consorsfinaz.aba.ae
Open in
urlscan Pro
85.17.26.65
Malicious Activity!
Public Scan
Effective URL: http://consorsfinaz.aba.ae/c366757c305ed3656375233138c00104/
Submission: On April 25 via manual from FR
Summary
This is the only time consorsfinaz.aba.ae was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: BNP Paribas (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 167.89.123.16 167.89.123.16 | 11377 (SENDGRID) (SENDGRID - SendGrid) | |
1 1 | 185.12.108.69 185.12.108.69 | 58059 (WIFIBER) (WIFIBER) | |
2 39 | 85.17.26.65 85.17.26.65 | 60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands) | |
1 | 2a00:1450:400... 2a00:1450:4001:81c::2003 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
38 | 2 |
ASN11377 (SENDGRID - SendGrid, Inc., US)
PTR: o16789123x16.outbound-mail.sendgrid.net
u10224049.ct.sendgrid.net |
ASN58059 (WIFIBER, TR)
PTR: hosted-by.yntplus.com
consorfinanz.caglarasansor.com |
ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
PTR: mail.aba.ae
consorsfinaz.aba.ae |
Apex Domain Subdomains |
Transfer | |
---|---|---|
39 |
aba.ae
2 redirects
consorsfinaz.aba.ae |
941 KB |
1 |
gstatic.com
www.gstatic.com |
93 KB |
1 |
caglarasansor.com
1 redirects
consorfinanz.caglarasansor.com |
241 B |
1 |
sendgrid.net
1 redirects
u10224049.ct.sendgrid.net |
249 B |
38 | 4 |
Domain | Requested by | |
---|---|---|
39 | consorsfinaz.aba.ae |
2 redirects
consorsfinaz.aba.ae
|
1 | www.gstatic.com |
consorsfinaz.aba.ae
|
1 | consorfinanz.caglarasansor.com | 1 redirects |
1 | u10224049.ct.sendgrid.net | 1 redirects |
38 | 4 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.consorsfinanz.de |
www.aba.ae |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.google.com Google Internet Authority G3 |
2019-03-26 - 2019-06-18 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
http://consorsfinaz.aba.ae/c366757c305ed3656375233138c00104/
Frame ID: 2E3351099EDF4F564585AB52BF2D8374
Requests: 38 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://u10224049.ct.sendgrid.net/wf/click?upn=q3i-2FFwfxB1rMOlS4PuXpGvGpmbcCyZJsq-2FYJ0GYkQ2rVMar6xcrO26K8y3n...
HTTP 302
http://consorfinanz.caglarasansor.com/ HTTP 302
http://consorsfinaz.aba.ae/ HTTP 302
http://consorsfinaz.aba.ae/c366757c305ed3656375233138c00104 HTTP 301
http://consorsfinaz.aba.ae/c366757c305ed3656375233138c00104/ Page URL
Detected technologies
Liferay (CMS) ExpandDetected patterns
- env /^Liferay$/i
Nginx (Web Servers) Expand
Detected patterns
- headers server /nginx(?:\/([\d.]+))?/i
AlloyUI (JavaScript Frameworks) Expand
Detected patterns
- env /^AUI$/i
Segment (Analytics) Expand
Detected patterns
- env /^analytics$/i
SiteCatalyst (Analytics) Expand
Detected patterns
- env /^s_(?:account|objectID|code|INST)$/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- env /^jQuery$/i
reCAPTCHA (Captchas) Expand
Detected patterns
- env /^Recaptcha$/i
YUI (JavaScript Libraries) Expand
Detected patterns
- env /^AUI$/i
Twitter Bootstrap () Expand
Detected patterns
- env /^AUI$/i
Page Statistics
3 Outgoing links
These are links going to different origins than the main page.
Title: Noch kein Kunde?
Search URL Search Domain Scan URL
Title: FAQ
Search URL Search Domain Scan URL
Title: استضافة مجانية
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://u10224049.ct.sendgrid.net/wf/click?upn=q3i-2FFwfxB1rMOlS4PuXpGvGpmbcCyZJsq-2FYJ0GYkQ2rVMar6xcrO26K8y3nzQdYw_8mkZSnk1KXigDKe3iFIxKTkQShwr-2FmcHos-2FPpLF-2F9q5RwDxERYLmZ1WMLW2qPd4sVoqS3fkTsh1kkZ85oNhwnpYlvCYMxoB7lBbfLb4j-2B9dB2kFsP30t7VkGldgvZy4Ycc5dFyXyjDGG12qDb-2FRQN2VzOXibF-2B8g715MSbROtGvYybp-2BC2oYVJ7JJ1zCcHcEUoZfbbZogTkSfPUUE04sOuYrKz8-2FFJhrtXrCaT-2B059oKGO-2FBk9mhjW-2BgijZ01DabELntCwgIXfSf75WegsLPjRD96Xj99PEMyj1XPxAAANdcFIEwe4mLFK0UyZLZ0yu-2FnuV6epsbr8wG1B6jzsC2ZJNAgpvCSMO0a1JvTyK-2BrpsPXZpnyDuxd5V4bKSsm67IIG-2BGXK-2BU9yrZNF1wRIyb4LrQjcBGe1Z7jC1JAkoN0Ns-3D
HTTP 302
http://consorfinanz.caglarasansor.com/ HTTP 302
http://consorsfinaz.aba.ae/ HTTP 302
http://consorsfinaz.aba.ae/c366757c305ed3656375233138c00104 HTTP 301
http://consorsfinaz.aba.ae/c366757c305ed3656375233138c00104/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
38 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
consorsfinaz.aba.ae/c366757c305ed3656375233138c00104/ Redirect Chain
|
39 KB 8 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mentions.css
consorsfinaz.aba.ae/c366757c305ed3656375233138c00104/css/ |
563 B 817 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main.css
consorsfinaz.aba.ae/c366757c305ed3656375233138c00104/css/ |
3 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
aui.css
consorsfinaz.aba.ae/c366757c305ed3656375233138c00104/css/ |
393 KB 65 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main_2.css
consorsfinaz.aba.ae/c366757c305ed3656375233138c00104/css/ |
102 KB 19 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
combo.css
consorsfinaz.aba.ae/c366757c305ed3656375233138c00104/css/ |
6 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
js_loader_modules.js
consorsfinaz.aba.ae/c366757c305ed3656375233138c00104/js/ |
58 KB 8 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
everything.jsp
consorsfinaz.aba.ae/c366757c305ed3656375233138c00104/ |
692 KB 692 KB |
Script
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
js_bundle_config.js
consorsfinaz.aba.ae/c366757c305ed3656375233138c00104/js/ |
40 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
home.css
consorsfinaz.aba.ae/c366757c305ed3656375233138c00104/css/ |
5 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
home_2.js
consorsfinaz.aba.ae/c366757c305ed3656375233138c00104/js/ |
41 KB 12 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main_1.css
consorsfinaz.aba.ae/c366757c305ed3656375233138c00104/css/ |
89 KB 18 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
combo_1.css
consorsfinaz.aba.ae/c366757c305ed3656375233138c00104/css/ |
28 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
combo.js
consorsfinaz.aba.ae/c366757c305ed3656375233138c00104/js/ |
427 B 695 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
s_code.js
consorsfinaz.aba.ae/c366757c305ed3656375233138c00104/js/ |
39 KB 15 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
analytics.js
consorsfinaz.aba.ae/c366757c305ed3656375233138c00104/js/ |
5 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cfg_modal.js
consorsfinaz.aba.ae/c366757c305ed3656375233138c00104/js/ |
737 B 1005 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
trackingv1.js
consorsfinaz.aba.ae/c366757c305ed3656375233138c00104/js/ |
352 B 620 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
smart.js
consorsfinaz.aba.ae/c366757c305ed3656375233138c00104/js/ |
14 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
home.svg
consorsfinaz.aba.ae/c366757c305ed3656375233138c00104/images/ |
20 KB 21 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
home_1
consorsfinaz.aba.ae/c366757c305ed3656375233138c00104/ |
633 B 903 B |
Image
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
api.js
consorsfinaz.aba.ae/c366757c305ed3656375233138c00104/js/ |
762 B 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
home
consorsfinaz.aba.ae/c366757c305ed3656375233138c00104/ |
2 KB 2 KB |
Image
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
home.js
consorsfinaz.aba.ae/c366757c305ed3656375233138c00104/js/ |
4 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
home_1.js
consorsfinaz.aba.ae/c366757c305ed3656375233138c00104/js/ |
398 B 666 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main.js
consorsfinaz.aba.ae/c366757c305ed3656375233138c00104/js/ |
211 B 478 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
consorsfinaz.aba.ae/combo/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
consorsfinaz.aba.ae/combo/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
consorsfinaz.aba.ae/combo/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
recaptcha__de.js
www.gstatic.com/recaptcha/api2/v1554100419869/ |
266 KB 93 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bnpp-sans.woff
consorsfinaz.aba.ae/c366757c305ed3656375233138c00104/fonts/ |
54 KB 54 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
consorsfinaz.aba.ae/combo/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
available_languages.jsp
consorsfinaz.aba.ae/o/frontend-js-web/liferay/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
consorsfinaz.aba.ae/combo/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
consorsfinaz.aba.ae/combo/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
consorsfinaz.aba.ae/combo/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
consorsfinaz.aba.ae/combo/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
consorsfinaz.aba.ae/combo/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: BNP Paribas (Banking)64 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask object| Liferay object| themeDisplay function| YUI function| $ function| jQuery object| __CONFIG__ function| ES6Promise object| Loader function| require function| define function| _ object| YUI_config function| AUI function| svg4everybody function| submitForm object| __METAL_COMPATIBILITY__ object| jsf object| mojarra string| s_account object| s string| s_code string| s_objectID function| s_gi function| s_giqf string| s_an function| s_sp function| s_jn function| s_rep function| s_d function| s_fe function| s_fa function| s_ft object| s_c_il number| s_c_in number| s_giq function| Analytics function| showCfgModal function| closeCfgModal function| closeCfgModalTimeout function| trackingPageView function| trackingEvent string| activeTracking boolean| isEmpty undefined| myVar function| showLoginLoading function| hideLoginLoading function| showModal function| hideModal function| handleSubmit function| disableLoginSubmitButton function| enableLoginSubmitButton function| successfulRecaptcha function| trackLoginUser function| trackingForgotPassword function| trackingFAQ object| ___grecaptcha_cfg object| grecaptcha boolean| __google_recaptcha_client function| redirectToErrorPage string| PATH_PORTLET_CONFIGURATION_CSS_WEB object| recaptcha2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.aba.ae/ | Name: s_fid Value: 6F1D0CD8DEDE9F14-0F7ED44E775C7710 |
|
.aba.ae/ | Name: s_cc Value: true |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
consorfinanz.caglarasansor.com
consorsfinaz.aba.ae
u10224049.ct.sendgrid.net
www.gstatic.com
167.89.123.16
185.12.108.69
2a00:1450:4001:81c::2003
85.17.26.65
11fe05806ad2ca1faddda6f53b62acd8a4939e697cce26751bab76d2706bbed8
23e43bdbd3cc5a6562f60a5a9e8319f7574ae3b1b5d8fb65c5687bc3a648fa84
2481387d5fbe94fb5dc878ad78ba2a6c3bbecffaa83d0c31d2717a4fe56a79e2
28a48f1cf78d32b463a3b9ee973b2700322408026357f0c45f5cd2c6bbca3923
2ea9133fa5b1d4919279d4748bd3bee46d109b7e0d508ce203603ffb678c8528
32b3a6b3e9bcc8df57b2c2ba709c3701ec32d7cbe0870683938addf2fd80aaf0
32bea907c1d03c95b274c5e12a0becc6bf89e5162b7c539dcc6ad3a4abeeed35
364f48c01892245eb0790b462e8e8aa22284e04f289512afa75d9864d99e979c
3ad317867dbc668f3e6dacfa4c17870a9affaa520346201b394810564e214e7c
431b7ce3fa6c10c5d9d6bc13c832a817d184864cbb7f9ce81d7a6a0d009b4b47
5fa269d817a9292a61b8ebe9520c1e65f1522d70ce0f2a3e28f8ef5a04ecf925
7008debc0eb384779bd20132477eb95dff366a687a68abff577479f31e393b44
7b9621634d2af316bde1af2e68d65dc1480cd4804c5992769b5808b203f6cb27
7c461e2aa151881d08b27fa123431cfdf265a0e1e766804ef3c8abbdc5e92a00
8c90b9f923f639dc10aac484d28d9fd1fb8ad9a44a5389d35682e4d0baf8719e
8f870db06ab1f3de37aea9d356bc0fb6a61e11714e473f4285b52452089b4f17
a771c4934f55bce13dfe27ad917bb498cd9cefc416e29a2ac42fff885ce095b3
abd1642a4f6cda9580cdc7255902b4eaa3b14333e5ee83fc35053a03cdac7d1e
ad75f5dbad3b867ea8475b1f196724393eb0fd7bbec5ea69c574024842f4683a
b1446f4e069d42d0c51dc67f91a42f8fc5df6669310c8b8842eb8b6ab310a916
b787565fc9f1e2e4b21b61a878a871c31d6c0089a6033daf5e5c56430c079c11
b95572e17ce1d3d3f8656c476ef05d7c9562fc0127d3805bc050bbca3f339304
e2906f62e6dff346d6634c55d891b00ebec79a810e7b7f3a54d17726a0b842c5
e2cb991df9f6131906ff88ecf7adb80440dee117d1693f742edeabbf95fac131
e508a024503867896da6b77b3109ff8db7a77cfad68b60cd35fc02395d5a91f9
ef306c6a69f21f42cc3cb3fd9691a47a69388608654d445c1006678eb5992851
ef4b621ba85ae78ec5f592bc6f0f7d4bf41bdd7eac17e07b5a905a8ecebfd1c5
f4da36c61ee7f7adba1005739b3f7175b83e3038544b5fbd5e3e622af0259e5c