStoreItems function| updatePrice function| addToCart function| updateCart function| viewCart function| closeCart function| showFansitePlayers function| showContactDetail function| showMedia function| showMediaContent function| showMediaLayer function| showImage function| startSlideshow function| runSlideshow function| stopSlideshow function| showVideo function| cancelEditMedia function| registerNewFan function| loginFan function| updateComments function| addFanComment function| rateComment function| logoutFan function| sendContactMessage function| sendPendingMemberRequest function| playerLogin function| sendPasswordReminder function| processLogin function| savePlayerPageImage function| redrawPlayerPageImage function| savePlayerPageData function| showForum function| saveNewPost function| forgotPassword function| forgotPasswordInline function| registerEmail function| rebuildID function| postDataReturnText function| gtag object| dataLayer object| GLOBALS function| loading_icon function| showBlogComments function| postBlogComment string| _linkedin_partner_id object| _linkedin_data_partner_ids function| lintrk boolean| _already_called_lintrk object| AOS function| init function| resizeReset function| animationLoop function| drawScene function| drawLine function| mousemove function| mouseout number| opacity number| bfpa string| bfpp string| bfpd object| google_tag_manager object| google_tag_data number| dialogWidth number| dialogHeight object| ORIBILI function| fpr_flash function| fpr_browser function| fpr_canvas function| fpr_connection function| fpr_cookie function| fpr_display function| fpr_fontsmoothing function| fpr_fonts function| fpr_formfields function| fpr_java function| fpr_language function| fpr_silverlight function| fpr_os function| fpr_useragent function| fpr_timezone function| fpr_touch function| fpr_truebrowser function| activeXDetect function| stripIllegalChars function| hashtable_containsKey function| hashtable_get function| hashtable_keys function| hashtable_put function| hashtable_size function| Hashtable function| fpr_plugins string| glbOnError string| glbSep object| fp number| uid object| wt function| FPR6 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.nitroflow.com/ | Name: ctc Value: 65ce9378a3d2593c2c36a35d17a1da368b914d804f5ca795 |
|
.nitroflow.com/ | Name: ctp Value: -1761169479 |
|
.nitroflow.com/ | Name: _gcl_au Value: 1.1.949183901.1720608772 |
|
.linkedin.com/ | Name: bcookie Value: "v=2&5fe98223-a0c6-4aba-8b99-da729a99e87d" |
|
.linkedin.com/ | Name: li_gc Value: MTswOzE3MjA2MDg3NzI7MjswMjGJ97Cwfju/f4l8vn3jF6royTCAZRu7SEFkAlkHNKUqcQ== |
|
.linkedin.com/ | Name: lidc Value: "b=VGST03:s=V:r=V:a=V:p=V:g=3249:u=1:x=1:i=1720608772:t=1720695172:v=2:sig=AQGForIO5J30C3kQZL8CJTlcGgDvH4Fw" |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=31536000 |
X-Frame-Options | SAMEORIGIN |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
app.nitroflow.com
app.salesdrip.com
fonts.googleapis.com
fonts.gstatic.com
portaladmin.nitroflow.com
px.ads.linkedin.com
px4.ads.linkedin.com
snap.licdn.com
www.googletagmanager.com
app.nitroflow.com
13.107.42.14
209.216.247.82
209.216.247.83
2620:1ec:21::14
2a00:1450:4001:80b::200a
2a00:1450:4001:80e::200a
2a00:1450:4001:810::2008
2a00:1450:4001:829::2003
2a02:26f0:3500:10::210:a9a
068461e8598bd4ab85ce945ded4e9185593f46cf06dcb5a8e4ba81b75ff1d03c
16fd2c33a1467ca0be782c70b2ae83e2ce09225f5e4670d7c05cc78a9ef9a666
1aed6af54ba37518a53a4e3503912066a687e89b62065fd23d19db6f973f67a9
1d9d6d6f007833fd1c998248ca3cfb3303d2a3fdc2acb505914dbf3cf26fbe73
2c9c05e24a214fabb08fb4109acd64035fd16dbab1afa074ceaa3524bd1cbe7c
35d5b1d557c258abd159bc97dbe159086af89531de60764507d273b09d56b131
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
6c9cf8a376e6955fef8a18ae9794581522177247b63f0be6787b6c483bed88ce
72c6c695506471e0ba446327f635ca374fd349fbcbc3c4a84a8d7d99656b2882
742d9c4530e0c7f20ea6209c26d91b5efd89bb6fd73bbbbc0360211edebf3d70
942a9ba1fe78b402e8b52b83058dbbabde8db6b4d1debf960d6d5afe5192db52
9528ca634fecad433d044ddd3e6f9ce1f068d5d932dafdbb19d8e6daea1968bd
9fcb202cdda5529310aa7980786f486a9813584718032bde1c62402855a158b7
a0fe8723dcf55da64d06b25446d0a8513e52527c45afcb37073465f9c6f352af
a59040039dab8dcdb82ba1bb8fcfed0c3ae8d0256adea961306b92fef963c415
a5bb856654de837ac686dfa1f62d0a6b40b0f2d86adf90e2ae94354a392a3af7
a9279b7a704c5b805bdc77fe0eaa0011b84fe883d3b77716042b2b0e251d3aee
ade3b15476a9214b347e9ff8b8793d29c82a2ca77614c903f48be059f8606a1d
b7ded506e30cbea5c88b461c576d20ffcddd897a0f2f1ea6008c84503efd6422
bb2f90081933c0f2475883ca2c5cfee94e96d7314a09433fffc42e37f4cffd3b
c63f8b9951ec3589d77506ddeae7d653c11377ff42a6e114c499720d799b2030
d248664d5d233d061076ff2c18ec9736993f7c0823783458c84383b96224332a
d4dd62eae5d33289a25f636478a14e5b53c1ccac427170de89719c547f902b30
df5ca73b7832a760cd5e0efaa34d1ea03c232bbfca35fa4e222f33df5331e6f9
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ea7a1c419730a71994c59d9913ebad6125b3293445ad362102ed2d1d368c383b
fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a