alliancehelps.com
Open in
urlscan Pro
172.67.195.225
Malicious Activity!
Public Scan
Effective URL: https://alliancehelps.com/sf/tpl9/?logo=bestbuy&item=6VK6&av1=6D0G&clickid=8c0f96db-4387-447a-8630-841c7c55f41f
Submission: On October 21 via automatic, source openphish — Scanned from DE
Summary
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on June 25th 2021. Valid for: a year.
This is the only time alliancehelps.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Scam (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 107.172.209.96 107.172.209.96 | 36352 (AS-COLOCR...) (AS-COLOCROSSING) | |
1 | 45.133.1.49 45.133.1.49 | 211252 (AS_DELIS) (AS_DELIS) | |
1 1 | 137.74.75.98 137.74.75.98 | 16276 (OVH) (OVH) | |
2 19 | 172.67.195.225 172.67.195.225 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 104.18.23.52 104.18.23.52 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 216.58.212.136 216.58.212.136 | 15169 (GOOGLE) (GOOGLE) | |
3 | 104.21.81.131 104.21.81.131 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
5 | 142.250.186.174 142.250.186.174 | 15169 (GOOGLE) (GOOGLE) | |
3 | 172.67.177.88 172.67.177.88 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 3 | 45.55.126.207 45.55.126.207 | 14061 (DIGITALOC...) (DIGITALOCEAN-ASN) | |
33 | 9 |
ASN36352 (AS-COLOCROSSING, US)
PTR: 1rsl.tnibzor.com
107.172.209.96 |
ASN15169 (GOOGLE, US)
PTR: ams15s21-in-f8.1e100.net
www.googletagmanager.com |
ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f14.1e100.net
www.google-analytics.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
22 |
alliancehelps.com
3 redirects
alliancehelps.com beacon.alliancehelps.com |
752 KB |
5 |
google-analytics.com
www.google-analytics.com |
20 KB |
4 |
fontawesome.com
kit.fontawesome.com ka-f.fontawesome.com |
23 KB |
3 |
virtualpushplatform.com
virtualpushplatform.com |
6 KB |
1 |
googletagmanager.com
www.googletagmanager.com |
35 KB |
1 |
oneautocreditstudio.com
1 redirects
oneautocreditstudio.com |
494 B |
1 |
laudypauty.com
laudypauty.com |
449 B |
33 | 7 |
Domain | Requested by | |
---|---|---|
19 | alliancehelps.com |
2 redirects
laudypauty.com
alliancehelps.com |
5 | www.google-analytics.com |
www.googletagmanager.com
www.google-analytics.com alliancehelps.com |
3 | beacon.alliancehelps.com |
1 redirects
alliancehelps.com
|
3 | virtualpushplatform.com |
alliancehelps.com
virtualpushplatform.com |
3 | ka-f.fontawesome.com |
kit.fontawesome.com
|
1 | www.googletagmanager.com |
alliancehelps.com
|
1 | kit.fontawesome.com |
alliancehelps.com
|
1 | oneautocreditstudio.com | 1 redirects |
1 | laudypauty.com | |
33 | 9 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
www.laudypauty.com Go Daddy Secure Certificate Authority - G2 |
2021-04-29 - 2022-05-31 |
a year | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2021-06-25 - 2022-06-24 |
a year | crt.sh |
*.fontawesome.com DigiCert TLS RSA SHA256 2020 CA1 |
2020-11-13 - 2021-12-14 |
a year | crt.sh |
*.google-analytics.com GTS CA 1C3 |
2021-09-13 - 2021-11-20 |
2 months | crt.sh |
*.virtualpushplatform.com R3 |
2021-09-01 - 2021-11-30 |
3 months | crt.sh |
beacon.alliancehelps.com R3 |
2021-08-26 - 2021-11-24 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://alliancehelps.com/sf/tpl9/?logo=bestbuy&item=6VK6&av1=6D0G&clickid=8c0f96db-4387-447a-8630-841c7c55f41f
Frame ID: 075D58DF3EFB126B7F1506A820203E2E
Requests: 34 HTTP requests in this frame
Screenshot
Page Title
BestbuyPage URL History Show full URLs
-
http://107.172.209.96/cl/3801_md/555/29421/1014/67/2484
HTTP 302
https://laudypauty.com/ffa71e99eeafb3a800/555/3801_6/67_2484_29421_3630820_md Page URL
-
https://oneautocreditstudio.com/r/cb013ee1-608e-4bbd-8c3a-6ae49aad76e3/471596/1104737053/555
HTTP 302
https://alliancehelps.com/sf/tpl9?logo=bestbuy&item=6VK6&av1=6D0G&clickid=8c0f96db-4387-447a-8630-841c... HTTP 301
http://alliancehelps.com/sf/tpl9/?logo=bestbuy&item=6VK6&av1=6D0G&clickid=8c0f96db-4387-447a-8630-841... HTTP 301
https://alliancehelps.com/sf/tpl9/?logo=bestbuy&item=6VK6&av1=6D0G&clickid=8c0f96db-4387-447a-8630-841... Page URL
Detected technologies
Font Awesome (Font Scripts) ExpandDetected patterns
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- kit\.fontawesome\.com/([0-9a-z]+).js
Google Analytics (Analytics) Expand
Detected patterns
- google-analytics\.com/(?:ga|urchin|analytics)\.js
Google Tag Manager (Tag Managers) Expand
Detected patterns
- googletagmanager\.com/gtag/js
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://107.172.209.96/cl/3801_md/555/29421/1014/67/2484
HTTP 302
https://laudypauty.com/ffa71e99eeafb3a800/555/3801_6/67_2484_29421_3630820_md Page URL
-
https://oneautocreditstudio.com/r/cb013ee1-608e-4bbd-8c3a-6ae49aad76e3/471596/1104737053/555
HTTP 302
https://alliancehelps.com/sf/tpl9?logo=bestbuy&item=6VK6&av1=6D0G&clickid=8c0f96db-4387-447a-8630-841c7c55f41f HTTP 301
http://alliancehelps.com/sf/tpl9/?logo=bestbuy&item=6VK6&av1=6D0G&clickid=8c0f96db-4387-447a-8630-841c7c55f41f HTTP 301
https://alliancehelps.com/sf/tpl9/?logo=bestbuy&item=6VK6&av1=6D0G&clickid=8c0f96db-4387-447a-8630-841c7c55f41f Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://107.172.209.96/cl/3801_md/555/29421/1014/67/2484 HTTP 302
- https://laudypauty.com/ffa71e99eeafb3a800/555/3801_6/67_2484_29421_3630820_md
- https://beacon.alliancehelps.com/g2/0aa1ed35-047c-44e4-a211-47dc2b9c1be9?av1=6D0G&clickid=8c0f96db-4387-447a-8630-841c7c55f41f&item=6VK6&logo=bestbuy HTTP 302
- https://beacon.alliancehelps.com/s/957c690c-0f83-495c-92b4-42f723bcf763?&requestid=EjRT-7-idV&destinationid=161028487&av1=6D0G&clickid=8c0f96db-4387-447a-8630-841c7c55f41f&item=6VK6&logo=bestbuy
33 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Cookie set
67_2484_29421_3630820_md
laudypauty.com/ffa71e99eeafb3a800/555/3801_6/ Redirect Chain
|
155 B 449 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
/
alliancehelps.com/sf/tpl9/ Redirect Chain
|
13 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
268a7048dd.js
kit.fontawesome.com/ |
11 KB 4 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
www.googletagmanager.com/gtag/ |
89 KB 35 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bundle.327cf865d2f0d73df3d9.css
alliancehelps.com/sf/tpl9/ |
2 MB 265 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
img-4.png
alliancehelps.com/sf/tpl9/public/ |
2 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
like.png
alliancehelps.com/sf/tpl9/public/ |
466 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
img-5.png
alliancehelps.com/sf/tpl9/public/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
img-6.png
alliancehelps.com/sf/tpl9/public/ |
2 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
img-7.png
alliancehelps.com/sf/tpl9/public/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
img-3.png
alliancehelps.com/sf/tpl9/public/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
img-8.png
alliancehelps.com/sf/tpl9/public/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
img-9.png
alliancehelps.com/sf/tpl9/public/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
img-10.png
alliancehelps.com/sf/tpl9/public/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
img-11.png
alliancehelps.com/sf/tpl9/public/ |
2 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
img-12.png
alliancehelps.com/sf/tpl9/public/ |
875 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
7.aa141c8e.chunk.js
alliancehelps.com/sf/tpl9/js/ |
307 KB 100 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
app.dbef5f44.js
alliancehelps.com/sf/tpl9/js/ |
462 KB 84 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
free.min.css
ka-f.fontawesome.com/releases/v5.15.4/css/ |
59 KB 13 KB |
Fetch
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
free-v4-shims.min.css
ka-f.fontawesome.com/releases/v5.15.4/css/ |
26 KB 4 KB |
Fetch
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
free-v4-font-face.min.css
ka-f.fontawesome.com/releases/v5.15.4/css/ |
3 KB 2 KB |
Fetch
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
analytics.js
www.google-analytics.com/ |
49 KB 20 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ace-push.js
virtualpushplatform.com/ |
12 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
summary
beacon.alliancehelps.com/geo/ |
121 B 568 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bestbuy.png
alliancehelps.com/sf/tpl9/public/bestbuy/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
cart.png
alliancehelps.com/sf/tpl9/public/bestbuy/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
957c690c-0f83-495c-92b4-42f723bcf763
beacon.alliancehelps.com/s/ Redirect Chain
|
343 KB 260 KB |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
collect
www.google-analytics.com/j/ |
1 B 21 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
collect
www.google-analytics.com/ |
35 B 55 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
visit
virtualpushplatform.com/api/v1/ |
632 B 1 KB |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
log-client-error
virtualpushplatform.com/api/v1/visit/ |
0 0 |
Fetch
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
253 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
collect
www.google-analytics.com/ |
35 B 55 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
collect
www.google-analytics.com/ |
35 B 55 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Scam (Online)23 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect boolean| originAgentCluster function| gtag object| dataLayer object| FontAwesomeKitConfig object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga object| webpackJsonp object| regeneratorRuntime function| _ object| core function| ScratchCard object| SCRATCH_TYPE object| gaplugins object| gaGlobal object| gaData function| initializeAcePush function| setBaseUrl function| getLocation function| registerServiceWorker function| createSubscriber5 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
laudypauty.com/ | Name: uid19768 Value: 1104737053-20211020200012-8afa350a13f6422a7d8358ada7ede90b- |
|
.virtualpushplatform.com/ | Name: ARRAffinitySameSite Value: 9406a33d4ec6b90fee547b591129295a6c56a5cd125d291a76c8c51f20345db5 |
|
.alliancehelps.com/ | Name: _ga Value: GA1.2.1936788700.1634778014 |
|
.alliancehelps.com/ | Name: _gid Value: GA1.2.1059947306.1634778014 |
|
.alliancehelps.com/ | Name: _gat_gtag_UA_148357412_26 Value: 1 |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
alliancehelps.com
beacon.alliancehelps.com
ka-f.fontawesome.com
kit.fontawesome.com
laudypauty.com
oneautocreditstudio.com
virtualpushplatform.com
www.google-analytics.com
www.googletagmanager.com
104.18.23.52
104.21.81.131
107.172.209.96
137.74.75.98
142.250.186.174
172.67.177.88
172.67.195.225
216.58.212.136
45.133.1.49
45.55.126.207
01ff0a6dfebce308d517e495941065eb38cc8b37a7b2bf67df272aea25f69c40
0ca3bcdc244a011cff113f873678ee9de68479a7f6c7f360b171c3edbc96dd1a
14bc462a2e93eddf0b8b63b15be761c956a9a1b11670a0ea481c45dc113b297e
182600ef12499261e2e971331530eb1caacd6c2106c4c864d158ac9c4a9a2327
18f551911c68e079ef629648f47ad743c99d47e9d5c0d5a475c7392a1f0ab248
26d999d7a2abf39f209ef06c318322a1cf2c71940161dfcf05b447ea673fcf76
29e786b411691f34f1bef6b377f46fd43e04c99910b624f46463d5e53a185396
2b60ab58ea91fbd2346bb9ab54a3de3fa7ea2c590d7ceddcd1c2a36648782ac9
2ec87e0273b81d4283d187f5f1cac9d6a33d08e46ebd95bb09c60c8f095d0c9f
4ba90609efbf3e11565b8b9005e57d80f53a8837ce693c9023ccb0626461d212
5613631a1f4d7c72c9560967d6dc6d1eed325eb2fa5102decd0233c14b71b197
628485b0f77a97a5147e355f5d8025ec473d9db4647bde4588a01d90a2445596
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6d92edf2d786d887e494a5f75e7ee19c63d03236b637c6fb81e611877a38b24e
6dea47458a4cd7cd7312cc780a53c62e0c8b3ccc8d0b13c1ac0ea6e3dfcecea8
73cb358bf47ed149f8fd7e3eada678166cfab77538c313ba72cb6e38d13253fa
7adac1888791ad42f547c97c9c9dad37faee15dfb5e76f20eabc8a0a0b6168e9
7d174c5a7d4c1131cd4cd139707301131b440e47880c6fa0e952db7c745a0976
7f0d0f56faae8913a9d42505599ee22c9b8c3e8cfb41a53a4b527dcc8473a8ce
7f8b63bff49fba3c5bae30f4eb39f2fd6d088fbe9d7292bdf37b0ef4a1ec68d6
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
845a5200eb01a02833e74b09ab84d6ec2aab5ee16211ee1a31b7eb6a4bb61ecc
9b17d1bc53a49edcab5f29c232dde056d8ad18b6c948ad908134b64130eb2606
b0c40a3ef77aea7e48c710fa701af1d074224846ebf30cd9d82b7596c15da2c1
b2c541caebe0c03f12aaf91164c76174b26ceb91df7a64db114ddca4f50bfa94
b79b96152b26a4ddc46d4695da59cbd94610de79e7f14e497b8c3cdd9ee1b1d2
cf1e90bf90ad89d0ec15be51b64049666987b0b8b7f4cc841b64da42c7c2bdae
f8266eefc116b5167781a00b543cab85c00f7704339deaa775ea96c24932c4cc
fba1dafda080b2bf2c0074fc8eb29203c48f2afa916065df41a0a76e48f63987
fc27aed7787a4f63d2feba50e6bc6122ac3c5479456d40c0a445899a08ad92f3
fc5128dfdcdfa0c3a9967a6d2f19399d7bf1aaae6ad7571b96b03915a1f30dda