Submitted URL: https://dreamkelly.com/
Effective URL: https://beaverpalace.com/enter/?redir=dreamkelly.com
Submission: On April 04 via api from US — Scanned from US

Summary

This website contacted 3 IPs in 2 countries across 5 domains to perform 23 HTTP transactions. The main IP is 208.122.194.168, located in United States and belongs to MOJOHOST, US. The main domain is beaverpalace.com.
TLS certificate: Issued by R3 on April 4th 2024. Valid for: 3 months.
This is the only time beaverpalace.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 19 208.122.194.168 27589 (MOJOHOST)
4 13.225.63.84 16509 (AMAZON-02)
1 1 2606:4700:303... 13335 (CLOUDFLAR...)
1 104.19.232.74 13335 (CLOUDFLAR...)
23 3
Apex Domain
Subdomains
Transfer
18 beaverpalace.com
beaverpalace.com
2 MB
4 fuckyoucash.com
cdn.fuckyoucash.com
403 KB
1 psmcdn.net
images.psmcdn.net — Cisco Umbrella Rank: 462460
77 KB
1 teamskeetimages.com
cdn.teamskeetimages.com
483 B
1 dreamkelly.com
dreamkelly.com
116 B
23 5
Domain Requested by
18 beaverpalace.com beaverpalace.com
4 cdn.fuckyoucash.com beaverpalace.com
1 images.psmcdn.net beaverpalace.com
1 cdn.teamskeetimages.com 1 redirects
1 dreamkelly.com 1 redirects
23 5
Subject Issuer Validity Valid
beaverpalace.com
R3
2024-04-04 -
2024-07-03
3 months crt.sh
fuckyoucash.com
Amazon RSA 2048 M01
2023-07-07 -
2024-08-04
a year crt.sh

This page contains 1 frames:

Primary Page: https://beaverpalace.com/enter/?redir=dreamkelly.com
Frame ID: 6E8504D82ADF0A985C2D5CB48A832D8C
Requests: 23 HTTP requests in this frame

Screenshot

Page Title

Members Gateway

Page URL History Show full URLs

  1. https://dreamkelly.com/ HTTP 301
    https://beaverpalace.com/enter/?redir=dreamkelly.com Page URL

Page Statistics

23
Requests

96 %
HTTPS

25 %
IPv6

5
Domains

5
Subdomains

3
IPs

2
Countries

2932 kB
Transfer

3018 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://dreamkelly.com/ HTTP 301
    https://beaverpalace.com/enter/?redir=dreamkelly.com Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 6
  • https://cdn.teamskeetimages.com/st/banners/tla_300x250_132.gif HTTP 301
  • https://images.psmcdn.net/st/banners/tla_300x250_132.gif

23 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
beaverpalace.com/enter/
Redirect Chain
  • https://dreamkelly.com/
  • https://beaverpalace.com/enter/?redir=dreamkelly.com
76 KB
29 KB
Document
General
Full URL
https://beaverpalace.com/enter/?redir=dreamkelly.com
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
208.122.194.168 , United States, ASN27589 (MOJOHOST, US),
Reverse DNS
mrcameltoe123.com
Software
Apache / PHP/5.6.40
Resource Hash
52392a30749042f2239d5787c58aa37415a304c87e868b6a1ff05d3ba56a44c5

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language
en-US,en;q=0.9
sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

content-encoding
gzip
content-length
29359
content-type
text/html; charset=UTF-8
date
Thu, 04 Apr 2024 21:33:23 GMT
server
Apache
vary
Accept-Encoding,User-Agent
x-powered-by
PHP/5.6.40

Redirect headers

content-length
260
content-type
text/html; charset=iso-8859-1
date
Thu, 04 Apr 2024 21:33:22 GMT
location
https://beaverpalace.com/enter/?redir=dreamkelly.com
server
Apache
combined22.js
beaverpalace.com/script/
81 KB
31 KB
Script
General
Full URL
https://beaverpalace.com/script/combined22.js
Requested by
Host: beaverpalace.com
URL: https://beaverpalace.com/enter/?redir=dreamkelly.com
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
208.122.194.168 , United States, ASN27589 (MOJOHOST, US),
Reverse DNS
mrcameltoe123.com
Software
Apache /
Resource Hash
8107d406a033f33127bd32c93db3e2dacdaea5a70b67e9fdb85a53334a0d2398

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://beaverpalace.com/enter/?redir=dreamkelly.com
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Apr 2024 21:33:23 GMT
content-encoding
gzip
last-modified
Sun, 24 May 2020 04:25:26 GMT
server
Apache
etag
"144d2-5a65d407274a2-gzip"
vary
Accept-Encoding,User-Agent
content-type
application/javascript
cache-control
max-age=2592000
accept-ranges
bytes
content-length
30967
expires
Sat, 04 May 2024 21:33:23 GMT
gfpublic.jpg
beaverpalace.com/enter/images/
34 KB
35 KB
Image
General
Full URL
https://beaverpalace.com/enter/images/gfpublic.jpg
Requested by
Host: beaverpalace.com
URL: https://beaverpalace.com/enter/?redir=dreamkelly.com
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
208.122.194.168 , United States, ASN27589 (MOJOHOST, US),
Reverse DNS
mrcameltoe123.com
Software
Apache /
Resource Hash
e1c0a1aef52ad88d340014ac34f89030711803b7c75ad6d3a07e811d74fe865d

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://beaverpalace.com/enter/?redir=dreamkelly.com
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Apr 2024 21:33:23 GMT
last-modified
Mon, 27 May 2019 18:43:28 GMT
server
Apache
etag
"8975-589e2ec924455"
vary
User-Agent
content-type
image/jpeg
cache-control
max-age=31536000
accept-ranges
bytes
content-length
35189
expires
Fri, 04 Apr 2025 21:33:23 GMT
gflesbo.jpg
beaverpalace.com/enter/images/
28 KB
28 KB
Image
General
Full URL
https://beaverpalace.com/enter/images/gflesbo.jpg
Requested by
Host: beaverpalace.com
URL: https://beaverpalace.com/enter/?redir=dreamkelly.com
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
208.122.194.168 , United States, ASN27589 (MOJOHOST, US),
Reverse DNS
mrcameltoe123.com
Software
Apache /
Resource Hash
7c4bc0cc1632c986e25b61eb2b1a64fb269aa8d6beff074b9912ff4c0275d5b3

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://beaverpalace.com/enter/?redir=dreamkelly.com
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Apr 2024 21:33:23 GMT
last-modified
Mon, 27 May 2019 18:43:27 GMT
server
Apache
etag
"6e02-589e2ec8c2200"
vary
User-Agent
content-type
image/jpeg
cache-control
max-age=31536000
accept-ranges
bytes
content-length
28162
expires
Fri, 04 Apr 2025 21:33:23 GMT
watchmygf.jpg
beaverpalace.com/enter/images/
30 KB
30 KB
Image
General
Full URL
https://beaverpalace.com/enter/images/watchmygf.jpg
Requested by
Host: beaverpalace.com
URL: https://beaverpalace.com/enter/?redir=dreamkelly.com
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
208.122.194.168 , United States, ASN27589 (MOJOHOST, US),
Reverse DNS
mrcameltoe123.com
Software
Apache /
Resource Hash
b0335093fe67e833e10ee709e81fb6d721d6ed30605021e28533accd025bd6bb

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://beaverpalace.com/enter/?redir=dreamkelly.com
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Apr 2024 21:33:23 GMT
last-modified
Mon, 24 Jun 2019 02:42:05 GMT
server
Apache
etag
"78bc-58c08c1f4112e"
vary
User-Agent
content-type
image/jpeg
cache-control
max-age=31536000
accept-ranges
bytes
content-length
30908
expires
Fri, 04 Apr 2025 21:33:23 GMT
900x250_02.jpg
cdn.fuckyoucash.com/uploads/banner/image/5524/
111 KB
112 KB
Image
General
Full URL
https://cdn.fuckyoucash.com/uploads/banner/image/5524/900x250_02.jpg
Requested by
Host: beaverpalace.com
URL: https://beaverpalace.com/enter/?redir=dreamkelly.com
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.225.63.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-63-84.ewr53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
c59b76d8a4c2196228adfda8c4df2d640b3c9b7a93aa85fa6ab154b39019c9e1

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://beaverpalace.com/
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Tue, 06 Feb 2024 13:12:06 GMT
Via
1.1 2ead2a81ff8cd9f180f8ec7fa0607b6e.cloudfront.net (CloudFront)
Last-Modified
Wed, 10 Apr 2019 21:05:21 GMT
Server
AmazonS3
X-Amz-Cf-Pop
EWR53-C1
Age
5041278
ETag
"3a9b0ed79fb626b9398af61b39463cab"
X-Cache
Hit from cloudfront
Content-Type
image/jpeg
Cache-Control
max-age=31536000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
114071
X-Amz-Cf-Id
D0nQfIhRHPYFhzS4sDjodCPaAWHzrfgoNe9xKihUyu12ruP0Z5VofA==
public6.jpg
beaverpalace.com/enter/images/
28 KB
29 KB
Image
General
Full URL
https://beaverpalace.com/enter/images/public6.jpg
Requested by
Host: beaverpalace.com
URL: https://beaverpalace.com/enter/?redir=dreamkelly.com
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
208.122.194.168 , United States, ASN27589 (MOJOHOST, US),
Reverse DNS
mrcameltoe123.com
Software
Apache /
Resource Hash
3396143e0dec7dc945320b4f5adef13e94aad24446ced06c75f44a830714c903

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://beaverpalace.com/enter/?redir=dreamkelly.com
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Apr 2024 21:33:23 GMT
last-modified
Tue, 28 May 2019 01:30:51 GMT
server
Apache
etag
"7161-589e89d7bb349"
vary
User-Agent
content-type
image/jpeg
cache-control
max-age=31536000
accept-ranges
bytes
content-length
29025
expires
Fri, 04 Apr 2025 21:33:23 GMT
tla_300x250_132.gif
images.psmcdn.net/st/banners/
Redirect Chain
  • https://cdn.teamskeetimages.com/st/banners/tla_300x250_132.gif
  • https://images.psmcdn.net/st/banners/tla_300x250_132.gif
76 KB
77 KB
Image
General
Full URL
https://images.psmcdn.net/st/banners/tla_300x250_132.gif
Requested by
Host: beaverpalace.com
URL: https://beaverpalace.com/enter/?redir=dreamkelly.com
Protocol
H3
Server
104.19.232.74 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
30be0432c9ed29ba3b25f7d000c5f34b684b4bfc9354130d6d8d646690b4d454
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

accept-language
en-US,en;q=0.9
Referer
https://beaverpalace.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

date
Thu, 04 Apr 2024 21:33:23 GMT
strict-transport-security
max-age=63072000
cf-cache-status
HIT
x-amz-version-id
4_zee2091478ade62297e60051a_f108b1729ad90df12_d20210909_m172730_c000_v0001086_t0001
age
82479
cf-polished
origFmt=gif, origSize=237612
x-origin-code
bb
x-amz-meta-src_last_modified_millis
1457556989906
content-disposition
inline; filename="tla_300x250_132.webp"
alt-svc
h3=":443"; ma=86400
content-length
77800
x-amz-id-2
aZagwczH7N5lh8GV5MlM5HGWhMNY1FmGy
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 09 Sep 2021 17:27:30 GMT
cf-bgj
imgq:100,h2pri
server
cloudflare
etag
"05bdca3541a5a0ad37bbc56b22812b1c"
vary
Accept, Accept-Encoding
content-type
image/gif
access-control-allow-origin
*
cache-control
public, immutable, s-maxage=7776000, max-age=7776000
accept-ranges
bytes
cf-ray
86f46a9d0e4f36db-YYZ
expires
Fri, 04 Apr 2025 21:33:23 GMT

Redirect headers

date
Thu, 04 Apr 2024 21:33:23 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lf%2Bhh294QE1c1n2f5fUzLD1vfC4gT9aYPuUDyUYsEoELuoO5GuDcQeuVAIvIzNFBf%2BlK3fnaMcX9zCAMJjENUQKiWRcnn2HvCoQtvI799Cc8wfq3HxGo4qUXQ4eTRz88RF7LW4yuCqg2%2BVW0GFAPJoggm3BSuw%3D%3D"}],"group":"cf-nel","max_age":604800}
location
https://images.psmcdn.net/st/banners/tla_300x250_132.gif
cache-control
max-age=3600
cf-ray
86f46a9c8c384bc1-BUF
alt-svc
h3=":443"; ma=86400
expires
Thu, 04 Apr 2024 22:33:23 GMT
evis.jpg
beaverpalace.com/enter/images/
2 MB
2 MB
Image
General
Full URL
https://beaverpalace.com/enter/images/evis.jpg
Requested by
Host: beaverpalace.com
URL: https://beaverpalace.com/enter/?redir=dreamkelly.com
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
208.122.194.168 , United States, ASN27589 (MOJOHOST, US),
Reverse DNS
mrcameltoe123.com
Software
Apache /
Resource Hash
c9780b52e1f8843501b63beab701df06e5ade310326999afd8845113ad110e8e

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://beaverpalace.com/enter/?redir=dreamkelly.com
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Apr 2024 21:33:23 GMT
last-modified
Wed, 15 May 2019 22:05:09 GMT
server
Apache
etag
"1c1489-588f457c77f6a"
vary
User-Agent
content-type
image/jpeg
cache-control
max-age=31536000
accept-ranges
bytes
content-length
1840265
expires
Fri, 04 Apr 2025 21:33:23 GMT
gfbdsm.jpg
beaverpalace.com/enter/images/
71 KB
71 KB
Image
General
Full URL
https://beaverpalace.com/enter/images/gfbdsm.jpg
Requested by
Host: beaverpalace.com
URL: https://beaverpalace.com/enter/?redir=dreamkelly.com
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
208.122.194.168 , United States, ASN27589 (MOJOHOST, US),
Reverse DNS
mrcameltoe123.com
Software
Apache /
Resource Hash
d3a7f56a8416b93afe3fc002d99051a2de4c23c271c26d1a2f956204b745100c

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://beaverpalace.com/enter/?redir=dreamkelly.com
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Apr 2024 21:33:23 GMT
last-modified
Mon, 27 May 2019 18:43:27 GMT
server
Apache
etag
"11d59-589e2ec8338b9"
vary
User-Agent
content-type
image/jpeg
cache-control
max-age=31536000
accept-ranges
bytes
content-length
73049
expires
Fri, 04 Apr 2025 21:33:23 GMT
2471.jpg
cdn.fuckyoucash.com/uploads/banner/image/5307/
58 KB
58 KB
Image
General
Full URL
https://cdn.fuckyoucash.com/uploads/banner/image/5307/2471.jpg
Requested by
Host: beaverpalace.com
URL: https://beaverpalace.com/enter/?redir=dreamkelly.com
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.225.63.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-63-84.ewr53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
f3ea8d4f1f43f811ef0953dc05f431b7da312859c3c5e9e373bae6a95c7e9271

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://beaverpalace.com/
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Tue, 06 Feb 2024 13:12:06 GMT
Via
1.1 2d922ab79d41a826404f05ff416bb98c.cloudfront.net (CloudFront)
Last-Modified
Mon, 13 Nov 2017 23:24:51 GMT
Server
AmazonS3
X-Amz-Cf-Pop
EWR53-C1
Age
5041278
ETag
"283d3f67c923e6486051b25bd5c13db2"
X-Cache
Hit from cloudfront
Content-Type
image/jpeg
Cache-Control
max-age=31536000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
59300
X-Amz-Cf-Id
cCEfCLjmmZCM_ArBDF5LtOpTubclygVLys6K1TWI8UGzI8S9olpG8Q==
public3.jpg
beaverpalace.com/enter/images/
41 KB
41 KB
Image
General
Full URL
https://beaverpalace.com/enter/images/public3.jpg
Requested by
Host: beaverpalace.com
URL: https://beaverpalace.com/enter/?redir=dreamkelly.com
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
208.122.194.168 , United States, ASN27589 (MOJOHOST, US),
Reverse DNS
mrcameltoe123.com
Software
Apache /
Resource Hash
f5c655b2741034fd83ffc07e73129309e05f67d51054805bf67162ecce7c0e88

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://beaverpalace.com/enter/?redir=dreamkelly.com
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Apr 2024 21:33:23 GMT
last-modified
Tue, 28 May 2019 01:30:50 GMT
server
Apache
etag
"a3f9-589e89d72dd8f"
vary
User-Agent
content-type
image/jpeg
cache-control
max-age=31536000
accept-ranges
bytes
content-length
41977
expires
Fri, 04 Apr 2025 21:33:23 GMT
indian1.jpg
beaverpalace.com/enter/images/
22 KB
22 KB
Image
General
Full URL
https://beaverpalace.com/enter/images/indian1.jpg
Requested by
Host: beaverpalace.com
URL: https://beaverpalace.com/enter/?redir=dreamkelly.com
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
208.122.194.168 , United States, ASN27589 (MOJOHOST, US),
Reverse DNS
mrcameltoe123.com
Software
Apache /
Resource Hash
a556140d573c3971e2af27967610ded8e8156c01a9880637a177ee6c4535daf9

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://beaverpalace.com/enter/?redir=dreamkelly.com
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Apr 2024 21:33:23 GMT
last-modified
Tue, 25 Jun 2019 04:25:20 GMT
server
Apache
etag
"577e-58c1e51142a37"
vary
User-Agent
content-type
image/jpeg
cache-control
max-age=31536000
accept-ranges
bytes
content-length
22398
expires
Fri, 04 Apr 2025 21:33:23 GMT
gfasian.jpg
beaverpalace.com/enter/images/
24 KB
24 KB
Image
General
Full URL
https://beaverpalace.com/enter/images/gfasian.jpg
Requested by
Host: beaverpalace.com
URL: https://beaverpalace.com/enter/?redir=dreamkelly.com
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
208.122.194.168 , United States, ASN27589 (MOJOHOST, US),
Reverse DNS
mrcameltoe123.com
Software
Apache /
Resource Hash
769bd8d1414182accb791083d326f9463bca555eeed016ef4935e286e9260884

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://beaverpalace.com/enter/?redir=dreamkelly.com
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Apr 2024 21:33:23 GMT
last-modified
Mon, 27 May 2019 18:43:26 GMT
server
Apache
etag
"5f5b-589e2ec7cfef4"
vary
User-Agent
content-type
image/jpeg
cache-control
max-age=31536000
accept-ranges
bytes
content-length
24411
expires
Fri, 04 Apr 2025 21:33:23 GMT
1838.jpg
cdn.fuckyoucash.com/uploads/banner/image/4435/
31 KB
31 KB
Image
General
Full URL
https://cdn.fuckyoucash.com/uploads/banner/image/4435/1838.jpg
Requested by
Host: beaverpalace.com
URL: https://beaverpalace.com/enter/?redir=dreamkelly.com
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.225.63.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-63-84.ewr53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
0a8f6734effe9338321ef216d83bbe753bf3d96c48980df41b48fcbd0fc5caa5

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://beaverpalace.com/
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Thu, 09 Nov 2023 10:37:03 GMT
Via
1.1 007ce3e1b06f57ef1a8d55f0923f723c.cloudfront.net (CloudFront)
Last-Modified
Mon, 13 Nov 2017 23:20:29 GMT
Server
AmazonS3
X-Amz-Cf-Pop
EWR53-C1
Age
12740181
ETag
"7ecc02d1f8e14043c5ca4e0b97669959"
X-Cache
Hit from cloudfront
Content-Type
image/jpeg
Cache-Control
max-age=31536000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
31513
X-Amz-Cf-Id
uY-tuLppK6sAny153RhMTZqHyCVsG954kTLj72bExlIgRKoIsCoEwA==
2458.jpg
cdn.fuckyoucash.com/uploads/banner/image/5161/
201 KB
201 KB
Image
General
Full URL
https://cdn.fuckyoucash.com/uploads/banner/image/5161/2458.jpg
Requested by
Host: beaverpalace.com
URL: https://beaverpalace.com/enter/?redir=dreamkelly.com
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.225.63.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-63-84.ewr53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
b92a7a2c60d4d00a190df7015c2fc035a8a3c487f95eeac393a6202008ea21b8

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://beaverpalace.com/
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Tue, 06 Feb 2024 13:12:06 GMT
Via
1.1 98c9abb82906e5df5d993116d0614420.cloudfront.net (CloudFront)
Last-Modified
Mon, 13 Nov 2017 23:24:10 GMT
Server
AmazonS3
X-Amz-Cf-Pop
EWR53-C1
Age
5041278
ETag
"ee07e0a34302e9997112152858968ae8"
X-Cache
Hit from cloudfront
Content-Type
image/jpeg
Cache-Control
max-age=31536000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
205735
X-Amz-Cf-Id
5NCHjHXhAja3A0kf_AI7wPLuJDPmFy2JwPlRSJU3YTWUNsDyYh6AyQ==
mygflikesitbig.jpg
beaverpalace.com/enter/images/
37 KB
38 KB
Image
General
Full URL
https://beaverpalace.com/enter/images/mygflikesitbig.jpg
Requested by
Host: beaverpalace.com
URL: https://beaverpalace.com/enter/?redir=dreamkelly.com
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
208.122.194.168 , United States, ASN27589 (MOJOHOST, US),
Reverse DNS
mrcameltoe123.com
Software
Apache /
Resource Hash
202b21894d3e42c15134d30c8ccb30570130a6699d8dd1665e7fbec3fa283f2b

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://beaverpalace.com/enter/?redir=dreamkelly.com
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Apr 2024 21:33:23 GMT
last-modified
Mon, 24 Jun 2019 02:42:04 GMT
server
Apache
etag
"9575-58c08c1ed817a"
vary
User-Agent
content-type
image/jpeg
cache-control
max-age=31536000
accept-ranges
bytes
content-length
38261
expires
Fri, 04 Apr 2025 21:33:23 GMT
bdsm2.jpg
beaverpalace.com/enter/images/
25 KB
25 KB
Image
General
Full URL
https://beaverpalace.com/enter/images/bdsm2.jpg
Requested by
Host: beaverpalace.com
URL: https://beaverpalace.com/enter/?redir=dreamkelly.com
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
208.122.194.168 , United States, ASN27589 (MOJOHOST, US),
Reverse DNS
mrcameltoe123.com
Software
Apache /
Resource Hash
c48de02a38785f31e5ded6c451ca6c00bb6c207a683a52fc9b032700278a0920

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://beaverpalace.com/enter/?redir=dreamkelly.com
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Apr 2024 21:33:23 GMT
last-modified
Sat, 22 Jun 2019 15:15:18 GMT
server
Apache
etag
"6329-58beb0c00d469"
vary
User-Agent
content-type
image/jpeg
cache-control
max-age=31536000
accept-ranges
bytes
content-length
25385
expires
Fri, 04 Apr 2025 21:33:23 GMT
giz.jpg
beaverpalace.com/enter/images/
38 KB
38 KB
Image
General
Full URL
https://beaverpalace.com/enter/images/giz.jpg
Requested by
Host: beaverpalace.com
URL: https://beaverpalace.com/enter/?redir=dreamkelly.com
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
208.122.194.168 , United States, ASN27589 (MOJOHOST, US),
Reverse DNS
mrcameltoe123.com
Software
Apache /
Resource Hash
7e03e7eeaac41dfb070eda1789121bd724f9de9c3f07a739305ebc7ffa4649fe

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://beaverpalace.com/enter/?redir=dreamkelly.com
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Apr 2024 21:33:23 GMT
last-modified
Mon, 27 May 2019 18:43:28 GMT
server
Apache
etag
"9815-589e2ec958078"
vary
User-Agent
content-type
image/jpeg
cache-control
max-age=31536000
accept-ranges
bytes
content-length
38933
expires
Fri, 04 Apr 2025 21:33:23 GMT
thefosters.jpg
beaverpalace.com/enter/images/
107 KB
107 KB
Image
General
Full URL
https://beaverpalace.com/enter/images/thefosters.jpg
Requested by
Host: beaverpalace.com
URL: https://beaverpalace.com/enter/?redir=dreamkelly.com
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
208.122.194.168 , United States, ASN27589 (MOJOHOST, US),
Reverse DNS
mrcameltoe123.com
Software
Apache /
Resource Hash
456d7c0511ba7d467c6c8cc9be353969ec4e9d4ba56e82a3323b7deac51e1538

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://beaverpalace.com/enter/?redir=dreamkelly.com
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Apr 2024 21:33:23 GMT
last-modified
Thu, 16 May 2019 19:16:40 GMT
server
Apache
etag
"1aa07-589061b111928"
vary
User-Agent
content-type
image/jpeg
cache-control
max-age=31536000
accept-ranges
bytes
content-length
109063
expires
Fri, 04 Apr 2025 21:33:23 GMT
headofthehouse.jpg
beaverpalace.com/enter/images/
101 KB
101 KB
Image
General
Full URL
https://beaverpalace.com/enter/images/headofthehouse.jpg
Requested by
Host: beaverpalace.com
URL: https://beaverpalace.com/enter/?redir=dreamkelly.com
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
208.122.194.168 , United States, ASN27589 (MOJOHOST, US),
Reverse DNS
mrcameltoe123.com
Software
Apache /
Resource Hash
a745be126c83cfab6faa9f363955cfe57f7eb4335fdfd772dba183b2eb84597c

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://beaverpalace.com/enter/?redir=dreamkelly.com
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Apr 2024 21:33:23 GMT
last-modified
Sun, 19 May 2019 03:05:05 GMT
server
Apache
etag
"192f1-58934e1e95cd0"
vary
User-Agent
content-type
image/jpeg
cache-control
max-age=31536000
accept-ranges
bytes
content-length
103153
expires
Fri, 04 Apr 2025 21:33:23 GMT
getAccess.jpg
beaverpalace.com/images/
1 KB
1 KB
Image
General
Full URL
https://beaverpalace.com/images/getAccess.jpg
Requested by
Host: beaverpalace.com
URL: https://beaverpalace.com/enter/?redir=dreamkelly.com
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
208.122.194.168 , United States, ASN27589 (MOJOHOST, US),
Reverse DNS
mrcameltoe123.com
Software
Apache /
Resource Hash
3d258d8c00dc0fab2eae2445dc632fbcb131fba85f1446dadd22eae5f4ed5afc

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://beaverpalace.com/enter/?redir=dreamkelly.com
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Apr 2024 21:33:23 GMT
last-modified
Thu, 28 Mar 2019 18:45:56 GMT
server
Apache
etag
"4a2-5852bf6f63031"
vary
User-Agent
content-type
image/jpeg
cache-control
max-age=31536000
accept-ranges
bytes
content-length
1186
expires
Fri, 04 Apr 2025 21:33:23 GMT
favicon.ico
beaverpalace.com/
196 B
246 B
Other
General
Full URL
https://beaverpalace.com/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
208.122.194.168 , United States, ASN27589 (MOJOHOST, US),
Reverse DNS
mrcameltoe123.com
Software
Apache /
Resource Hash
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://beaverpalace.com/enter/?redir=dreamkelly.com
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Apr 2024 21:33:23 GMT
server
Apache
content-length
196
content-type
text/html; charset=iso-8859-1

Verdicts & Comments Add Verdict or Comment

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| z7OO function| G422 function| l5AA function| E5AA function| t8UU function| K7mm function| I8VV function| N7mm string| d03f3eda object| FlatlinePop

1 Cookies

Domain/Path Name / Value
.psmcdn.net/ Name: __cf_bm
Value: iHBAFLD_G5.GJr8mPn2S2VRutV7GMOfhMO_T0cPTlKk-1712266403-1.0.1.1-Q2_0rnUTyqTxzicshF05rT66xCy_9Xn8TYo.oa4bnaokWUG3rGgv3ul2sHYVjuK_yG9wzCPjggNTnoTLC6sjug

12 Console Messages

Source Level URL
Text
security warning URL: https://beaverpalace.com/enter/?redir=dreamkelly.com
Message:
Mixed Content: The page at 'https://beaverpalace.com/enter/?redir=dreamkelly.com' was loaded over HTTPS, but requested an insecure element 'http://cdn.fuckyoucash.com/uploads/banner/image/5524/900x250_02.jpg'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://beaverpalace.com/enter/?redir=dreamkelly.com
Message:
Mixed Content: The page at 'https://beaverpalace.com/enter/?redir=dreamkelly.com' was loaded over HTTPS, but requested an insecure element 'http://cdn.teamskeetimages.com/st/banners/tla_300x250_132.gif'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://beaverpalace.com/enter/?redir=dreamkelly.com
Message:
Mixed Content: The page at 'https://beaverpalace.com/enter/?redir=dreamkelly.com' was loaded over HTTPS, but requested an insecure element 'http://cdn.fuckyoucash.com/uploads/banner/image/5307/2471.jpg'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://beaverpalace.com/enter/?redir=dreamkelly.com
Message:
Mixed Content: The page at 'https://beaverpalace.com/enter/?redir=dreamkelly.com' was loaded over HTTPS, but requested an insecure element 'http://cdn.fuckyoucash.com/uploads/banner/image/4435/1838.jpg'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://beaverpalace.com/enter/?redir=dreamkelly.com
Message:
Mixed Content: The page at 'https://beaverpalace.com/enter/?redir=dreamkelly.com' was loaded over HTTPS, but requested an insecure element 'http://cdn.fuckyoucash.com/uploads/banner/image/5161/2458.jpg'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://beaverpalace.com/enter/?redir=dreamkelly.com(Line 313)
Message:
Mixed Content: The page at 'https://beaverpalace.com/enter/?redir=dreamkelly.com' was loaded over HTTPS, but requested an insecure element 'http://cdn.fuckyoucash.com/uploads/banner/image/5524/900x250_02.jpg'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://beaverpalace.com/enter/?redir=dreamkelly.com(Line 313)
Message:
Mixed Content: The page at 'https://beaverpalace.com/enter/?redir=dreamkelly.com' was loaded over HTTPS, but requested an insecure element 'http://cdn.teamskeetimages.com/st/banners/tla_300x250_132.gif'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://beaverpalace.com/enter/?redir=dreamkelly.com(Line 313)
Message:
Mixed Content: The page at 'https://beaverpalace.com/enter/?redir=dreamkelly.com' was loaded over HTTPS, but requested an insecure element 'http://cdn.fuckyoucash.com/uploads/banner/image/5307/2471.jpg'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://beaverpalace.com/enter/?redir=dreamkelly.com(Line 313)
Message:
Mixed Content: The page at 'https://beaverpalace.com/enter/?redir=dreamkelly.com' was loaded over HTTPS, but requested an insecure element 'http://cdn.fuckyoucash.com/uploads/banner/image/4435/1838.jpg'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security warning URL: https://beaverpalace.com/enter/?redir=dreamkelly.com(Line 313)
Message:
Mixed Content: The page at 'https://beaverpalace.com/enter/?redir=dreamkelly.com' was loaded over HTTPS, but requested an insecure element 'http://cdn.fuckyoucash.com/uploads/banner/image/5161/2458.jpg'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
other warning URL: https://beaverpalace.com/enter/?redir=dreamkelly.com
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
network error URL: https://beaverpalace.com/favicon.ico
Message:
Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

beaverpalace.com
cdn.fuckyoucash.com
cdn.teamskeetimages.com
dreamkelly.com
images.psmcdn.net
104.19.232.74
13.225.63.84
208.122.194.168
2606:4700:3034::ac43:a363
0a8f6734effe9338321ef216d83bbe753bf3d96c48980df41b48fcbd0fc5caa5
202b21894d3e42c15134d30c8ccb30570130a6699d8dd1665e7fbec3fa283f2b
30be0432c9ed29ba3b25f7d000c5f34b684b4bfc9354130d6d8d646690b4d454
3396143e0dec7dc945320b4f5adef13e94aad24446ced06c75f44a830714c903
3d258d8c00dc0fab2eae2445dc632fbcb131fba85f1446dadd22eae5f4ed5afc
456d7c0511ba7d467c6c8cc9be353969ec4e9d4ba56e82a3323b7deac51e1538
52392a30749042f2239d5787c58aa37415a304c87e868b6a1ff05d3ba56a44c5
769bd8d1414182accb791083d326f9463bca555eeed016ef4935e286e9260884
7c4bc0cc1632c986e25b61eb2b1a64fb269aa8d6beff074b9912ff4c0275d5b3
7e03e7eeaac41dfb070eda1789121bd724f9de9c3f07a739305ebc7ffa4649fe
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880
8107d406a033f33127bd32c93db3e2dacdaea5a70b67e9fdb85a53334a0d2398
a556140d573c3971e2af27967610ded8e8156c01a9880637a177ee6c4535daf9
a745be126c83cfab6faa9f363955cfe57f7eb4335fdfd772dba183b2eb84597c
b0335093fe67e833e10ee709e81fb6d721d6ed30605021e28533accd025bd6bb
b92a7a2c60d4d00a190df7015c2fc035a8a3c487f95eeac393a6202008ea21b8
c48de02a38785f31e5ded6c451ca6c00bb6c207a683a52fc9b032700278a0920
c59b76d8a4c2196228adfda8c4df2d640b3c9b7a93aa85fa6ab154b39019c9e1
c9780b52e1f8843501b63beab701df06e5ade310326999afd8845113ad110e8e
d3a7f56a8416b93afe3fc002d99051a2de4c23c271c26d1a2f956204b745100c
e1c0a1aef52ad88d340014ac34f89030711803b7c75ad6d3a07e811d74fe865d
f3ea8d4f1f43f811ef0953dc05f431b7da312859c3c5e9e373bae6a95c7e9271
f5c655b2741034fd83ffc07e73129309e05f67d51054805bf67162ecce7c0e88