scammed.by Open in urlscan Pro
104.27.188.1 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://scammed.by/scam.php?id=199746
Effective URL:
https://scammed.by/scam.php?id=199746
Submission: On May 11 via manual (May 11th 2018, 1:05:30 pm UTC) from US

Summary HTTP 52 Redirects Links 18 Behaviour Indicators

Summary

This website contacted 19 IPs in 5 countries across 17 domains to perform 52 HTTP transactions. The main IP is 104.27.188.1, located in San Francisco, United States and belongs to CLOUDFLARENET - Cloudflare, Inc., US. The main domain is scammed.by.
TLS certificate: Issued by COMODO ECC Domain Validation Secure S... on April 14th 2018. Valid for: 6 months.

This is the only time scammed.by was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	104.27.189.1 104.27.189.1	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
15	104.27.188.1 104.27.188.1	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	216.58.210.10 216.58.210.10	15169 (GOOGLE) (GOOGLE - Google LLC)
7	2.19.32.51 2.19.32.51	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	104.19.198.151 104.19.198.151	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
2	205.185.208.52 205.185.208.52	20446 (HIGHWINDS3) (HIGHWINDS3 - Highwinds Network Group)
4	23.67.137.77 23.67.137.77	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 3	18.195.89.79 18.195.89.79	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2	172.217.18.174 172.217.18.174	15169 (GOOGLE) (GOOGLE - Google LLC)
1	172.217.18.14 172.217.18.14	15169 (GOOGLE) (GOOGLE - Google LLC)
1	184.31.92.250 184.31.92.250	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
4	216.58.210.2 216.58.210.2	15169 (GOOGLE) (GOOGLE - Google LLC)
2	185.60.216.19 185.60.216.19	32934 (FACEBOOK) (FACEBOOK - Facebook)
2	2.21.160.128 2.21.160.128	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
1	185.60.216.35 185.60.216.35	32934 (FACEBOOK) (FACEBOOK - Facebook)
2	172.217.22.98 172.217.22.98	15169 (GOOGLE) (GOOGLE - Google LLC)
2	216.58.208.34 216.58.208.34	15169 (GOOGLE) (GOOGLE - Google LLC)
1	80.75.66.243 80.75.66.243	20860 (IOMART-AS) (IOMART-AS)
2 2	54.235.205.173 54.235.205.173	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
2	104.20.63.164 104.20.63.164	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
52	19

1 104.27.189.1 (San Francisco, United States) 1 redirects

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

scammed.by	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 104.27.188.1 (San Francisco, United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

scammed.by	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.58.210.10 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s07-in-f10.1e100.net

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2.19.32.51 (European Union)

ASN20940 (AKAMAI-ASN1, US)

js.api.here.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.19.198.151 (San Francisco, United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

ajax.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 205.185.208.52 (Phoenix, United States)

ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US)
PTR: vip052.ssl.hwcdn.net

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 23.67.137.77 (Amsterdam, Netherlands)

ASN20940 (AKAMAI-ASN1, US)
PTR: a23-67-137-77.deploy.static.akamaitechnologies.com

ws.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.195.89.79 (Cambridge, United States) 1 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-18-195-89-79.eu-central-1.compute.amazonaws.com

l.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.18.174 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra15s29-in-f14.1e100.net

apis.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.18.14 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra02s19-in-f14.1e100.net

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 184.31.92.250 (Amsterdam, Netherlands)

ASN20940 (AKAMAI-ASN1, US)
PTR: a184-31-92-250.deploy.static.akamaitechnologies.com

t.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 216.58.210.2 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s07-in-f2.1e100.net

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.60.216.19 (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
staticxx.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2.21.160.128 (European Union)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)

s7.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.60.216.35 (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.22.98 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra15s18-in-f2.1e100.net

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.58.208.34 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra15s12-in-f2.1e100.net

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 80.75.66.243 (United Kingdom)

ASN20860 (IOMART-AS, GB)
PTR: 80-75-66-243.civiccomputing.com

apikeys.civiccomputing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.235.205.173 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-54-235-205-173.compute-1.amazonaws.com

cdn.adsoptimal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.20.63.164 (San Francisco, United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

remote.vroptimal-3dx-assets.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
16	scammed.by 1 redirects scammed.by	246 KB
8	sharethis.com 1 redirects ws.sharethis.com l.sharethis.com t.sharethis.com	43 KB
7	here.com js.api.here.com	278 KB
4	googlesyndication.com pagead2.googlesyndication.com	120 KB
3	google.com apis.google.com adservice.google.com	63 KB
2	vroptimal-3dx-assets.com remote.vroptimal-3dx-assets.com
2	adsoptimal.com 2 redirects cdn.adsoptimal.com	993 B
2	doubleclick.net googleads.g.doubleclick.net
2	facebook.com www.facebook.com staticxx.facebook.com	200 B
2	addthis.com s7.addthis.com	186 KB
2	jquery.com code.jquery.com	111 KB
1	civiccomputing.com apikeys.civiccomputing.com	608 B
1	google.de adservice.google.de	172 B
1	facebook.net connect.facebook.net	62 KB
1	google-analytics.com www.google-analytics.com	14 KB
1	cloudflare.com ajax.cloudflare.com	3 KB
1	googleapis.com ajax.googleapis.com	5 KB
52	17

	Domain	Requested by
16	scammed.by	1 redirects scammed.by ajax.cloudflare.com
7	js.api.here.com	scammed.by ajax.cloudflare.com
4	pagead2.googlesyndication.com	ajax.cloudflare.com pagead2.googlesyndication.com
4	ws.sharethis.com	ajax.cloudflare.com ws.sharethis.com
3	l.sharethis.com	1 redirects
2	remote.vroptimal-3dx-assets.com
2	cdn.adsoptimal.com	2 redirects
2	googleads.g.doubleclick.net	pagead2.googlesyndication.com
2	s7.addthis.com	ajax.cloudflare.com s7.addthis.com
2	apis.google.com	ajax.cloudflare.com apis.google.com
2	code.jquery.com	ajax.cloudflare.com
1	apikeys.civiccomputing.com	scammed.by
1	adservice.google.com	pagead2.googlesyndication.com
1	adservice.google.de	pagead2.googlesyndication.com
1	staticxx.facebook.com	connect.facebook.net
1	www.facebook.com
1	connect.facebook.net	scammed.by
1	t.sharethis.com	scammed.by
1	www.google-analytics.com	scammed.by
1	ajax.cloudflare.com	scammed.by
1	ajax.googleapis.com	scammed.by
52	21

This site contains links to these domains. Also see Links.

Domain
twitter.com
www.openspf.org
aol.fr
support.google.com
mta1274.mail.bf1.yahoo.com
mx.aol.fr
oms-m012e.mx.aol.com
omr-m019e.mx.aol.com
omr-m019.mx.aol.com
mtaomg-aaa01.mx.aol.com
core-aba07f.mail.aol.com
core-aba07.mail.aol.com
webprd-m21.mail.aol.com
www.ascii.cl
disqus.com
www.youtube.com
www.facebook.com

Subject Issuer	Validity	Valid
sni108356.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2018-04-14` - `2018-10-21`	6 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2017-12-15` - `2019-03-22`	a year	crt.sh
*.g.doubleclick.net Google Internet Authority G3	`2018-04-24` - `2018-07-17`	3 months	crt.sh

This page contains 6 frames:

Primary Page: https://scammed.by/scam.php?id=199746
Frame ID: 3F767FF6FE263331C7C349218D0AAF09
Requests: 48 HTTP requests in this frame

Frame: https://t.sharethis.com/1/d/t.dhj?rnd=1526043920474&cid=c010&dmn=scammed.by
Frame ID: F5CF1F6CC93DAF6097635252F73CE3FE
Requests: 1 HTTP requests in this frame

Frame: https://staticxx.facebook.com/connect/xd_arbiter/r/RQ7NiRXMcYA.js?version=42
Frame ID: 7734E4970FBD34140C8C734A4DFDCF01
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20180507/r20180504/zrt_lookup.html
Frame ID: 0D17AD6FDB230E599F8ECD76E1D4611D
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/r20180507/r20180504/show_ads_impl.js
Frame ID: 254C00C7DA6D87E498889E622A13FF2E
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0835246356757158&output=html&adk=1812271804&adf=3025194257&lmt=1526043920&plat=1%3A32776%2C2%3A33800%2C8%3A32776%2C9%3A32776%2C16%3A8388608%2C26%3A32768%2C30%3A34635776&guci=1.2.0.0.2.2&format=0x0&url=https%3A%2F%2Fscammed.by%2Fscam.php%3Fid%3D199746&ea=0&flash=0&pra=5&wgl=1&adsid=NT&dt=1526043920701&bpp=20&bdt=1675&fdt=31&idt=134&shv=r20180507&cbv=r20180504&saldr=aa&correlator=5172301255860&frm=20&ga_vid=604846824.1526043920&ga_sid=1526043921&ga_hid=1738445891&ga_fc=0&pv=2&iag=3&icsg=2&nhd=1&dssz=3&mdo=0&mso=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=0&ady=0&biw=1585&bih=1200&abxe=1&scr_x=0&scr_y=0&eid=21061122%2C21061782%2C62710015%2C62710017%2C111541703&oid=3&rx=0&eae=2&fc=784&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cnr%7C&abl=CS&ppjl=u&fu=8208&bc=7&ifi=0&dtd=163
Frame ID: 0F795B4A4A74BAE5D83E4BD198C4624C
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://scammed.by/scam.php?id=199746 HTTP 301
https://scammed.by/scam.php?id=199746 Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

url /\.php(?:$|\?)/i

AddThis (Widgets) Expand

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /cloudflare/i

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^\/]*\/[a-z]*\.js/i

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /googlesyndication\.com\//i
env /^google_ad_/i
env /^__google_ad_/i
env /^Goog_AdSense_/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|(analytics))\.js/i
env /^gaGlobal$/i

Google Plus (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /apis\.google\.com\/js\/[a-z]*\.js/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery(?:\-|\.)([\d.]*\d)[^\/]*\.js/i
script /jquery.*\.js/i
env /^jQuery$/i
script /([\d.]+)\/jquery-ui(?:\.min)?\.js/i
script /jquery-ui.*\.js/i

jQuery UI (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /([\d.]+)\/jquery-ui(?:\.min)?\.js/i
script /jquery-ui.*\.js/i

Page Statistics

52
Requests

35 %
HTTPS

0 %
IPv6

17
Domains

21
Subdomains

19
IPs

5
Countries

1131 kB
Transfer

3094 kB
Size

1
Cookies

18 Outgoing links

These are links going to different origins than the main page.

URL: https://twitter.com/hashtag/199746
Title: #199746

Search URL Search Domain Scan URL

URL: http://www.openspf.org/SPF_Received_Header
Title: More info

Search URL Search Domain Scan URL

URL: http://aol.fr/
Title: aol.fr

Search URL Search Domain Scan URL

URL: https://support.google.com/mail/answer/180707?hl=en
Title: More info

Search URL Search Domain Scan URL

URL: http://mta1274.mail.bf1.yahoo.com/
Title: mta1274.mail.bf1.yahoo.com

Search URL Search Domain Scan URL

URL: http://mx.aol.fr/
Title: mx.aol.fr

Search URL Search Domain Scan URL

URL: http://oms-m012e.mx.aol.com/
Title: oms-m012e.mx.aol.com

Search URL Search Domain Scan URL

URL: http://omr-m019e.mx.aol.com/
Title: omr-m019e.mx.aol.com

Search URL Search Domain Scan URL

URL: http://omr-m019.mx.aol.com/
Title: omr-m019.mx.aol.com

Search URL Search Domain Scan URL

URL: http://mtaomg-aaa01.mx.aol.com/
Title: mtaomg-aaa01.mx.aol.com

Search URL Search Domain Scan URL

URL: http://core-aba07f.mail.aol.com/
Title: core-aba07f.mail.aol.com

Search URL Search Domain Scan URL

URL: http://core-aba07.mail.aol.com/
Title: core-aba07.mail.aol.com

Search URL Search Domain Scan URL

URL: http://webprd-m21.mail.aol.com/
Title: webprd-m21.mail.aol.com

Search URL Search Domain Scan URL

URL: http://www.ascii.cl/htmlcodes.htm
Title: ASCII characters

Search URL Search Domain Scan URL

URL: http://disqus.com/?ref_noscript
Title: http://disqus.com/?ref_noscript

Search URL Search Domain Scan URL

URL: https://www.youtube.com/playlist?list=PLltw1fmG7DbFpUwiWvHkRD9jcWs2uhIxh

Search URL Search Domain Scan URL

URL: https://www.youtube.com/watch?v=GeuPI_NTdHc

Search URL Search Domain Scan URL

URL: https://www.facebook.com/wesaynotofraud/

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://scammed.by/scam.php?id=199746 HTTP 301
https://scammed.by/scam.php?id=199746 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 21

https://l.sharethis.com/pview?event=pview&version=buttons.js&lang=en&fpc=796997b-1634f4e4826-5a8918de-1&sessionID=1526043920423.63098&hostname=scammed.by&location=%2Fscam.php&product=widget&stid=&publisher=ur.00000000-0000-0000-0000-000000000000&st_optout=false&refDomain=&refQuery=&url=https%3A%2F%2Fscammed.by%2Fscam.php%3Fid%3D199746&sharURL=&buttonType=ERROR&destination=ERROR&source=ERROR&title=Scam%20email%20-%20PLEASE%20REPLY%20AS%20SOON%20AS%20POSSIBLE!!!&ts1526043920423.0=&sop=false HTTP 301
https://l.sharethis.com/sc?cm=ZGABalr1lRAAAAASMneKAw%3D%3D&uid=true&url=https%3A%2F%2Fscammed.by%2Fscam.php%3Fid%3D199746

Request Chain 50

https://cdn.adsoptimal.com/advertisement/settings/49471.js HTTP 302
https://remote.vroptimal-3dx-assets.com/advertisement/settings/49471.js

Request Chain 51

https://cdn.adsoptimal.com/advertisement/manual.js HTTP 302
https://remote.vroptimal-3dx-assets.com/advertisement/manual.js

52 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request scam.php Show response
scammed.by/
Redirect Chain

http://scammed.by/scam.php?id=199746
https://scammed.by/scam.php?id=199746

28 KB
10 KB

263ms
241ms

Document
text/html

104.27.188.1
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://scammed.by/scam.php?id=199746

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.27.188.1 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / PHP/7.2.0beta1 ASP.NET

Resource Hash

a82ef08cdd8c71e4226d1d4eb457eea274334a04bee26519189910d71bef3d84

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; preload
X-Content-Type-Options	nosniff

Request headers

:method: GET
:authority: scammed.by
:scheme: https
:path: /scam.php?id=199746
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
accept-encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id: 3F767FF6FE263331C7C349218D0AAF09

Response headers

status: 200
date: Fri, 11 May 2018 13:05:19 GMT
content-type: text/html; charset=UTF-8
set-cookie: __cfduid=d47e6ddeed1f8f9ea3b37a4dec47d23fe1526043918; expires=Sat, 11-May-19 13:05:18 GMT; path=/; domain=.scammed.by; HttpOnly; Secure
x-powered-by: PHP/7.2.0beta1 ASP.NET
strict-transport-security: max-age=0; preload
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 4194db3c6eeb235a-FRA
content-encoding: gzip

Redirect headers

Date: Fri, 11 May 2018 13:05:18 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Fri, 11 May 2018 14:05:18 GMT
Location: https://scammed.by/scam.php?id=199746
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 4194db3c36f22684-FRA

GET
H2 200 wToywyWr31lP3LKs_8BtfBhCVC4.js Show response
scammed.by/cdn-cgi/apps/head/ 117 KB
33 KB 52ms
50ms Script
application/javascript 104.27.188.1
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://scammed.by/cdn-cgi/apps/head/wToywyWr31lP3LKs_8BtfBhCVC4.js

Requested by

Host: scammed.by
URL: https://scammed.by/scam.php?id=199746

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.27.188.1 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

c9f9153ac943d431588469318ff7b97ad2973d7d86c7ef718683f53bd1a93d12

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; preload
X-Content-Type-Options	nosniff

Request headers

:path: /cdn-cgi/apps/head/wToywyWr31lP3LKs_8BtfBhCVC4.js
pragma: no-cache
cookie: __cfduid=d47e6ddeed1f8f9ea3b37a4dec47d23fe1526043918
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
accept: */*
cache-control: no-cache
:authority: scammed.by
referer: https://scammed.by/scam.php?id=199746
:scheme: https
:method: GET
Referer: https://scammed.by/scam.php?id=199746
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

date: Fri, 11 May 2018 13:05:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
x-amz-request-id: FF1D15033E027D2D
cf-ray: 4194db3defca235a-FRA
status: 200
vary: Accept-Encoding
content-length: 33803
x-amz-id-2: PqE0roGlSz8hmIMzUI8OJIyU+ryPZp86fCmcj7BeKRE1jl3O1LwjsVVF47XN4fpiM60W8MPW3Ik=
last-modified: Thu, 21 Sep 2017 20:57:14 GMT
server: cloudflare
etag: "7af334b68c6e37216f113e117b47ecfd"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0; preload
x-amz-version-id: Vvlv7O8xwp5c7GXOKi6Tzpz93eO1.izl
cache-control: public, max-age=31536000
content-type: application/javascript; charset=utf-8

GET
H2 200 style.css
scammed.by/style/ 7 KB
2 KB 214ms
213ms Stylesheet
text/css 104.27.188.1
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://scammed.by/style/style.css

Requested by

Host: scammed.by
URL: https://scammed.by/scam.php?id=199746

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.27.188.1 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

0b54839255c52fc519c504a5808dfa4f6f152f6166430770a9100a8e6b508ed9

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; preload
X-Content-Type-Options	nosniff

Request headers

:path: /style/style.css
pragma: no-cache
cookie: __cfduid=d47e6ddeed1f8f9ea3b37a4dec47d23fe1526043918
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
accept: text/css,*/*;q=0.1
cache-control: no-cache
:authority: scammed.by
referer: https://scammed.by/scam.php?id=199746
:scheme: https
:method: GET
Referer: https://scammed.by/scam.php?id=199746
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

date: Fri, 11 May 2018 13:05:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: MISS
last-modified: Mon, 28 Aug 2017 21:07:31 GMT
server: cloudflare
x-powered-by: ASP.NET
etag: W/"34149aa94120d31:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
status: 200
cache-control: no-cache,max-age=2592000
strict-transport-security: max-age=0; preload
cf-ray: 4194db3dffcc235a-FRA

GET
S 200 jquery-ui.min.css
ajax.googleapis.com/ajax/libs/jqueryui/1.10.1/themes/base/minified/ 25 KB
5 KB 7ms
6ms Stylesheet
text/css 216.58.210.10
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jqueryui/1.10.1/themes/base/minified/jquery-ui.min.css

Requested by

Host: scammed.by
URL: https://scammed.by/scam.php?id=199746

Protocol

SPDY

Server

216.58.210.10 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s07-in-f10.1e100.net

Software

sffe /

Resource Hash

e2999a2b3a79ff5d44f11ee36fa64074a1d4cac8f2418515f5a8c532d5dffb78

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://scammed.by/scam.php?id=199746
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

date: Mon, 12 Feb 2018 20:25:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 7576785
status: 200
alt-svc: hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length: 4760
x-xss-protection: 1; mode=block
last-modified: Tue, 20 Dec 2016 18:17:03 GMT
server: sffe
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 12 Feb 2019 20:25:34 GMT

GET
H/1.1 200
OK mapsjs-ui.css
js.api.here.com/v3/3.0/ 12 KB
3 KB 28ms
6ms Stylesheet
text/css 2.19.32.51
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://js.api.here.com/v3/3.0/mapsjs-ui.css
Requested by: Host: scammed.by
URL: https://scammed.by/scam.php?id=199746
Protocol: HTTP/1.1
Server: 2.19.32.51 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: Apache /
Resource Hash: 3bb5ec5a4012e4892b9432b94b2d0a29cf90311bf636497eaaa4e51315951b53

Request headers

Referer: https://scammed.by/scam.php?id=199746
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date: Fri, 11 May 2018 13:05:19 GMT
Content-Encoding: gzip
Last-Modified: Thu, 25 Jan 2018 15:51:39 GMT
Server: Apache
ETag: "1ac8f39099fb9da745ca3ca1642bce7f:1517390907"
Vary: Accept-Encoding
Content-Type: text/css
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2994

GET
H2 200 logon.png
scammed.by/ 14 KB
14 KB 193ms
193ms Image
image/png 104.27.188.1
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://scammed.by/logon.png

Requested by

Host: scammed.by
URL: https://scammed.by/scam.php?id=199746

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.27.188.1 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

5a7a86e84b1ebca2888d0778e4e8f4e5b1528075bdbb63e0cad1b87c24271f0d

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; preload
X-Content-Type-Options	nosniff

Request headers

:path: /logon.png
pragma: no-cache
cookie: __cfduid=d47e6ddeed1f8f9ea3b37a4dec47d23fe1526043918
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: scammed.by
referer: https://scammed.by/scam.php?id=199746
:scheme: https
:method: GET
Referer: https://scammed.by/scam.php?id=199746
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

date: Fri, 11 May 2018 13:05:19 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
x-powered-by: ASP.NET
status: 200
vary: Accept-Encoding
content-length: 14669
last-modified: Sat, 25 Feb 2017 01:35:22 GMT
server: cloudflare
etag: "ae128b6e78fd21:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0; preload
content-type: image/png
cache-control: no-cache,max-age=2592000
accept-ranges: bytes
cf-ray: 4194db3dffcd235a-FRA

GET
H2 200 tsb.png
scammed.by/img/ 25 KB
25 KB 274ms
272ms Image
image/png 104.27.188.1
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://scammed.by/img/tsb.png

Requested by

Host: scammed.by
URL: https://scammed.by/scam.php?id=199746

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.27.188.1 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

bedf011bf35ff35b6aa49777e7f70d129aaec45ce6075c8a20e954c5ee88e294

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; preload
X-Content-Type-Options	nosniff

Request headers

:path: /img/tsb.png
pragma: no-cache
cookie: __cfduid=d47e6ddeed1f8f9ea3b37a4dec47d23fe1526043918
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: scammed.by
referer: https://scammed.by/scam.php?id=199746
:scheme: https
:method: GET
Referer: https://scammed.by/scam.php?id=199746
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

date: Fri, 11 May 2018 13:05:19 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
x-powered-by: ASP.NET
status: 200
vary: Accept-Encoding
content-length: 25620
last-modified: Sat, 28 Jan 2017 21:38:31 GMT
server: cloudflare
etag: "86fba2deae79d21:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0; preload
content-type: image/png
cache-control: no-cache,max-age=2592000
accept-ranges: bytes
cf-ray: 4194db3e3804235a-FRA

GET
H2 200 cole%202.png
scammed.by/img/ 17 KB
17 KB 1067ms
1066ms Image
image/png 104.27.188.1
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://scammed.by/img/cole%202.png

Requested by

Host: scammed.by
URL: https://scammed.by/scam.php?id=199746

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.27.188.1 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

4f0254b3ccd8c874b124afa6df5168b91c0b90b73710dc04c3cc955b0d120c04

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; preload
X-Content-Type-Options	nosniff

Request headers

:path: /img/cole%202.png
pragma: no-cache
cookie: __cfduid=d47e6ddeed1f8f9ea3b37a4dec47d23fe1526043918
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: scammed.by
referer: https://scammed.by/scam.php?id=199746
:scheme: https
:method: GET
Referer: https://scammed.by/scam.php?id=199746
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

date: Fri, 11 May 2018 13:05:20 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
x-powered-by: ASP.NET
status: 200
vary: Accept-Encoding
content-length: 17625
last-modified: Sat, 28 Jan 2017 21:25:39 GMT
server: cloudflare
etag: "96674d12ad79d21:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0; preload
content-type: image/png
cache-control: no-cache,max-age=2592000
accept-ranges: bytes
cf-ray: 4194db3e3805235a-FRA

GET
H2 200 rebait.png
scammed.by/img/ 21 KB
21 KB 260ms
259ms Image
image/png 104.27.188.1
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://scammed.by/img/rebait.png

Requested by

Host: scammed.by
URL: https://scammed.by/scam.php?id=199746

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.27.188.1 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

87968ab2067d06814b3e47c8763d83088b6fe448ff5312ccc9777e564e84ffa0

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; preload
X-Content-Type-Options	nosniff

Request headers

:path: /img/rebait.png
pragma: no-cache
cookie: __cfduid=d47e6ddeed1f8f9ea3b37a4dec47d23fe1526043918
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: scammed.by
referer: https://scammed.by/scam.php?id=199746
:scheme: https
:method: GET
Referer: https://scammed.by/scam.php?id=199746
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

date: Fri, 11 May 2018 13:05:19 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
x-powered-by: ASP.NET
status: 200
vary: Accept-Encoding
content-length: 21564
last-modified: Sat, 28 Jan 2017 21:21:22 GMT
server: cloudflare
etag: "2e4b9e79ac79d21:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0; preload
content-type: image/png
cache-control: no-cache,max-age=2592000
accept-ranges: bytes
cf-ray: 4194db3e3806235a-FRA

GET
H2 200 cole.png
scammed.by/img/ 23 KB
23 KB 255ms
254ms Image
image/png 104.27.188.1
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://scammed.by/img/cole.png

Requested by

Host: scammed.by
URL: https://scammed.by/scam.php?id=199746

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.27.188.1 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

ba41b333b3a6f37dfa60153ad40a6eef7080565f79c645ec1a03751c2f97fa4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; preload
X-Content-Type-Options	nosniff

Request headers

:path: /img/cole.png
pragma: no-cache
cookie: __cfduid=d47e6ddeed1f8f9ea3b37a4dec47d23fe1526043918
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: scammed.by
referer: https://scammed.by/scam.php?id=199746
:scheme: https
:method: GET
Referer: https://scammed.by/scam.php?id=199746
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

date: Fri, 11 May 2018 13:05:19 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
x-powered-by: ASP.NET
status: 200
vary: Accept-Encoding
content-length: 23250
last-modified: Sat, 28 Jan 2017 21:23:41 GMT
server: cloudflare
etag: "c2e563ccac79d21:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0; preload
content-type: image/png
cache-control: no-cache,max-age=2592000
accept-ranges: bytes
cf-ray: 4194db3e3807235a-FRA

GET
H2 200 butch.png
scammed.by/img/ 22 KB
22 KB 274ms
273ms Image
image/png 104.27.188.1
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://scammed.by/img/butch.png

Requested by

Host: scammed.by
URL: https://scammed.by/scam.php?id=199746

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.27.188.1 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

cddc13f2b406c42d3fd25cdeb5e7dd2c644ccf8d68b2c78b714355e9a9d41150

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; preload
X-Content-Type-Options	nosniff

Request headers

:path: /img/butch.png
pragma: no-cache
cookie: __cfduid=d47e6ddeed1f8f9ea3b37a4dec47d23fe1526043918
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: scammed.by
referer: https://scammed.by/scam.php?id=199746
:scheme: https
:method: GET
Referer: https://scammed.by/scam.php?id=199746
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

date: Fri, 11 May 2018 13:05:19 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
x-powered-by: ASP.NET
status: 200
vary: Accept-Encoding
content-length: 22317
last-modified: Sat, 28 Jan 2017 21:30:13 GMT
server: cloudflare
etag: "80fc14b6ad79d21:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0; preload
content-type: image/png
cache-control: no-cache,max-age=2592000
accept-ranges: bytes
cf-ray: 4194db3e3808235a-FRA

GET
H2 200 anus.png
scammed.by/img/ 31 KB
31 KB 258ms
257ms Image
image/png 104.27.188.1
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://scammed.by/img/anus.png

Requested by

Host: scammed.by
URL: https://scammed.by/scam.php?id=199746

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.27.188.1 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

cddf89e8c7a02ae35f48126518c828340ec3158e6f1d973997a841ccaa105607

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; preload
X-Content-Type-Options	nosniff

Request headers

:path: /img/anus.png
pragma: no-cache
cookie: __cfduid=d47e6ddeed1f8f9ea3b37a4dec47d23fe1526043918
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: scammed.by
referer: https://scammed.by/scam.php?id=199746
:scheme: https
:method: GET
Referer: https://scammed.by/scam.php?id=199746
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

date: Fri, 11 May 2018 13:05:19 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
x-powered-by: ASP.NET
status: 200
vary: Accept-Encoding
content-length: 31996
last-modified: Sat, 28 Jan 2017 21:32:08 GMT
server: cloudflare
etag: "907d47faad79d21:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0; preload
content-type: image/png
cache-control: no-cache,max-age=2592000
accept-ranges: bytes
cf-ray: 4194db3e3809235a-FRA

GET
H2 200 script.png
scammed.by/img/ 15 KB
15 KB 244ms
243ms Image
image/png 104.27.188.1
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://scammed.by/img/script.png

Requested by

Host: scammed.by
URL: https://scammed.by/scam.php?id=199746

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.27.188.1 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

f82d31794273d8e1b83f257fec1ecd99a833a02e3fbb1a94848b70771988afcd

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; preload
X-Content-Type-Options	nosniff

Request headers

:path: /img/script.png
pragma: no-cache
cookie: __cfduid=d47e6ddeed1f8f9ea3b37a4dec47d23fe1526043918
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: scammed.by
referer: https://scammed.by/scam.php?id=199746
:scheme: https
:method: GET
Referer: https://scammed.by/scam.php?id=199746
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

date: Fri, 11 May 2018 13:05:19 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
x-powered-by: ASP.NET
status: 200
vary: Accept-Encoding
content-length: 15334
last-modified: Sat, 28 Jan 2017 21:35:35 GMT
server: cloudflare
etag: "8155aa75ae79d21:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0; preload
content-type: image/png
cache-control: no-cache,max-age=2592000
accept-ranges: bytes
cf-ray: 4194db3e380b235a-FRA

GET
H2 200 fb.png
scammed.by/img/ 11 KB
12 KB 240ms
239ms Image
image/png 104.27.188.1
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://scammed.by/img/fb.png

Requested by

Host: scammed.by
URL: https://scammed.by/scam.php?id=199746

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.27.188.1 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

27a6be8425578376b41c169c706a00107f10057bae4bb15a7b771e626cd801fd

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; preload
X-Content-Type-Options	nosniff

Request headers

:path: /img/fb.png
pragma: no-cache
cookie: __cfduid=d47e6ddeed1f8f9ea3b37a4dec47d23fe1526043918
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: scammed.by
referer: https://scammed.by/scam.php?id=199746
:scheme: https
:method: GET
Referer: https://scammed.by/scam.php?id=199746
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

date: Fri, 11 May 2018 13:05:19 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
x-powered-by: ASP.NET
status: 200
vary: Accept-Encoding
content-length: 11689
last-modified: Sat, 28 Jan 2017 20:18:28 GMT
server: cloudflare
etag: "c177e4afa379d21:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0; preload
content-type: image/png
cache-control: no-cache,max-age=2592000
accept-ranges: bytes
cf-ray: 4194db3e380c235a-FRA

GET
S 200 rocket-loader.min.js Show response
ajax.cloudflare.com/cdn-cgi/scripts/dba9ecf7/cloudflare-static/ 10 KB
3 KB 11ms
10ms Script
application/javascript 104.19.198.151
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.cloudflare.com/cdn-cgi/scripts/dba9ecf7/cloudflare-static/rocket-loader.min.js

Requested by

Host: scammed.by
URL: https://scammed.by/scam.php?id=199746

Protocol

SPDY

Server

104.19.198.151 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare-nginx /

Resource Hash

860a4ac266cc9fe9fb1a29c34eb6e604ffd80bc23575f6ef991945414bf301e7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://scammed.by/scam.php?id=199746
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

date: Fri, 11 May 2018 13:05:19 GMT
content-encoding: gzip
last-modified: Wed, 09 May 2018 11:00:10 GMT
server: cloudflare-nginx
etag: W/"5af2d4ba-26aa"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: SAMEORIGIN
content-type: application/javascript
status: 200
cache-control: max-age=172800, public
strict-transport-security: max-age=15780000; includeSubDomains
cf-ray: 4194db3f4bf4276e-FRA
expires: Sun, 13 May 2018 13:05:19 GMT

GET
DATA 200
OK truncated
/ 4 KB
0 Stylesheet
text/css

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 355e349063e35aa54800572cbe95855638c31284b070ffd976d4c8e1de3753c0

Request headers

Response headers

Access-Control-Allow-Origin: *
Content-Type: text/css;charset=utf-8

GET
H2 200 vudZceKNOOLRZxcaP6mwl0rZHUo.js Show response
scammed.by/cdn-cgi/apps/body/ 18 KB
8 KB 48ms
48ms Script
application/javascript 104.27.188.1
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://scammed.by/cdn-cgi/apps/body/vudZceKNOOLRZxcaP6mwl0rZHUo.js

Requested by

Host: scammed.by
URL: https://scammed.by/cdn-cgi/apps/head/wToywyWr31lP3LKs_8BtfBhCVC4.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.27.188.1 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

792c4f6798de7b418be52a9956d529475c5e70c47741e5e413c535c11c1e8b70

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; preload
X-Content-Type-Options	nosniff

Request headers

:path: /cdn-cgi/apps/body/vudZceKNOOLRZxcaP6mwl0rZHUo.js
pragma: no-cache
cookie: __cfduid=d47e6ddeed1f8f9ea3b37a4dec47d23fe1526043918
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
accept: */*
cache-control: no-cache
:authority: scammed.by
referer: https://scammed.by/scam.php?id=199746
:scheme: https
:method: GET
Referer: https://scammed.by/scam.php?id=199746
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

date: Fri, 11 May 2018 13:05:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
x-amz-request-id: 2D23F8B38AC4B7CB
cf-ray: 4194db3e681d235a-FRA
status: 200
vary: Accept-Encoding
content-length: 7839
x-amz-id-2: MI1snxyfXwZ1nO1QOPfE2heTrUtOkEpA/RYiK/eEvVGZb5qK6HfEUAgEoVdz4uAeU/KhBK0Rwnk=
last-modified: Thu, 21 Sep 2017 20:57:13 GMT
server: cloudflare
etag: "b1c509b1b4f3c1618f0b120528907092"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=0; preload
x-amz-version-id: U1fpMbX9UedFn4HG6iSn1vTZSzWlObS6
cache-control: public, max-age=31536000
content-type: application/javascript; charset=utf-8

GET
H/1.1 200
OK jquery-1.9.1.min.js Show response
code.jquery.com/ 90 KB
38 KB 21ms
7ms Script
application/javascript 205.185.208.52
Highwinds Network...

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-1.9.1.min.js
Requested by: Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/dba9ecf7/cloudflare-static/rocket-loader.min.js
Protocol: HTTP/1.1
Server: 205.185.208.52 Phoenix, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS: vip052.ssl.hwcdn.net
Software: nginx /
Resource Hash: c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4

Request headers

Referer: https://scammed.by/scam.php?id=199746
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date: Fri, 11 May 2018 13:05:20 GMT
Content-Encoding: gzip
Last-Modified: Fri, 24 Oct 2014 00:16:07 GMT
Server: nginx
ETag: W/"54499a47-169d5"
Vary
X-HW: 1526043920.dop004.fr8.shc,1526043920.dop004.fr8.t,1526043920.cds018.fr8.c
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=315360000, public
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 37959

GET
H/1.1 200
OK jquery-ui.min.js Show response
code.jquery.com/ui/1.10.1/ 223 KB
73 KB 7ms
7ms Script
application/javascript 205.185.208.52
Highwinds Network...

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/ui/1.10.1/jquery-ui.min.js
Requested by: Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/dba9ecf7/cloudflare-static/rocket-loader.min.js
Protocol: HTTP/1.1
Server: 205.185.208.52 Phoenix, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS: vip052.ssl.hwcdn.net
Software: nginx /
Resource Hash: 3679277f52d43f71877718d642081af762cc75a536fbf824ce82143be81fcb63

Request headers

Referer: https://scammed.by/scam.php?id=199746
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date: Fri, 11 May 2018 13:05:20 GMT
Content-Encoding: gzip
Last-Modified: Fri, 24 Oct 2014 00:16:08 GMT
Server: nginx
ETag: W/"54499a48-37aef"
Vary
X-HW: 1526043920.dop004.fr8.shc,1526043920.dop004.fr8.t,1526043920.cds027.fr8.c
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=315360000, public
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 74694

GET
H2 200 homeSearch.js Show response
scammed.by/js/ 6 KB
1 KB 175ms
175ms Script
application/javascript 104.27.188.1
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://scammed.by/js/homeSearch.js

Requested by

Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/dba9ecf7/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.27.188.1 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

4271d882aaee9fc5efd17ae0356bfdd44242e285e5eb2c643a65ba17b7024799

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; preload
X-Content-Type-Options	nosniff

Request headers

:path: /js/homeSearch.js
pragma: no-cache
cookie: __cfduid=d47e6ddeed1f8f9ea3b37a4dec47d23fe1526043918
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
accept: */*
cache-control: no-cache
:authority: scammed.by
referer: https://scammed.by/scam.php?id=199746
:scheme: https
:method: GET
Referer: https://scammed.by/scam.php?id=199746
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

date: Fri, 11 May 2018 13:05:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: MISS
last-modified: Sun, 27 Aug 2017 21:33:29 GMT
server: cloudflare
x-powered-by: ASP.NET
etag: W/"8575fd1f7c1fd31:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: no-cache,max-age=2592000
strict-transport-security: max-age=0; preload
cf-ray: 4194db455c7d235a-FRA

GET
H/1.1 200
OK buttons.js Show response
ws.sharethis.com/button/ 54 KB
15 KB 20ms
6ms Script
application/javascript 23.67.137.77
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ws.sharethis.com/button/buttons.js
Requested by: Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/dba9ecf7/cloudflare-static/rocket-loader.min.js
Protocol: HTTP/1.1
Server: 23.67.137.77 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a23-67-137-77.deploy.static.akamaitechnologies.com
Software: nginx/1.12.2 /
Resource Hash: ed2df96374d00046d9b45ea6726a13df2910842683362048a9928723ea6ea5e4

Request headers

Referer: https://scammed.by/scam.php?id=199746
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date: Fri, 11 May 2018 13:05:20 GMT
Content-Encoding: gzip
Server: nginx/1.12.2
ETag: W/"5ae7f7ef-d7db"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=76050
Connection: keep-alive
Content-Length: 15128
Expires: Sat, 12 May 2018 10:12:50 GMT

GET
H/1.1 200
OK async-buttons.js Show response
ws.sharethis.com/button/ 90 KB
19 KB 7ms
6ms Script
application/javascript 23.67.137.77
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ws.sharethis.com/button/async-buttons.js
Requested by: Host: ws.sharethis.com
URL: https://ws.sharethis.com/button/buttons.js
Protocol: HTTP/1.1
Server: 23.67.137.77 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a23-67-137-77.deploy.static.akamaitechnologies.com
Software: nginx/1.12.2 /
Resource Hash: 425b8287dc1e976317d293f7630c4a15f58c5978c9d73f7a49bee0a75de04164

Request headers

Referer: https://scammed.by/scam.php?id=199746
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date: Fri, 11 May 2018 13:05:20 GMT
Content-Encoding: gzip
Server: nginx/1.12.2
ETag: W/"5ae7f822-1686e"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=76628
Connection: keep-alive
Content-Length: 19076
Expires: Sat, 12 May 2018 10:22:28 GMT

GET
H/1.1

301
Moved Permanently

sc Show response
l.sharethis.com/
Redirect Chain

https://l.sharethis.com/pview?event=pview&version=buttons.js&lang=en&fpc=796997b-1634f4e4826-5a8918de-1&sessionID=1526043920423.63098&hostname=scammed.by&location=%2Fscam.php&product=widget&stid=&p...
https://l.sharethis.com/sc?cm=ZGABalr1lRAAAAASMneKAw%3D%3D&uid=true&url=https%3A%2F%2Fscammed.by%2Fscam.php%3Fid%3D199746

0
-1 B

30ms
6ms

XHR
text/html

18.195.89.79
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://l.sharethis.com/sc?cm=ZGABalr1lRAAAAASMneKAw%3D%3D&uid=true&url=https%3A%2F%2Fscammed.by%2Fscam.php%3Fid%3D199746
Protocol: HTTP/1.1
Server: 18.195.89.79 Cambridge, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-18-195-89-79.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://scammed.by/scam.php?id=199746
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date: Fri, 11 May 2018 13:05:20 GMT
Access-Control-Allow-Origin: https://scammed.by
Access-Control-Max-Age: 1728000
P3p: policyref="/w3c/p3p.xml", CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT DEM"
Location: /sc?cm=ZGABalr1lRAAAAASMneKAw%3D%3D&uid=true&url=https%3A%2F%2Fscammed.by%2Fscam.php%3Fid%3D199746
Access-Control-Expose-Headers: stid
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Headers: *
Content-Length: 141
Stid: ZGABalr1lRAAAAASMneKAw==

Redirect headers

Date: Fri, 11 May 2018 13:05:20 GMT
Access-Control-Allow-Origin: https://scammed.by
Access-Control-Max-Age: 1728000
P3p: policyref="/w3c/p3p.xml", CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT DEM"
Location: /sc?cm=ZGABalr1lRAAAAASMneKAw%3D%3D&uid=true&url=https%3A%2F%2Fscammed.by%2Fscam.php%3Fid%3D199746
Access-Control-Expose-Headers: stid
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Headers: *
Content-Length: 141
Stid: ZGABalr1lRAAAAASMneKAw==

GET
S 200 plusone.js Show response
apis.google.com/js/ 43 KB
17 KB 31ms
31ms Script
application/javascript 172.217.18.174
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/js/plusone.js

Requested by

Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/dba9ecf7/cloudflare-static/rocket-loader.min.js

Protocol

SPDY

Server

172.217.18.174 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s29-in-f14.1e100.net

Software

ESF /

Resource Hash

2d85499c19b93ba63472065a5ed8d79b1f8a2ec29618eba61760850f6cfb8d9e

Security Headers

Name	Value
Content-Security-Policy	script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.gstatic.com https://www.google-analytics.com https://pagead2.googleadservices.com https://pagead2.googlesyndication.com https://tpc.googlesyndication.com https://s.ytimg.com https://www.youtube.com;report-uri /_/cspreport/es_oz_20180507.12_p0
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://scammed.by/scam.php?id=199746
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

content-security-policy: script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.gstatic.com https://www.google-analytics.com https://pagead2.googleadservices.com https://pagead2.googlesyndication.com https://tpc.googlesyndication.com https://s.ytimg.com https://www.youtube.com;report-uri /_/cspreport/es_oz_20180507.12_p0
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
status: 200
alt-svc: hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge, chrome=1
server: ESF
x-frame-options: SAMEORIGIN
date: Fri, 11 May 2018 13:05:20 GMT
strict-transport-security: max-age=31536000
content-type: application/javascript; charset=utf-8
cache-control: private, max-age=1800, stale-while-revalidate=1800
etag: "400059588c20b00bfb0688ca9293585a"
timing-allow-origin: *
expires: Fri, 11 May 2018 13:05:20 GMT

GET
H/1.1 200
OK buttons-secure.css
ws.sharethis.com/button/css/ 23 KB
4 KB 6ms
6ms Stylesheet
text/css 23.67.137.77
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ws.sharethis.com/button/css/buttons-secure.css
Requested by: Host: ws.sharethis.com
URL: https://ws.sharethis.com/button/async-buttons.js
Protocol: HTTP/1.1
Server: 23.67.137.77 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a23-67-137-77.deploy.static.akamaitechnologies.com
Software: nginx/1.12.2 /
Resource Hash: 95dc1b83a7c030dd13ab3e29df921f10e04208b28734f172ea232854264c3b05

Request headers

Referer: https://scammed.by/scam.php?id=199746
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date: Fri, 11 May 2018 13:05:20 GMT
Content-Encoding: gzip
Last-Modified: Tue, 01 May 2018 05:16:19 GMT
Server: nginx/1.12.2
ETag: W/"5ae7f823-5a76"
Vary: Accept-Encoding
Content-Type: text/css
Connection: keep-alive
Content-Length: 3851

GET
H/1.1 200
OK sc Show response
l.sharethis.com/ 80 B
488 B 8ms
7ms XHR
application/json 18.195.89.79
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://l.sharethis.com/sc?cm=ZGABalr1lRAAAAASMneKAw%3D%3D&uid=true&url=https%3A%2F%2Fscammed.by%2Fscam.php%3Fid%3D199746
Protocol: HTTP/1.1
Server: 18.195.89.79 Cambridge, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-18-195-89-79.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: c8d31e9fdb84a2135ac0515d1335ef9d880d558ccc843fd40ad141212111a057

Request headers

X-DevTools-Emulate-Network-Conditions-Client-Id: 3F767FF6FE263331C7C349218D0AAF09
Origin: https://scammed.by
Referer: https://scammed.by/scam.php?id=199746
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date: Fri, 11 May 2018 13:05:20 GMT
Access-Control-Max-Age: 1728000
Content-Type: application/json
Access-Control-Allow-Origin: https://scammed.by
Access-Control-Expose-Headers: stid
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Stid: ZGABalr1lRAAAAASMneKAw==
Access-Control-Allow-Headers: *
Content-Length: 80

GET
S 200 cb=gapi.loaded_0 Show response
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.mpnXDkj5VSI.O/m=plusone/rt=j/sv=1/d=1/ed=1/am=QQE/rs=AGLTcCMHn1yP0EjQfyt76Qs0lgnoOxUpQA/ 131 KB
46 KB 6ms
6ms Script
text/javascript 172.217.18.174
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.mpnXDkj5VSI.O/m=plusone/rt=j/sv=1/d=1/ed=1/am=QQE/rs=AGLTcCMHn1yP0EjQfyt76Qs0lgnoOxUpQA/cb=gapi.loaded_0

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/plusone.js

Protocol

SPDY

Server

172.217.18.174 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s29-in-f14.1e100.net

Software

sffe /

Resource Hash

d0d56869aa37b3a2b86a60c228065dcd286ca3b449cf8c024b4caaf202d346b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://scammed.by/scam.php?id=199746
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

date: Wed, 09 May 2018 17:27:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 07 May 2018 22:41:40 GMT
server: sffe
age: 157092
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
status: 200
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
alt-svc: hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length: 46575
x-xss-protection: 1; mode=block
expires: Thu, 09 May 2019 17:27:08 GMT

GET
S 200 analytics.js Show response
www.google-analytics.com/ 34 KB
14 KB 6ms
6ms Script
text/javascript 172.217.18.14
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: scammed.by
URL: https://scammed.by/scam.php?id=199746

Protocol

SPDY

Server

172.217.18.14 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra02s19-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

2218bbf47b340278b7b696dbe3af4eed89edffa709c19abd6747b18147c3a675

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://scammed.by/scam.php?id=199746
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 12 Apr 2018 18:13:11 GMT
server: Golfe2
age: 553
date: Fri, 11 May 2018 12:56:07 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
timing-allow-origin: *
alt-svc: hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length: 14353
expires: Fri, 11 May 2018 14:56:07 GMT

GET
H/1.1 200
OK mapsjs-core.js Show response
js.api.here.com/v3/3.0/ 225 KB
81 KB 13ms
13ms Script
application/x-javascript 2.19.32.51
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://js.api.here.com/v3/3.0/mapsjs-core.js
Requested by: Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/dba9ecf7/cloudflare-static/rocket-loader.min.js
Protocol: HTTP/1.1
Server: 2.19.32.51 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: Apache /
Resource Hash: 12ec2e3a43afa6cdbe5d654d922d54da418ce3bf5d26b4a9f2f356f22e1b70ad

Request headers

Referer: https://scammed.by/scam.php?id=199746
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date: Fri, 11 May 2018 13:05:20 GMT
Content-Encoding: gzip
Last-Modified: Wed, 31 Jan 2018 09:28:29 GMT
Server: Apache
ETag: "3e4acd73bd01e232a294916a2575200f:1517390907"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Transfer-Encoding: chunked
Connection: keep-alive, Transfer-Encoding
Accept-Ranges: bytes

GET
H/1.1 200
OK p.js Show response
ws.sharethis.com/button/ 3 KB
1 KB 6ms
6ms Script
application/javascript 23.67.137.77
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ws.sharethis.com/button/p.js
Requested by: Host: ws.sharethis.com
URL: https://ws.sharethis.com/button/buttons.js
Protocol: HTTP/1.1
Server: 23.67.137.77 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a23-67-137-77.deploy.static.akamaitechnologies.com
Software: nginx/1.12.2 /
Resource Hash: 753ae66529a5ba45f428bc65a6dec5570e85f7faa3703f12c8b9bb22c6b9ceb0

Request headers

Referer: https://scammed.by/scam.php?id=199746
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date: Fri, 11 May 2018 13:05:20 GMT
Content-Encoding: gzip
Server: nginx/1.12.2
ETag: W/"5ae7f7f2-b81"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=76619
Connection: keep-alive
Content-Length: 1157
Expires: Sat, 12 May 2018 10:22:19 GMT

GET
H/1.1 200
OK t.dhj Show response
t.sharethis.com/1/d/ Frame F5CF 0
2 KB 27ms
6ms Script
text/html 184.31.92.250
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://t.sharethis.com/1/d/t.dhj?rnd=1526043920474&cid=c010&dmn=scammed.by
Requested by: Host: scammed.by
URL: https://scammed.by/scam.php?id=199746
Protocol: HTTP/1.1
Server: 184.31.92.250 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a184-31-92-250.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://scammed.by/scam.php?id=199746
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Cache-Control: private, max-age=3600
Last-Modified: Fri, 11 May 2018 12:48:49 GMT
Content-Type: text/html
Expires: Fri, 11 May 2018 14:05:20 GMT

GET
H/1.1 200
OK mapsjs-service.js Show response
js.api.here.com/v3/3.0/ 76 KB
25 KB 9ms
9ms Script
application/x-javascript 2.19.32.51
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://js.api.here.com/v3/3.0/mapsjs-service.js
Requested by: Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/dba9ecf7/cloudflare-static/rocket-loader.min.js
Protocol: HTTP/1.1
Server: 2.19.32.51 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: Apache /
Resource Hash: b604c326ef430c9a4bb7ce73fa11d30051a26f2af321b5dc253675b23a661668

Request headers

Referer: https://scammed.by/scam.php?id=199746
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date: Fri, 11 May 2018 13:05:20 GMT
Content-Encoding: gzip
Last-Modified: Wed, 31 Jan 2018 09:28:29 GMT
Server: Apache
ETag: "6d439d6a5848cedead24449188a05e8f:1517390907"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 24964

GET
H/1.1 200
OK mapsjs-mapevents.js Show response
js.api.here.com/v3/3.0/ 16 KB
6 KB 7ms
6ms Script
application/x-javascript 2.19.32.51
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://js.api.here.com/v3/3.0/mapsjs-mapevents.js
Requested by: Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/dba9ecf7/cloudflare-static/rocket-loader.min.js
Protocol: HTTP/1.1
Server: 2.19.32.51 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: Apache /
Resource Hash: eefe9341d1561a79c89cb27edd0e4f856f319e11c5635408896fd94c93f7ee37

Request headers

Referer: https://scammed.by/scam.php?id=199746
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date: Fri, 11 May 2018 13:05:20 GMT
Content-Encoding: gzip
Last-Modified: Wed, 31 Jan 2018 09:28:29 GMT
Server: Apache
ETag: "2645d1fb8f34dfad2b50c8e017880437:1517390907"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 5476

GET
H/1.1 200
OK mapsjs-ui.js Show response
js.api.here.com/v3/3.0/ 79 KB
23 KB 9ms
9ms Script
application/x-javascript 2.19.32.51
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://js.api.here.com/v3/3.0/mapsjs-ui.js
Requested by: Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/dba9ecf7/cloudflare-static/rocket-loader.min.js
Protocol: HTTP/1.1
Server: 2.19.32.51 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: Apache /
Resource Hash: 28530cfdbf9598d46404bf17164265adb4e96ee723e428c79471b0d97bb315c2

Request headers

Referer: https://scammed.by/scam.php?id=199746
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date: Fri, 11 May 2018 13:05:20 GMT
Content-Encoding: gzip
Last-Modified: Wed, 31 Jan 2018 09:28:29 GMT
Server: Apache
ETag: "fb1c3c9e4000423a49dcddcc442c4013:1517390907"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 23207

GET
H/1.1 200
OK mapsjs-pano.js Show response
js.api.here.com/v3/3.0/ 403 KB
135 KB 14ms
13ms Script
application/x-javascript 2.19.32.51
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://js.api.here.com/v3/3.0/mapsjs-pano.js
Requested by: Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/dba9ecf7/cloudflare-static/rocket-loader.min.js
Protocol: HTTP/1.1
Server: 2.19.32.51 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: Apache /
Resource Hash: b149a8485ef3d5aacf8ed75d939ab2902e051efba3185123c5f1beb574d72326

Request headers

Referer: https://scammed.by/scam.php?id=199746
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date: Fri, 11 May 2018 13:05:20 GMT
Content-Encoding: gzip
Last-Modified: Wed, 31 Jan 2018 09:28:29 GMT
Server: Apache
ETag: "a07b71ce91db5bbdf6133e8281c307bc:1517390907"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Transfer-Encoding: chunked
Connection: keep-alive, Transfer-Encoding
Accept-Ranges: bytes

GET
H/1.1 200
OK mapsjs-clustering.js Show response
js.api.here.com/v3/3.0/ 14 KB
5 KB 7ms
7ms Script
application/x-javascript 2.19.32.51
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://js.api.here.com/v3/3.0/mapsjs-clustering.js
Requested by: Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/dba9ecf7/cloudflare-static/rocket-loader.min.js
Protocol: HTTP/1.1
Server: 2.19.32.51 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: Apache /
Resource Hash: 9fa4534858d745ff92a99462c492bbccd27e5e1c936085bcd5ab5c64d11f59b7

Request headers

Referer: https://scammed.by/scam.php?id=199746
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date: Fri, 11 May 2018 13:05:20 GMT
Content-Encoding: gzip
Last-Modified: Wed, 31 Jan 2018 09:28:29 GMT
Server: Apache
ETag: "1dbedd92992669c3da392d11011d607a:1517390907"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 5164

GET
S 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 74 KB
27 KB 24ms
22ms Script
text/javascript 216.58.210.2
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/dba9ecf7/cloudflare-static/rocket-loader.min.js

Protocol

SPDY

Server

216.58.210.2 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s07-in-f2.1e100.net

Software

cafe /

Resource Hash

92cdb21affc7086cfbc6fb328872fe4dc70c6b5020cb68178b39ec0cb3a89891

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://scammed.by/scam.php?id=199746
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

date: Fri, 11 May 2018 13:05:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: hq="googleads.g.doubleclick.net:443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="43,42,41,39,35",hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length: 27869
x-xss-protection: 1; mode=block
server: cafe
etag: 5515108825209031048
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 11 May 2018 13:05:20 GMT

GET
S 200 all.js Show response
connect.facebook.net/en_GB/ 206 KB
62 KB 8ms
6ms Script
application/x-javascript 185.60.216.19
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_GB/all.js

Requested by

Host: scammed.by
URL: https://scammed.by/scam.php?id=199746

Protocol

SPDY

Server

185.60.216.19 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

51097c9830a99d7b84dacc427cdf726a06e26f0f265ed31745e675dbf9759092

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://scammed.by/scam.php?id=199746
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: fVJqzdosWHydsHuFF8peVw==
status: 200
content-length: 63261
x-xss-protection: 0
x-fb-debug: nhL5IxkwBmUgmru2OCfWGX64N+cEji+DiDuGEidmnmH458eCLfmV2n3TEslc7EDvD0hphKesQlRdt65baWILPA==
x-fb-content-md5: 9d302515b071d45fcec083dc30a115bd
x-frame-options: DENY
date: Fri, 11 May 2018 13:05:20 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
etag: "1c23db35f09e96ba7b6e60b33615c2f6"
timing-allow-origin: *
expires: Fri, 11 May 2018 13:17:50 GMT

GET
S 200 addthis_widget.js Show response
s7.addthis.com/js/300/ 350 KB
112 KB 39ms
14ms Script
application/javascript 2.21.160.128
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://s7.addthis.com/js/300/addthis_widget.js
Requested by: Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/dba9ecf7/cloudflare-static/rocket-loader.min.js
Protocol: SPDY
Server: 2.21.160.128 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
Software: nginx /
Resource Hash: 225ed48688c6bd9b7b17a7ef1eaf22261377c750930506af919e0de783e1e951

Request headers

Referer: https://scammed.by/scam.php?id=199746
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

date: Fri, 11 May 2018 13:05:20 GMT
content-encoding: gzip
surrogate-key: client_dist
last-modified: Thu, 10 May 2018 15:18:39 GMT
server: nginx
etag: "5af462cf-579a2"
vary: Accept-Encoding
x-distribution: 99
cache-tag: client_dist
status: 200
cache-control: public, max-age=600
x-host: s7.addthis.com
accept-ranges: bytes
timing-allow-origin: *
content-type: application/javascript

GET
S 200 /
www.facebook.com/impression.php/f3a2495889e0e24/ 43 B
200 B 45ms
44ms Image
image/gif 185.60.216.35
Facebook

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/impression.php/f3a2495889e0e24/?lid=115&payload=%7B%22source%22%3A%22jssdk%22%7D

Protocol

SPDY

Server

185.60.216.35 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' .atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com:* wss://.facebook.com: https://fb.scanandcleanlocal.com:* .atlassolutions.com attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://scammed.by/scam.php?id=199746
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
content-encoding: gzip
x-content-type-options: nosniff
status: 200
vary: Origin, Accept-Encoding
x-xss-protection: 0
pragma: no-cache
x-fb-debug: wQRvLcuRvzrV1GgEHzl2zZiWao+XGFQ7n8m5OEqTLqi+LeyelaAUFM+hP268MvSNuKtUIvmr+5voKQd6OvxhLA==
date: Fri, 11 May 2018 13:05:20 GMT
expect-ct: max-age=10, report-uri="http://reports.fb.com/expectct/"
strict-transport-security: max-age=15552000; preload
access-control-allow-methods: OPTIONS
content-type: image/gif
access-control-allow-origin: https://www.facebook.com
access-control-expose-headers: X-FB-Debug, X-Loader-Length
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 RQ7NiRXMcYA.js
staticxx.facebook.com/connect/xd_arbiter/r/ Frame 7734 0
0 9ms
6ms Document
text/html 185.60.216.19
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://staticxx.facebook.com/connect/xd_arbiter/r/RQ7NiRXMcYA.js?version=42

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_GB/all.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.60.216.19 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' .atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com:* wss://.facebook.com: https://fb.scanandcleanlocal.com:* .atlassolutions.com attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: staticxx.facebook.com
:scheme: https
:path: /connect/xd_arbiter/r/RQ7NiRXMcYA.js?version=42
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer: https://scammed.by/scam.php?id=199746
accept-encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id: 3F767FF6FE263331C7C349218D0AAF09
Referer: https://scammed.by/scam.php?id=199746

Response headers

status: 200
expires: Thu, 09 May 2019 21:08:43 GMT
x-xss-protection: 0
content-type: text/html; charset=utf-8
x-content-type-options: nosniff
cache-control: public,max-age=31536000,immutable
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
vary: Accept-Encoding
content-encoding: gzip
x-fb-debug: MJLRigL7tWBGFbRUUj6BEmG35jq6P6SHfVoJtDRjKYGPCz+9wEir+cvufoXM5HwwF5SWw3+JPS/DEe5z4G165A==
content-length: 13637
date: Fri, 11 May 2018 13:05:20 GMT

GET
S 200 integrator.js Show response
adservice.google.de/adsid/ 111 B
172 B 18ms
16ms Script
application/javascript 172.217.22.98
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=scammed.by

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

SPDY

Server

172.217.22.98 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s18-in-f2.1e100.net

Software

cafe /

Resource Hash

207461e411e1ff6d6c5b0dd702d26031adb86de86ed3f571baa5a6fc498fc4b6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://scammed.by/scam.php?id=199746
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 11 May 2018 13:05:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: hq="googleads.g.doubleclick.net:443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="43,42,41,39,35",hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length: 105
x-xss-protection: 1; mode=block

GET
S 200 integrator.js Show response
adservice.google.com/adsid/ 111 B
172 B 17ms
16ms Script
application/javascript 172.217.22.98
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=scammed.by

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

SPDY

Server

172.217.22.98 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s18-in-f2.1e100.net

Software

cafe /

Resource Hash

207461e411e1ff6d6c5b0dd702d26031adb86de86ed3f571baa5a6fc498fc4b6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://scammed.by/scam.php?id=199746
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 11 May 2018 13:05:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status: 200
cache-control: private, no-cache, no-store
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: hq="googleads.g.doubleclick.net:443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="43,42,41,39,35",hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length: 105
x-xss-protection: 1; mode=block

GET
S 200 ca-pub-0835246356757158.js Show response
pagead2.googlesyndication.com/pub-config/r20160913/ 133 B
277 B 7ms
6ms Script
text/javascript 216.58.210.2
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pub-config/r20160913/ca-pub-0835246356757158.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

SPDY

Server

216.58.210.2 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s07-in-f2.1e100.net

Software

sffe /

Resource Hash

7e7fa886d5d75c745d95be4fc3c5bfb4c988019b3f643c669734612345e1b8c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://scammed.by/scam.php?id=199746
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

date: Fri, 11 May 2018 09:21:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 11 May 2018 01:17:56 GMT
server: sffe
age: 13441
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=43200
accept-ranges: bytes
alt-svc: hq="googleads.g.doubleclick.net:443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="43,42,41,39,35",hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length: 125
x-xss-protection: 1; mode=block
expires: Fri, 11 May 2018 21:21:19 GMT

GET
H2 200 zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20180507/r20180504/ Frame 0D17 0
0 8ms
8ms Document
text/html 216.58.208.34
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20180507/r20180504/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

216.58.208.34 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s12-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20180507/r20180504/zrt_lookup.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer: https://scammed.by/scam.php?id=199746
accept-encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id: 3F767FF6FE263331C7C349218D0AAF09
Referer: https://scammed.by/scam.php?id=199746

Response headers

status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
date: Tue, 08 May 2018 04:29:08 GMT
expires: Tue, 22 May 2018 04:29:08 GMT
content-type: text/html; charset=UTF-8
etag: 12653410195320957541
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 6971
x-xss-protection: 1; mode=block
cache-control: public, max-age=1209600
age: 290172
alt-svc: hq="googleads.g.doubleclick.net:443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="43,42,41,39,35",hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"

GET
S 200 show_ads_impl.js Show response
pagead2.googlesyndication.com/pagead/js/r20180507/r20180504/ Frame 254C 179 KB
66 KB 24ms
24ms Script
text/javascript 216.58.210.2
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20180507/r20180504/show_ads_impl.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

SPDY

Server

216.58.210.2 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s07-in-f2.1e100.net

Software

cafe /

Resource Hash

4660c3ee7678531ba7dcfcc91198374ae76be69b9142d221ace2d291bc4af093

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://scammed.by/scam.php?id=199746
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

date: Fri, 11 May 2018 13:05:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: hq="googleads.g.doubleclick.net:443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="43,42,41,39,35",hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length: 67740
x-xss-protection: 1; mode=block
server: cafe
etag: 9218290274828436816
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Fri, 11 May 2018 13:05:20 GMT

GET
H2 200 ads
googleads.g.doubleclick.net/pagead/ Frame 0F79 0
0 54ms
54ms Document
text/html 216.58.208.34
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0835246356757158&output=html&adk=1812271804&adf=3025194257&lmt=1526043920&plat=1%3A32776%2C2%3A33800%2C8%3A32776%2C9%3A32776%2C16%3A8388608%2C26%3A32768%2C30%3A34635776&guci=1.2.0.0.2.2&format=0x0&url=https%3A%2F%2Fscammed.by%2Fscam.php%3Fid%3D199746&ea=0&flash=0&pra=5&wgl=1&adsid=NT&dt=1526043920701&bpp=20&bdt=1675&fdt=31&idt=134&shv=r20180507&cbv=r20180504&saldr=aa&correlator=5172301255860&frm=20&ga_vid=604846824.1526043920&ga_sid=1526043921&ga_hid=1738445891&ga_fc=0&pv=2&iag=3&icsg=2&nhd=1&dssz=3&mdo=0&mso=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=0&ady=0&biw=1585&bih=1200&abxe=1&scr_x=0&scr_y=0&eid=21061122%2C21061782%2C62710015%2C62710017%2C111541703&oid=3&rx=0&eae=2&fc=784&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cnr%7C&abl=CS&ppjl=u&fu=8208&bc=7&ifi=0&dtd=163

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20180507/r20180504/show_ads_impl.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

216.58.208.34 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s12-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-0835246356757158&output=html&adk=1812271804&adf=3025194257&lmt=1526043920&plat=1%3A32776%2C2%3A33800%2C8%3A32776%2C9%3A32776%2C16%3A8388608%2C26%3A32768%2C30%3A34635776&guci=1.2.0.0.2.2&format=0x0&url=https%3A%2F%2Fscammed.by%2Fscam.php%3Fid%3D199746&ea=0&flash=0&pra=5&wgl=1&adsid=NT&dt=1526043920701&bpp=20&bdt=1675&fdt=31&idt=134&shv=r20180507&cbv=r20180504&saldr=aa&correlator=5172301255860&frm=20&ga_vid=604846824.1526043920&ga_sid=1526043921&ga_hid=1738445891&ga_fc=0&pv=2&iag=3&icsg=2&nhd=1&dssz=3&mdo=0&mso=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=0&ady=0&biw=1585&bih=1200&abxe=1&scr_x=0&scr_y=0&eid=21061122%2C21061782%2C62710015%2C62710017%2C111541703&oid=3&rx=0&eae=2&fc=784&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cnr%7C&abl=CS&ppjl=u&fu=8208&bc=7&ifi=0&dtd=163
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer: https://scammed.by/scam.php?id=199746
accept-encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id: 3F767FF6FE263331C7C349218D0AAF09
Referer: https://scammed.by/scam.php?id=199746

Response headers

status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Fri, 11 May 2018 13:05:20 GMT
server: cafe
cache-control: private
content-length: 64
x-xss-protection: 1; mode=block
set-cookie: test_cookie=CheckForPermission; expires=Fri, 11-May-2018 13:20:20 GMT; path=/; domain=.doubleclick.net
alt-svc: hq="googleads.g.doubleclick.net:443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="43,42,41,39,35",hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
expires: Fri, 11 May 2018 13:05:20 GMT

GET
S 200 osd.js Show response
pagead2.googlesyndication.com/pagead/js/r20180507/r20180504/ 70 KB
26 KB 6ms
5ms Script
text/javascript 216.58.210.2
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20180507/r20180504/osd.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20180507/r20180504/show_ads_impl.js

Protocol

SPDY

Server

216.58.210.2 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s07-in-f2.1e100.net

Software

cafe /

Resource Hash

7aba6339112d11f818fcb85d4a742e9001a9d39025d1d96846ccd9adbb88f447

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://scammed.by/scam.php?id=199746
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

date: Tue, 08 May 2018 02:52:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 295997
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: hq="googleads.g.doubleclick.net:443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="43,42,41,39,35",hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length: 26333
x-xss-protection: 1; mode=block
server: cafe
etag: 6798591786600654950
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 22 May 2018 02:52:03 GMT

GET
S 200 layers.4d47818520f1c51ae56e.js Show response
s7.addthis.com/static/ 261 KB
74 KB 17ms
16ms Script
application/javascript 2.21.160.128
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://s7.addthis.com/static/layers.4d47818520f1c51ae56e.js
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol: SPDY
Server: 2.21.160.128 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
Software: nginx /
Resource Hash: c668ec8b2bde90b8238a0ec018f697bec22491c82ec908b2825d752e5224f7ee

Request headers

Referer: https://scammed.by/scam.php?id=199746
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

date: Fri, 11 May 2018 13:05:20 GMT
content-encoding: gzip
last-modified: Thu, 10 May 2018 15:18:40 GMT
server: nginx
etag: "5af462d0-41409"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: public, max-age=86313600
x-host: s7.addthis.com
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 cookieControl-7.0.min.js Show response
scammed.by/js/ 42 KB
10 KB 290ms
289ms Script
application/javascript 104.27.188.1
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://scammed.by/js/cookieControl-7.0.min.js

Requested by

Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/dba9ecf7/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.27.188.1 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

0ccb34426a4401898ad9937cee3d926ff53b87f5116c0f3f9b4952967dece0bb

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; preload
X-Content-Type-Options	nosniff

Request headers

:path: /js/cookieControl-7.0.min.js
pragma: no-cache
cookie: __cfduid=d47e6ddeed1f8f9ea3b37a4dec47d23fe1526043918; __unam=796997b-1634f4e4826-5a8918de-2; _ga=GA1.2.604846824.1526043920; _gid=GA1.2.722555738.1526043920
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
accept: */*
cache-control: no-cache
:authority: scammed.by
referer: https://scammed.by/scam.php?id=199746
:scheme: https
:method: GET
Referer: https://scammed.by/scam.php?id=199746
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

date: Fri, 11 May 2018 13:05:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: MISS
last-modified: Thu, 16 Jun 2016 00:30:11 GMT
server: cloudflare
x-powered-by: ASP.NET
etag: W/"777523e66c7d11:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: no-cache,max-age=2592000
strict-transport-security: max-age=0; preload
cf-ray: 4194db49cf57235a-FRA

GET
H/1.1 200
OK v Show response
apikeys.civiccomputing.com/c/ 147 B
608 B 187ms
108ms Script
application/javascript 80.75.66.243
IOMART-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://apikeys.civiccomputing.com/c/v?d=scammed.by&p=cookiecontrol%20free&v=7&k=90082a10ff1b6a34715a32e78f6632c50f16475e

Requested by

Host: scammed.by
URL: https://scammed.by/js/cookieControl-7.0.min.js

Protocol

HTTP/1.1

Server

80.75.66.243 , United Kingdom, ASN20860 (IOMART-AS, GB),

Reverse DNS

80-75-66-243.civiccomputing.com

Software

Apache /

Resource Hash

7b4c54f06a1fad0ca2fb3f51341e2fbea9c1df5a52f2e0b0650c29322bc5bf14

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://scammed.by/scam.php?id=199746
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

X-APIKeys: miss
Date: Fri, 11 May 2018 13:05:21 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: Apache
Vary: X-Forwarded-Protocol,Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600, private
Access-Control-Allow-Headers: origin, x-requested-with, content-type
Content-Length: 144
Expires: Fri, 11 May 2018 14:05:21 GMT

GET
S

404

49471.js
remote.vroptimal-3dx-assets.com/advertisement/settings/
Redirect Chain

https://cdn.adsoptimal.com/advertisement/settings/49471.js
https://remote.vroptimal-3dx-assets.com/advertisement/settings/49471.js

0
0

527ms
505ms

Script
text/html

104.20.63.164
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://remote.vroptimal-3dx-assets.com/advertisement/settings/49471.js
Protocol: SPDY
Server: 104.20.63.164 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://scammed.by/scam.php?id=199746
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

cf-ray: 4194db4e5e2b974a-FRA
date: Fri, 11 May 2018 13:05:22 GMT
via: 1.1 vegur
cf-cache-status: EXPIRED
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/html
status: 404
cache-control: public, max-age=172800
content-encoding: gzip
expires: Sun, 13 May 2018 13:05:22 GMT

Redirect headers

Date: Fri, 11 May 2018 13:05:21 GMT
Via: 1.1 vegur
Server: Cowboy
Access-Control-Allow-Origin: *
X-Powered-By: Express
Vary: Accept
Content-Type: text/plain; charset=UTF-8
Location: https://remote.vroptimal-3dx-assets.com/advertisement/settings/49471.js
Cache-Control: public, max-age=0
Connection: keep-alive
Content-Length: 105

GET
S

404

manual.js
remote.vroptimal-3dx-assets.com/advertisement/
Redirect Chain

https://cdn.adsoptimal.com/advertisement/manual.js
https://remote.vroptimal-3dx-assets.com/advertisement/manual.js

0
0

27ms
13ms

Script
text/html

104.20.63.164
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://remote.vroptimal-3dx-assets.com/advertisement/manual.js
Protocol: SPDY
Server: 104.20.63.164 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://scammed.by/scam.php?id=199746
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

cf-ray: 4194db4e5e2c974a-FRA
date: Fri, 11 May 2018 13:05:21 GMT
via: 1.1 vegur
cf-cache-status: HIT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/html
status: 404
cache-control: public, max-age=172800
content-encoding: gzip
expires: Sun, 13 May 2018 13:05:21 GMT

Redirect headers

Date: Fri, 11 May 2018 13:05:21 GMT
Via: 1.1 vegur
Server: Cowboy
Access-Control-Allow-Origin: *
X-Powered-By: Express
Vary: Accept
Content-Type: text/plain; charset=UTF-8
Location: https://remote.vroptimal-3dx-assets.com/advertisement/manual.js
Cache-Control: public, max-age=0
Connection: keep-alive
Content-Length: 97

Verdicts & Comments Add Verdict or Comment

124 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.scammed.by/	1970-01-19 00:39:39	Name: __cfduid Value: d47e6ddeed1f8f9ea3b37a4dec47d23fe1526043918

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=0; preload
X-Content-Type-Options	nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adservice.google.com
adservice.google.de
ajax.cloudflare.com
ajax.googleapis.com
apikeys.civiccomputing.com
apis.google.com
cdn.adsoptimal.com
code.jquery.com
connect.facebook.net
googleads.g.doubleclick.net
js.api.here.com
l.sharethis.com
pagead2.googlesyndication.com
remote.vroptimal-3dx-assets.com
s7.addthis.com
scammed.by
staticxx.facebook.com
t.sharethis.com
ws.sharethis.com
www.facebook.com
www.google-analytics.com
104.19.198.151
104.20.63.164
104.27.188.1
104.27.189.1
172.217.18.14
172.217.18.174
172.217.22.98
18.195.89.79
184.31.92.250
185.60.216.19
185.60.216.35
2.19.32.51
2.21.160.128
205.185.208.52
216.58.208.34
216.58.210.10
216.58.210.2
23.67.137.77
54.235.205.173
80.75.66.243
0b54839255c52fc519c504a5808dfa4f6f152f6166430770a9100a8e6b508ed9
0ccb34426a4401898ad9937cee3d926ff53b87f5116c0f3f9b4952967dece0bb
12ec2e3a43afa6cdbe5d654d922d54da418ce3bf5d26b4a9f2f356f22e1b70ad
207461e411e1ff6d6c5b0dd702d26031adb86de86ed3f571baa5a6fc498fc4b6
2218bbf47b340278b7b696dbe3af4eed89edffa709c19abd6747b18147c3a675
225ed48688c6bd9b7b17a7ef1eaf22261377c750930506af919e0de783e1e951
27a6be8425578376b41c169c706a00107f10057bae4bb15a7b771e626cd801fd
28530cfdbf9598d46404bf17164265adb4e96ee723e428c79471b0d97bb315c2
2d85499c19b93ba63472065a5ed8d79b1f8a2ec29618eba61760850f6cfb8d9e
355e349063e35aa54800572cbe95855638c31284b070ffd976d4c8e1de3753c0
3679277f52d43f71877718d642081af762cc75a536fbf824ce82143be81fcb63
3bb5ec5a4012e4892b9432b94b2d0a29cf90311bf636497eaaa4e51315951b53
425b8287dc1e976317d293f7630c4a15f58c5978c9d73f7a49bee0a75de04164
4271d882aaee9fc5efd17ae0356bfdd44242e285e5eb2c643a65ba17b7024799
4660c3ee7678531ba7dcfcc91198374ae76be69b9142d221ace2d291bc4af093
4f0254b3ccd8c874b124afa6df5168b91c0b90b73710dc04c3cc955b0d120c04
51097c9830a99d7b84dacc427cdf726a06e26f0f265ed31745e675dbf9759092
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
5a7a86e84b1ebca2888d0778e4e8f4e5b1528075bdbb63e0cad1b87c24271f0d
753ae66529a5ba45f428bc65a6dec5570e85f7faa3703f12c8b9bb22c6b9ceb0
792c4f6798de7b418be52a9956d529475c5e70c47741e5e413c535c11c1e8b70
7aba6339112d11f818fcb85d4a742e9001a9d39025d1d96846ccd9adbb88f447
7b4c54f06a1fad0ca2fb3f51341e2fbea9c1df5a52f2e0b0650c29322bc5bf14
7e7fa886d5d75c745d95be4fc3c5bfb4c988019b3f643c669734612345e1b8c8
860a4ac266cc9fe9fb1a29c34eb6e604ffd80bc23575f6ef991945414bf301e7
87968ab2067d06814b3e47c8763d83088b6fe448ff5312ccc9777e564e84ffa0
92cdb21affc7086cfbc6fb328872fe4dc70c6b5020cb68178b39ec0cb3a89891
95dc1b83a7c030dd13ab3e29df921f10e04208b28734f172ea232854264c3b05
9fa4534858d745ff92a99462c492bbccd27e5e1c936085bcd5ab5c64d11f59b7
a82ef08cdd8c71e4226d1d4eb457eea274334a04bee26519189910d71bef3d84
b149a8485ef3d5aacf8ed75d939ab2902e051efba3185123c5f1beb574d72326
b604c326ef430c9a4bb7ce73fa11d30051a26f2af321b5dc253675b23a661668
ba41b333b3a6f37dfa60153ad40a6eef7080565f79c645ec1a03751c2f97fa4b
bedf011bf35ff35b6aa49777e7f70d129aaec45ce6075c8a20e954c5ee88e294
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4
c668ec8b2bde90b8238a0ec018f697bec22491c82ec908b2825d752e5224f7ee
c8d31e9fdb84a2135ac0515d1335ef9d880d558ccc843fd40ad141212111a057
c9f9153ac943d431588469318ff7b97ad2973d7d86c7ef718683f53bd1a93d12
cddc13f2b406c42d3fd25cdeb5e7dd2c644ccf8d68b2c78b714355e9a9d41150
cddf89e8c7a02ae35f48126518c828340ec3158e6f1d973997a841ccaa105607
d0d56869aa37b3a2b86a60c228065dcd286ca3b449cf8c024b4caaf202d346b9
e2999a2b3a79ff5d44f11ee36fa64074a1d4cac8f2418515f5a8c532d5dffb78
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ed2df96374d00046d9b45ea6726a13df2910842683362048a9928723ea6ea5e4
eefe9341d1561a79c89cb27edd0e4f856f319e11c5635408896fd94c93f7ee37
f82d31794273d8e1b83f257fec1ecd99a833a02e3fbb1a94848b70771988afcd

scammed.by Open in urlscan Pro 104.27.188.1 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

52 Requests

35 %HTTPS

0 %IPv6

17 Domains

21 Subdomains

19 IPs

5 Countries

1131 kBTransfer

3094 kBSize

1 Cookies

18 Outgoing links

Page URL History

Redirected requests

52 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

scammed.by Open in urlscan Pro
104.27.188.1 Public Scan

Screenshot
Live screenshot

Full Image

52
Requests

35 %
HTTPS

0 %
IPv6

17
Domains

21
Subdomains

19
IPs

5
Countries

1131 kB
Transfer

3094 kB
Size

1
Cookies

52 HTTP transactions
1 data transactions