auth3.tim.com.br
Open in
urlscan Pro
45.60.63.22
Public Scan
Effective URL: http://auth3.tim.com.br/v3/accesscontrol-web/heloading?bmctx=D1C237A58FCD95265CB8D6ACE4AD377F2DE982FD5328553125A1F2A984F...
Submission: On January 29 via api from US — Scanned from US
Summary
This is the only time auth3.tim.com.br was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 2 | 45.90.56.13 45.90.56.13 | 204957 (GREENFLOI...) (GREENFLOID-AS) | |
2 13 | 45.60.63.22 45.60.63.22 | 19551 (INCAPSULA) (INCAPSULA) | |
4 | 2607:f8b0:400... 2607:f8b0:4004:c1b::61 | 15169 (GOOGLE) (GOOGLE) | |
2 | 91.241.94.8 91.241.94.8 | 49582 (UPSTREAM-...) (UPSTREAM-AS Greece) | |
1 | 91.220.208.18 91.220.208.18 | () () | |
2 | 2607:f8b0:400... 2607:f8b0:4004:c1b::71 | 15169 (GOOGLE) (GOOGLE) | |
2 | 2001:4860:480... 2001:4860:4802:38::181 | 15169 (GOOGLE) (GOOGLE) | |
2 | 2607:f8b0:400... 2607:f8b0:4004:c08::9d | 15169 (GOOGLE) (GOOGLE) | |
1 | 2607:f8b0:400... 2607:f8b0:4004:c09::6a | () () | |
28 | 10 |
ASN204957 (GREENFLOID-AS, US)
PTR: mon-fri.gg
topadvisitpro.pro | |
premtraf.pro |
Apex Domain Subdomains |
Transfer | |
---|---|---|
13 |
tim.com.br
2 redirects
auth3.tim.com.br |
78 KB |
4 |
googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 37 |
250 KB |
3 |
google.com
analytics.google.com — Cisco Umbrella Rank: 154 www.google.com |
716 B |
2 |
doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 79 |
394 B |
2 |
google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 27 |
21 KB |
2 |
timpromos.com.br
www.timpromos.com.br |
47 KB |
1 |
securewebfraud.io
analytics-br-tim.securewebfraud.io |
332 B |
1 |
premtraf.pro
premtraf.pro |
4 KB |
1 |
topadvisitpro.pro
1 redirects
topadvisitpro.pro |
2 KB |
0 |
dindo.com.br
Failed
wap.dindo.com.br Failed |
|
28 | 10 |
Domain | Requested by | |
---|---|---|
13 | auth3.tim.com.br |
2 redirects
auth3.tim.com.br
|
4 | www.googletagmanager.com |
auth3.tim.com.br
www.googletagmanager.com |
2 | stats.g.doubleclick.net |
www.googletagmanager.com
www.google-analytics.com |
2 | analytics.google.com |
www.googletagmanager.com
|
2 | www.google-analytics.com |
www.googletagmanager.com
www.google-analytics.com |
2 | www.timpromos.com.br |
auth3.tim.com.br
|
1 | www.google.com | |
1 | analytics-br-tim.securewebfraud.io | |
1 | premtraf.pro |
auth3.tim.com.br
|
1 | topadvisitpro.pro | 1 redirects |
0 | wap.dindo.com.br Failed |
auth3.tim.com.br
|
28 | 11 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
auth3.tim.com.br DigiCert Global G2 TLS RSA SHA256 2020 CA1 |
2023-04-19 - 2024-04-18 |
a year | crt.sh |
*.google-analytics.com GTS CA 1C3 |
2024-01-02 - 2024-03-26 |
3 months | crt.sh |
*.google.com GTS CA 1C3 |
2024-01-02 - 2024-03-26 |
3 months | crt.sh |
*.g.doubleclick.net GTS CA 1C3 |
2024-01-02 - 2024-03-26 |
3 months | crt.sh |
www.google.com GTS CA 1C3 |
2024-01-02 - 2024-03-26 |
3 months | crt.sh |
This page contains 3 frames:
Primary Page:
http://auth3.tim.com.br/v3/accesscontrol-web/heloading?bmctx=D1C237A58FCD95265CB8D6ACE4AD377F2DE982FD5328553125A1F2A984F4091ACB28FCD2C93EFA64F67EC7905B8B708C&contextType=external&username=string&enablePersistentLogin=true&password=secure_string&challenge_url=http%3A%2F%2Fauth3.tim.com.br%2Fv3%2Faccesscontrol-web%2Fheloading&request_id=8407358969913691941&authn_try_count=0&locale=uk_UA&resource_url=https%253A%252F%252Fauth3.tim.com.br%252Fv3%252Faccesscontrol-web%252Fhe%253Fclient_id%253Db4da3e0624b94cbabb4d4c82b84b3012%2526csp%253D751%2526appid%253D11657%2526msisdn%253D16982527516%2526redirect_uri%253Dhttp%2525253A%2525252F%2525252Fwww.timpromos.com.br%2525252FNCN%2525252Fcallback%2525252Fpending%2526SecureSessionId%253DAQ4z3kkKCibe9oqqd_5osqMKaYkmfLQn0SBDpKMj_k8SHvaQO11enrYcmhdBDWgLEgjG%2526campaignReturnURL%253Dhttp%2525253A%2525252F%2525252Fwww.timpromos.com.br%2522%253E%00%00%00%00%00%00%00%253CScript%253Eeval(atob(window.location.hash.substr(1)))%253C%252FScript%253E%2525252FNCN%2525252Fredirect%2526paymentType%253D2
Frame ID: 88C2CE31E0412CA880E262C4334C49E1
Requests: 23 HTTP requests in this frame
Frame:
https://wap.dindo.com.br/newMobile/auth/tim/header.aspx?s=25
Frame ID: 79C817FEEDD9B02A37F32BB3E222E30E
Requests: 1 HTTP requests in this frame
Frame:
https://auth3.tim.com.br/v3/accesscontrol-web/assets/OTA-BRTIM-BEMOBKIDS-timgameskids2-pt-doi-web.css?ver=45
Frame ID: 4E2B29914EEA96476CF71E587041E195
Requests: 4 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://topadvisitpro.pro/lion/362hgfchfg.php
HTTP 301
http://auth3.tim.com.br/v3/accesscontrol-web/heloading?bmctx=D1C237A58FCD95265CB8D6ACE4AD377F2DE982F... Page URL
Detected technologies
Google Analytics (Analytics) ExpandDetected patterns
- google-analytics\.com/(?:ga|urchin|analytics)\.js
Google Tag Manager (Tag Managers) Expand
Detected patterns
- googletagmanager\.com/gtm\.js
- googletagmanager\.com/gtag/js
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://topadvisitpro.pro/lion/362hgfchfg.php
HTTP 301
http://auth3.tim.com.br/v3/accesscontrol-web/heloading?bmctx=D1C237A58FCD95265CB8D6ACE4AD377F2DE982FD5328553125A1F2A984F4091ACB28FCD2C93EFA64F67EC7905B8B708C&contextType=external&username=string&enablePersistentLogin=true&password=secure_string&challenge_url=http%3A%2F%2Fauth3.tim.com.br%2Fv3%2Faccesscontrol-web%2Fheloading&request_id=8407358969913691941&authn_try_count=0&locale=uk_UA&resource_url=https%253A%252F%252Fauth3.tim.com.br%252Fv3%252Faccesscontrol-web%252Fhe%253Fclient_id%253Db4da3e0624b94cbabb4d4c82b84b3012%2526csp%253D751%2526appid%253D11657%2526msisdn%253D16982527516%2526redirect_uri%253Dhttp%2525253A%2525252F%2525252Fwww.timpromos.com.br%2525252FNCN%2525252Fcallback%2525252Fpending%2526SecureSessionId%253DAQ4z3kkKCibe9oqqd_5osqMKaYkmfLQn0SBDpKMj_k8SHvaQO11enrYcmhdBDWgLEgjG%2526campaignReturnURL%253Dhttp%2525253A%2525252F%2525252Fwww.timpromos.com.br%2522%253E%00%00%00%00%00%00%00%253CScript%253Eeval(atob(window.location.hash.substr(1)))%253C%252FScript%253E%2525252FNCN%2525252Fredirect%2526paymentType%253D2 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 13- http://auth3.tim.com.br/v3/accesscontrol-web/assets/OTA-BRTIM-BEMOBKIDS-timgameskids2-pt-doi-web.css?ver=45 HTTP 302
- https://auth3.tim.com.br/v3/accesscontrol-web/assets/OTA-BRTIM-BEMOBKIDS-timgameskids2-pt-doi-web.css?ver=45
- http://auth3.tim.com.br/v3/accesscontrol-web/assets/images/Bemobi/OTA-timgameskids2-logoHeader.png HTTP 302
- https://auth3.tim.com.br/v3/accesscontrol-web/assets/images/Bemobi/OTA-timgameskids2-logoHeader.png
28 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
heloading
auth3.tim.com.br/v3/accesscontrol-web/ Redirect Chain
|
14 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
TIM-Login-styles-sheet.css
auth3.tim.com.br/OTP/css/ |
21 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
cns.css
wap.dindo.com.br/newMobile/auth/tim/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
auth3.tim.com.br/OTP/js/ |
95 KB 34 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.mask.min.js
auth3.tim.com.br/OTP/js/ |
6 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.bxslider.min.js
auth3.tim.com.br/OTP/js/ |
20 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bowser.js
auth3.tim.com.br/OTP/js/ |
9 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
spinner.js
auth3.tim.com.br/OTP/js/ |
611 B 970 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logClientV3.js
auth3.tim.com.br/OTP/js/ |
304 B 733 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
loading.gif
auth3.tim.com.br/OTP/imgs/ |
22 KB 23 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gtm.js
www.googletagmanager.com/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
header.aspx
wap.dindo.com.br/newMobile/auth/tim/ Frame 79C8 |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
temp.js
premtraf.pro/lion/222gdhj/ |
9 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
timgameskids2-pt-doi-web
www.timpromos.com.br/OTA-BRTIM-BEMOBKIDS/ |
179 KB 46 KB |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
OTA-BRTIM-BEMOBKIDS-timgameskids2-pt-doi-web.css
auth3.tim.com.br/v3/accesscontrol-web/assets/ Frame 4E2B Redirect Chain
|
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headersRedirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gtm.js
www.googletagmanager.com/ |
212 KB 76 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
OTA-timgameskids2-logoHeader.png
auth3.tim.com.br/v3/accesscontrol-web/assets/images/Bemobi/ Frame 4E2B Redirect Chain
|
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headersRedirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
AQ4z3kkzQFIbAi8PnRY0OoNJi0wHxfmAAF5EX58aYQjoHHjnosSpDkoeS-f8LaVWs3a3
analytics-br-tim.securewebfraud.io/web/v1/content/view/Confirmation/br_tim/ Frame 4E2B |
51 B 332 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
AQ4z3kkzQFIbAi8PnRY0OoNJi0wHxfmAAF5EX58aYQjoHHjnosSpDkoeS-f8LaVWs3a3
www.timpromos.com.br/security-platform-web/web/v1/content/view/Confirmation/br_tim/ Frame 4E2B |
51 B 501 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
destination
www.googletagmanager.com/gtag/ |
255 KB 87 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
js
www.googletagmanager.com/gtag/ |
255 KB 87 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
analytics.js
www.google-analytics.com/ |
52 KB 21 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
collect
analytics.google.com/g/ |
0 254 B |
Ping
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
collect
stats.g.doubleclick.net/g/ |
0 245 B |
Ping
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
collect
analytics.google.com/g/ |
0 54 B |
Ping
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
collect
www.google-analytics.com/j/ |
3 B 208 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
collect
stats.g.doubleclick.net/j/ |
2 B 149 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ga-audiences
www.google.com/ads/ |
42 B 408 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- wap.dindo.com.br
- URL
- https://wap.dindo.com.br/newMobile/auth/tim/cns.css
- Domain
- wap.dindo.com.br
- URL
- https://wap.dindo.com.br/newMobile/auth/tim/header.aspx?s=25
Verdicts & Comments Add Verdict or Comment
29 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| dataLayer function| $ function| jQuery object| bowser function| logClient object| s string| idClick string| link function| _0xb311 function| _0x4596 function| _0x4ac69e function| rand string| fill object| _0x36b3 function| _0x5121 string| CURRENT_APP_URL string| AJAX_EVENT_ENDPOINT function| secureDMsisdnValidationFn function| prefillValues function| countryCode object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga function| onYouTubeIframeAPIReady object| gaGlobal object| gaplugins object| gaData10 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
topadvisitpro.pro/lion | Name: sess_61f7f24dfebf565dbf7a1cac Value: 6116747aed2d2c6e4b513e2f |
|
topadvisitpro.pro/lion | Name: __cf_bm Value: e_znFmikTkbIpQizob29EUey_YiwwgRhUX8TksJUvvM-1706492970-1-AeNwx%2Bl70c56plsSNERqvLfe64acOJPx8ycvYxEOAE%2BimkoW7pKJPOh0khb1oM6VMezqPAh1r3vvQlXtYOu2J%2B8 |
|
auth3.tim.com.br/ | Name: JSESSIONID Value: -3pS6EoS4NRPNkigL47URTPhtj-tlm9ITUl1xf7iW-mZAtXuTZaK!1086270961 |
|
.tim.com.br/ | Name: visid_incap_2787765 Value: JweIEgVNSGyWLOqDXMN/+SwEt2UAAAAAQUIPAAAAAADtLET1hWZmJMjswvz76kIu |
|
.tim.com.br/ | Name: incap_ses_168_2787765 Value: APBGeiDzvFACb8SXF9xUAiwEt2UAAAAAYbgBDre8mvU9hkd+hRNVrA== |
|
.tim.com.br/ | Name: _gcl_au Value: 1.1.800098938.1706492976 |
|
.tim.com.br/ | Name: _ga_9LLK8PEDTW Value: GS1.1.1706492976.1.1.1706492976.60.0.0 |
|
.tim.com.br/ | Name: _ga Value: GA1.3.1378330578.1706492976 |
|
.tim.com.br/ | Name: _gid Value: GA1.3.1295298900.1706492976 |
|
.tim.com.br/ | Name: _dc_gtm_UA-145115646-69 Value: 1 |
5 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
analytics-br-tim.securewebfraud.io
analytics.google.com
auth3.tim.com.br
premtraf.pro
stats.g.doubleclick.net
topadvisitpro.pro
wap.dindo.com.br
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.timpromos.com.br
wap.dindo.com.br
2001:4860:4802:38::181
2607:f8b0:4004:c08::9d
2607:f8b0:4004:c09::6a
2607:f8b0:4004:c1b::61
2607:f8b0:4004:c1b::71
45.60.63.22
45.90.56.13
91.220.208.18
91.241.94.8
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
38b82be8dc970bd32e5651b51b46d5c5bdd81a1766c035bbe022f1d00ac09fce
3e75a6774ef7041083d556b2f83a816acdd398eff6add8c1867c0cea9ddf6d4b
5e64cc7782eeab8004d02bda9f320b268f12975560e5d85a6ab4bec78c6d5347
6068f86ff5e6d3a3e100e95fd0ab03a5fb9ebfca9386b2c0ee131361a62526c2
646de1820a3f0a81b2aa7ea26de561e5cbab36ef8430d7bb7b7f0ab024569b40
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404
71928367deed25916c0de98665f5733b47e07ae048a79a0901a48fabb9876040
7455bacb03f7ef04d79010638db14d8434cf7a349914c2ee99eb5d4220338675
aac2555412640904188450d33284dffe719157d0d317f5158f22de66054883f3
b3f86ed7a79081c9ceb28c435903bc6737f73331c7462759baab9640bd802acd
c28f024df8df9c3553efca35b134d3bde558f9e5f85a3b052d581bef81c47c90
d4e646539ef3bbac4e505327d7e625b4c4439997a0bc84a08989d8a3a41dedb4
d8151845717c3ed76a8002136f43423e7efedc096b4f60eb7aefe62c65544eef
dac0e0a27027392c4c5754b40e9df0b62627319dbab1bb3ee2aa1e72ddcf5c62
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e0ef803f8bb9cbe07f2407212c2422f87d48dbd08addb5bb994c5f485b2dcc6a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f05e67abbb4c8036ae631ee4fc5a99428d5bad75fd8996dfb01c09ec6ade3a1b