bowspritdandelion.co.kr
Open in
urlscan Pro
78.141.197.196
Malicious Activity!
Public Scan
Submission: On August 18 via automatic, source openphish
Summary
TLS certificate: Issued by cPanel, Inc. Certification Authority on August 17th 2019. Valid for: 3 months.
This is the only time bowspritdandelion.co.kr was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Earthlink (Telecommunication)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
18 | 78.141.197.196 78.141.197.196 | 20473 (AS-CHOOPA) (AS-CHOOPA - Choopa) | |
3 7 | 162.252.74.5 162.252.74.5 | 11054 (LIVEPERSON) (LIVEPERSON - LivePerson) | |
1 | 2a00:1450:400... 2a00:1450:4001:80b::2008 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
23 | 3 |
ASN20473 (AS-CHOOPA - Choopa, LLC, US)
PTR: 78.141.197.196.vultr.com
bowspritdandelion.co.kr |
ASN15169 (GOOGLE - Google LLC, US)
ssl.google-analytics.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
18 |
bowspritdandelion.co.kr
bowspritdandelion.co.kr |
158 KB |
7 |
liveperson.net
3 redirects
sales.liveperson.net |
4 KB |
1 |
google-analytics.com
ssl.google-analytics.com |
17 KB |
23 | 3 |
Domain | Requested by | |
---|---|---|
18 | bowspritdandelion.co.kr |
bowspritdandelion.co.kr
|
7 | sales.liveperson.net |
3 redirects
bowspritdandelion.co.kr
|
1 | ssl.google-analytics.com |
bowspritdandelion.co.kr
|
23 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.earthlink.net |
my.earthlink.net |
webmail.earthlink.net |
start.earthlink.net |
myvoice.earthlink.net |
myaccount.earthlink.net |
support.earthlink.net |
Subject Issuer | Validity | Valid | |
---|---|---|---|
bowspritdandelion.co.kr cPanel, Inc. Certification Authority |
2019-08-17 - 2019-11-15 |
3 months | crt.sh |
*.liveperson.net COMODO RSA Organization Validation Secure Server CA |
2018-01-06 - 2021-01-05 |
3 years | crt.sh |
*.google-analytics.com Google Internet Authority G3 |
2019-07-29 - 2019-10-21 |
3 months | crt.sh |
This page contains 3 frames:
Primary Page:
https://bowspritdandelion.co.kr/earthysecure/setcreditcard.jsp.htm
Frame ID: 16009E02EB0EE62BFEAAC12EDDEC9BA3
Requests: 21 HTTP requests in this frame
Frame:
https://sales.liveperson.net/hcp/html/blankhtml.html
Frame ID: 6C5B1E98FD0540653798B100F905BD57
Requests: 1 HTTP requests in this frame
Frame:
https://bowspritdandelion.co.kr/earthysecure/setcreditcard.jsp_files/blankhtml.htm
Frame ID: 9DCD5534B4DB84FB5138B0F48B551C9F
Requests: 1 HTTP requests in this frame
20 Outgoing links
These are links going to different origins than the main page.
Title: EarthLink.net
Search URL Search Domain Scan URL
Title: My Start Page
Search URL Search Domain Scan URL
Title: Web Mail
Search URL Search Domain Scan URL
Title: Biz Center
Search URL Search Domain Scan URL
Title: myVoice
Search URL Search Domain Scan URL
Title: My Account
Search URL Search Domain Scan URL
Title: Support
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: Sign Out
Search URL Search Domain Scan URL
Title: My Account Home
Search URL Search Domain Scan URL
Title: Email Profiles
Search URL Search Domain Scan URL
Title: Billing Information
Search URL Search Domain Scan URL
Title: Contact Information
Search URL Search Domain Scan URL
Title: Shipping Information
Search URL Search Domain Scan URL
Title: My Plan Details
Search URL Search Domain Scan URL
Title: My Downloads
Search URL Search Domain Scan URL
Title: Help
Search URL Search Domain Scan URL
Title: Policies and Agreements
Search URL Search Domain Scan URL
Title: EarthLink Privacy Policy
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 12- https://sales.liveperson.net/hc/LPearthlink_elink1/?visitor=&msessionkey=&site=LPearthlink_elink1&cmd=inPage&page=https%3A//myaccount.earthlink.net/cam/setcreditcard.jsp%3Fappname%3Dbilling%26x%3D1229118062&visitorStatus=INSITE_STATUS&activePlugin=none&pageWindowName=&javaSupport=true&id=7943503423&scriptVersion=1.1&d=1344464401350&cobrowse=true&cookie=cookietest%3DcookiesEnabled%3B%20JSESSIONID%3DFC95B87850DD253F0789CE438F070A89%3B%20ZSLB%3D28%3B%20s_sess%3D%2520s_cc%253Dtrue%253B%2520s_sq%253D%253B%3B%20ctype%3Dconsumer%3B%20NOUID%3D-1344464069150%3B%20WMCHOICE%3DWAM%3B%20JSESSIONID%3D48C7153A840AEF2A893F06EADE666253%3B%20ZS%3Diyt5QWglykwc-1905683b84b8fe10be91-36&title=Change%20Payment%20Method%20-%20Credit%20Card&referrer=https%3A//myaccount.earthlink.net/cam/billing_info.jsp HTTP 302
- https://sales.liveperson.net/hcp/width/img30.gif
- https://sales.liveperson.net/hc/LPearthlink_elink1/?visitor=&msessionkey=&site=LPearthlink_elink1&cmd=knockPage&page=https%3A//bowspritdandelion.co.kr/earthysecure/setcreditcard.jsp.htm&visitorStatus=INSITE_STATUS&activePlugin=none&pageWindowName=&javaSupport=false&id=7426483842&scriptVersion=1.1&d=1566087946461&title=Connect%20With%20Earthlink%20%7C%20Verify%20Your%20Billing&referrer= HTTP 302
- https://sales.liveperson.net/hcp/width/img30.gif
- https://sales.liveperson.net/hc/LPearthlink_elink1/?visitor=&msessionkey=&site=LPearthlink_elink1&cmd=startPage&page=https%3A//bowspritdandelion.co.kr/earthysecure/setcreditcard.jsp.htm&visitorStatus=INSITE_STATUS&activePlugin=none&pageWindowName=&javaSupport=false&id=7426483842&scriptVersion=1.1&d=1566087951464&&PAGEVAR!unit=proactivesvc&SESSIONVAR!language=english&PAGEVAR!UAScontext=Connect%20With%20Earthlink%20%7C%20Verify%20Your%20Billing&SESSIONVAR!Section=MyAccount&SESSIONVAR!Brand=elnk&cobrowse=true&scriptType=SERVERBASED&cookie=&title=Connect%20With%20Earthlink%20%7C%20Verify%20Your%20Billing&referrer= HTTP 302
- https://sales.liveperson.net/hcp/width/img30.gif
23 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
setcreditcard.jsp.htm
bowspritdandelion.co.kr/earthysecure/ |
21 KB 22 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
style.css
bowspritdandelion.co.kr/earthysecure/setcreditcard.jsp_files/ |
19 KB 19 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
CamLib.js
bowspritdandelion.co.kr/earthysecure/setcreditcard.jsp_files/ |
33 KB 33 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
processingBlink.js
bowspritdandelion.co.kr/earthysecure/setcreditcard.jsp_files/ |
781 B 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
universalnav-bg-left.gif
bowspritdandelion.co.kr/earthysecure/setcreditcard.jsp_files/ |
216 B 458 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
universalnav-logo.gif
bowspritdandelion.co.kr/earthysecure/setcreditcard.jsp_files/ |
2 KB 2 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
universalnav-bg-right.gif
bowspritdandelion.co.kr/earthysecure/setcreditcard.jsp_files/ |
219 B 461 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
myaccount-title.gif
bowspritdandelion.co.kr/earthysecure/setcreditcard.jsp_files/ |
373 B 373 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
csv.jpg
bowspritdandelion.co.kr/earthysecure/setcreditcard.jsp_files/ |
31 KB 31 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
configuration_baseline.js
bowspritdandelion.co.kr/earthysecure/setcreditcard.jsp_files/ |
3 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
conversion_script.js
bowspritdandelion.co.kr/earthysecure/setcreditcard.jsp_files/ |
2 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
x.js
bowspritdandelion.co.kr/earthysecure/setcreditcard.jsp_files/ |
40 KB 41 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ga.js
bowspritdandelion.co.kr/earthysecure/setcreditcard.jsp_files/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
img30.gif
sales.liveperson.net/hcp/width/ Redirect Chain
|
46 B 677 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
universalnav-bg.gif
bowspritdandelion.co.kr/cam/images/earthlink/ |
357 B 357 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
myaccount-bg.gif
bowspritdandelion.co.kr/cam/images/earthlink/ |
354 B 354 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
myaccount-key.gif
bowspritdandelion.co.kr/cam/images/earthlink/ |
355 B 355 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
blankhtml.html
sales.liveperson.net/hcp/html/ Frame 6C5B |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
blankhtml.htm
bowspritdandelion.co.kr/earthysecure/setcreditcard.jsp_files/ Frame 9DCD |
367 B 567 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ga.js
ssl.google-analytics.com/ |
45 KB 17 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
img30.gif
sales.liveperson.net/hcp/width/ Redirect Chain
|
46 B 677 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ga.js
bowspritdandelion.co.kr/earthysecure/setcreditcard.jsp_files/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
img30.gif
sales.liveperson.net/hcp/width/ Redirect Chain
|
46 B 677 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Earthlink (Telecommunication)279 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| loadFocus function| doFocus function| checkCAddressForm function| trimAndAssign function| checkAddressForm function| checkContactAddressForm function| isGoodName function| checkAddress function| checkPhones function| checkCCForm function| checkOnLineForm function| checkCC function| isGoodCSV function| isGoodCard function| isGoodType function| checkBD function| isCanadianProvince function| isGoodCountry function| getSelected function| checkZip function| stateMatchesCountry function| typeMatchesNumber function| isGoodPhone function| isGoodInpt function| cookiesEnabled function| validateEmail function| validateDomain function| validateLogin function| validatePPCLogin function| validateDigits function| autoTabPhone function| select function| switchCSV function| trim function| isNumber function| isZipCode function| isCanadianPostalCode function| checkBankDraft function| checkBankDraftPass function| checkRecurringAgreement function| isGoodAccountType function| getCookieVal function| getCookie function| getZUDomain function| deleteCookie function| newWindow function| openSmallerWindow function| isIntegerInRange function| isInteger function| isEmpty function| isDigit string| strSELECTPAYMENTTYPE string| strBADCARD string| strBADFULL string| strBADCSV string| strBADTYPE string| strNOMATCH string| strBADBDTYPE string| strBADROUTING string| strBADACCT string| strBADAUTHORZ string| strEMPTYNAME string| strEMPTYFNAME string| strEMPTYLNAME string| strBADNAME string| strBADFNAME string| strBADLNAME string| strBADCOMPNAME string| strEMPTYADDR string| strEMPTYCITY string| strEMPTYZIPPOSTAL string| strBADADDR string| strBADADDR2 string| strBADCITY string| strBADSTATE string| strBADZIPCODE string| strBADUSZIP string| strBADPOSTAL string| strBADCOUNTRY string| strBADSTATECOUNTRY string| strBADZIPCOUNTRY string| strEMPTYNUMBER string| strBADNUMBER string| strEMPTYHNUMBER string| strBADHNUMBER string| strBADWNUMBER string| strBADFNUMBER object| curDateTime number| tzoffset number| z number| maxz number| maxRetries number| retries number| blink_speed function| processingBlinker function| startProcessingBlinker function| displayDebCred string| userState string| userCountry string| lpUASunit string| lpUASimagesPath string| lpUASlanguage string| lpUASimagesFolder number| lpUASinvitePositionX number| lpUASinvitePositionY string| lpCustomInvitationTitle string| lpCustomInvitationCloseTitle string| lpUAScontext function| lpUASaction string| lpNumber string| lpServerName string| tagVars object| lpUASexistingTagVars string| lpUASbuttonImagesFolder string| lpUASInvitationImagesFolder string| lpUASimageURL number| lpPosX number| lpPosY string| lpCustomImageURL function| lpdbButtonAction string| lpUASinvitationCloseTitle string| lpUASbuttonTitle boolean| lpSaveRejectStatus number| lpRejectStateTimeout string| lpUASsection string| lpUASbrand number| INITIAL_MAX_SIZE number| MAX_TAGVARSURL_SIZE string| INITIAL_STRING number| STRING_MAX_SIZE undefined| idx string| SCRIPT_VERSION boolean| lpUseFirstParty boolean| lpUseSecureCookies boolean| lpUseSessionCookies string| LPLOCALVIDCOOKIE string| LPLOCALSKEYCOOKIE string| LPLOCALCONTAINERCOOKIE number| maxImg30SequenceAllowed number| maxAllowedIDFetch boolean| hcUseRejectStatusCookie number| hcUpdateState string| pageLocation string| lpfcLocation string| lpfcProtocol string| hcBase string| hcImageURL string| hcStaticImageURL object| hcControlImage boolean| hcIsImage number| hcCounter string| hcCmd object| scriptType number| hcTimeout number| hcSendCounter number| hcLeft number| hcTop boolean| hcNS boolean| hcIE boolean| hcDOM boolean| hcSafari boolean| hcMAC boolean| hcShowImage number| hcPos number| HumanStep number| hcDir number| hcBorder boolean| hcAnimate object| hcAnimateTimer object| hcOrigHcPos object| hcOrigHumanStep undefined| hcNeedImage undefined| hcCloseImage boolean| hcImageFetched object| hcimage object| hcicon undefined| _lptemp object| hcParam object| hcOpenVars boolean| hcLoadingImage number| hcLayerWidth number| hcLayerHeight undefined| hcClickURL boolean| HCinit boolean| lpForcePopup string| visitorStatus string| lpActivePlugin object| lpTopFrame boolean| hcRejected boolean| hcFocusFlag boolean| lpIsVisitor boolean| lpVoiceEngageFlag undefined| lpOperatorViewable undefined| lpOperatorPageType function| lpFixProtocol function| hcGetObj function| hcObjShow function| hcDate function| isJavaEnabled function| lpFindCookie function| lpParseLocalVisitorID function| lpParseLocalSessionKey function| lpParseLocalContainer function| lpSetOneFPCookie function| lpParseDomain boolean| lpFPCookieSet function| lpSetFPCookies function| lpTestSetCookies boolean| lpCanSetFPCookies boolean| lpJavaSupport function| lpCreateScriptTag function| lpAppendVisitorCookies number| lpFetchReTries number| lpFetchScriptCounter function| lpVerifyFPCookie function| hcSendRequest function| hcPlaceLayersIE function| hcPlaceLayersNS function| hcHandlePopup string| hcDocLoc function| hcPlaceLayers function| hcWaitForLoad function| hcWaitForHtmlLoad function| hcCheckWidth function| hcClosePopup function| goto_redirect number| hcImg30Sequence number| hclastW number| hclastH function| hcHandleWidthHeight function| lpClearRejectState function| saveLPReject function| getLPReject function| lpIsNumber function| hasValidLPRejectedCookie function| LPgetCookie function| LPsetCookie function| handleRedirectCommand function| activateCobrowsePlugin function| lpGetTopFrame function| hcCheckImages number| hcLoadTimer function| hcloop function| hcReloadIcon function| openChat function| openCredit function| openEngageVoice function| openEngageChat function| openCustomEngageChat function| openCustomEngageVoice function| openWantsToChat function| hcPreload function| hcSetImageGo function| hcSetImage function| hcWriteDoc function| hcFloatIconLoaded function| hcImageTimer function| hcAcceptCall function| hcRejectCall function| hcInvitationTimeout function| hcHideTheImage function| inviteShown function| hcShowTheImage function| hcAnimateStart function| getImageWidth function| hcAnimateImage function| hcPlaceImage function| hcGetImage function| hcFindImage function| hcgo function| lpTestAndGo function| hcLegalPage string| lpCustomInvitationLinkTitle number| hcPageID number| ver string| gaJsHost object| _gat object| _gaq object| pageTracker0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
bowspritdandelion.co.kr
sales.liveperson.net
ssl.google-analytics.com
162.252.74.5
2a00:1450:4001:80b::2008
78.141.197.196
0620a6866a873c90003b64956fd9f40f5b982eef2c183cdbb348e0f0fc26b1ca
0e295bd259f503041519dc5c508bbd869b34b3f6a614f325a3a8abe113ef55e4
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
2d513fd6ae744d0dd3838dc134aefdece0cc0367a4f8c65b3787819cedfaa63f
3494e76da24c64b8e1ebc8f4c78a57c2f2fc72db033774095b3a919a966c8e92
405c155e2b9aa1ea674d6ea266f9076af097ac2261c20c7c2ad4ab760f18f82e
52fe85c3590cdd65a1bf0f8fb6b5e6eab117e52b296f0c9e79c1aafac992219b
5a4d2eed33d653528786bbf573f848481b77d543361984835c4b5f5373882c1a
63fa520c2b56cdee0bfb5436e424e46eb9ad97c2710faa2cecebe7e04d764e06
6fd9b67721e6d2936c29e3d5f289288cbb3a64f6eb18f180cab3f85f4d313c20
86831cb0625a6e8d1ef20a4e1a083b0c2baaf22ac2cd4e80d118fcdf532d8e0e
9a395039d191789b23b9fbf556c86c17f4943bf41bb0792a676b5d40677c102a
aaef6f90748a3d81f8b0938f73120c97d7dde5845dcf99319ef8b1f9e9cd043e
aeb9d2d495e7a68ea04b6fe464e05a6fb3d6200c469c4e8c59e36411391536e4
dd3ce4693007ce4efb281d0ae4df465b70c351957af3a1ddceb23c4f5773910c
e075777be00946364138e6da41d47fdadfcc7431fc4835bcbf31f39b0fd065f0
ee9b6e705f0b12b84ce765c3551ae9e6d92eb99b9a2cdc5739a58c97d2ac04c4
fd44242afd8f5554b7dc3c27e800e1163dccec91ffa41e80378554e841a4badf