samgals8charge.goldenticketwinner.com
Open in
urlscan Pro
104.27.177.159
Public Scan
Effective URL: https://samgals8charge.goldenticketwinner.com/au/?o=229&r=8g4259162533pfj&a=30&sa=58108874672fe1247ade7f53
Submission: On April 18 via manual from AU
Summary
TLS certificate: Issued by COMODO ECC Domain Validation Secure S... on April 9th 2018. Valid for: 6 months.
This is the only time samgals8charge.goldenticketwinner.com was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 147.135.243.237 147.135.243.237 | 16276 (OVH) (OVH) | |
3 | 104.24.99.149 104.24.99.149 | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
1 5 | 104.24.98.149 104.24.98.149 | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
1 1 | 104.27.138.186 104.27.138.186 | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
1 1 | 52.197.53.236 52.197.53.236 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
22 | 104.27.177.159 104.27.177.159 | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
3 | 104.19.193.102 104.19.193.102 | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
1 | 151.101.14.110 151.101.14.110 | 54113 (FASTLY) (FASTLY - Fastly) | |
1 | 162.247.242.18 162.247.242.18 | 23467 (NEWRELIC-...) (NEWRELIC-AS-1 - New Relic) | |
34 | 6 |
ASN16276 (OVH, FR)
PTR: mail01.theemptymartiniglass.com
link.theemptymartiniglass.com |
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
www.gagarinspointofview.com |
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
www.gagarinspointofview.com |
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
spicypingvin.com |
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-197-53-236.ap-northeast-1.compute.amazonaws.com
thiswaytotheinternet.com |
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
samgals8charge.goldenticketwinner.com |
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
cdnjs.cloudflare.com |
ASN54113 (FASTLY - Fastly, US)
js-agent.newrelic.com |
ASN23467 (NEWRELIC-AS-1 - New Relic, US)
PTR: bam-6.nr-data.net
bam.nr-data.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
22 |
goldenticketwinner.com
samgals8charge.goldenticketwinner.com |
243 KB |
8 |
gagarinspointofview.com
1 redirects
www.gagarinspointofview.com |
127 KB |
3 |
cloudflare.com
cdnjs.cloudflare.com |
48 KB |
1 |
nr-data.net
bam.nr-data.net |
261 B |
1 |
newrelic.com
js-agent.newrelic.com |
9 KB |
1 |
thiswaytotheinternet.com
1 redirects
thiswaytotheinternet.com |
533 B |
1 |
spicypingvin.com
1 redirects
spicypingvin.com |
710 B |
1 |
theemptymartiniglass.com
1 redirects
link.theemptymartiniglass.com |
391 B |
34 | 8 |
Domain | Requested by | |
---|---|---|
22 | samgals8charge.goldenticketwinner.com |
samgals8charge.goldenticketwinner.com
|
8 | www.gagarinspointofview.com |
1 redirects
www.gagarinspointofview.com
|
3 | cdnjs.cloudflare.com |
samgals8charge.goldenticketwinner.com
|
1 | bam.nr-data.net |
js-agent.newrelic.com
|
1 | js-agent.newrelic.com |
samgals8charge.goldenticketwinner.com
|
1 | thiswaytotheinternet.com | 1 redirects |
1 | spicypingvin.com | 1 redirects |
1 | link.theemptymartiniglass.com | 1 redirects |
34 | 8 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni160614.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2 |
2018-04-09 - 2018-10-16 |
6 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://samgals8charge.goldenticketwinner.com/au/?o=229&r=8g4259162533pfj&a=30&sa=58108874672fe1247ade7f53
Frame ID: 639D2117C1DC52B95CAF3BA89F4CFF0D
Requests: 34 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://link.theemptymartiniglass.com/21yjch4x5natfhnv5irjxxaio
HTTP 302
http://www.gagarinspointofview.com/survey/samsungs8/source=6393/subid=e:-__EFzLD_KbT-DvYifqZcw&subid2=theemptym... Page URL
-
http://www.gagarinspointofview.com/urlshort_test/uid_long=7637&tracking_id=13328451&token=BnxKQ7fxonznE0ozebhEf...
HTTP 302
http://spicypingvin.com/tracking/58e3a4d2a5476220a09473bb?src=58108874672fe1247ade7f53&s1=&s2=3w6U5&... HTTP 302
https://thiswaytotheinternet.com/?a=30&c=236&s1=58108874672fe1247ade7f53&s2=5ad7d405db859a236110eff7 HTTP 302
https://samgals8charge.goldenticketwinner.com/au/?o=229&r=8g4259162533pfj&a=30&sa=58108874672fe1247ade7f53 Page URL
Detected technologies
CloudFlare (CDN) ExpandDetected patterns
- headers server /cloudflare/i
Modernizr (JavaScript Libraries) Expand
Detected patterns
- env /^Modernizr$/i
New Relic (Analytics) Expand
Detected patterns
- env /^NREUM/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- env /^jQuery$/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://link.theemptymartiniglass.com/21yjch4x5natfhnv5irjxxaio
HTTP 302
http://www.gagarinspointofview.com/survey/samsungs8/source=6393/subid=e:-__EFzLD_KbT-DvYifqZcw&subid2=theemptymartiniglass.com&subid3=6393/nrp=21yjch4x5natfhnv5irjxxaio Page URL
-
http://www.gagarinspointofview.com/urlshort_test/uid_long=7637&tracking_id=13328451&token=BnxKQ7fxonznE0ozebhEf59AktVm8kwWjZUHVFTN&preview=0&subid_json=eyJzdWJpZDEiOiJlOi1fX0VGekxEX0tiVC1EdllpZnFaY3ciLCJzdWJpZCI6ImU6LV9fRUZ6TERfS2JULUR2WWlmcVpjdyIsInN1YmlkMiI6InRoZWVtcHR5bWFydGluaWdsYXNzLmNvbSIsInN1YmlkMyI6IjYzOTMifQ==
HTTP 302
http://spicypingvin.com/tracking/58e3a4d2a5476220a09473bb?src=58108874672fe1247ade7f53&s1=&s2=3w6U5&s3=&s4=&s5=&k=5ab0c3f9c9a97066e49d2808 HTTP 302
https://thiswaytotheinternet.com/?a=30&c=236&s1=58108874672fe1247ade7f53&s2=5ad7d405db859a236110eff7 HTTP 302
https://samgals8charge.goldenticketwinner.com/au/?o=229&r=8g4259162533pfj&a=30&sa=58108874672fe1247ade7f53 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://link.theemptymartiniglass.com/21yjch4x5natfhnv5irjxxaio HTTP 302
- http://www.gagarinspointofview.com/survey/samsungs8/source=6393/subid=e:-__EFzLD_KbT-DvYifqZcw&subid2=theemptymartiniglass.com&subid3=6393/nrp=21yjch4x5natfhnv5irjxxaio
34 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Cookie set
nrp=21yjch4x5natfhnv5irjxxaio
www.gagarinspointofview.com/survey/samsungs8/source=6393/subid=e:-__EFzLD_KbT-DvYifqZcw&subid2=theemptymartiniglass.com&subid3=6393/ Redirect Chain
|
5 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.js
www.gagarinspointofview.com/js/ |
278 KB 102 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrap.js
www.gagarinspointofview.com/js/ |
67 KB 18 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.cookie.js
www.gagarinspointofview.com/js/plugins/jqueryCookie/ |
3 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
Cookie set
survey
www.gagarinspointofview.com/survey/ |
16 B 770 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
Cookie set
survey
www.gagarinspointofview.com/survey/ |
14 B 764 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
Cookie set
survey
www.gagarinspointofview.com/survey/ |
18 B 769 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
/
samgals8charge.goldenticketwinner.com/au/ Redirect Chain
|
32 KB 10 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.css
samgals8charge.goldenticketwinner.com/css/ |
118 KB 19 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
nivo-slider.css
samgals8charge.goldenticketwinner.com/lib/css/ |
6 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
material-design-iconic-font.css
samgals8charge.goldenticketwinner.com/css/ |
88 KB 14 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
animate.css
samgals8charge.goldenticketwinner.com/css/ |
72 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
jquery.qtip.min.css
cdnjs.cloudflare.com/ajax/libs/qtip2/2.2.1/ |
9 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
default.css
samgals8charge.goldenticketwinner.com/css/ |
15 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
custom.css
samgals8charge.goldenticketwinner.com/css/ |
16 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
responsive.css
samgals8charge.goldenticketwinner.com/css/ |
10 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
en.css
samgals8charge.goldenticketwinner.com/au/css/ |
2 KB 859 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
modernizr-2.8.3.min.js
samgals8charge.goldenticketwinner.com/js/vendor/ |
15 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/2.1.1/ |
82 KB 29 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
jquery.qtip.min.js
cdnjs.cloudflare.com/ajax/libs/qtip2/2.2.1/ |
43 KB 16 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
validate.js
samgals8charge.goldenticketwinner.com/js/ |
8 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
validate_error_messages.js
samgals8charge.goldenticketwinner.com/au/js/ |
2 KB 906 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
phone.png
samgals8charge.goldenticketwinner.com/img/ |
71 KB 71 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pad.png
samgals8charge.goldenticketwinner.com/img/ |
37 KB 37 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
title.jpg
samgals8charge.goldenticketwinner.com/img/ |
18 KB 19 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
size.png
samgals8charge.goldenticketwinner.com/img/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
camera.png
samgals8charge.goldenticketwinner.com/img/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
screen.png
samgals8charge.goldenticketwinner.com/img/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
processor.png
samgals8charge.goldenticketwinner.com/img/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.js
samgals8charge.goldenticketwinner.com/js/ |
36 KB 10 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
plugins.js
samgals8charge.goldenticketwinner.com/js/ |
132 KB 25 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.js
samgals8charge.goldenticketwinner.com/js/ |
954 B 757 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
nr-1071.min.js
js-agent.newrelic.com/ |
23 KB 9 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
d4db62af92
bam.nr-data.net/1/ |
57 B 261 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
25 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| NREUM object| newrelic function| __nr_require object| html5 object| Modernizr function| yepnope function| $ function| jQuery object| errorHash object| banned_cc_list function| processError function| styleField function| showErrorMessage function| replaceScandinavianCharacters function| removeUnwantedCharacters function| validateAddress function| validateName function| validateEmail function| validateCardNumber function| validateCcExpiresYear function| validateUsingRegex function| validate function| onSubmitFnct object| error_messages function| WOW2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
samgals8charge.goldenticketwinner.com/ | Name: PHPSESSID Value: ri8po4jcvs08df2k930pa1prv4 |
|
.goldenticketwinner.com/ | Name: __cfduid Value: da81cc882d1b261e68fb19f3ca87824c91524093958 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
bam.nr-data.net
cdnjs.cloudflare.com
js-agent.newrelic.com
link.theemptymartiniglass.com
samgals8charge.goldenticketwinner.com
spicypingvin.com
thiswaytotheinternet.com
www.gagarinspointofview.com
104.19.193.102
104.24.98.149
104.24.99.149
104.27.138.186
104.27.177.159
147.135.243.237
151.101.14.110
162.247.242.18
52.197.53.236
03479722ff04ac3dddae098011e5d3b4d06b99484ca26f79b84b2b628dd27bca
055cfa186a27aff5c77b28de57ae071650dcc49e57a0283a47c6b2ea13285594
1132573cc6851509b093bbc0ae558a50adcfaffb3ce09df37e25c2f373e2db18
1e3b0b1b0ec443392b143405d5873b89bc7833a8e4b28a612f487362d0ab25a6
2065aecca0fb9b0567358d352ed5f1ab72fce139bf449b4d09805f5d9c3725ed
26120a47fbb4d0a85ebbb868cee466e4078672d113ec8158e4f120c218361ab8
2b0f8526e7a1b0f1fb42e8acec3c1e7737a1a3065b773ebd13a492952f557967
30e0f6fea8b712a3ed6eafc4c6cdb21ee9c9e073613f90fcc1f68ce01f5d309a
322afd5c4ad9ff1122d7eac8414a69ee716764bb097d44b7db9894bc70d4a726
35600a928051de1e453c076b8aa8f24e9ddf09ec9b225e82be2bcf56b75c456d
36f51ac3c92b634221dbd05c4048e76f23f08cdeae2dc6e63ed376a063eebde8
377034300d692835b36c8a10e163fd64fb748ec150e0d1c880172de423dce811
4448b949ec9f138d6271a1bc48d750fd4065601c273c13bbb904bc5a3cdf4ea5
4f3956146b79162da6999c50e667a1d411c58689f721ffc721dcf398b0f0e84f
53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef
56097e8b7ceb27db42a5e102af6d11dfdcaee13d8716477a8e242b4957d7a280
5e864c2e3f674c60970513411eaeeeafd2d615d842e65ec01d09ccfcb4a7b38d
61332577884eeb3aa579cfce7c546be81a459f2efa735eb12678c2ddb6338b49
7e4e611b5d591e167475c1f6f2bf2037da85996542c02258c72dd5b196da9b1e
806f6c0e9f2d814f35fa9f3166e70c2d0308cf8aa0ebd8c8f6b87d9e440d52cf
9278f5019a348fa81f449f7246f96bb10503b4665244c844a8916d7b727408ea
930bd3dca9f0581f01df5c4d8e9e14e555eb55a9e1e4344f95927becf7e5b158
9b0f8bba791e2ac44aad257264e02ab53c51c9396c42aea46aa5e18e10f50771
a69ea33bdaaa0d88072e69964ae80235cf96167d87b206aad76baa5d245d5360
b626dcc5c995147c214e5d81ad77a30b26f28a3460d7fdd4f4167bd100729ec9
b84161c9fbf7520cd14e7019f92120bd87a928a074156e91a992eba9fc9436e8
c0d4098bc8b34c6f87a3d7723988ae81214a53a0bb4a1d4d36a67640f98ed079
c3e616e656a1f05deb06065e2baaba813374c0915cc8a8bade160c1f79cbc631
c7ef4bc687491e9fd87059a545a13ec121bfdafed50b063809f871be9431ec7b
d23cf19de17bf27df693ebe8236ad364352a24aa3bffe771ad24110f1f2ceb7f
d410f61f8266af43464832081f3319b69e5ba2400f35c68b8f06cbe6219f5bcd
d596c1529dd68b90f5fa69e6bd6694935c5b46b720899cfe5fde9564e70c8fd2
ef43a4d502ffb688656851d788c42869d47e8840d007b4f4b66f62530171acd4
f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c