URL: http://qpak-blazecasino.somee.com/dinheiro-real/page-23-2023-06-21.html
Submission: On November 22 via api from US — Scanned from DE

Summary

This website contacted 13 IPs in 2 countries across 14 domains to perform 24 HTTP transactions. The main IP is 155.254.244.30, located in Dallas, United States and belongs to JOESDATACENTER, US. The main domain is qpak-blazecasino.somee.com.
This is the only time qpak-blazecasino.somee.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
3 155.254.244.30 19969 (JOESDATAC...)
2 2a00:1450:400... 15169 (GOOGLE)
1 2a06:98c1:312... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2 144.202.1.6 20473 (AS-CHOOPA)
1 2606:4700:303... 13335 (CLOUDFLAR...)
4 2606:4700:303... 13335 (CLOUDFLAR...)
1 173.236.206.202 26347 (DREAMHOST-AS)
1 2606:4700:310... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2 23.45.238.53 16625 (AKAMAI-AS)
5 2a00:1450:400... 15169 (GOOGLE)
24 13
Domain Requested by
5 www.googletagmanager.com qpak-blazecasino.somee.com
4 cacaniqueis77.com qpak-blazecasino.somee.com
3 qpak-blazecasino.somee.com qpak-blazecasino.somee.com
2 s7.addthis.com 1 redirects qpak-blazecasino.somee.com
2 cdn.xl.thumbs.canstockphoto.com 1 redirects qpak-blazecasino.somee.com
2 pagead2.googlesyndication.com qpak-blazecasino.somee.com
pagead2.googlesyndication.com
1 ajax.googleapis.com qpak-blazecasino.somee.com
1 www.onlinecasinosportugal.pt qpak-blazecasino.somee.com
1 www.juegocasinos.com.mx qpak-blazecasino.somee.com
1 casinoonline777.com.br qpak-blazecasino.somee.com
1 googleads.g.doubleclick.net pagead2.googlesyndication.com
1 bestnetentcasino.info qpak-blazecasino.somee.com
0 91.215.152.128 Failed qpak-blazecasino.somee.com
0 www.gocassinos.com.br Failed qpak-blazecasino.somee.com
24 14

This site contains no links.

Subject Issuer Validity Valid
*.g.doubleclick.net
GTS CA 1C3
2023-10-23 -
2024-01-15
3 months crt.sh
bestnetentcasino.info
Cloudflare Inc ECC CA-3
2023-04-20 -
2024-04-19
a year crt.sh
casinoonline777.com.br
GTS CA 1P5
2023-10-30 -
2024-01-28
3 months crt.sh
cacaniqueis77.com
E1
2023-10-05 -
2024-01-03
3 months crt.sh
www.juegocasinos.com.mx
R3
2023-10-15 -
2024-01-13
3 months crt.sh
onlinecasinosportugal.pt
GTS CA 1P5
2023-11-12 -
2024-02-10
3 months crt.sh
upload.video.google.com
GTS CA 1C3
2023-10-23 -
2024-01-15
3 months crt.sh
*.google-analytics.com
GTS CA 1C3
2023-10-23 -
2024-01-15
3 months crt.sh

This page contains 2 frames:

Primary Page: http://qpak-blazecasino.somee.com/dinheiro-real/page-23-2023-06-21.html
Frame ID: B22586B129F09DD35F420D7A3B55C568
Requests: 23 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20190131/zrt_lookup_inhead_fy2021.html?hello=world
Frame ID: 0E552F2FAA312888359F9DCBB96B5D34
Requests: 1 HTTP requests in this frame

Screenshot


Detected technologies

Overall confidence: 100%
Detected patterns
  • /wp-(?:content|includes)/

Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Overall confidence: 100%
Detected patterns
  • addthis\.com/js/

Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/

Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js

Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

24
Requests

71 %
HTTPS

67 %
IPv6

14
Domains

14
Subdomains

13
IPs

2
Countries

1348 kB
Transfer

2459 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 7
  • http://cdn.xl.thumbs.canstockphoto.com/canstock14104432.jpg HTTP 301
  • https://cdn.xl.thumbs.canstockphoto.com/canstock14104432.jpg
Request Chain 16
  • http://s7.addthis.com/js/300/addthis_widget.js HTTP 308
  • https://s7.addthis.com/js/300/addthis_widget.js

24 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request page-23-2023-06-21.html
qpak-blazecasino.somee.com/dinheiro-real/
33 KB
34 KB
Document
General
Full URL
http://qpak-blazecasino.somee.com/dinheiro-real/page-23-2023-06-21.html
Protocol
HTTP/1.1
Server
155.254.244.30 Dallas, United States, ASN19969 (JOESDATACENTER, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
087dbfc286e64a588a1165da4ec91366cafb1a389ef45e2d61f3811f34dc1b8c

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Content-Length
34235
Content-Type
text/html
Date
Wed, 22 Nov 2023 02:35:45 GMT
ETag
"dc6ecf856b5d91:0"
Last-Modified
Wed, 12 Jul 2023 21:19:20 GMT
Server
Microsoft-IIS/10.0
X-Powered-By
ASP.NET
bootstrap.min.css
qpak-blazecasino.somee.com/css/
119 KB
120 KB
Stylesheet
General
Full URL
http://qpak-blazecasino.somee.com/css/bootstrap.min.css
Requested by
Host: qpak-blazecasino.somee.com
URL: http://qpak-blazecasino.somee.com/dinheiro-real/page-23-2023-06-21.html
Protocol
HTTP/1.1
Server
155.254.244.30 Dallas, United States, ASN19969 (JOESDATACENTER, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
77d6cef356868f46018abf1911b049186a3e4ca73b0f0cadf48033694324948c

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://qpak-blazecasino.somee.com/dinheiro-real/page-23-2023-06-21.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Wed, 22 Nov 2023 02:35:46 GMT
Last-Modified
Wed, 12 Jul 2023 21:19:12 GMT
Server
Microsoft-IIS/10.0
ETag
"617bf816b5d91:0"
X-Powered-By
ASP.NET
Content-Type
text/css
Accept-Ranges
bytes
Content-Length
122184
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/
150 KB
52 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6890287250975679
Requested by
Host: qpak-blazecasino.somee.com
URL: http://qpak-blazecasino.somee.com/dinheiro-real/page-23-2023-06-21.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0576ec0d3f9ad5799e7c80333c6d0a18bd8e976d4c26a7c89dee4518d848dc66
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://qpak-blazecasino.somee.com/
Origin
http://qpak-blazecasino.somee.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 02:35:46 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
52730
x-xss-protection
0
server
cafe
etag
3220284570839043756
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Wed, 22 Nov 2023 02:35:46 GMT
qwertymin.js
qpak-blazecasino.somee.com/css/
1 KB
2 KB
Script
General
Full URL
http://qpak-blazecasino.somee.com/css/qwertymin.js
Requested by
Host: qpak-blazecasino.somee.com
URL: http://qpak-blazecasino.somee.com/dinheiro-real/page-23-2023-06-21.html
Protocol
HTTP/1.1
Server
155.254.244.30 Dallas, United States, ASN19969 (JOESDATACENTER, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
0ae5586d9890485b7d9cddaad714e8df68cb7abfd679402458149db9f38fdc42

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://qpak-blazecasino.somee.com/dinheiro-real/page-23-2023-06-21.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Wed, 22 Nov 2023 02:35:46 GMT
Last-Modified
Wed, 12 Jul 2023 21:19:11 GMT
Server
Microsoft-IIS/10.0
ETag
"f29668806b5d91:0"
X-Powered-By
ASP.NET
Content-Type
application/javascript
Accept-Ranges
bytes
Content-Length
1365
ca%C3%A7a-niqueis-slots-cassino.jpg
www.gocassinos.com.br/wp-content/uploads/sites/4/2019/10/
0
0

how-to-win-novomatic-queen-of-hearts-deluxe.gif
bestnetentcasino.info/images/win-novomatic-slots/how-to-win-novomatic-13/
32 KB
33 KB
Image
General
Full URL
https://bestnetentcasino.info/images/win-novomatic-slots/how-to-win-novomatic-13/how-to-win-novomatic-queen-of-hearts-deluxe.gif
Requested by
Host: qpak-blazecasino.somee.com
URL: http://qpak-blazecasino.somee.com/dinheiro-real/page-23-2023-06-21.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ddc72d92caa637f906e75be3e02c325e674184844852f8b3b1683c4dd3f21e5b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://qpak-blazecasino.somee.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 02:35:46 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
content-length
33012
last-modified
Sun, 24 Jul 2022 12:47:50 GMT
server
cloudflare
etag
"62dd3f76-80f4"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rWAi1ztXez17XDlWM7IW9pOLff%2BM%2BySHCEte0rL3ZIkrul64vWvpAZ45IdKiKwRyjajJpK44fjdNYSpenybsj2uiB1lbFA7yHouOQNrjoU7NjstHeCIyAnZbXiInBqQ4ojjtMviK0NM7JgBwXPkEurxSkBk%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
829dc7f09fc1bba4-FRA
show_ads_impl_with_ama_fy2021.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311090101/
400 KB
135 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311090101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6890287250975679&plah=qpak-blazecasino.somee.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6890287250975679
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
250224ce8abd01aba108bbe39991460a9a6589d33d477e776b49c7d00f5a2d64
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://qpak-blazecasino.somee.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 02:35:48 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
138535
x-xss-protection
0
server
cafe
etag
147052532826784030
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
expires
Wed, 22 Nov 2023 02:35:48 GMT
zrt_lookup_inhead_fy2021.html
googleads.g.doubleclick.net/pagead/html/r20231109/r20190131/ Frame 0E55
9 KB
4 KB
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20231109/r20190131/zrt_lookup_inhead_fy2021.html?hello=world
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6890287250975679
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9a06aa84f08b4d57747e5eba867aa061deaadb4e657ca532d10e73b5a36fd73c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
http://qpak-blazecasino.somee.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
61129
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=1209600
content-encoding
br
content-length
4111
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Tue, 21 Nov 2023 09:36:57 GMT
etag
13268084621564590274
expires
Tue, 05 Dec 2023 09:36:57 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
canstock14104432.jpg
cdn.xl.thumbs.canstockphoto.com/
Redirect Chain
  • http://cdn.xl.thumbs.canstockphoto.com/canstock14104432.jpg
  • https://cdn.xl.thumbs.canstockphoto.com/canstock14104432.jpg
69 KB
70 KB
Image
General
Full URL
https://cdn.xl.thumbs.canstockphoto.com/canstock14104432.jpg
Requested by
Host: qpak-blazecasino.somee.com
URL: http://qpak-blazecasino.somee.com/dinheiro-real/page-23-2023-06-21.html
Protocol
HTTP/1.1
Server
144.202.1.6 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS
144.202.1.6.vultrusercontent.com
Software
nginx/1.14.1 /
Resource Hash
f33042ad925814f35a35dea8a8b6332a8d2f3aee2695b7bb08aa836ab1a10410

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://qpak-blazecasino.somee.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Wed, 22 Nov 2023 02:35:47 GMT
x-amz-meta-fl-original-md5
23905e70672005a5efc186202ef68498
x-amz-version-id
4_zcdd1395d1afaca7d7ec90b18_f10839c8b16dd81e7_d20211108_m005322_c002_v0001140_t0052
Last-Modified
Mon, 08 Nov 2021 00:53:22 GMT
Server
nginx/1.14.1
x-amz-request-id
1a40e3680ce4285d
ETag
"23905e70672005a5efc186202ef68498"
x-amz-meta-src_last_modified_millis
1614533688000
Content-Type
image/jpeg
Cache-Control
max-age=15552000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
70660
x-amz-id-2
aZGsxfzlYZMxhomGvYbNkp2XNOeViiDhA

Redirect headers

Location
https://cdn.xl.thumbs.canstockphoto.com/canstock14104432.jpg
Date
Wed, 22 Nov 2023 02:35:46 GMT
Server
nginx/1.14.1
Connection
keep-alive
Content-Length
185
Content-Type
text/html
South-Park-Slot.jpg
casinoonline777.com.br/wp-content/uploads/2017/07/
12 KB
13 KB
Image
General
Full URL
https://casinoonline777.com.br/wp-content/uploads/2017/07/South-Park-Slot.jpg
Requested by
Host: qpak-blazecasino.somee.com
URL: http://qpak-blazecasino.somee.com/dinheiro-real/page-23-2023-06-21.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::ac43:ca79 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PleskLin
Resource Hash
c49cd4239633beddcd627ac1386839671d53f38b1affbf944774446ee6d95384

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://qpak-blazecasino.somee.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 02:35:47 GMT
cf-cache-status
MISS
last-modified
Thu, 23 Jul 2020 17:25:20 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
"5f19c800-30ed"
x-powered-by
PleskLin
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=53GJgVKamX3BwxOcKlzb7M%2FqU3CM5tNq6edXGnUHDr%2FR10nLPrX8pXpYzZL0epeTaGf6Nb2N9xf4Gtw02UfBbuFSG2bVkCbbvWC1QdGnDHJuMS7g758WrhREafY7vvY4Mv3E4tRYi3f7P5l5rYL%2FBdM5y6Ah"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
max-age=691200
accept-ranges
bytes
cf-ray
829dc7f15f6d65de-FRA
alt-svc
h3=":443"; ma=86400
content-length
12525
cat-queen-1024x768.jpg
cacaniqueis77.com/wp-content/uploads/2017/08/
0
0
Image
General
Full URL
https://cacaniqueis77.com/wp-content/uploads/2017/08/cat-queen-1024x768.jpg
Requested by
Host: qpak-blazecasino.somee.com
URL: http://qpak-blazecasino.somee.com/dinheiro-real/page-23-2023-06-21.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::6815:51f6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://qpak-blazecasino.somee.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

toys-of-joy.jpg
cacaniqueis77.com/wp-content/uploads/2017/01/
0
0
Image
General
Full URL
https://cacaniqueis77.com/wp-content/uploads/2017/01/toys-of-joy.jpg
Requested by
Host: qpak-blazecasino.somee.com
URL: http://qpak-blazecasino.somee.com/dinheiro-real/page-23-2023-06-21.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::6815:51f6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://qpak-blazecasino.somee.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

queens-of-hearts-deluxe-tragamonedas-SIMBOLOS-DEL-JUEGO.jpg
www.juegocasinos.com.mx/wp-content/uploads/
53 KB
53 KB
Image
General
Full URL
https://www.juegocasinos.com.mx/wp-content/uploads/queens-of-hearts-deluxe-tragamonedas-SIMBOLOS-DEL-JUEGO.jpg
Requested by
Host: qpak-blazecasino.somee.com
URL: http://qpak-blazecasino.somee.com/dinheiro-real/page-23-2023-06-21.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
173.236.206.202 , United States, ASN26347 (DREAMHOST-AS, US),
Reverse DNS
vps36948.dreamhostps.com
Software
Apache /
Resource Hash
6f90c5a30e51fd550bc5cba5260c2b9cbfd4d98bd965b8f9e2362a1768a2f48f

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://qpak-blazecasino.somee.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 02:35:49 GMT
referrer-policy
last-modified
Sat, 27 Jan 2018 22:04:33 GMT
server
Apache
etag
"d2ee-563c932a7fe40"
vary
Accept-Encoding,User-Agent
content-type
image/jpeg
cache-control
max-age=31536000
accept-ranges
bytes
content-length
53998
expires
Thu, 21 Nov 2024 02:35:49 GMT
bar-7s-1024x768.jpg
cacaniqueis77.com/wp-content/uploads/2017/03/
0
0
Image
General
Full URL
https://cacaniqueis77.com/wp-content/uploads/2017/03/bar-7s-1024x768.jpg
Requested by
Host: qpak-blazecasino.somee.com
URL: http://qpak-blazecasino.somee.com/dinheiro-real/page-23-2023-06-21.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::6815:51f6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://qpak-blazecasino.somee.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

queen-of-hearts-deluxe-social.png
www.onlinecasinosportugal.pt/wp-content/uploads/2021/06/
429 KB
430 KB
Image
General
Full URL
https://www.onlinecasinosportugal.pt/wp-content/uploads/2021/06/queen-of-hearts-deluxe-social.png
Requested by
Host: qpak-blazecasino.somee.com
URL: http://qpak-blazecasino.somee.com/dinheiro-real/page-23-2023-06-21.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3108::ac42:284f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b56c9956389904fe5fc7b71ef6981fa42299cbe73e664f04dcee761e9d9c9a20
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://qpak-blazecasino.somee.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 02:35:49 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
content-length
439495
last-modified
Thu, 10 Jun 2021 07:56:31 GMT
server
cloudflare
etag
"6b4c7-5c464bab1ac13"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6Mk4het1nV4jPLspZfxH3LAIz9rWHq7lN9SEzQb0bCQkfkl0Fx4QTpfWFXomNHOEDb4ZCHlFwtBhDIO41desF2ckzHubEMtu5RZ5Uqlwd3sUSIaPx%2BOFQ0sKNLEoKdG%2BI0Ru3NZ7SRetk5e%2BD1sMeJDPxZiUmEm1ego%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=16070400
accept-ranges
bytes
cf-ray
829dc8046d9a4dbf-FRA
halloween-king-239x200.jpg
cacaniqueis77.com/wp-content/uploads/2015/10/
0
0
Image
General
Full URL
https://cacaniqueis77.com/wp-content/uploads/2015/10/halloween-king-239x200.jpg
Requested by
Host: qpak-blazecasino.somee.com
URL: http://qpak-blazecasino.somee.com/dinheiro-real/page-23-2023-06-21.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::6815:51f6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://qpak-blazecasino.somee.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.11.0/
94 KB
33 KB
Script
General
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js
Requested by
Host: qpak-blazecasino.somee.com
URL: http://qpak-blazecasino.somee.com/dinheiro-real/page-23-2023-06-21.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b294e973896f8f874e90a8eb1a8908ac790980d034c4c4bdf0fc3d37b8abf682
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://qpak-blazecasino.somee.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 15 Nov 2023 19:11:47 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
545040
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
33576
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 14 Nov 2024 19:11:47 GMT
addthis_widget.js
s7.addthis.com/js/300/
Redirect Chain
  • http://s7.addthis.com/js/300/addthis_widget.js
  • https://s7.addthis.com/js/300/addthis_widget.js
56 B
361 B
Script
General
Full URL
https://s7.addthis.com/js/300/addthis_widget.js
Requested by
Host: qpak-blazecasino.somee.com
URL: http://qpak-blazecasino.somee.com/dinheiro-real/page-23-2023-06-21.html
Protocol
H2
Server
23.45.238.53 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-45-238-53.deploy.static.akamaitechnologies.com
Software
Oracle API Gateway /
Resource Hash
f475c34186022ba531ebc8bba97fc10df7e4c3ea854f314a18ab0644c851620d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://qpak-blazecasino.somee.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
date
Wed, 22 Nov 2023 02:35:47 GMT
server
Oracle API Gateway
opc-request-id
/51EBBD9769435647B23EC0F4B0826C82/92B81A0D0AF9227BB9480D3DBFEA6706
x-frame-options
sameorigin
vary
Accept-Encoding
content-type
text/javascript
x-distribution
99
x-host
s7.addthis.com
content-length
76
x-xss-protection
1; mode=block

Redirect headers

Date
Wed, 22 Nov 2023 02:35:47 GMT
Server
nginx/1.15.8
X-Distribution
99
Content-Type
text/html
Location
https://s7.addthis.com/js/300/addthis_widget.js
X-Host
s7.addthis.com
Connection
keep-alive
Content-Length
171
js
www.googletagmanager.com/gtag/
277 KB
92 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-WKKLPLJP3V
Requested by
Host: qpak-blazecasino.somee.com
URL: http://qpak-blazecasino.somee.com/dinheiro-real/page-23-2023-06-21.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
1a6f57f50abb3de80ca6c9a06bbb1a26deba151ada72294582ba1864c324dfc2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://qpak-blazecasino.somee.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 02:35:50 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
93567
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Wed, 22 Nov 2023 02:35:50 GMT
js
www.googletagmanager.com/gtag/
260 KB
88 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-B29892VMGP
Requested by
Host: qpak-blazecasino.somee.com
URL: http://qpak-blazecasino.somee.com/dinheiro-real/page-23-2023-06-21.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
363e052a957912d425501b451390ca829014931701c2740c66673163db91b365
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://qpak-blazecasino.somee.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 02:35:50 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
89622
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Wed, 22 Nov 2023 02:35:50 GMT
js
www.googletagmanager.com/gtag/
173 KB
63 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-96521599-1
Requested by
Host: qpak-blazecasino.somee.com
URL: http://qpak-blazecasino.somee.com/dinheiro-real/page-23-2023-06-21.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
cb0f07061d7e351991a34c69c3d6ea18a1adf9bc4374a65b48924043c174d41e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://qpak-blazecasino.somee.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 02:35:50 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
64590
x-xss-protection
0
last-modified
Wed, 22 Nov 2023 00:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 22 Nov 2023 02:35:50 GMT
js
www.googletagmanager.com/gtag/
173 KB
63 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-199856617-1
Requested by
Host: qpak-blazecasino.somee.com
URL: http://qpak-blazecasino.somee.com/dinheiro-real/page-23-2023-06-21.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
ac4608e331e0339bb226d3925fa3b3a57632bb72768554c0ca64528e96324bef
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://qpak-blazecasino.somee.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 02:35:50 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
64626
x-xss-protection
0
last-modified
Wed, 22 Nov 2023 00:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 22 Nov 2023 02:35:50 GMT
js
www.googletagmanager.com/gtag/
173 KB
63 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-162690612-1
Requested by
Host: qpak-blazecasino.somee.com
URL: http://qpak-blazecasino.somee.com/dinheiro-real/page-23-2023-06-21.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
206da568f084d571e22fef55285006f9d822bb30c1c94110d753f2ef8d7837c7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://qpak-blazecasino.somee.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 22 Nov 2023 02:35:50 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
64625
x-xss-protection
0
last-modified
Wed, 22 Nov 2023 00:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 22 Nov 2023 02:35:50 GMT
bronline
91.215.152.128/
0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
www.gocassinos.com.br
URL
https://www.gocassinos.com.br/wp-content/uploads/sites/4/2019/10/ca%C3%A7a-niqueis-slots-cassino.jpg
Domain
91.215.152.128
URL
http://91.215.152.128/bronline?default_keyword=Caca-niqueis+online+gratis+Queen+of+Hearts+Deluxe

Verdicts & Comments Add Verdict or Comment

17 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| google_js_reporting_queue number| google_srt object| google_persistent_state_async object| google_logging_queue number| tmod object| google_ad_modifications object| ggeac boolean| google_measure_js_timing object| google_reactive_ads_global_state object| adsbygoogle object| google_sa_queue function| google_process_slots number| google_rum_task_id_counter string| keyword object| _0xdfb0 function| google_sa_impl

0 Cookies

7 Console Messages

Source Level URL
Text
network error URL: https://www.gocassinos.com.br/wp-content/uploads/sites/4/2019/10/ca%C3%A7a-niqueis-slots-cassino.jpg
Message:
Failed to load resource: net::ERR_NAME_NOT_RESOLVED
javascript warning
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, http://91.215.152.128/bronline?default_keyword=Caca-niqueis+online+gratis+Queen+of+Hearts+Deluxe, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, http://91.215.152.128/bronline?default_keyword=Caca-niqueis+online+gratis+Queen+of+Hearts+Deluxe, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network error URL: https://cacaniqueis77.com/wp-content/uploads/2017/08/cat-queen-1024x768.jpg
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://cacaniqueis77.com/wp-content/uploads/2017/01/toys-of-joy.jpg
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://cacaniqueis77.com/wp-content/uploads/2017/03/bar-7s-1024x768.jpg
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://cacaniqueis77.com/wp-content/uploads/2015/10/halloween-king-239x200.jpg
Message:
Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

91.215.152.128
ajax.googleapis.com
bestnetentcasino.info
cacaniqueis77.com
casinoonline777.com.br
cdn.xl.thumbs.canstockphoto.com
googleads.g.doubleclick.net
pagead2.googlesyndication.com
qpak-blazecasino.somee.com
s7.addthis.com
www.gocassinos.com.br
www.googletagmanager.com
www.juegocasinos.com.mx
www.onlinecasinosportugal.pt
91.215.152.128
www.gocassinos.com.br
144.202.1.6
155.254.244.30
173.236.206.202
23.45.238.53
2606:4700:3030::6815:51f6
2606:4700:3037::ac43:ca79
2606:4700:3108::ac42:284f
2a00:1450:4001:801::2002
2a00:1450:4001:80b::2002
2a00:1450:4001:80e::200a
2a00:1450:4001:80f::2008
2a06:98c1:3121::3
0576ec0d3f9ad5799e7c80333c6d0a18bd8e976d4c26a7c89dee4518d848dc66
087dbfc286e64a588a1165da4ec91366cafb1a389ef45e2d61f3811f34dc1b8c
0ae5586d9890485b7d9cddaad714e8df68cb7abfd679402458149db9f38fdc42
1a6f57f50abb3de80ca6c9a06bbb1a26deba151ada72294582ba1864c324dfc2
206da568f084d571e22fef55285006f9d822bb30c1c94110d753f2ef8d7837c7
250224ce8abd01aba108bbe39991460a9a6589d33d477e776b49c7d00f5a2d64
363e052a957912d425501b451390ca829014931701c2740c66673163db91b365
6f90c5a30e51fd550bc5cba5260c2b9cbfd4d98bd965b8f9e2362a1768a2f48f
77d6cef356868f46018abf1911b049186a3e4ca73b0f0cadf48033694324948c
9a06aa84f08b4d57747e5eba867aa061deaadb4e657ca532d10e73b5a36fd73c
ac4608e331e0339bb226d3925fa3b3a57632bb72768554c0ca64528e96324bef
b294e973896f8f874e90a8eb1a8908ac790980d034c4c4bdf0fc3d37b8abf682
b56c9956389904fe5fc7b71ef6981fa42299cbe73e664f04dcee761e9d9c9a20
c49cd4239633beddcd627ac1386839671d53f38b1affbf944774446ee6d95384
cb0f07061d7e351991a34c69c3d6ea18a1adf9bc4374a65b48924043c174d41e
ddc72d92caa637f906e75be3e02c325e674184844852f8b3b1683c4dd3f21e5b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f33042ad925814f35a35dea8a8b6332a8d2f3aee2695b7bb08aa836ab1a10410
f475c34186022ba531ebc8bba97fc10df7e4c3ea854f314a18ab0644c851620d