login.24sevenoffice.com
Open in
urlscan Pro
2606:4700::6810:605e
Public Scan
Effective URL: https://login.24sevenoffice.com/login?state=g6Fo2SAtTktJbFpENXVzTFg0NkRYNy1zYUFCeURoU0hfUXZhMKN0aWTZIFV4OElSemdlb2FEb0tqQloyTEh2...
Submission: On March 19 via automatic, source certstream-suspicious
Summary
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on December 1st 2020. Valid for: a year.
This is the only time login.24sevenoffice.com was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 2a01:5b40:0:2... 2a01:5b40:0:248::52 | 12996 (DOMENESHO...) (DOMENESHOP Oslo) | |
1 8 | 82.117.32.38 82.117.32.38 | 21119 (WAN-) (WAN-) | |
2 | 2a04:4e42:1b:... 2a04:4e42:1b::621 | 54113 (FASTLY) (FASTLY) | |
1 | 2a00:1450:400... 2a00:1450:4001:82a::200a | 15169 (GOOGLE) (GOOGLE) | |
1 4 | 2606:4700::68... 2606:4700::6810:605e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
3 | 2606:4700::68... 2606:4700::6810:125e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 13.35.255.39 13.35.255.39 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 65.9.69.184 65.9.69.184 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 213.179.55.47 213.179.55.47 | 16186 (ASN-SSC) (ASN-SSC) | |
1 1 | 13.226.159.16 13.226.159.16 | 16509 (AMAZON-02) (AMAZON-02) | |
3 | 13.226.159.79 13.226.159.79 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 99.83.219.81 99.83.219.81 | 16509 (AMAZON-02) (AMAZON-02) | |
25 | 11 |
ASN16509 (AMAZON-02, US)
PTR: server-13-35-255-39.fra6.r.cloudfront.net
cdn.auth0.com |
ASN16509 (AMAZON-02, US)
PTR: server-13-226-159-16.dus51.r.cloudfront.net
widget.intercom.io |
ASN16509 (AMAZON-02, US)
PTR: server-13-226-159-79.dus51.r.cloudfront.net
js.intercomcdn.com |
ASN16509 (AMAZON-02, US)
PTR: ad8b87a22ce463223.awsglobalaccelerator.com
api-iam.intercom.io |
Apex Domain Subdomains |
Transfer | |
---|---|---|
13 |
24sevenoffice.com
2 redirects
app.24sevenoffice.com translation.api.24sevenoffice.com Failed login.24sevenoffice.com Failed identity.api.24sevenoffice.com |
439 KB |
3 |
intercomcdn.com
js.intercomcdn.com |
111 KB |
3 |
cloudflare.com
cdnjs.cloudflare.com |
44 KB |
2 |
intercom.io
1 redirects
widget.intercom.io api-iam.intercom.io |
3 KB |
2 |
auth0.com
cdn.auth0.com cdn.eu.auth0.com |
230 KB |
2 |
polyfill.io
cdn.polyfill.io |
676 B |
1 |
googleapis.com
fonts.googleapis.com |
1 KB |
1 |
styringsgruppen.no
1 redirects
regnskap.styringsgruppen.no |
153 B |
25 | 8 |
Domain | Requested by | |
---|---|---|
8 | app.24sevenoffice.com |
1 redirects
app.24sevenoffice.com
login.24sevenoffice.com |
4 | login.24sevenoffice.com |
app.24sevenoffice.com
cdn.auth0.com |
3 | js.intercomcdn.com |
widget.intercom.io
|
3 | cdnjs.cloudflare.com |
login.24sevenoffice.com
|
2 | cdn.polyfill.io |
app.24sevenoffice.com
|
1 | api-iam.intercom.io |
js.intercomcdn.com
|
1 | widget.intercom.io | 1 redirects |
1 | identity.api.24sevenoffice.com |
app.24sevenoffice.com
|
1 | cdn.eu.auth0.com |
cdn.auth0.com
|
1 | cdn.auth0.com |
login.24sevenoffice.com
|
1 | fonts.googleapis.com |
app.24sevenoffice.com
|
1 | regnskap.styringsgruppen.no | 1 redirects |
0 | translation.api.24sevenoffice.com Failed |
app.24sevenoffice.com
|
25 | 13 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.24sevenoffice.com AlphaSSL CA - SHA256 - G2 |
2020-01-13 - 2022-02-10 |
2 years | crt.sh |
f3.shared.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3 |
2021-03-09 - 2021-04-17 |
a month | crt.sh |
upload.video.google.com GTS CA 1O1 |
2021-02-23 - 2021-05-18 |
3 months | crt.sh |
login.24sevenoffice.com Cloudflare Inc ECC CA-3 |
2020-12-01 - 2021-11-30 |
a year | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2020-10-21 - 2021-10-20 |
a year | crt.sh |
*.auth0.com Amazon |
2020-05-23 - 2021-06-23 |
a year | crt.sh |
*.eu.auth0.com Amazon |
2020-07-03 - 2021-08-03 |
a year | crt.sh |
*.api.24sevenoffice.com R3 |
2021-02-05 - 2021-05-06 |
3 months | crt.sh |
*.intercomcdn.com Amazon |
2021-03-01 - 2022-03-30 |
a year | crt.sh |
*.intercom.com Amazon |
2020-05-13 - 2021-06-13 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
https://login.24sevenoffice.com/login?state=g6Fo2SAtTktJbFpENXVzTFg0NkRYNy1zYUFCeURoU0hfUXZhMKN0aWTZIFV4OElSemdlb2FEb0tqQloyTEh2N29iWmRVcmtTVFZho2NpZNkgSU5Hb1l1RFpEZ2F4VDhKT0w2NE03dm5KY3hFR3hDaTA&client=INGoYuDZDgaxT8JOL64M7vnJcxEGxCi0&protocol=oauth2&audience=https%3A%2F%2Fapp.24sevenoffice.com&response_type=token&redirect_uri=https%3A%2F%2Fapp.24sevenoffice.com%2Fmodules%2Fauth%2Flogin-callback&scope=openid%20profile%20email&auth0Client=eyJuYW1lIjoiYXV0aDAuanMiLCJ2ZXJzaW9uIjoiOS4xNC4wIn0%3D
Frame ID: C227AB6AC86D6A74DC8225D5F147424B
Requests: 22 HTTP requests in this frame
Frame:
https://js.intercomcdn.com/frame-modern.19c1ec68.js
Frame ID: F35041F1CA3FD6D8BCD72434BC302B64
Requests: 3 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://regnskap.styringsgruppen.no/
HTTP 301
https://app.24sevenoffice.com/login/ HTTP 302
https://app.24sevenoffice.com/modules/auth/login Page URL
-
https://login.24sevenoffice.com/authorize?client_id=INGoYuDZDgaxT8JOL64M7vnJcxEGxCi0&audience=https%3A%2F%2F...
HTTP 302
https://login.24sevenoffice.com/login?state=g6Fo2SAtTktJbFpENXVzTFg0NkRYNy1zYUFCeURoU0hfUXZhMKN0aWTZIFV4OElS... Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://regnskap.styringsgruppen.no/
HTTP 301
https://app.24sevenoffice.com/login/ HTTP 302
https://app.24sevenoffice.com/modules/auth/login Page URL
-
https://login.24sevenoffice.com/authorize?client_id=INGoYuDZDgaxT8JOL64M7vnJcxEGxCi0&audience=https%3A%2F%2Fapp.24sevenoffice.com&response_type=token&redirect_uri=https%3A%2F%2Fapp.24sevenoffice.com%2Fmodules%2Fauth%2Flogin-callback&state=XE4BZ5.O2Pw6INz6N1gZ4SLPY9-K7Hd6&scope=openid%20profile%20email&auth0Client=eyJuYW1lIjoiYXV0aDAuanMiLCJ2ZXJzaW9uIjoiOS4xNC4wIn0%3D
HTTP 302
https://login.24sevenoffice.com/login?state=g6Fo2SAtTktJbFpENXVzTFg0NkRYNy1zYUFCeURoU0hfUXZhMKN0aWTZIFV4OElSemdlb2FEb0tqQloyTEh2N29iWmRVcmtTVFZho2NpZNkgSU5Hb1l1RFpEZ2F4VDhKT0w2NE03dm5KY3hFR3hDaTA&client=INGoYuDZDgaxT8JOL64M7vnJcxEGxCi0&protocol=oauth2&audience=https%3A%2F%2Fapp.24sevenoffice.com&response_type=token&redirect_uri=https%3A%2F%2Fapp.24sevenoffice.com%2Fmodules%2Fauth%2Flogin-callback&scope=openid%20profile%20email&auth0Client=eyJuYW1lIjoiYXV0aDAuanMiLCJ2ZXJzaW9uIjoiOS4xNC4wIn0%3D Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://regnskap.styringsgruppen.no/ HTTP 301
- https://app.24sevenoffice.com/login/ HTTP 302
- https://app.24sevenoffice.com/modules/auth/login
- https://widget.intercom.io/widget/rd2w6ddu HTTP 302
- https://js.intercomcdn.com/shim.latest.js
25 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
login
app.24sevenoffice.com/modules/auth/ Redirect Chain
|
3 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
.env.js
app.24sevenoffice.com/modules/well-known/ |
11 KB 11 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
polyfill.min.js
cdn.polyfill.io/v3/ |
72 B 531 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.8cac33b3.chunk.css
app.24sevenoffice.com/modules/auth/static/css/ |
312 B 544 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
2.00830db6.chunk.js
app.24sevenoffice.com/modules/auth/static/js/ |
1 MB 317 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.565b829f.chunk.js
app.24sevenoffice.com/modules/auth/static/js/ |
376 KB 82 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
24 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
polyfill.min.js
cdn.polyfill.io/v3/ |
72 B 145 B |
Other
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
words
translation.api.24sevenoffice.com/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
authorize
login.24sevenoffice.com/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
login
login.24sevenoffice.com/ Redirect Chain
|
14 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
moment.min.js
cdnjs.cloudflare.com/ajax/libs/moment.js/2.24.0/ |
52 KB 16 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
moment-timezone-with-data.min.js
cdnjs.cloudflare.com/ajax/libs/moment-timezone/0.5.25/ |
909 KB 24 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
lock.min.js
cdn.auth0.com/js/lock/11.21.1/ |
810 KB 229 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
qs.min.js
cdnjs.cloudflare.com/ajax/libs/qs/6.8.0/ |
10 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
intercom.min.js
app.24sevenoffice.com/scriptaspx/tfsoheader/build/ |
5 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
24SevenOffice_logo_vert_blue.png
app.24sevenoffice.com/login/img/24so/ |
16 KB 16 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
INGoYuDZDgaxT8JOL64M7vnJcxEGxCi0.js
cdn.eu.auth0.com/client/ |
822 B 1 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
challenge
login.24sevenoffice.com/usernamepassword/ |
18 B 219 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
identity.api.24sevenoffice.com/ |
115 B 416 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ssodata
login.24sevenoffice.com/user/ |
13 B 242 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
shim.latest.js
js.intercomcdn.com/ Redirect Chain
|
17 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
frame-modern.19c1ec68.js
js.intercomcdn.com/ Frame F350 |
247 KB 67 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
vendor-modern.c4b9303b.js
js.intercomcdn.com/ Frame F350 |
123 KB 38 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
ping
api-iam.intercom.io/messenger/web/ Frame F350 |
11 KB 3 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- translation.api.24sevenoffice.com
- URL
- https://translation.api.24sevenoffice.com/words?lang=EN
- Domain
- login.24sevenoffice.com
- URL
- https://login.24sevenoffice.com/authorize?client_id=INGoYuDZDgaxT8JOL64M7vnJcxEGxCi0&audience=https%3A%2F%2Fapp.24sevenoffice.com&response_type=token&redirect_uri=https%3A%2F%2Fapp.24sevenoffice.com%2Fmodules%2Fauth%2Flogin-callback&state=5B32p.yVyi1p9IhAyzsgxg1alh1V6yLv&scope=openid%20profile%20email&auth0Client=eyJuYW1lIjoiYXV0aDAuanMiLCJ2ZXJzaW9uIjoiOS4xNC4wIn0%3D
Verdicts & Comments Add Verdict or Comment
35 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated function| moment object| Auth0 function| Auth0Lock function| Auth0LockPasswordless object| Qs function| getLocale object| additionalTranslationsByLanguage object| config string| returnUrl object| __loadedAt function| __ensureValid undefined| connection object| languageDictionary string| language object| validLanguages object| tfsoLanguageMap string| tfsoLanguage object| additionalTranslations undefined| loginHint object| options object| lock function| getReturnUrl object| _intercomSettings function| Intercom function| __intercomAssignLocation5 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
login.24sevenoffice.com/ | Name: auth0_compat Value: s%3AVDhBETlQ5ePERHWwtuA-d6Y9xQ8zEhro.HVGL5M1qwVRMoqU4vvgv3WOfVehr3j5R18xNknnmS98 |
|
login.24sevenoffice.com/ | Name: did_compat Value: s%3Av0%3A4d3e5a20-88a7-11eb-a209-1dcb7fc50ad0.3Co5MWUcmqghzo70NooHqA4gL5O%2BxEQ1KKK%2FNWVUVyg |
|
login.24sevenoffice.com/ | Name: auth0 Value: s%3AVDhBETlQ5ePERHWwtuA-d6Y9xQ8zEhro.HVGL5M1qwVRMoqU4vvgv3WOfVehr3j5R18xNknnmS98 |
|
login.24sevenoffice.com/ | Name: did Value: s%3Av0%3A4d3e5a20-88a7-11eb-a209-1dcb7fc50ad0.3Co5MWUcmqghzo70NooHqA4gL5O%2BxEQ1KKK%2FNWVUVyg |
|
.login.24sevenoffice.com/ | Name: __cfduid Value: d39e3fb28f96b8b1ed8f953426a02554b1616153770 |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
api-iam.intercom.io
app.24sevenoffice.com
cdn.auth0.com
cdn.eu.auth0.com
cdn.polyfill.io
cdnjs.cloudflare.com
fonts.googleapis.com
identity.api.24sevenoffice.com
js.intercomcdn.com
login.24sevenoffice.com
regnskap.styringsgruppen.no
translation.api.24sevenoffice.com
widget.intercom.io
login.24sevenoffice.com
translation.api.24sevenoffice.com
13.226.159.16
13.226.159.79
13.35.255.39
213.179.55.47
2606:4700::6810:125e
2606:4700::6810:605e
2a00:1450:4001:82a::200a
2a01:5b40:0:248::52
2a04:4e42:1b::621
65.9.69.184
82.117.32.38
99.83.219.81
06486cabfb771c2f089c450b8a00c03c02014c682f44b9c3989123bb206f03a5
08b7a2e506cea7f2808a59e807b3f3682b0555bb319379a16d1fe21cd73b1d3d
109cdd7ef931af5342f8282754524658d3817fbb3f4476f46548fb66a9fb2e3e
32e69bf9e964bd4699aca8d7506bc1fc5cafd442b9650da7e9d5b2ce9b73b82b
4b463bb14e596f489375e5838968175b0d50e84e333d79fcc81e01ee6e006d96
551c24fb8497e8befef657134a4dc50f8cb6191edf8512a53eb32591da35275c
55944754758613e5a0ff9895dd72cd15290b94881b9435b838e99e5cb7e77e4d
5efd13db383435b20419c2207909cd7465750a78edad13639018bc492f73c851
62c3bc317a9c11777e1dec68865e6b647ae3773d314f16347de086d9d5ed789a
6faf004abae72c73552d27043e1dee276e2a3fe1f895b5d664bdd8837ef6928b
76c9a6f17a79825b748265d54ceef0b103c4ca7dd1d134aad17f116a236b2149
79aead668da01511513dcaa95d011fe27768b600a388834240c14f25c84f8a50
8376431f05ed0574aa914db9f36153ed5837a067d6d3450847c49d89b37ad1bf
86254d3844309c8b02a4ce9450ad690f294aa08279fab71ff62ed93eb41f4ee8
a2f3b824fdcca44f160f8b4a61bf91c380cced9d3579fc11b3e05691ee5f75aa
aaecd144d2b8763b2fa5c91f09778294363cef363c10504205f4203922644d11
c5588b782ff216c3594ddbb975c4f4cacfe6b436d0701972a6bb56dcc73eb8c7
cbad945d63f02e026eed58d7a0bf836dc1cf4cf206883f4f478741d1d2e2e107
e22419e8154be2a34a950dbb4c4c448413751c53ef02f00c6c56af28aa2c4964
f1a50f207000e59fbbf0539516647355921c6ab8d1b3cf9a0021dcf5d5e16b6b
ff1f3ad405998a70b67fe438b4087633a34c95e8a2fce935385d3cf81ee765f9
ff2ef4585cd81a9ae2272ae77472c0a259f140c59928bad35e78c177c6ced01b