www.citi.com
Open in
urlscan Pro
23.212.222.130
Public Scan
Effective URL: https://www.citi.com/login?next_page=jfp|dashboard&app_store=Y
Submission: On January 18 via manual from US — Scanned from DE
Summary
TLS certificate: Issued by DigiCert EV RSA CA G2 on November 7th 2023. Valid for: a year.
This is the only time www.citi.com was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 | 173.213.4.17 173.213.4.17 | 53316 (ASN-CHEET...) (ASN-CHEETA-MAIL) | |
1 | 2a00:1450:400... 2a00:1450:4001:827::200a | 15169 (GOOGLE) (GOOGLE) | |
3 | 63.148.46.76 63.148.46.76 | 53316 (ASN-CHEET...) (ASN-CHEETA-MAIL) | |
1 1 | 104.102.43.113 104.102.43.113 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
17 | 23.212.222.130 23.212.222.130 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
4 | 2a02:26f0:480... 2a02:26f0:480:d::210:f160 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
31 | 6 |
ASN53316 (ASN-CHEETA-MAIL, US)
PTR: sts.eccmp.com
sts.eccmp.com |
ASN16625 (AKAMAI-AS, US)
PTR: a104-102-43-113.deploy.static.akamaitechnologies.com
online.citi.com |
ASN16625 (AKAMAI-AS, US)
PTR: a23-212-222-130.deploy.static.akamaitechnologies.com
www.citi.com |
ASN20940 (AKAMAI-ASN1, NL)
p11.techlab-cdn.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
20 |
citi.com
1 redirects
fm.info6.citi.com — Cisco Umbrella Rank: 290661 l.info6.citi.com — Cisco Umbrella Rank: 103654 online.citi.com — Cisco Umbrella Rank: 20873 www.citi.com — Cisco Umbrella Rank: 26362 |
2 MB |
4 |
techlab-cdn.com
p11.techlab-cdn.com — Cisco Umbrella Rank: 3589 |
59 KB |
3 |
eccmp.com
sts.eccmp.com — Cisco Umbrella Rank: 22875 |
17 KB |
1 |
googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 369 |
30 KB |
31 | 4 |
Domain | Requested by | |
---|---|---|
17 | www.citi.com |
fm.info6.citi.com
www.citi.com |
4 | p11.techlab-cdn.com |
www.citi.com
|
3 | sts.eccmp.com |
fm.info6.citi.com
sts.eccmp.com |
1 | online.citi.com | 1 redirects |
1 | l.info6.citi.com |
fm.info6.citi.com
|
1 | ajax.googleapis.com |
fm.info6.citi.com
|
1 | fm.info6.citi.com | |
31 | 7 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
info6.citi.com DigiCert EV RSA CA G2 |
2023-11-29 - 2024-12-29 |
a year | crt.sh |
upload.video.google.com GTS CA 1C3 |
2023-12-11 - 2024-03-04 |
3 months | crt.sh |
*.eccmp.com DigiCert TLS RSA SHA256 2020 CA1 |
2023-05-24 - 2024-06-09 |
a year | crt.sh |
www.citi.com DigiCert EV RSA CA G2 |
2023-11-07 - 2024-12-05 |
a year | crt.sh |
p11.techlab-cdn.com R3 |
2024-01-18 - 2024-04-17 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.citi.com/login?next_page=jfp|dashboard&app_store=Y
Frame ID: 6D3B0A7C383C860B2D992B684C7FCEFB
Requests: 31 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- https://fm.info6.citi.com/ats/url.aspx?cr=617&wu=20&we=7&url=https%3A%2F%2Fonline.citi.com%2FUS%2FJRS%... Page URL
-
https://online.citi.com/US/JRS/infrastructure/newretarget.do?next_page=jfp|dashboard&app_store=Y
HTTP 301
https://www.citi.com/login?next_page=jfp|dashboard&app_store=Y Page URL
Detected technologies
Akamai Bot Manager (Security) ExpandDetected patterns
jQuery (JavaScript Libraries) Expand
Detected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://fm.info6.citi.com/ats/url.aspx?cr=617&wu=20&we=7&url=https%3A%2F%2Fonline.citi.com%2FUS%2FJRS%2Finfrastructure%2Fnewretarget.do%3Fnext_page%3Djfp%7Cdashboard%26app_store%3DY%26enid%3DT114174238414332T0114170243842414336&linkName=CT_Bal_Dashboard&transId=C2024011700687726 Page URL
-
https://online.citi.com/US/JRS/infrastructure/newretarget.do?next_page=jfp|dashboard&app_store=Y
HTTP 301
https://www.citi.com/login?next_page=jfp|dashboard&app_store=Y Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
31 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
url.aspx
fm.info6.citi.com/ats/ |
16 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/2.1.3/ |
82 KB 30 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
open.aspx
l.info6.citi.com/rts/ |
43 B 432 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
conversen-SDK.js
sts.eccmp.com/sts/scripts/ |
15 KB 15 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
617
sts.eccmp.com/wts/WebEvent/GetCookieExpiry/ |
35 B 426 B |
XHR
text/xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
image.gif
sts.eccmp.com/wts/WebEvent/ |
807 B 1 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
login
www.citi.com/ Redirect Chain
|
222 KB 45 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
e049bcce96a1555bf6f96086ea852669dd0011213c3f
www.citi.com/public/ |
157 KB 56 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
6c8322c7341eac98645c10e3d1d3c7ae.js
www.citi.com/assets/scripts/global/ |
1 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
tagging.min.js
www.citi.com/cbol-pre-login-static-assets/assets/js/ |
44 KB 11 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
banner.min.js
www.citi.com/cbol-pre-login-static-assets/assets/js/ |
14 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Interstate-Light.woff
www.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/ |
74 KB 75 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Interstate-Bold.woff
www.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/ |
70 KB 71 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Interstate-Regular.woff
www.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/ |
77 KB 78 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
styles.ca7d1c12fdaf8552.css
www.citi.com/cbol-pre-login-static-assets/ |
2 MB 191 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
tmxobfwc-clientlib-v4.js
www.citi.com/cbol-pre-login-static-assets/assets/js/ |
2 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fp.js
www.citi.com/cbol-pre-login-static-assets/assets/js/ |
19 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
runtime.ac5dfd0d026c2737.js
www.citi.com/cbol-pre-login-static-assets/ |
3 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
polyfills.adb80ee790195eb1.js
www.citi.com/cbol-pre-login-static-assets/ |
48 KB 17 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
scripts.cc636ec5cfe3cbe4.js
www.citi.com/cbol-pre-login-static-assets/ |
51 KB 15 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main.cb78aa264f241ccb.js
www.citi.com/cbol-pre-login-static-assets/ |
4 MB 803 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bJwEB
www.citi.com/M-iO/4_Cc/7a9/4bO/W4Tg/cuuEmXbpJw/SjEQAg/QFI5Ewh/ |
215 KB 81 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
65319_1825202461.js
p11.techlab-cdn.com/e/ |
54 KB 18 KB |
Fetch
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
65257_1825232097.js
p11.techlab-cdn.com/e/ |
14 KB 6 KB |
Fetch
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
64885_1825202523.js
p11.techlab-cdn.com/e/ |
3 KB 2 KB |
Fetch
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
65226_1825232128.js
p11.techlab-cdn.com/e/ |
70 KB 33 KB |
Fetch
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
6c8322c7341eac98645c10e3d1d3c7ae.js
www.citi.com/assets/scripts/global/ |
314 KB 179 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
e049bcce96a1555bf6f96086ea852669dd0011213c3f
www.citi.com/public/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST |
bJwEB
www.citi.com/M-iO/4_Cc/7a9/4bO/W4Tg/cuuEmXbpJw/SjEQAg/QFI5Ewh/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
citiredesign.svg
www.citi.com/CBOL/IA/Angular/assets/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
Interstate-Light.woff
www.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- www.citi.com
- URL
- https://www.citi.com/public/e049bcce96a1555bf6f96086ea852669dd0011213c3f
- Domain
- www.citi.com
- URL
- https://www.citi.com/M-iO/4_Cc/7a9/4bO/W4Tg/cuuEmXbpJw/SjEQAg/QFI5Ewh/bJwEB
- Domain
- www.citi.com
- URL
- https://www.citi.com/CBOL/IA/Angular/assets/citiredesign.svg
- Domain
- www.citi.com
- URL
- https://www.citi.com/cbol-pre-login-static-assets/commonui-assets/fonts/interstate/Interstate-Light.woff
Verdicts & Comments Add Verdict or Comment
5 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| $$__0e/cilbup/ undefined| jQuery number| ___dm function| ___dto9 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
fm.info6.citi.com/ | Name: BIGipServercnv_ats_ssl_pool Value: 1061623818.47873.0000 |
|
l.info6.citi.com/ | Name: ASP.NET_SessionId Value: y0wn0v5b40kyg3livgnv0xtt |
|
l.info6.citi.com/ | Name: BIGipServercnv_ats_ssl_pool Value: 1061623818.47873.0000 |
|
.citi.com/ | Name: xyz_cr_617_et_100 Value: cr=617&wegc=&et=100&ap=&we=7 |
|
.citi.com/ | Name: AKMTLTSID Value: EB1D8C1668E72BE9376117B979A8A4E6 |
|
.citi.com/ | Name: bm_sz Value: 088936219A4F1292250B84E15028CD03~YAAQhPAQAvyDcxKNAQAAemy9HRaOC7cmlevkuy2xRqMos8qJYZFHIkg1QDfR6jf7Qr+7HBosDPk0HB8byCHZ7fvh1xAPrXltPhXf8yRtuQDTf3OGpykLHRO2QeoTxmA3nvg0mGYfJvhwzaN2vk3E64zybtQLWMA2n/FJ+bSQRmCDFgZvAgavvmEtqNrqcDsXpHDHLi92wtov1Isg9z0v41Llpi4ewGdCVAZsKA2MxyHagyiud7JF+iJnyaPd2hmNfGTUlaX2mgjRGixTKPIIBeZx2X9rzO4UiEzupSYVuJYTAXbaJqKWHsezbzKSlWPv3ImgAWmn67d+Kw==~4600889~3421495 |
|
.citi.com/ | Name: ak_bmsc Value: 4F5CBE6FACFDF52A8798E7CB1D29BB70~000000000000000000000000000000~YAAQvuIlF17R6e6MAQAAgW69HRawVtgeC0kiSpc+gcwNBGq3AaDwzCNaSztPmQweQ39+gHPy089W1QhNOojhYwmDLdzeMZvxpN+H5VqD51dtwe7fC+CLXJGQtgYpostwMiKWfm//V9qUsbYXVT4mRb5MzEKLP+KR52pOZFYXs/adHdZE/lC5O/1YXMAWfVQJd6uXNAbG1JrlQo5pBrRknpT9ydhpI8UKPH3Khdkz6bRhuUO8dasnAARASWGtswONqc+KclYJEv11+/Uk/BU0Q89rW5HJRKIb9XfbNw6ES+KL5gvmFaLMpCgxEsngKNQZgGrVuNQxlFe9UBNMCwTtpOz2ATi6mrxvXKx6Zo1EZCCRCQXxiage0FT9a1fK |
|
.citi.com/ | Name: NMO5iv8Z Value: AzlvvR2NAQAAg1u0c9UH22Kjp0mvfkNVWq7zD-bKIOWsgebmM1JWq59NXS9NAVD_B2iucuKDwH8AAEB3AAAAAA|1|0|1a1965b930cd003f6a6aa3c7fe0312fc1ac9b2d1 |
|
.citi.com/ | Name: _abck Value: 4E882059397335AA1AE83AB748473CD5~-1~YAAQvuIlF3rR6e6MAQAAvW+9HQuC937EYIz2vAxD3tZ9NI+EJDn0+xyGxq1oWUmnXxMEZtWPJThdlBvNCVg1OnQm9pXj60TRZWmRiiYtgDIEMDfN3eXzSOfcTrKPEx8qGMTc+pStQ88JCSlnc5Y9l3EgQWyCQ7rPUt+29k0wGHp998tbggxVL7UV11ihM9iGjH8i/9Yd4s7SyALuHeUBRNr7E5oqVFEriGJjjKQmxl8KtPWRyIPWBvIcRJ4Ng8WpCogXBv+A7kMCLkQis0uVqIlcHvNfg6i9bLJUvdMDxzVq3uflRwx43LdKNW/13obleBK0ZpYR9SmwgyapHfSswNBbjl/CiKJWwHaeQPGQXgrT1X1VhC1KOyv+J/vpQNWbwEYZL1BoWRc=~-1~-1~-1 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
fm.info6.citi.com
l.info6.citi.com
online.citi.com
p11.techlab-cdn.com
sts.eccmp.com
www.citi.com
www.citi.com
104.102.43.113
173.213.4.17
23.212.222.130
2a00:1450:4001:827::200a
2a02:26f0:480:d::210:f160
63.148.46.76
02433a62f3bc96003e78509ec45872fe3330c330204fa77415039f40a043224b
045cd226594cb32ddf9d4db8ee45611f4d0788675ae50180b68da975e66fe1fe
095535eb9b22a8e72b3b6c50a557ac3d6ed67c7ff0ff3e646b214b46b21a59d4
095e3f79d57e64a4c87659b5b7d864df05b07ccdba432a32081d8c20e5d87564
34b42d41b37ad335e980b17f252b2163e2c0edd217d84fd1e59ce7ad6d53e84f
422aa4e7ba5ff626a830dbbee358cb5055122a03b5c36b5f7608e1b34999e529
61339a21fa71d17d0dfebceba08dc76ce605e73f65a88438397483478d953aae
735ace838c4f02a810a79d750fa248e3f70fa9483a4ede6f8f123bf6a314a4f3
7488dc7d3069df17fcfd2e2bca49acb9a71de8ded2c0a9bb35a9c4d3e42cb5d0
74a7a53097f5335e794968f4f7c27d089701fd635c8698c5f5fda7f30356cacb
825546d1f93842a0a74ce5533d43a2d0f4826734833adcabef2acb099df02809
85a286bded9867e26f27bd9d3ca7c48bd3a7f36f943b895f4b314eb578b0d55a
8af93bd675e1cfd9ecc850e862819fdac6e3ad1f5d761f970e409c7d9c63bdc3
8f1c4322ca7cec46bb7729dccc9b2a7544be8cc6da77b59731807cdfb936770c
9c6d485ae01a594ef22b3c44e1eca5314259061faacdcdfc51569aba58a4fc2b
a274f12ba729e52f354a90821a33a82ecdbcf1bf37b1fd46bda217afe6404fff
ad80a3f6b1b1b869088b872381b3179a21dccc4e465ec0a00c92824f6462c258
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
bde440af352dd7a654d734bb030f32a058e1345b0a4620448f80f74a53f64d01
bf6b0ddbb32544fe9613e37923dbdffeb99c4349ce7f5d6c4799fde2f862bd37
bf87f53255267d9d4498b937ff708e301b08c25fdc8bd65d6c260ade97844411
c50f72a1fce769b6614580c4b383d2e80da4854146a62c3ef9b6d63b5dd2fc66
dd65a674c821f6a0e0ec4b181532b00c0cc5d5bde623ea98affcb9f383139b57
de30ce055c48c5670e01861f4525298275f6abe9cefe4a05f169bcf8d33ddff0
e9e9a67395a0d83b584208a19b95af203df8e8e6c6952fe76c690d60ea9381c7
f327a0ba3e41b1e8154e1c18fc114baff0bd057151e3afe7fa6f33cc0cb18296
f78ea2382be0bfe8c2909ded2f1c9ad7b60a2e797982ef57544431fd0fe0c383