urlscan.io logo urlscan.io
SecurityTrails logo

casino2promo.com Open in urlscan Pro
2a06:98c1:3120::3  Public Scan

Go To Rescan Add Verdict Report
URL: https://casino2promo.com/
Submission: On June 18 via api from US — Scanned from NL
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 8 IPs in 2 countries across 9 domains to perform 21 HTTP transactions. The main IP is 2a06:98c1:3120::3, located in United States and belongs to CLOUDFLARENET, US. The main domain is casino2promo.com.
TLS certificate: Issued by E1 on June 14th 2023. Valid for: 3 months.
This is the only time casino2promo.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 2a06:98c1:312... 13335 (CLOUDFLAR...)
3 2606:4700:303... 13335 (CLOUDFLAR...)
2 2a00:1450:400... 15169 (GOOGLE)
8 2600:9000:245... 16509 (AMAZON-02)
1 2a04:4e42:600... 54113 (FASTLY)
1 4 2a06:98c1:312... 13335 (CLOUDFLAR...)
1 2001:4860:480... 15169 (GOOGLE)
21 8
1    2a06:98c1:3120::3 (United States)

ASN13335 (CLOUDFLARENET, US)
casino2promo.com
3    2606:4700:3031::6815:1ab0 (United States)

ASN13335 (CLOUDFLARENET, US)
baidu.co.cz
2    2a00:1450:4001:829::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
8    2600:9000:2450:ce00:10:6852:2c80:93a1 (United States)

ASN16509 (AMAZON-02, US)
custom-images.strikinglycdn.com
1    2a04:4e42:600::347 (United States)

ASN54113 (FASTLY, US)
static.independent.co.uk
4    2a06:98c1:3121::3 (United States)

ASN13335 (CLOUDFLARENET, US)
www.peraplay.xyz
1    2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)
region1.google-analytics.com
Apex Domain
Subdomains		 Transfer
8 strikinglycdn.com
custom-images.strikinglycdn.com — Cisco Umbrella Rank: 169159
283 KB
4 peraplay.xyz
www.peraplay.xyz
9 KB
3 co.cz
baidu.co.cz
3 KB
2 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 82
174 KB
1 google-analytics.com
region1.google-analytics.com — Cisco Umbrella Rank: 1832
255 B
1 independent.co.uk
static.independent.co.uk — Cisco Umbrella Rank: 35026
14 KB
1 casino2promo.com
casino2promo.com
6 KB
0 lodibet7.com Failed
www.lodibet7.com Failed
0 peraplay.net Failed
www.peraplay.net Failed
21 9
Domain Requested by
8 custom-images.strikinglycdn.com casino2promo.com
www.peraplay.xyz
baidu.co.cz
4 www.peraplay.xyz 1 redirects baidu.co.cz
www.peraplay.xyz
3 baidu.co.cz casino2promo.com
baidu.co.cz
2 www.googletagmanager.com casino2promo.com
www.peraplay.xyz
1 region1.google-analytics.com www.googletagmanager.com
1 static.independent.co.uk casino2promo.com
1 casino2promo.com
0 www.lodibet7.com Failed
0 www.peraplay.net Failed casino2promo.com
21 9

This site contains links to these domains. Also see Links.

Domain
www.pornbet.cc
spins
peraplay.xyz
www.peraplay.net
Subject Issuer Validity Valid
casino2promo.com
E1		 2023-06-14 -
2023-09-12		 3 months crt.sh
baidu.co.cz
GTS CA 1P5		 2023-04-28 -
2023-07-27		 3 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2023-05-22 -
2023-08-14		 3 months crt.sh
*.strikinglycdn.com
Amazon RSA 2048 M01		 2023-01-28 -
2024-02-26		 a year crt.sh
*.independent.co.uk
GlobalSign Atlas R3 DV TLS CA 2022 Q4		 2022-11-08 -
2023-12-10		 a year crt.sh
peraplay.xyz
GTS CA 1P5		 2023-05-08 -
2023-08-06		 3 months crt.sh

This page contains 3 frames:

Frame: https://www.lodibet7.com/
Frame ID: E22191193F917F9ED091287E503B00BD
Requests: 11 HTTP requests in this frame

Frame: https://www.peraplay.net/
Frame ID: 4569F05A8C3BE81C2C313523A4475268
Requests: 8 HTTP requests in this frame

Frame: https://www.peraplay.xyz/cdn-cgi/challenge-platform/h/g/scripts/jsd/6cdb09c9/invisible.js
Frame ID: 445AF2AE652A5630E43BD4FD80B98A92
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

How do I market my sports business? FIFA - FIFA World Cup Filipino

Detected technologies

Overall confidence: 100%
Detected patterns
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js

Page Statistics

21
Requests

86 %
HTTPS

100 %
IPv6

9
Domains

9
Subdomains

8
IPs

2
Countries

488 kB
Transfer

844 kB
Size

3
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 12
  • https://www.peraplay.xyz/cdn-cgi/challenge-platform/scripts/invisible.js HTTP 302
  • https://www.peraplay.xyz/cdn-cgi/challenge-platform/h/g/scripts/jsd/6cdb09c9/invisible.js
Request Chain 18
  • https://go.peraplay.cc/?c=pera HTTP 302
  • https://www.peraplay.net/
Request Chain 19
  • https://go.peraplay.cc/?c=lodi HTTP 302
  • https://www.lodibet7.com/

21 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
casino2promo.com/ 		16 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://casino2promo.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8633f53e20cb8c05d049f007ebee8dde377882d270236adedeba6db2136f8c64

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
7d93b2e23dab0ea9-AMS
content-encoding
br
content-type
text/html; charset=UTF-8
date
Sun, 18 Jun 2023 12:57:34 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a%2BG6jDVMFdQ2UAj2HLhY0j0c8o7LF2NnwUqIPufqOYXk6%2F7BteohOenR90bOxGNatwzptfzRTJXQIDU39EmRdEjRp5XIfyR%2FnfMOnyz4hMxuuKsCAcKwIZJ4Jk7uF%2BjRED%2F9tXC%2FpHAQjCXnV0RL"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
js.js
baidu.co.cz/js/ 		1 KB
989 B 		Script
General
Check archive.org
Download Go to
Full URL
https://baidu.co.cz/js/js.js
Requested by
Host: casino2promo.com
URL: https://casino2promo.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::6815:1ab0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6fa48a26dc56c5d37707801881427e0fd174e0759b675f3a687c4125f5c3c80f

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://casino2promo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Sun, 18 Jun 2023 12:57:34 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
5345
cf-polished
origSize=1586
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Sun, 28 May 2023 08:16:58 GMT
server
cloudflare
etag
W/"632-5fcbc981166ec-gzip"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=illMFV4II1g017Ivc7xdAzArJgjuT1aNNmquEaNh0Re8Xz9jed7Hh1JzkBegnIynE%2BVv%2B3caizRYMCb1ehr4YlWFXlOHLIntzUvi528TANPBVF9xef21ZPFaK%2FWkPmyScLtKmhfuY%2F3YwA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
cache-control
max-age=2678400
cf-ray
7d93b2e51b8b00b6-AMS
js
www.googletagmanager.com/gtag/ 		254 KB
87 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-W89KVPE58P
Requested by
Host: casino2promo.com
URL: https://casino2promo.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
caa5b67ce03d7b453b23d83066f6e4fcb7b214e2177d4a8b0b6cb500ca5d6a34
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://casino2promo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Sun, 18 Jun 2023 12:57:34 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
88626
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Sun, 18 Jun 2023 12:57:34 GMT
792551_812768.png
custom-images.strikinglycdn.com/res/hrscywv4p/image/upload/c_limit,fl_lossy,f_auto,q_auto/10788145/ 		12 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://custom-images.strikinglycdn.com/res/hrscywv4p/image/upload/c_limit,fl_lossy,f_auto,q_auto/10788145/792551_812768.png
Requested by
Host: casino2promo.com
URL: https://casino2promo.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2450:ce00:10:6852:2c80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
3081d0ba6b50b089751536d8610d1db5f07ccdd2f260876824d1d3dc67ef52f6

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://casino2promo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Sat, 17 Jun 2023 13:06:06 GMT
via
1.1 f884e2c0a4bd6c75faee34aade3f091e.cloudfront.net (CloudFront), 1.1 b07ca4a88c1a9f9cf09555efc7865098.cloudfront.net (CloudFront)
server
CloudFront
x-amz-cf-pop
FRA60-P2, CDG50-P4
age
85888
x-amzn-trace-id
Root=1-648dafbe-4b62437d3cde67b85282342c;Sampled=0;lineage=f935ec17:0
x-amzn-requestid
0fe894e2-9d41-4e80-aaaa-39056a400efa
x-cache
Hit from cloudfront
content-type
image/webp
access-control-allow-origin
*
cache-control
max-age=2592000
x-amz-apigw-id
Gqhl2EJMtjMF3Tg=
content-length
12754
x-amz-cf-id
Fyd1_OJJk4PifklzUOBiaQDa1ZAySRBUxSc9haN4tdAZdaSx2QWqCQ==
6c9c6670db68b2902bf4a654c4438aefY29udGVudHNlYXJjaGFwaSwxNjU3MzczNjg3-2.45394085.jpg
static.independent.co.uk/2022/07/08/15/ 		13 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.independent.co.uk/2022/07/08/15/6c9c6670db68b2902bf4a654c4438aefY29udGVudHNlYXJjaGFwaSwxNjU3MzczNjg3-2.45394085.jpg?quality=75&height=240
Requested by
Host: casino2promo.com
URL: https://casino2promo.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:600::347 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
c2b2791a2d1da927d933c33bad5620111ece21494bbaebc760bdd342689ae9d8

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://casino2promo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Sun, 18 Jun 2023 12:57:34 GMT
via
1.1 varnish, 1.1 varnish
x-amz-request-id
GQJ6KJH68JJN0Q70
age
359152
x-cache
HIT, MISS
fastly-io-info
ifsz=3517548 idim=2993x1783 ifmt=jpeg ofsz=13578 odim=403x240 ofmt=avif
xbe
shield_london_city_uk
fastly-stats
io=1
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
13578
x-amz-id-2
OLyM1vfgj6yOt4T8oUdXH3TCXXWCp537jvdmNhdiIae1Q6LF8jYMzmyJbcVM10Td4Ag56xTO4jQ=
x-served-by
cache-lcy-eglc8600052-LCY, cache-bom4751-BOM
server
AmazonS3
x-timer
S1687093055.732787,VS0,VE134
etag
"1F9rfc4mW39sVAanVl+OdGP+N6yOlutVWyyQJHhzqPk"
vary
Accept
content-type
image/avif
access-control-allow-origin
*
cache-control
max-age=31622400
accept-ranges
bytes
x-cache-hits
23, 0
539072_912682.png
custom-images.strikinglycdn.com/res/hrscywv4p/image/upload/c_limit,fl_lossy,f_auto,q_auto/10788145/ 		12 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://custom-images.strikinglycdn.com/res/hrscywv4p/image/upload/c_limit,fl_lossy,f_auto,q_auto/10788145/539072_912682.png
Requested by
Host: casino2promo.com
URL: https://casino2promo.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2450:ce00:10:6852:2c80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
57237cfe98275a7d8b1df990cbef16b88cafd0bebd75330c97e61731e9484680

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://casino2promo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Sun, 18 Jun 2023 06:59:23 GMT
via
1.1 2816426ad1adbedbdd23d4cdf80c2de2.cloudfront.net (CloudFront), 1.1 b07ca4a88c1a9f9cf09555efc7865098.cloudfront.net (CloudFront)
server
CloudFront
x-amz-cf-pop
FRA60-P2, CDG50-P4
age
21491
x-amzn-trace-id
Root=1-648eab4b-5c0a5f01171d02b35a5c58c8;Sampled=0;lineage=f935ec17:0
x-amzn-requestid
9d6936f1-c932-4bd9-ab3c-398e0bce42a5
x-cache
Hit from cloudfront
content-type
image/webp
access-control-allow-origin
*
cache-control
max-age=2592000
x-amz-apigw-id
Gs-zzGVONjMFX7g=
content-length
11882
x-amz-cf-id
a6oFU0NR35oBi8fEcyKpQyKu6C5HitDg8F5-0M6yxUTABg516mF7dg==
hvtcss4.css
baidu.co.cz/js/ 		1 KB
756 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://baidu.co.cz/js/hvtcss4.css
Requested by
Host: baidu.co.cz
URL: https://baidu.co.cz/js/js.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::6815:1ab0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
446344d63eab6ca255ae518ce889e8cf4b05117050a91df6f6388e2d233b6189

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://casino2promo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Sun, 18 Jun 2023 12:57:34 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
5344
cf-polished
origSize=1756
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Sun, 28 May 2023 08:17:00 GMT
server
cloudflare
etag
W/"6dc-5fcbc9822eb45-gzip"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7uP3PAyql78AVmdtLuqSQ2PxVwo07NnyBjVoq%2Bh8yykEnaYaA%2BJXlqogQArCRFrsFslm8ZjZKtJBifCdQmyhiFR9cYV6GHwvmWFcLVRVgUZ5Nr0okK3fkYpgTqP7TgHVUPGJU7%2FPIQXSkw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=2678400
cf-ray
7d93b2e57bc200b6-AMS
hvtjs4.js
baidu.co.cz/js/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://baidu.co.cz/js/hvtjs4.js
Requested by
Host: casino2promo.com
URL: https://casino2promo.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::6815:1ab0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2781876b80429260d0a28016193ef434cf673ceec315711bea86b837a1a6b9d7

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://casino2promo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Sun, 18 Jun 2023 12:57:34 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
5344
cf-polished
origSize=3037
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Sun, 28 May 2023 08:16:59 GMT
server
cloudflare
etag
W/"bdd-5fcbc981742ea-gzip"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oQ32WByjUZg1MoS97nmjYAEfvydPQ7PU7VhobnGM3jmeSsvfTVz6AFcenIXUPal6ZcH3H0UrvQWcxtv2fEG0KElzvX%2Fj%2BgcYE8KcAa9nMJwPFtprvBy%2FiUTnbVxONs2XFatcN4tsn%2FyiuQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
cache-control
max-age=2678400
cf-ray
7d93b2e57bc400b6-AMS
/
www.peraplay.xyz/ Frame 4569 		16 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.peraplay.xyz/
Requested by
Host: baidu.co.cz
URL: https://baidu.co.cz/js/js.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d8a17a8e95cfcac00f3513a936b5fa64eaa10e595cf88fda48e1a8124f640619

Request headers

Referer
https://casino2promo.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
7d93b2e60b19b75b-AMS
content-encoding
br
content-type
text/html; charset=UTF-8
date
Sun, 18 Jun 2023 12:57:34 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yN4Tn%2BUk8y0HMFzkUbQ8wiNBzVIcKALUkO%2Fm38wtm64LGMDg1zfqRhvyIE3m%2BLzb5y1%2FlJGtJSPqLanyxGrb%2B9qcNJRikyrrbBdKeXEKlOA0FUdUK2HhOHOV7i1k5n%2F2R1MNEkX0ZpkQOK2JCywI"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
collect
region1.google-analytics.com/g/ 		0
255 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-W89KVPE58P&gtm=45je36e0&_p=358251124&cid=605687044.1687093054&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&ngs=1&_s=1&sid=1687093054&sct=1&seg=0&dl=https%3A%2F%2Fcasino2promo.com%2F&dt=How%20do%20I%20market%20my%20sports%20business%3F%20FIFA%20-%20FIFA%20World%20Cup%20Filipino&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-W89KVPE58P
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://casino2promo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 18 Jun 2023 12:57:34 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://casino2promo.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
js
www.googletagmanager.com/gtag/ Frame 4569 		254 KB
87 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-W89KVPE58P
Requested by
Host: www.peraplay.xyz
URL: https://www.peraplay.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
ab7d4739a2047263806da988d7370c38cb729920c9bf57859a2a324bc6c56051
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://www.peraplay.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Sun, 18 Jun 2023 12:57:35 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
88629
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Sun, 18 Jun 2023 12:57:35 GMT
103048_307756.png
custom-images.strikinglycdn.com/res/hrscywv4p/image/upload/c_limit,fl_lossy,f_auto,q_auto/10788145/ Frame 4569 		16 KB
17 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://custom-images.strikinglycdn.com/res/hrscywv4p/image/upload/c_limit,fl_lossy,f_auto,q_auto/10788145/103048_307756.png
Requested by
Host: www.peraplay.xyz
URL: https://www.peraplay.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2450:ce00:10:6852:2c80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
291310594d90756ebd584a4a2cd2a4713cb2368ec4ab1fa12b8a8495f84510fb

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://www.peraplay.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Sat, 17 Jun 2023 13:03:11 GMT
via
1.1 0121ceb2efadb6db52d122a8b6b52f90.cloudfront.net (CloudFront), 1.1 b07ca4a88c1a9f9cf09555efc7865098.cloudfront.net (CloudFront)
server
CloudFront
x-amz-cf-pop
FRA60-P2, CDG50-P4
age
86064
x-amzn-trace-id
Root=1-648daf0f-1103aef5409a4d882b36cdb5;Sampled=0;lineage=f935ec17:0
x-amzn-requestid
2165908f-6b0f-4c57-8245-21e5aaad99f7
x-cache
Hit from cloudfront
content-type
image/webp
access-control-allow-origin
*
cache-control
max-age=2592000
x-amz-apigw-id
GqhKcEqFNjMFrUw=
content-length
16422
x-amz-cf-id
4f9RHqwPxKzpIoBLBd-OvbOtR_0aX1g7l_Sih-Rv03BOC3tvDjrlYw==
197679_965218.png
custom-images.strikinglycdn.com/res/hrscywv4p/image/upload/c_limit,fl_lossy,f_auto,q_auto/10788145/ Frame 4569 		70 KB
70 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://custom-images.strikinglycdn.com/res/hrscywv4p/image/upload/c_limit,fl_lossy,f_auto,q_auto/10788145/197679_965218.png
Requested by
Host: www.peraplay.xyz
URL: https://www.peraplay.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2450:ce00:10:6852:2c80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
b4cd3be7084179dc7b75cf7fccd48f64ac693b14a4f5bcda2393f82045378bcc

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://www.peraplay.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Sun, 18 Jun 2023 06:33:13 GMT
via
1.1 da6955a1993e1118f32bcb48c6630c20.cloudfront.net (CloudFront), 1.1 b07ca4a88c1a9f9cf09555efc7865098.cloudfront.net (CloudFront)
server
CloudFront
x-amz-cf-pop
FRA60-P2, CDG50-P4
age
23062
x-amzn-trace-id
Root=1-648ea529-23266f6b45a366e37bfb0bc3;Sampled=0;lineage=f935ec17:0
x-amzn-requestid
533e2e72-4260-4f8c-b0d7-b576bec59e88
x-cache
Hit from cloudfront
content-type
image/webp
access-control-allow-origin
*
cache-control
max-age=2592000
x-amz-apigw-id
Gs6-fH0MNjMFfiw=
content-length
71542
x-amz-cf-id
9lMF-3RIKNV5b1TMrfH49cySsOy6T6PPX99PLFlRoGHlBgR5T9fWwA==
invisible.js
www.peraplay.xyz/cdn-cgi/challenge-platform/h/g/scripts/jsd/6cdb09c9/ Frame 445A
Redirect Chain
  • https://www.peraplay.xyz/cdn-cgi/challenge-platform/scripts/invisible.js
  • https://www.peraplay.xyz/cdn-cgi/challenge-platform/h/g/scripts/jsd/6cdb09c9/invisible.js
7 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.peraplay.xyz/cdn-cgi/challenge-platform/h/g/scripts/jsd/6cdb09c9/invisible.js
Requested by
Host: www.peraplay.xyz
URL: https://www.peraplay.xyz/
Protocol
H2
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
daa7f7f57cac1b72b2e32609865dca684c8469d78d330f1d16a9fdc6a73057df
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Sun, 18 Jun 2023 12:57:35 GMT
content-encoding
br
x-content-type-options
nosniff
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
accept-encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4r%2Fiq0Yk024IFBTpf3dN7iAbGPRU0oYR4p9%2BUscyNVEORsSvkb0ngHZ99FagS3kwnveCahfKZHkKNHd5ffxw3lOjckljVWJEu8bOyqoiLV1CMad9TEqkKu4rEQgmdKcWiuZU%2BBVI%2BW%2F9ZuM%2F3rxP"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
cache-control
max-age=14400, public
cf-ray
7d93b2ea7fe3b75b-AMS
alt-svc
h3=":443"; ma=86400

Redirect headers

date
Sun, 18 Jun 2023 12:57:35 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
accept-encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BEnaVdXqDnGoCmwipIdCEHx4V5uZz7yqvLHizEx0vP9CmROenWdHR%2B%2BzTfjeOcPB0bH0DuyqSQ86%2BmrzRKmTEgRv5hAD2OXC1g66VY28U6SJVmSm4JnXAOIR%2FO7VXVmKKU6tHd5OBIX6Z8xfsZ%2FS"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
*
location
/cdn-cgi/challenge-platform/h/g/scripts/jsd/6cdb09c9/invisible.js
cache-control
max-age=300, public
cf-ray
7d93b2ea3f95b75b-AMS
alt-svc
h3=":443"; ma=86400
7d93b2e60b19b75b
www.peraplay.xyz/cdn-cgi/challenge-platform/h/g/cv/result/ Frame 445A 		0
609 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.peraplay.xyz/cdn-cgi/challenge-platform/h/g/cv/result/7d93b2e60b19b75b
Requested by
Host: www.peraplay.xyz
URL: https://www.peraplay.xyz/cdn-cgi/challenge-platform/scripts/invisible.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
Content-Type
application/json

Response headers

date
Sun, 18 Jun 2023 12:57:35 GMT
content-encoding
br
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3XTdJVToAHvmo3G9szQqjnRymBQSluuhbxIeL8Izk8EqfmXNLi3MjqvPe6eiOWIWEx%2FIrvCQjJDyYL2wmQi47eZzNat2tRdiQpW43JPABJJhn4TPEGKMCVZQuVSc9PVhIoHby1Meb8jaGlELEWWJ"}],"group":"cf-nel","max_age":604800}
content-type
text/plain; charset=UTF-8
cf-ray
7d93b2eb7b5a1ede-AMS
alt-svc
h3=":443"; ma=86400
858389_610055.gif
custom-images.strikinglycdn.com/res/hrscywv4p/image/upload/c_limit,fl_lossy,h_16,w_16,f_auto,q_60/10788145/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://custom-images.strikinglycdn.com/res/hrscywv4p/image/upload/c_limit,fl_lossy,h_16,w_16,f_auto,q_60/10788145/858389_610055.gif
Requested by
Host: baidu.co.cz
URL: https://baidu.co.cz/js/hvtcss4.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2450:ce00:10:6852:2c80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
ec415ce0e396a1343a6231875c8384b51e4f0dd3f049d41c218a70d8c5e7f6c7

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://baidu.co.cz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Sun, 18 Jun 2023 00:12:21 GMT
via
1.1 da4de4427d18bee1d3254f1bbdad25f2.cloudfront.net (CloudFront), 1.1 b07ca4a88c1a9f9cf09555efc7865098.cloudfront.net (CloudFront)
server
CloudFront
x-amz-cf-pop
FRA60-P2, CDG50-P4
age
45913
x-amzn-trace-id
Root=1-648e4be5-0ba7dc9726cac6b871da63d9;Sampled=0;lineage=f935ec17:0
x-amzn-requestid
4459fd6c-989d-4d1e-a07d-364fcda95371
x-cache
Hit from cloudfront
content-type
image/gif
access-control-allow-origin
*
cache-control
max-age=2592000
x-amz-apigw-id
GsDL9GqWNjMFTVA=
content-length
1092
x-amz-cf-id
372_97d_wWzX9iiFwiCh48LoqKhkfXybMjr5wXGkIJII4xpoN2kG1Q==
696609_811652.gif
custom-images.strikinglycdn.com/res/hrscywv4p/image/upload/c_limit,h_120,w_120,fl_lossy,f_auto,q_60/10788145/ Frame 4569 		22 KB
23 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://custom-images.strikinglycdn.com/res/hrscywv4p/image/upload/c_limit,h_120,w_120,fl_lossy,f_auto,q_60/10788145/696609_811652.gif
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2450:ce00:10:6852:2c80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
a25b6240c58d4e96d73e0d9e695bce95c0cc3b80fe4ef5b45061c4d3d102abe5

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://www.peraplay.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Sun, 18 Jun 2023 08:28:58 GMT
via
1.1 da6955a1993e1118f32bcb48c6630c20.cloudfront.net (CloudFront), 1.1 b07ca4a88c1a9f9cf09555efc7865098.cloudfront.net (CloudFront)
server
CloudFront
x-amz-cf-pop
FRA60-P2, CDG50-P4
age
16117
x-amzn-trace-id
Root=1-648ec04a-49d980085f8685bd24c9d167;Sampled=0;lineage=f935ec17:0
x-amzn-requestid
18eb4db6-2bfd-4ed4-bcf7-1887cfae8cab
x-cache
Hit from cloudfront
content-type
image/gif
access-control-allow-origin
*
cache-control
max-age=2592000
x-amz-apigw-id
GtL7oGQvtjMF9SA=
content-length
22561
x-amz-cf-id
AbkVwF1m0nqU8Tr30kXFMf4ABxMBeehe6nRuymtfFkyVVBq8zLgNzA==
736306_117046.jpg
custom-images.strikinglycdn.com/res/hrscywv4p/image/upload/c_limit,fl_lossy,f_auto,q_auto/10788145/ Frame 4569 		145 KB
146 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://custom-images.strikinglycdn.com/res/hrscywv4p/image/upload/c_limit,fl_lossy,f_auto,q_auto/10788145/736306_117046.jpg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2450:ce00:10:6852:2c80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
33c555e2c2d5fdf3689f2927426cd45b5f3e027b34f9a5344b3722ae2cf869a9

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://www.peraplay.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Sat, 17 Jun 2023 18:10:10 GMT
via
1.1 9905602b8526d2635024f3edbf1df702.cloudfront.net (CloudFront), 1.1 b07ca4a88c1a9f9cf09555efc7865098.cloudfront.net (CloudFront)
server
CloudFront
x-amz-cf-pop
FRA60-P2, CDG50-P4
age
67645
x-amzn-trace-id
Root=1-648df702-29b83dad03c11b19234878a6;Sampled=0;lineage=f935ec17:0
x-amzn-requestid
6b6a23ac-fd4b-4ce2-ad7f-d5f95aa37e36
x-cache
Hit from cloudfront
content-type
image/webp
access-control-allow-origin
*
cache-control
max-age=2592000
x-amz-apigw-id
GrOIaHHoNjMF4Xg=
content-length
148972
x-amz-cf-id
tpKz5bJBStROwErrE7jLbdXF8OIF4u62PNx9Foh7mnzAQtOAX03BLA==
686536_189904.png
custom-images.strikinglycdn.com/res/hrscywv4p/image/upload/c_limit,fl_lossy,f_auto,q_auto/10788145/ Frame 4569 		518 B
1011 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://custom-images.strikinglycdn.com/res/hrscywv4p/image/upload/c_limit,fl_lossy,f_auto,q_auto/10788145/686536_189904.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2450:ce00:10:6852:2c80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
a89ab6577d7ce08217851cfc899305068e7cfd8cb3c26595eed2d63abe569ef9

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://www.peraplay.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date
Sun, 18 Jun 2023 08:28:58 GMT
via
1.1 f49c99d2326b14738507e1c2ddcae1dc.cloudfront.net (CloudFront), 1.1 b07ca4a88c1a9f9cf09555efc7865098.cloudfront.net (CloudFront)
server
CloudFront
x-amz-cf-pop
FRA60-P2, CDG50-P4
age
16117
x-amzn-trace-id
Root=1-648ec04a-2ace0d352dcd7ebb6076d63f;Sampled=0;lineage=f935ec17:0
x-amzn-requestid
01185f57-01a9-40ea-9ec3-6a5ce299ce24
x-cache
Hit from cloudfront
content-type
image/webp
access-control-allow-origin
*
cache-control
max-age=2592000
x-amz-apigw-id
GtL7oG_CNjMFwLQ=
content-length
518
x-amz-cf-id
xEiiU3qDLi3YHhNMc5E8fooaN0nMMUGlRMBFaHKiDUZ11xWVHEAgVA==
/
www.peraplay.net/ Frame 4569
Redirect Chain
  • https://go.peraplay.cc/?c=pera
  • https://www.peraplay.net/
0
0
/
www.lodibet7.com/
Redirect Chain
  • https://go.peraplay.cc/?c=lodi
  • https://www.lodibet7.com/
0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
www.peraplay.net
URL
https://www.peraplay.net/
Domain
www.lodibet7.com
URL
https://www.lodibet7.com/

Verdicts & Comments Add Verdict or Comment

18 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 boolean| credentialless object| onbeforetoggle object| onscrollend object| adv_tag object| root_s function| miaovAddEvent function| startMove function| doMove function| repositionAbsolute function| repositionFixed function| gtag object| dataLayer function| adv1 object| google_tag_manager object| google_tag_data function| onYouTubeIframeAPIReady object| gaGlobal

3 Cookies

Domain/Path Name / Value
.casino2promo.com/ Name: _ga_W89KVPE58P
Value: GS1.1.1687093054.1.0.1687093054.0.0.0
.casino2promo.com/ Name: _ga
Value: GA1.1.605687044.1687093054
.peraplay.xyz/ Name: __cf_bm
Value: t3rQ0xeh8YA1YfZoxuLoT30R.OC._Dj1J5Hsgma5amw-1687093055-0-AY1tOHPUQVFCozr1C8Ce051yhJ2fecepOX9HP2wtk/+a9mdZw8Jl4rz1ocTmnI8idg==

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

baidu.co.cz
casino2promo.com
custom-images.strikinglycdn.com
region1.google-analytics.com
static.independent.co.uk
www.googletagmanager.com
www.lodibet7.com
www.peraplay.net
www.peraplay.xyz
www.lodibet7.com
www.peraplay.net
2001:4860:4802:34::36
2600:9000:2450:ce00:10:6852:2c80:93a1
2606:4700:3031::6815:1ab0
2a00:1450:4001:829::2008
2a04:4e42:600::347
2a06:98c1:3120::3
2a06:98c1:3121::3
2781876b80429260d0a28016193ef434cf673ceec315711bea86b837a1a6b9d7
291310594d90756ebd584a4a2cd2a4713cb2368ec4ab1fa12b8a8495f84510fb
3081d0ba6b50b089751536d8610d1db5f07ccdd2f260876824d1d3dc67ef52f6
33c555e2c2d5fdf3689f2927426cd45b5f3e027b34f9a5344b3722ae2cf869a9
446344d63eab6ca255ae518ce889e8cf4b05117050a91df6f6388e2d233b6189
57237cfe98275a7d8b1df990cbef16b88cafd0bebd75330c97e61731e9484680
6fa48a26dc56c5d37707801881427e0fd174e0759b675f3a687c4125f5c3c80f
8633f53e20cb8c05d049f007ebee8dde377882d270236adedeba6db2136f8c64
a25b6240c58d4e96d73e0d9e695bce95c0cc3b80fe4ef5b45061c4d3d102abe5
a89ab6577d7ce08217851cfc899305068e7cfd8cb3c26595eed2d63abe569ef9
ab7d4739a2047263806da988d7370c38cb729920c9bf57859a2a324bc6c56051
b4cd3be7084179dc7b75cf7fccd48f64ac693b14a4f5bcda2393f82045378bcc
c2b2791a2d1da927d933c33bad5620111ece21494bbaebc760bdd342689ae9d8
caa5b67ce03d7b453b23d83066f6e4fcb7b214e2177d4a8b0b6cb500ca5d6a34
d8a17a8e95cfcac00f3513a936b5fa64eaa10e595cf88fda48e1a8124f640619
daa7f7f57cac1b72b2e32609865dca684c8469d78d330f1d16a9fdc6a73057df
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ec415ce0e396a1343a6231875c8384b51e4f0dd3f049d41c218a70d8c5e7f6c7