URL: https://www.scammed.by/scam.php?id=233878
Submission: On July 03 via manual from US

Summary

This website contacted 20 IPs in 4 countries across 18 domains to perform 53 HTTP transactions. The main IP is 2400:cb00:2048:1::681b:bc01, located in United States and belongs to CLOUDFLARENET - Cloudflare, Inc., US. The main domain is www.scammed.by.
TLS certificate: Issued by COMODO ECC Domain Validation Secure S... on July 2nd 2018. Valid for: 6 months.
This is the only time www.scammed.by was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
15 2400:cb00:204... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
7 104.111.247.181 16625 (AKAMAI-AS)
1 2400:cb00:204... 13335 (CLOUDFLAR...)
4 2a00:1450:400... 15169 (GOOGLE)
2 104.111.214.46 16625 (AKAMAI-AS)
2 2a00:1450:400... 15169 (GOOGLE)
4 104.111.219.46 16625 (AKAMAI-AS)
2 205.185.208.52 20446 (HIGHWINDS3)
1 52.29.181.2 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
1 3 18.195.89.79 16509 (AMAZON-02)
2 2a03:2880:f01... 32934 (FACEBOOK)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
1 2001:470:6e0a... 6939 (HURRICANE)
2 2 23.23.192.33 14618 (AMAZON-AES)
2 2400:cb00:204... 13335 (CLOUDFLAR...)
2 104.111.218.204 16625 (AKAMAI-AS)
53 20
Domain Requested by
14 www.scammed.by www.scammed.by
ajax.cloudflare.com
7 js.api.here.com www.scammed.by
ajax.cloudflare.com
4 ws.sharethis.com ajax.cloudflare.com
ws.sharethis.com
4 pagead2.googlesyndication.com ajax.cloudflare.com
pagead2.googlesyndication.com
3 l.sharethis.com 1 redirects
2 t.sharethis.com www.scammed.by
t.sharethis.com
2 remote.vroptimal-3dx-assets.com
2 cdn.adsoptimal.com 2 redirects
2 googleads.g.doubleclick.net pagead2.googlesyndication.com
2 code.jquery.com ajax.cloudflare.com
2 apis.google.com ajax.cloudflare.com
apis.google.com
2 s7.addthis.com ajax.cloudflare.com
s7.addthis.com
1 staticxx.facebook.com connect.facebook.net
1 apikeys.civiccomputing.com www.scammed.by
1 adservice.google.com pagead2.googlesyndication.com
1 adservice.google.de pagead2.googlesyndication.com
1 connect.facebook.net www.scammed.by
1 www.google-analytics.com www.scammed.by
1 c.sharethis.mgr.consensu.org ws.sharethis.com
1 ajax.cloudflare.com www.scammed.by
1 scammed.by www.scammed.by
1 ajax.googleapis.com www.scammed.by
53 22

This site contains links to these domains. Also see Links.

Domain
scammed.by
twitter.com
disqus.com
www.youtube.com
www.facebook.com
Subject Issuer Validity Valid
sni108356.cloudflaressl.com
COMODO ECC Domain Validation Secure Server CA 2
2018-07-02 -
2019-01-08
6 months crt.sh
*.g.doubleclick.net
Google Internet Authority G3
2018-06-12 -
2018-08-21
2 months crt.sh
pxcel.net
GeoTrust RSA CA 2018
2018-01-22 -
2019-02-21
a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA
2017-12-15 -
2019-03-22
a year crt.sh

This page contains 7 frames:

Primary Page: https://www.scammed.by/scam.php?id=233878
Frame ID: 31F3A51CFD51B711D20A1AF3040880A1
Requests: 48 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20180627/r20180604/zrt_lookup.html
Frame ID: 2C0E2E5F23766C84477100511A679194
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/r20180627/r20180604/show_ads_impl.js
Frame ID: 1AAB2B33F9337A259306D185E9C5378E
Requests: 1 HTTP requests in this frame

Frame: https://t.sharethis.com/1/d/t.dhj?rnd=1530628544685&cid=c010&dmn=www.scammed.by
Frame ID: A92D05F4A5EFF2FBE6D0F0F1080F8F32
Requests: 1 HTTP requests in this frame

Frame: https://t.sharethis.com/a/t_.htm?ver=0.154.5924&cid=c010
Frame ID: 57ABAAB24BE024E170E94B2027F2AA15
Requests: 1 HTTP requests in this frame

Frame: https://staticxx.facebook.com/connect/xd_arbiter/r/xaOI6zd9HW9.js?version=42
Frame ID: 44E48AE93604C20F38BA1127D7F9C7FC
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0835246356757158&output=html&adk=1812271804&adf=3025194257&lmt=1530628544&plat=1%3A32776%2C2%3A32776%2C8%3A32776%2C9%3A32776%2C16%3A8388608%2C26%3A32768%2C30%3A34635776&guci=1.2.0.0.2.2.0&format=0x0&url=https%3A%2F%2Fwww.scammed.by%2Fscam.php%3Fid%3D233878&ea=0&flash=0&pra=5&wgl=1&adsid=NT&dt=1530628544668&bpp=6&bdt=631&fdt=8&idt=120&shv=r20180627&cbv=r20180604&saldr=aa&abxe=1&correlator=7511947836208&frm=20&pv=2&ga_vid=1696384071.1530628545&ga_sid=1530628545&ga_hid=636683424&ga_fc=0&iag=0&icsg=16544214165516&dssz=36&mdo=0&mso=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=0&ady=0&biw=1585&bih=1200&scr_x=0&scr_y=0&eid=21061122%2C368226401&oid=3&rx=0&eae=2&fc=1808&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cnr%7C&abl=CS&ppjl=u&fu=16&bc=7&osw_key=18644212&ifi=0&fsb=1&dtd=153
Frame ID: 5CA3AB727017A310520E7F9C2071DD1D
Requests: 1 HTTP requests in this frame

Screenshot


Detected technologies

Overall confidence: 100%
Detected patterns
  • url /\.php(?:$|\?)/i

Overall confidence: 100%
Detected patterns
  • env /^addthis/i

Overall confidence: 100%
Detected patterns
  • headers server /cloudflare/i

Overall confidence: 100%
Detected patterns
  • script /\/\/connect\.facebook\.net\/[^\/]*\/[a-z]*\.js/i

Overall confidence: 100%
Detected patterns
  • script /googlesyndication\.com\//i
  • env /^google_ad_/i
  • env /^__google_ad_/i
  • env /^Goog_AdSense_/i

Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|(analytics))\.js/i
  • env /^gaGlobal$/i

Overall confidence: 100%
Detected patterns
  • script /apis\.google\.com\/js\/[a-z]*\.js/i

Overall confidence: 100%
Detected patterns
  • script /jquery(?:\-|\.)([\d.]*\d)[^\/]*\.js/i
  • script /jquery.*\.js/i
  • env /^jQuery$/i
  • script /([\d.]+)\/jquery-ui(?:\.min)?\.js/i
  • script /jquery-ui.*\.js/i

Overall confidence: 100%
Detected patterns
  • script /([\d.]+)\/jquery-ui(?:\.min)?\.js/i
  • script /jquery-ui.*\.js/i

Page Statistics

53
Requests

36 %
HTTPS

60 %
IPv6

18
Domains

22
Subdomains

20
IPs

4
Countries

1129 kB
Transfer

3090 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 35
  • https://l.sharethis.com/pview?event=pview&version=buttons.js&lang=en&fpc=3182262-164609217db-71beb2c9-1&sessionID=1530628544475.28939&hostname=www.scammed.by&location=%2Fscam.php&product=widget&stid=&publisher=ur-9ed55d56-30-ed74-76db-3e51debbfd5&st_optout=false&refDomain=&refQuery=&url=https%3A%2F%2Fwww.scammed.by%2Fscam.php%3Fid%3D233878&sharURL=&buttonType=ERROR&destination=ERROR&source=ERROR&title=Scam%20email%20-%20RE%3A%20Enegry%20Engineering%20and%20Energy%20Management%20Professionals%20Contacts&ts1530628544476.0=&sop=false HTTP 301
  • https://l.sharethis.com/sc?cm=ZGAQMVs7icAAAAATSUHuAw%3D%3D&uid=true&url=https%3A%2F%2Fwww.scammed.by%2Fscam.php%3Fid%3D233878
Request Chain 46
  • https://cdn.adsoptimal.com/advertisement/settings/49471.js HTTP 302
  • https://remote.vroptimal-3dx-assets.com/advertisement/settings/49471.js
Request Chain 47
  • https://cdn.adsoptimal.com/advertisement/manual.js HTTP 302
  • https://remote.vroptimal-3dx-assets.com/advertisement/manual.js

53 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request scam.php
www.scammed.by/
21 KB
7 KB
Document
General
Full URL
https://www.scammed.by/scam.php?id=233878
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2400:cb00:2048:1::681b:bc01 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare / PHP/7.2.0beta1 ASP.NET
Resource Hash
7f16575147629eb7ce887d3e99ba0974c9f344f6e6a4ac0f1cf66ab105b52676
Security Headers
Name Value
Strict-Transport-Security max-age=0; preload
X-Content-Type-Options nosniff

Request headers

:method
GET
:authority
www.scammed.by
:scheme
https
:path
/scam.php?id=233878
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
accept-encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
31F3A51CFD51B711D20A1AF3040880A1

Response headers

status
200
date
Tue, 03 Jul 2018 14:35:44 GMT
content-type
text/html; charset=UTF-8
set-cookie
__cfduid=dd1e1516be144dca4d5200c5d0bd64d7f1530628543; expires=Wed, 03-Jul-19 14:35:43 GMT; path=/; domain=.scammed.by; HttpOnly; Secure
x-powered-by
PHP/7.2.0beta1 ASP.NET
strict-transport-security
max-age=0; preload
x-content-type-options
nosniff
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
434a148ea8dd9762-FRA
content-encoding
gzip
wToywyWr31lP3LKs_8BtfBhCVC4.js
www.scammed.by/cdn-cgi/apps/head/
117 KB
33 KB
Script
General
Full URL
https://www.scammed.by/cdn-cgi/apps/head/wToywyWr31lP3LKs_8BtfBhCVC4.js
Requested by
Host: www.scammed.by
URL: https://www.scammed.by/scam.php?id=233878
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2400:cb00:2048:1::681b:bc01 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
c9f9153ac943d431588469318ff7b97ad2973d7d86c7ef718683f53bd1a93d12
Security Headers
Name Value
Strict-Transport-Security max-age=0; preload
X-Content-Type-Options nosniff

Request headers

:path
/cdn-cgi/apps/head/wToywyWr31lP3LKs_8BtfBhCVC4.js
pragma
no-cache
cookie
__cfduid=dd1e1516be144dca4d5200c5d0bd64d7f1530628543
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
www.scammed.by
referer
https://www.scammed.by/scam.php?id=233878
:scheme
https
:method
GET
Referer
https://www.scammed.by/scam.php?id=233878
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Tue, 03 Jul 2018 14:35:44 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
x-amz-request-id
AAD7D8C688220290
cf-ray
434a14904a249762-FRA
status
200
vary
Accept-Encoding
content-length
33803
x-amz-id-2
nzz/0YwT3LYVHH1Sje15c00Exl2tkbv9GZtR/rB2gjsATUKxIBKuzYcpd8rsJSIuKtzvfkbF4AQ=
last-modified
Thu, 21 Sep 2017 20:57:14 GMT
server
cloudflare
etag
"7af334b68c6e37216f113e117b47ecfd"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=0; preload
x-amz-version-id
Vvlv7O8xwp5c7GXOKi6Tzpz93eO1.izl
cache-control
public, max-age=31536000
content-type
application/javascript; charset=utf-8
style.css
www.scammed.by/style/
7 KB
2 KB
Stylesheet
General
Full URL
https://www.scammed.by/style/style.css
Requested by
Host: www.scammed.by
URL: https://www.scammed.by/scam.php?id=233878
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2400:cb00:2048:1::681b:bc01 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare / ASP.NET
Resource Hash
0b54839255c52fc519c504a5808dfa4f6f152f6166430770a9100a8e6b508ed9
Security Headers
Name Value
Strict-Transport-Security max-age=0; preload
X-Content-Type-Options nosniff

Request headers

:path
/style/style.css
pragma
no-cache
cookie
__cfduid=dd1e1516be144dca4d5200c5d0bd64d7f1530628543
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/css,*/*;q=0.1
cache-control
no-cache
:authority
www.scammed.by
referer
https://www.scammed.by/scam.php?id=233878
:scheme
https
:method
GET
Referer
https://www.scammed.by/scam.php?id=233878
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Tue, 03 Jul 2018 14:35:44 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
MISS
x-powered-by
ASP.NET
status
200
vary
Accept-Encoding
content-length
1862
last-modified
Mon, 28 Aug 2017 21:07:31 GMT
server
cloudflare
etag
"80ab58a94120d31:0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=0; preload
content-type
text/css
cache-control
no-cache,max-age=2592000
accept-ranges
bytes
cf-ray
434a14904a259762-FRA
jquery-ui.min.css
ajax.googleapis.com/ajax/libs/jqueryui/1.10.1/themes/base/minified/
25 KB
5 KB
Stylesheet
General
Full URL
https://ajax.googleapis.com/ajax/libs/jqueryui/1.10.1/themes/base/minified/jquery-ui.min.css
Requested by
Host: www.scammed.by
URL: https://www.scammed.by/scam.php?id=233878
Protocol
SPDY
Server
2a00:1450:4001:817::200a , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
e2999a2b3a79ff5d44f11ee36fa64074a1d4cac8f2418515f5a8c532d5dffb78
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.scammed.by/scam.php?id=233878
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 02 Jul 2018 13:19:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
90975
status
200
alt-svc
quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length
4760
x-xss-protection
1; mode=block
last-modified
Tue, 20 Dec 2016 18:17:03 GMT
server
sffe
vary
Accept-Encoding
content-type
text/css; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 02 Jul 2019 13:19:29 GMT
mapsjs-ui.css
js.api.here.com/v3/3.0/
12 KB
3 KB
Stylesheet
General
Full URL
https://js.api.here.com/v3/3.0/mapsjs-ui.css
Requested by
Host: www.scammed.by
URL: https://www.scammed.by/scam.php?id=233878
Protocol
HTTP/1.1
Server
104.111.247.181 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-247-181.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
3bb5ec5a4012e4892b9432b94b2d0a29cf90311bf636497eaaa4e51315951b53

Request headers

Referer
https://www.scammed.by/scam.php?id=233878
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Tue, 03 Jul 2018 14:35:44 GMT
Content-Encoding
gzip
Last-Modified
Thu, 25 Jan 2018 15:51:39 GMT
Server
Apache
ETag
"1ac8f39099fb9da745ca3ca1642bce7f:1517390907"
Vary
Accept-Encoding
Content-Type
text/css
Access-Control-Allow-Origin
*
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
2994
logon.png
scammed.by/
14 KB
14 KB
Image
General
Full URL
https://scammed.by/logon.png
Requested by
Host: www.scammed.by
URL: https://www.scammed.by/scam.php?id=233878
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2400:cb00:2048:1::681b:bc01 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare / ASP.NET
Resource Hash
5a7a86e84b1ebca2888d0778e4e8f4e5b1528075bdbb63e0cad1b87c24271f0d
Security Headers
Name Value
Strict-Transport-Security max-age=0; preload
X-Content-Type-Options nosniff

Request headers

:path
/logon.png
pragma
no-cache
cookie
__cfduid=dd1e1516be144dca4d5200c5d0bd64d7f1530628543
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
image/webp,image/apng,image/*,*/*;q=0.8
cache-control
no-cache
:authority
scammed.by
referer
https://www.scammed.by/scam.php?id=233878
:scheme
https
:method
GET
Referer
https://www.scammed.by/scam.php?id=233878
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Tue, 03 Jul 2018 14:35:44 GMT
x-content-type-options
nosniff
cf-cache-status
MISS
x-powered-by
ASP.NET
status
200
vary
Accept-Encoding
content-length
14669
last-modified
Sat, 25 Feb 2017 01:35:22 GMT
server
cloudflare
etag
"ae128b6e78fd21:0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=0; preload
content-type
image/png
cache-control
no-cache,max-age=2592000
accept-ranges
bytes
cf-ray
434a14914b6e9762-FRA
truncated
/
4 KB
0
Stylesheet
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
355e349063e35aa54800572cbe95855638c31284b070ffd976d4c8e1de3753c0

Request headers

Response headers

Access-Control-Allow-Origin
*
Content-Type
text/css;charset=utf-8
vudZceKNOOLRZxcaP6mwl0rZHUo.js
www.scammed.by/cdn-cgi/apps/body/
18 KB
8 KB
Script
General
Full URL
https://www.scammed.by/cdn-cgi/apps/body/vudZceKNOOLRZxcaP6mwl0rZHUo.js
Requested by
Host: www.scammed.by
URL: https://www.scammed.by/cdn-cgi/apps/head/wToywyWr31lP3LKs_8BtfBhCVC4.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2400:cb00:2048:1::681b:bc01 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
792c4f6798de7b418be52a9956d529475c5e70c47741e5e413c535c11c1e8b70
Security Headers
Name Value
Strict-Transport-Security max-age=0; preload
X-Content-Type-Options nosniff

Request headers

:path
/cdn-cgi/apps/body/vudZceKNOOLRZxcaP6mwl0rZHUo.js
pragma
no-cache
cookie
__cfduid=dd1e1516be144dca4d5200c5d0bd64d7f1530628543
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
www.scammed.by
referer
https://www.scammed.by/scam.php?id=233878
:scheme
https
:method
GET
Referer
https://www.scammed.by/scam.php?id=233878
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Tue, 03 Jul 2018 14:35:44 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
x-amz-request-id
CC6129D76150CD6B
cf-ray
434a14907a529762-FRA
status
200
vary
Accept-Encoding
content-length
7839
x-amz-id-2
F8Z0KXRBXmDDqf0ByDuXj0i8dgylkuOqxAXLTUJItmczTyTqS5tXs3SMDx/O/v9yA/EEnwEDk0E=
last-modified
Thu, 21 Sep 2017 20:57:13 GMT
server
cloudflare
etag
"b1c509b1b4f3c1618f0b120528907092"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=0; preload
x-amz-version-id
U1fpMbX9UedFn4HG6iSn1vTZSzWlObS6
cache-control
public, max-age=31536000
content-type
application/javascript; charset=utf-8
tsb.png
www.scammed.by/img/
25 KB
25 KB
Image
General
Full URL
https://www.scammed.by/img/tsb.png
Requested by
Host: www.scammed.by
URL: https://www.scammed.by/scam.php?id=233878
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2400:cb00:2048:1::681b:bc01 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare / ASP.NET
Resource Hash
bedf011bf35ff35b6aa49777e7f70d129aaec45ce6075c8a20e954c5ee88e294
Security Headers
Name Value
Strict-Transport-Security max-age=0; preload
X-Content-Type-Options nosniff

Request headers

:path
/img/tsb.png
pragma
no-cache
cookie
__cfduid=dd1e1516be144dca4d5200c5d0bd64d7f1530628543
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
image/webp,image/apng,image/*,*/*;q=0.8
cache-control
no-cache
:authority
www.scammed.by
referer
https://www.scammed.by/scam.php?id=233878
:scheme
https
:method
GET
Referer
https://www.scammed.by/scam.php?id=233878
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Tue, 03 Jul 2018 14:35:44 GMT
x-content-type-options
nosniff
cf-cache-status
MISS
x-powered-by
ASP.NET
status
200
vary
Accept-Encoding
content-length
25620
last-modified
Sat, 28 Jan 2017 21:38:31 GMT
server
cloudflare
etag
"86fba2deae79d21:0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=0; preload
content-type
image/png
cache-control
no-cache,max-age=2592000
accept-ranges
bytes
cf-ray
434a14907a5b9762-FRA
cole%202.png
www.scammed.by/img/
17 KB
17 KB
Image
General
Full URL
https://www.scammed.by/img/cole%202.png
Requested by
Host: www.scammed.by
URL: https://www.scammed.by/scam.php?id=233878
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2400:cb00:2048:1::681b:bc01 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare / ASP.NET
Resource Hash
4f0254b3ccd8c874b124afa6df5168b91c0b90b73710dc04c3cc955b0d120c04
Security Headers
Name Value
Strict-Transport-Security max-age=0; preload
X-Content-Type-Options nosniff

Request headers

:path
/img/cole%202.png
pragma
no-cache
cookie
__cfduid=dd1e1516be144dca4d5200c5d0bd64d7f1530628543
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
image/webp,image/apng,image/*,*/*;q=0.8
cache-control
no-cache
:authority
www.scammed.by
referer
https://www.scammed.by/scam.php?id=233878
:scheme
https
:method
GET
Referer
https://www.scammed.by/scam.php?id=233878
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Tue, 03 Jul 2018 14:35:44 GMT
x-content-type-options
nosniff
cf-cache-status
MISS
x-powered-by
ASP.NET
status
200
vary
Accept-Encoding
content-length
17625
last-modified
Sat, 28 Jan 2017 21:25:39 GMT
server
cloudflare
etag
"96674d12ad79d21:0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=0; preload
content-type
image/png
cache-control
no-cache,max-age=2592000
accept-ranges
bytes
cf-ray
434a14907a5c9762-FRA
rebait.png
www.scammed.by/img/
21 KB
21 KB
Image
General
Full URL
https://www.scammed.by/img/rebait.png
Requested by
Host: www.scammed.by
URL: https://www.scammed.by/scam.php?id=233878
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2400:cb00:2048:1::681b:bc01 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare / ASP.NET
Resource Hash
87968ab2067d06814b3e47c8763d83088b6fe448ff5312ccc9777e564e84ffa0
Security Headers
Name Value
Strict-Transport-Security max-age=0; preload
X-Content-Type-Options nosniff

Request headers

:path
/img/rebait.png
pragma
no-cache
cookie
__cfduid=dd1e1516be144dca4d5200c5d0bd64d7f1530628543
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
image/webp,image/apng,image/*,*/*;q=0.8
cache-control
no-cache
:authority
www.scammed.by
referer
https://www.scammed.by/scam.php?id=233878
:scheme
https
:method
GET
Referer
https://www.scammed.by/scam.php?id=233878
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Tue, 03 Jul 2018 14:35:44 GMT
x-content-type-options
nosniff
cf-cache-status
MISS
x-powered-by
ASP.NET
status
200
vary
Accept-Encoding
content-length
21564
last-modified
Sat, 28 Jan 2017 21:21:22 GMT
server
cloudflare
etag
"2e4b9e79ac79d21:0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=0; preload
content-type
image/png
cache-control
no-cache,max-age=2592000
accept-ranges
bytes
cf-ray
434a14907a5d9762-FRA
cole.png
www.scammed.by/img/
23 KB
23 KB
Image
General
Full URL
https://www.scammed.by/img/cole.png
Requested by
Host: www.scammed.by
URL: https://www.scammed.by/scam.php?id=233878
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2400:cb00:2048:1::681b:bc01 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare / ASP.NET
Resource Hash
ba41b333b3a6f37dfa60153ad40a6eef7080565f79c645ec1a03751c2f97fa4b
Security Headers
Name Value
Strict-Transport-Security max-age=0; preload
X-Content-Type-Options nosniff

Request headers

:path
/img/cole.png
pragma
no-cache
cookie
__cfduid=dd1e1516be144dca4d5200c5d0bd64d7f1530628543
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
image/webp,image/apng,image/*,*/*;q=0.8
cache-control
no-cache
:authority
www.scammed.by
referer
https://www.scammed.by/scam.php?id=233878
:scheme
https
:method
GET
Referer
https://www.scammed.by/scam.php?id=233878
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Tue, 03 Jul 2018 14:35:44 GMT
x-content-type-options
nosniff
cf-cache-status
MISS
x-powered-by
ASP.NET
status
200
vary
Accept-Encoding
content-length
23250
last-modified
Sat, 28 Jan 2017 21:23:41 GMT
server
cloudflare
etag
"c2e563ccac79d21:0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=0; preload
content-type
image/png
cache-control
no-cache,max-age=2592000
accept-ranges
bytes
cf-ray
434a14907a5e9762-FRA
butch.png
www.scammed.by/img/
22 KB
22 KB
Image
General
Full URL
https://www.scammed.by/img/butch.png
Requested by
Host: www.scammed.by
URL: https://www.scammed.by/scam.php?id=233878
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2400:cb00:2048:1::681b:bc01 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare / ASP.NET
Resource Hash
cddc13f2b406c42d3fd25cdeb5e7dd2c644ccf8d68b2c78b714355e9a9d41150
Security Headers
Name Value
Strict-Transport-Security max-age=0; preload
X-Content-Type-Options nosniff

Request headers

:path
/img/butch.png
pragma
no-cache
cookie
__cfduid=dd1e1516be144dca4d5200c5d0bd64d7f1530628543
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
image/webp,image/apng,image/*,*/*;q=0.8
cache-control
no-cache
:authority
www.scammed.by
referer
https://www.scammed.by/scam.php?id=233878
:scheme
https
:method
GET
Referer
https://www.scammed.by/scam.php?id=233878
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Tue, 03 Jul 2018 14:35:44 GMT
x-content-type-options
nosniff
cf-cache-status
MISS
x-powered-by
ASP.NET
status
200
vary
Accept-Encoding
content-length
22317
last-modified
Sat, 28 Jan 2017 21:30:13 GMT
server
cloudflare
etag
"80fc14b6ad79d21:0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=0; preload
content-type
image/png
cache-control
no-cache,max-age=2592000
accept-ranges
bytes
cf-ray
434a14907a609762-FRA
anus.png
www.scammed.by/img/
31 KB
31 KB
Image
General
Full URL
https://www.scammed.by/img/anus.png
Requested by
Host: www.scammed.by
URL: https://www.scammed.by/scam.php?id=233878
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2400:cb00:2048:1::681b:bc01 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare / ASP.NET
Resource Hash
cddf89e8c7a02ae35f48126518c828340ec3158e6f1d973997a841ccaa105607
Security Headers
Name Value
Strict-Transport-Security max-age=0; preload
X-Content-Type-Options nosniff

Request headers

:path
/img/anus.png
pragma
no-cache
cookie
__cfduid=dd1e1516be144dca4d5200c5d0bd64d7f1530628543
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
image/webp,image/apng,image/*,*/*;q=0.8
cache-control
no-cache
:authority
www.scammed.by
referer
https://www.scammed.by/scam.php?id=233878
:scheme
https
:method
GET
Referer
https://www.scammed.by/scam.php?id=233878
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Tue, 03 Jul 2018 14:35:44 GMT
x-content-type-options
nosniff
cf-cache-status
MISS
x-powered-by
ASP.NET
status
200
vary
Accept-Encoding
content-length
31996
last-modified
Sat, 28 Jan 2017 21:32:08 GMT
server
cloudflare
etag
"907d47faad79d21:0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=0; preload
content-type
image/png
cache-control
no-cache,max-age=2592000
accept-ranges
bytes
cf-ray
434a14907a629762-FRA
script.png
www.scammed.by/img/
15 KB
15 KB
Image
General
Full URL
https://www.scammed.by/img/script.png
Requested by
Host: www.scammed.by
URL: https://www.scammed.by/scam.php?id=233878
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2400:cb00:2048:1::681b:bc01 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare / ASP.NET
Resource Hash
f82d31794273d8e1b83f257fec1ecd99a833a02e3fbb1a94848b70771988afcd
Security Headers
Name Value
Strict-Transport-Security max-age=0; preload
X-Content-Type-Options nosniff

Request headers

:path
/img/script.png
pragma
no-cache
cookie
__cfduid=dd1e1516be144dca4d5200c5d0bd64d7f1530628543
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
image/webp,image/apng,image/*,*/*;q=0.8
cache-control
no-cache
:authority
www.scammed.by
referer
https://www.scammed.by/scam.php?id=233878
:scheme
https
:method
GET
Referer
https://www.scammed.by/scam.php?id=233878
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Tue, 03 Jul 2018 14:35:44 GMT
x-content-type-options
nosniff
cf-cache-status
MISS
x-powered-by
ASP.NET
status
200
vary
Accept-Encoding
content-length
15334
last-modified
Sat, 28 Jan 2017 21:35:35 GMT
server
cloudflare
etag
"8155aa75ae79d21:0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=0; preload
content-type
image/png
cache-control
no-cache,max-age=2592000
accept-ranges
bytes
cf-ray
434a14907a639762-FRA
fb.png
www.scammed.by/img/
11 KB
12 KB
Image
General
Full URL
https://www.scammed.by/img/fb.png
Requested by
Host: www.scammed.by
URL: https://www.scammed.by/scam.php?id=233878
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2400:cb00:2048:1::681b:bc01 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare / ASP.NET
Resource Hash
27a6be8425578376b41c169c706a00107f10057bae4bb15a7b771e626cd801fd
Security Headers
Name Value
Strict-Transport-Security max-age=0; preload
X-Content-Type-Options nosniff

Request headers

:path
/img/fb.png
pragma
no-cache
cookie
__cfduid=dd1e1516be144dca4d5200c5d0bd64d7f1530628543
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
image/webp,image/apng,image/*,*/*;q=0.8
cache-control
no-cache
:authority
www.scammed.by
referer
https://www.scammed.by/scam.php?id=233878
:scheme
https
:method
GET
Referer
https://www.scammed.by/scam.php?id=233878
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Tue, 03 Jul 2018 14:35:44 GMT
x-content-type-options
nosniff
cf-cache-status
MISS
x-powered-by
ASP.NET
status
200
vary
Accept-Encoding
content-length
11689
last-modified
Sat, 28 Jan 2017 20:18:28 GMT
server
cloudflare
etag
"c177e4afa379d21:0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=0; preload
content-type
image/png
cache-control
no-cache,max-age=2592000
accept-ranges
bytes
cf-ray
434a14907a649762-FRA
rocket-loader.min.js
ajax.cloudflare.com/cdn-cgi/scripts/4f936b58/cloudflare-static/
11 KB
4 KB
Script
General
Full URL
https://ajax.cloudflare.com/cdn-cgi/scripts/4f936b58/cloudflare-static/rocket-loader.min.js
Requested by
Host: www.scammed.by
URL: https://www.scammed.by/scam.php?id=233878
Protocol
SPDY
Server
2400:cb00:2048:1::6813:c697 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare-nginx /
Resource Hash
e00af8e003e12778b595d257720107558eaac26548e31015711cb701e39c34b0
Security Headers
Name Value
Strict-Transport-Security max-age=15780000; includeSubDomains
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.scammed.by/scam.php?id=233878
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Tue, 03 Jul 2018 14:35:44 GMT
content-encoding
gzip
last-modified
Wed, 27 Jun 2018 09:50:14 GMT
server
cloudflare-nginx
etag
W/"5b335dd6-2ba5"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options
SAMEORIGIN
content-type
application/javascript
status
200
cache-control
max-age=172800, public
strict-transport-security
max-age=15780000; includeSubDomains
cf-ray
434a14913ef9276e-FRA
expires
Thu, 05 Jul 2018 14:35:44 GMT
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/
73 KB
27 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Requested by
Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/4f936b58/cloudflare-static/rocket-loader.min.js
Protocol
SPDY
Server
2a00:1450:4001:821::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
13436b2fa07ef2a535ed0f3693b5ce81146d7402de676e42269371f5a28f094b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.scammed.by/scam.php?id=233878
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Tue, 03 Jul 2018 14:35:44 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="43,42,41,39,35",quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length
27361
x-xss-protection
1; mode=block
server
cafe
etag
8451012830657258582
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Tue, 03 Jul 2018 14:35:44 GMT
cookieControl-7.0.min.js
www.scammed.by/js/
42 KB
10 KB
Script
General
Full URL
https://www.scammed.by/js/cookieControl-7.0.min.js
Requested by
Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/4f936b58/cloudflare-static/rocket-loader.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2400:cb00:2048:1::681b:bc01 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare / ASP.NET
Resource Hash
0ccb34426a4401898ad9937cee3d926ff53b87f5116c0f3f9b4952967dece0bb
Security Headers
Name Value
Strict-Transport-Security max-age=0; preload
X-Content-Type-Options nosniff

Request headers

:path
/js/cookieControl-7.0.min.js
pragma
no-cache
cookie
__cfduid=dd1e1516be144dca4d5200c5d0bd64d7f1530628543
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
www.scammed.by
referer
https://www.scammed.by/scam.php?id=233878
:scheme
https
:method
GET
Referer
https://www.scammed.by/scam.php?id=233878
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Tue, 03 Jul 2018 14:35:44 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
MISS
last-modified
Thu, 16 Jun 2016 00:30:11 GMT
server
cloudflare
x-powered-by
ASP.NET
etag
W/"777523e66c7d11:0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
no-cache,max-age=2592000
strict-transport-security
max-age=0; preload
cf-ray
434a14915b789762-FRA
addthis_widget.js
s7.addthis.com/js/300/
349 KB
112 KB
Script
General
Full URL
https://s7.addthis.com/js/300/addthis_widget.js
Requested by
Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/4f936b58/cloudflare-static/rocket-loader.min.js
Protocol
SPDY
Server
104.111.214.46 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-214-46.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
22811cbf567efc54ca8845fae95b34c24de750fdb26db32229733c1220564799

Request headers

Referer
https://www.scammed.by/scam.php?id=233878
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Tue, 03 Jul 2018 14:35:44 GMT
content-encoding
gzip
surrogate-key
client_dist
last-modified
Mon, 02 Jul 2018 18:33:29 GMT
etag
"5b3a6ff9-57536"
vary
Accept-Encoding
x-distribution
99
cache-tag
client_dist
status
200
cache-control
public, max-age=600
x-host
s7.addthis.com
accept-ranges
bytes
timing-allow-origin
*
content-type
application/javascript
mapsjs-clustering.js
js.api.here.com/v3/3.0/
14 KB
5 KB
Script
General
Full URL
https://js.api.here.com/v3/3.0/mapsjs-clustering.js
Requested by
Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/4f936b58/cloudflare-static/rocket-loader.min.js
Protocol
HTTP/1.1
Server
104.111.247.181 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-247-181.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
9fa4534858d745ff92a99462c492bbccd27e5e1c936085bcd5ab5c64d11f59b7

Request headers

Referer
https://www.scammed.by/scam.php?id=233878
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Tue, 03 Jul 2018 14:35:44 GMT
Content-Encoding
gzip
Last-Modified
Wed, 31 Jan 2018 09:28:29 GMT
Server
Apache
ETag
"1dbedd92992669c3da392d11011d607a:1517390907"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Access-Control-Allow-Origin
*
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
5164
mapsjs-pano.js
js.api.here.com/v3/3.0/
403 KB
135 KB
Script
General
Full URL
https://js.api.here.com/v3/3.0/mapsjs-pano.js
Requested by
Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/4f936b58/cloudflare-static/rocket-loader.min.js
Protocol
HTTP/1.1
Server
104.111.247.181 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-247-181.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b149a8485ef3d5aacf8ed75d939ab2902e051efba3185123c5f1beb574d72326

Request headers

Referer
https://www.scammed.by/scam.php?id=233878
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Tue, 03 Jul 2018 14:35:44 GMT
Content-Encoding
gzip
Last-Modified
Wed, 31 Jan 2018 09:28:29 GMT
Server
Apache
ETag
"a07b71ce91db5bbdf6133e8281c307bc:1517390907"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Access-Control-Allow-Origin
*
Transfer-Encoding
chunked
Connection
keep-alive, Transfer-Encoding
Accept-Ranges
bytes
mapsjs-ui.js
js.api.here.com/v3/3.0/
79 KB
23 KB
Script
General
Full URL
https://js.api.here.com/v3/3.0/mapsjs-ui.js
Requested by
Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/4f936b58/cloudflare-static/rocket-loader.min.js
Protocol
HTTP/1.1
Server
104.111.247.181 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-247-181.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
28530cfdbf9598d46404bf17164265adb4e96ee723e428c79471b0d97bb315c2

Request headers

Referer
https://www.scammed.by/scam.php?id=233878
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Tue, 03 Jul 2018 14:35:44 GMT
Content-Encoding
gzip
Last-Modified
Wed, 31 Jan 2018 09:28:29 GMT
Server
Apache
ETag
"fb1c3c9e4000423a49dcddcc442c4013:1517390907"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Access-Control-Allow-Origin
*
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
23207
mapsjs-mapevents.js
js.api.here.com/v3/3.0/
16 KB
6 KB
Script
General
Full URL
https://js.api.here.com/v3/3.0/mapsjs-mapevents.js
Requested by
Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/4f936b58/cloudflare-static/rocket-loader.min.js
Protocol
HTTP/1.1
Server
104.111.247.181 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-247-181.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
eefe9341d1561a79c89cb27edd0e4f856f319e11c5635408896fd94c93f7ee37

Request headers

Referer
https://www.scammed.by/scam.php?id=233878
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Tue, 03 Jul 2018 14:35:44 GMT
Content-Encoding
gzip
Last-Modified
Wed, 31 Jan 2018 09:28:29 GMT
Server
Apache
ETag
"2645d1fb8f34dfad2b50c8e017880437:1517390907"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Access-Control-Allow-Origin
*
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
5476
mapsjs-service.js
js.api.here.com/v3/3.0/
76 KB
25 KB
Script
General
Full URL
https://js.api.here.com/v3/3.0/mapsjs-service.js
Requested by
Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/4f936b58/cloudflare-static/rocket-loader.min.js
Protocol
HTTP/1.1
Server
104.111.247.181 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-247-181.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b604c326ef430c9a4bb7ce73fa11d30051a26f2af321b5dc253675b23a661668

Request headers

Referer
https://www.scammed.by/scam.php?id=233878
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Tue, 03 Jul 2018 14:35:44 GMT
Content-Encoding
gzip
Last-Modified
Wed, 31 Jan 2018 09:28:29 GMT
Server
Apache
ETag
"6d439d6a5848cedead24449188a05e8f:1517390907"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Access-Control-Allow-Origin
*
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
24964
mapsjs-core.js
js.api.here.com/v3/3.0/
225 KB
81 KB
Script
General
Full URL
https://js.api.here.com/v3/3.0/mapsjs-core.js
Requested by
Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/4f936b58/cloudflare-static/rocket-loader.min.js
Protocol
HTTP/1.1
Server
104.111.247.181 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-247-181.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
12ec2e3a43afa6cdbe5d654d922d54da418ce3bf5d26b4a9f2f356f22e1b70ad

Request headers

Referer
https://www.scammed.by/scam.php?id=233878
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Tue, 03 Jul 2018 14:35:44 GMT
Content-Encoding
gzip
Last-Modified
Wed, 31 Jan 2018 09:28:29 GMT
Server
Apache
ETag
"3e4acd73bd01e232a294916a2575200f:1517390907"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Access-Control-Allow-Origin
*
Transfer-Encoding
chunked
Connection
keep-alive, Transfer-Encoding
Accept-Ranges
bytes
plusone.js
apis.google.com/js/
43 KB
17 KB
Script
General
Full URL
https://apis.google.com/js/plusone.js
Requested by
Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/4f936b58/cloudflare-static/rocket-loader.min.js
Protocol
SPDY
Server
2a00:1450:4001:820::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
ESF /
Resource Hash
577e7d8cd165a7414a824dafed6e3d994682fc73bec50bace60de3cdd62c0711
Security Headers
Name Value
Content-Security-Policy script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.gstatic.com https://www.google-analytics.com https://pagead2.googleadservices.com https://pagead2.googlesyndication.com https://tpc.googlesyndication.com https://s.ytimg.com https://www.youtube.com;report-uri /_/cspreport/es_oz_20180628.12_p1
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.scammed.by/scam.php?id=233878
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

content-security-policy
script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.gstatic.com https://www.google-analytics.com https://pagead2.googleadservices.com https://pagead2.googlesyndication.com https://tpc.googlesyndication.com https://s.ytimg.com https://www.youtube.com;report-uri /_/cspreport/es_oz_20180628.12_p1
content-encoding
gzip
x-content-type-options
nosniff
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
status
200
alt-svc
quic=":443"; ma=2592000; v="43,42,41,39,35"
x-xss-protection
1; mode=block
x-ua-compatible
IE=edge, chrome=1
server
ESF
x-frame-options
SAMEORIGIN
date
Tue, 03 Jul 2018 14:35:44 GMT
strict-transport-security
max-age=31536000
content-type
application/javascript; charset=utf-8
cache-control
private, max-age=1800, stale-while-revalidate=1800
etag
"4fef0ff1a6e2c2e43d8ad64971e9e3af"
timing-allow-origin
*
expires
Tue, 03 Jul 2018 14:35:44 GMT
buttons.js
ws.sharethis.com/button/
54 KB
15 KB
Script
General
Full URL
https://ws.sharethis.com/button/buttons.js
Requested by
Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/4f936b58/cloudflare-static/rocket-loader.min.js
Protocol
HTTP/1.1
Server
104.111.219.46 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-219-46.deploy.static.akamaitechnologies.com
Software
nginx/1.12.2 /
Resource Hash
9b6a1431817dfe90aa16dbfe5c4e086750b1654bf7519798168b0889a8077a53

Request headers

Referer
https://www.scammed.by/scam.php?id=233878
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Tue, 03 Jul 2018 14:35:44 GMT
Content-Encoding
gzip
Server
nginx/1.12.2
ETag
W/"5b3164cf-d9a2"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=75047
Connection
keep-alive
Content-Length
15324
Expires
Wed, 04 Jul 2018 11:26:31 GMT
homeSearch.js
www.scammed.by/js/
6 KB
1 KB
Script
General
Full URL
https://www.scammed.by/js/homeSearch.js
Requested by
Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/4f936b58/cloudflare-static/rocket-loader.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2400:cb00:2048:1::681b:bc01 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare / ASP.NET
Resource Hash
4271d882aaee9fc5efd17ae0356bfdd44242e285e5eb2c643a65ba17b7024799
Security Headers
Name Value
Strict-Transport-Security max-age=0; preload
X-Content-Type-Options nosniff

Request headers

:path
/js/homeSearch.js
pragma
no-cache
cookie
__cfduid=dd1e1516be144dca4d5200c5d0bd64d7f1530628543
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
www.scammed.by
referer
https://www.scammed.by/scam.php?id=233878
:scheme
https
:method
GET
Referer
https://www.scammed.by/scam.php?id=233878
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Tue, 03 Jul 2018 14:35:44 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
MISS
last-modified
Sun, 27 Aug 2017 21:33:29 GMT
server
cloudflare
x-powered-by
ASP.NET
etag
W/"8575fd1f7c1fd31:0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
no-cache,max-age=2592000
strict-transport-security
max-age=0; preload
cf-ray
434a14916b7e9762-FRA
jquery-ui.min.js
code.jquery.com/ui/1.10.1/
223 KB
73 KB
Script
General
Full URL
https://code.jquery.com/ui/1.10.1/jquery-ui.min.js
Requested by
Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/4f936b58/cloudflare-static/rocket-loader.min.js
Protocol
HTTP/1.1
Server
205.185.208.52 Phoenix, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS
vip052.ssl.hwcdn.net
Software
nginx /
Resource Hash
3679277f52d43f71877718d642081af762cc75a536fbf824ce82143be81fcb63

Request headers

Referer
https://www.scammed.by/scam.php?id=233878
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Tue, 03 Jul 2018 14:35:44 GMT
Content-Encoding
gzip
Last-Modified
Fri, 24 Oct 2014 00:16:08 GMT
Server
nginx
ETag
W/"54499a48-37aef"
Vary
Accept-Encoding
X-HW
1530628544.dop003.fr8.shc,1530628544.dop003.fr8.t,1530628544.cds027.fr8.c
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
74694
jquery-1.9.1.min.js
code.jquery.com/
90 KB
38 KB
Script
General
Full URL
https://code.jquery.com/jquery-1.9.1.min.js
Requested by
Host: ajax.cloudflare.com
URL: https://ajax.cloudflare.com/cdn-cgi/scripts/4f936b58/cloudflare-static/rocket-loader.min.js
Protocol
HTTP/1.1
Server
205.185.208.52 Phoenix, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS
vip052.ssl.hwcdn.net
Software
nginx /
Resource Hash
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4

Request headers

Referer
https://www.scammed.by/scam.php?id=233878
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Tue, 03 Jul 2018 14:35:44 GMT
Content-Encoding
gzip
Last-Modified
Fri, 24 Oct 2014 00:16:07 GMT
Server
nginx
ETag
W/"54499a47-169d5"
Vary
Accept-Encoding
X-HW
1530628544.dop003.fr8.shc,1530628544.dop003.fr8.t,1530628544.cds018.fr8.c
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
37959
async-buttons.js
ws.sharethis.com/button/
90 KB
19 KB
Script
General
Full URL
https://ws.sharethis.com/button/async-buttons.js
Requested by
Host: ws.sharethis.com
URL: https://ws.sharethis.com/button/buttons.js
Protocol
HTTP/1.1
Server
104.111.219.46 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-219-46.deploy.static.akamaitechnologies.com
Software
nginx/1.12.2 /
Resource Hash
cb04130a658379f5f8e1451690e054124c6c8a61d494614de402de63a7f6147f

Request headers

Referer
https://www.scammed.by/scam.php?id=233878
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Tue, 03 Jul 2018 14:35:44 GMT
Content-Encoding
gzip
Server
nginx/1.12.2
ETag
W/"5b316508-1686e"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=78020
Connection
keep-alive
Content-Length
19070
Expires
Wed, 04 Jul 2018 12:16:04 GMT
get_consent
c.sharethis.mgr.consensu.org/v1.0/cmp/
13 B
464 B
XHR
General
Full URL
https://c.sharethis.mgr.consensu.org/v1.0/cmp/get_consent
Requested by
Host: ws.sharethis.com
URL: https://ws.sharethis.com/button/buttons.js
Protocol
HTTP/1.1
Server
52.29.181.2 Frankfurt, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-29-181-2.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
38bc0f256821a9c0a02a1c0cedf8ff70c211e637ef77ac199de2fe0cf36ba9ec

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://www.scammed.by/scam.php?id=233878
Origin
https://www.scammed.by

Response headers

Date
Tue, 03 Jul 2018 14:35:44 GMT
ETag
W/"d-+DingHfG0CPg0LypXw8zXfS4tGg"
Vary
Accept-Encoding
Access-Control-Allow-Methods
DELETE, GET, HEAD, OPTIONS, POST, PUT
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
https://www.scammed.by
Access-Control-Allow-Credentials
true
Connection
keep-alive
Access-Control-Allow-Headers
Origin, X-Requested-With, Content-Type, Accept
Content-Length
13
cb=gapi.loaded_0
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.hfiMrY347qE.O/m=plusone/rt=j/sv=1/d=1/ed=1/am=wQ/rs=AGLTcCMOrzLFQ_Qou2Cj9qH2b2vdRcf4zQ/
131 KB
46 KB
Script
General
Full URL
https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.hfiMrY347qE.O/m=plusone/rt=j/sv=1/d=1/ed=1/am=wQ/rs=AGLTcCMOrzLFQ_Qou2Cj9qH2b2vdRcf4zQ/cb=gapi.loaded_0
Requested by
Host: apis.google.com
URL: https://apis.google.com/js/plusone.js
Protocol
SPDY
Server
2a00:1450:4001:820::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
27d0b2f79b3a90ccf74c8be137edd09fd3be6230e634ab3308213a5d9d47ef44
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.scammed.by/scam.php?id=233878
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 02 Jul 2018 12:10:37 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 28 Jun 2018 21:43:08 GMT
server
sffe
age
95107
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
status
200
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
alt-svc
quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length
46639
x-xss-protection
1; mode=block
expires
Tue, 02 Jul 2019 12:10:37 GMT
analytics.js
www.google-analytics.com/
34 KB
14 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.scammed.by
URL: https://www.scammed.by/scam.php?id=233878
Protocol
SPDY
Server
2a00:1450:4001:812::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
3fab1c883847e4b5a02f3749a9f4d9eab15cd4765873d3b2904a1a4c8755fba3
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.scammed.by/scam.php?id=233878
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 18 May 2018 01:10:24 GMT
server
Golfe2
age
5452
date
Tue, 03 Jul 2018 13:04:52 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length
14386
expires
Tue, 03 Jul 2018 15:04:52 GMT
buttons-secure.css
ws.sharethis.com/button/css/
23 KB
4 KB
Stylesheet
General
Full URL
https://ws.sharethis.com/button/css/buttons-secure.css
Requested by
Host: ws.sharethis.com
URL: https://ws.sharethis.com/button/async-buttons.js
Protocol
HTTP/1.1
Server
104.111.219.46 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-219-46.deploy.static.akamaitechnologies.com
Software
nginx/1.12.2 /
Resource Hash
95dc1b83a7c030dd13ab3e29df921f10e04208b28734f172ea232854264c3b05

Request headers

Referer
https://www.scammed.by/scam.php?id=233878
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Tue, 03 Jul 2018 14:35:44 GMT
Content-Encoding
gzip
Last-Modified
Mon, 25 Jun 2018 21:56:24 GMT
Server
nginx/1.12.2
ETag
W/"5b316508-5a76"
Vary
Accept-Encoding
Content-Type
text/css
Connection
keep-alive
Content-Length
3851
sc
l.sharethis.com/
Redirect Chain
  • https://l.sharethis.com/pview?event=pview&version=buttons.js&lang=en&fpc=3182262-164609217db-71beb2c9-1&sessionID=1530628544475.28939&hostname=www.scammed.by&location=%2Fscam.php&product=widget&sti...
  • https://l.sharethis.com/sc?cm=ZGAQMVs7icAAAAATSUHuAw%3D%3D&uid=true&url=https%3A%2F%2Fwww.scammed.by%2Fscam.php%3Fid%3D233878
0
-1 B
XHR
General
Full URL
https://l.sharethis.com/sc?cm=ZGAQMVs7icAAAAATSUHuAw%3D%3D&uid=true&url=https%3A%2F%2Fwww.scammed.by%2Fscam.php%3Fid%3D233878
Protocol
HTTP/1.1
Server
18.195.89.79 Cambridge, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-18-195-89-79.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.scammed.by/scam.php?id=233878
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Tue, 03 Jul 2018 14:35:44 GMT
Access-Control-Allow-Origin
https://www.scammed.by
Access-Control-Max-Age
1728000
P3p
policyref="/w3c/p3p.xml", CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT DEM"
Location
/sc?cm=ZGAQMVs7icAAAAATSUHuAw%3D%3D&uid=true&url=https%3A%2F%2Fwww.scammed.by%2Fscam.php%3Fid%3D233878
Access-Control-Expose-Headers
stid
Cache-Control
no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Access-Control-Allow-Headers
*
Content-Length
145
Stid
ZGAQMVs7icAAAAATSUHuAw==

Redirect headers

Date
Tue, 03 Jul 2018 14:35:44 GMT
Access-Control-Allow-Origin
https://www.scammed.by
Access-Control-Max-Age
1728000
P3p
policyref="/w3c/p3p.xml", CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT DEM"
Location
/sc?cm=ZGAQMVs7icAAAAATSUHuAw%3D%3D&uid=true&url=https%3A%2F%2Fwww.scammed.by%2Fscam.php%3Fid%3D233878
Access-Control-Expose-Headers
stid
Cache-Control
no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Access-Control-Allow-Headers
*
Content-Length
145
Stid
ZGAQMVs7icAAAAATSUHuAw==
sc
l.sharethis.com/
51 B
472 B
XHR
General
Full URL
https://l.sharethis.com/sc?cm=ZGAQMVs7icAAAAATSUHuAw%3D%3D&uid=true&url=https%3A%2F%2Fwww.scammed.by%2Fscam.php%3Fid%3D233878
Protocol
HTTP/1.1
Server
18.195.89.79 Cambridge, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-18-195-89-79.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
60ada0fd1c18419033db40c41fb87c2f275266b255d73394011533eb472cf22c

Request headers

X-DevTools-Emulate-Network-Conditions-Client-Id
31F3A51CFD51B711D20A1AF3040880A1
Origin
https://www.scammed.by
Referer
https://www.scammed.by/scam.php?id=233878
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Tue, 03 Jul 2018 14:35:44 GMT
Access-Control-Max-Age
1728000
Content-Type
text/plain; charset=utf-8
Access-Control-Allow-Origin
https://www.scammed.by
Access-Control-Expose-Headers
stid
Cache-Control
no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Stid
ZGAQMVs7icAAAAATSUHuAw==
Access-Control-Allow-Headers
*
Content-Length
51
p.js
ws.sharethis.com/button/
3 KB
1 KB
Script
General
Full URL
https://ws.sharethis.com/button/p.js
Requested by
Host: ws.sharethis.com
URL: https://ws.sharethis.com/button/buttons.js
Protocol
HTTP/1.1
Server
104.111.219.46 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-219-46.deploy.static.akamaitechnologies.com
Software
nginx/1.12.2 /
Resource Hash
97875e1cc37494327341a6d4444231a16127ab958907b9e879a87eb99808c7a0

Request headers

Referer
https://www.scammed.by/scam.php?id=233878
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Tue, 03 Jul 2018 14:35:44 GMT
Content-Encoding
gzip
Server
nginx/1.12.2
ETag
W/"5b3164d2-bc6"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=75085
Connection
keep-alive
Content-Length
1182
Expires
Wed, 04 Jul 2018 11:27:09 GMT
all.js
connect.facebook.net/en_GB/
206 KB
62 KB
Script
General
Full URL
https://connect.facebook.net/en_GB/all.js
Requested by
Host: www.scammed.by
URL: https://www.scammed.by/scam.php?id=233878
Protocol
SPDY
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
77b45eee60edacd2d1f85a296e07cc26db187a37e4cf2e7a7ebab132e56069c5
Security Headers
Name Value
Content-Security-Policy default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.scammed.by/scam.php?id=233878
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
1N4/7MfLPrqE2Og2Wz8Zvw==
status
200
content-length
62808
x-xss-protection
0
x-fb-debug
imGsCKoaqllF8Y/tzVSlAdv15oaaM/vSwOGLDECLkPkYMFvaJ4hRL9AuVHrU3QXdqu90RlfsBBa9tx7umR1C8A==
x-fb-content-md5
746dcb9c0bac983685ef7d0ffe4fbfcb
x-frame-options
DENY
date
Tue, 03 Jul 2018 14:35:44 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-expose-headers
X-FB-Content-MD5
cache-control
public,max-age=1200,stale-while-revalidate=3600
etag
"ce5b60b2fb9f6cd4f581c7c0d2a2a794"
content-security-policy
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
timing-allow-origin
*
expires
Tue, 03 Jul 2018 14:42:05 GMT
layers.b01bacf303e2cf5c81a0.js
s7.addthis.com/static/
260 KB
74 KB
Script
General
Full URL
https://s7.addthis.com/static/layers.b01bacf303e2cf5c81a0.js
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol
SPDY
Server
104.111.214.46 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-214-46.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
0ae822b18c929c3cf57ce3fcc6132fa43c469d9c28216355b617dffd60b76ff9

Request headers

Referer
https://www.scammed.by/scam.php?id=233878
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Tue, 03 Jul 2018 14:35:44 GMT
content-encoding
gzip
last-modified
Mon, 02 Jul 2018 18:33:29 GMT
etag
"5b3a6ff9-411de"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
public, max-age=86313600
x-host
s7.addthis.com
accept-ranges
bytes
timing-allow-origin
*
integrator.js
adservice.google.de/adsid/
109 B
172 B
Script
General
Full URL
https://adservice.google.de/adsid/integrator.js?domain=www.scammed.by
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
SPDY
Server
2a00:1450:4001:817::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.scammed.by/scam.php?id=233878
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 03 Jul 2018 14:35:44 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="43,42,41,39,35",quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length
104
x-xss-protection
1; mode=block
integrator.js
adservice.google.com/adsid/
109 B
172 B
Script
General
Full URL
https://adservice.google.com/adsid/integrator.js?domain=www.scammed.by
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
SPDY
Server
2a00:1450:4001:814::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.scammed.by/scam.php?id=233878
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

timing-allow-origin
*
date
Tue, 03 Jul 2018 14:35:44 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
status
200
cache-control
private, no-cache, no-store
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="43,42,41,39,35",quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length
104
x-xss-protection
1; mode=block
ca-pub-0835246356757158.js
pagead2.googlesyndication.com/pub-config/r20160913/
133 B
236 B
Script
General
Full URL
https://pagead2.googlesyndication.com/pub-config/r20160913/ca-pub-0835246356757158.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
SPDY
Server
2a00:1450:4001:821::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
7e7fa886d5d75c745d95be4fc3c5bfb4c988019b3f643c669734612345e1b8c8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.scammed.by/scam.php?id=233878
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Tue, 03 Jul 2018 05:05:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 02 Jul 2018 21:01:21 GMT
server
sffe
age
34226
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=43200
accept-ranges
bytes
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="43,42,41,39,35",quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length
125
x-xss-protection
1; mode=block
expires
Tue, 03 Jul 2018 17:05:18 GMT
zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20180627/r20180604/ Frame 2C0E
0
0
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20180627/r20180604/zrt_lookup.html
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:81c::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/html/r20180627/r20180604/zrt_lookup.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer
https://www.scammed.by/scam.php?id=233878
accept-encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
31F3A51CFD51B711D20A1AF3040880A1
Referer
https://www.scammed.by/scam.php?id=233878

Response headers

status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
vary
Accept-Encoding
date
Wed, 27 Jun 2018 13:09:40 GMT
expires
Wed, 11 Jul 2018 13:09:40 GMT
content-type
text/html; charset=UTF-8
etag
4726315756816018096
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
6958
x-xss-protection
1; mode=block
cache-control
public, max-age=1209600
age
523564
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="43,42,41,39,35",quic=":443"; ma=2592000; v="43,42,41,39,35"
show_ads_impl.js
pagead2.googlesyndication.com/pagead/js/r20180627/r20180604/ Frame 1AAB
181 KB
67 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20180627/r20180604/show_ads_impl.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
SPDY
Server
2a00:1450:4001:821::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
0d58b521833287d982ea6d6e06f261efb0a288fc4da4af571684b62894f337fd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.scammed.by/scam.php?id=233878
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Tue, 03 Jul 2018 14:35:44 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="43,42,41,39,35",quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length
68920
x-xss-protection
1; mode=block
server
cafe
etag
12077041724865760192
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=1209600
timing-allow-origin
*
expires
Tue, 03 Jul 2018 14:35:44 GMT
v
apikeys.civiccomputing.com/c/
126 B
589 B
Script
General
Full URL
https://apikeys.civiccomputing.com/c/v?d=www.scammed.by&p=cookiecontrol%20free&v=7&k=90082a10ff1b6a34715a32e78f6632c50f16475e
Requested by
Host: www.scammed.by
URL: https://www.scammed.by/js/cookieControl-7.0.min.js
Protocol
HTTP/1.1
Server
2001:470:6e0a::1b:243 , United States, ASN6939 (HURRICANE - Hurricane Electric LLC, US),
Reverse DNS
Software
Apache /
Resource Hash
c58361430bee315ecd8db1a6f17228e121aa538d7cfc6020e2deaa90bd8b5a02
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.scammed.by/scam.php?id=233878
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-APIKeys
miss
Date
Tue, 03 Jul 2018 14:35:44 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Server
Apache
Vary
X-Forwarded-Protocol,Accept-Encoding
Access-Control-Allow-Methods
GET
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=604800
Access-Control-Allow-Headers
origin, x-requested-with, content-type
Content-Length
132
Expires
Tue, 10 Jul 2018 14:35:44 GMT
49471.js
remote.vroptimal-3dx-assets.com/advertisement/settings/
Redirect Chain
  • https://cdn.adsoptimal.com/advertisement/settings/49471.js
  • https://remote.vroptimal-3dx-assets.com/advertisement/settings/49471.js
0
0
Script
General
Full URL
https://remote.vroptimal-3dx-assets.com/advertisement/settings/49471.js
Protocol
SPDY
Server
2400:cb00:2048:1::6814:3fa4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://www.scammed.by/scam.php?id=233878
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

cf-ray
434a14981a7e9780-FRA
date
Tue, 03 Jul 2018 14:35:45 GMT
via
1.1 vegur
cf-cache-status
EXPIRED
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/html
status
404
cache-control
public, max-age=172800
content-encoding
gzip
expires
Thu, 05 Jul 2018 14:35:45 GMT

Redirect headers

Date
Tue, 03 Jul 2018 14:35:45 GMT
Via
1.1 vegur
Server
Cowboy
Access-Control-Allow-Origin
*
X-Powered-By
Express
Vary
Accept
Content-Type
text/plain; charset=UTF-8
Location
https://remote.vroptimal-3dx-assets.com/advertisement/settings/49471.js
Cache-Control
public, max-age=0
Connection
keep-alive
Content-Length
105
manual.js
remote.vroptimal-3dx-assets.com/advertisement/
Redirect Chain
  • https://cdn.adsoptimal.com/advertisement/manual.js
  • https://remote.vroptimal-3dx-assets.com/advertisement/manual.js
0
0
Script
General
Full URL
https://remote.vroptimal-3dx-assets.com/advertisement/manual.js
Protocol
SPDY
Server
2400:cb00:2048:1::6814:3fa4 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://www.scammed.by/scam.php?id=233878
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

cf-ray
434a14981a7f9780-FRA
date
Tue, 03 Jul 2018 14:35:45 GMT
via
1.1 vegur
cf-cache-status
HIT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/html
status
404
cache-control
public, max-age=172800
content-encoding
gzip
expires
Thu, 05 Jul 2018 14:35:45 GMT

Redirect headers

Date
Tue, 03 Jul 2018 14:35:45 GMT
Via
1.1 vegur
Server
Cowboy
Access-Control-Allow-Origin
*
X-Powered-By
Express
Vary
Accept
Content-Type
text/plain; charset=UTF-8
Location
https://remote.vroptimal-3dx-assets.com/advertisement/manual.js
Cache-Control
public, max-age=0
Connection
keep-alive
Content-Length
97
t.dhj
t.sharethis.com/1/d/ Frame A92D
1 KB
1 KB
Script
General
Full URL
https://t.sharethis.com/1/d/t.dhj?rnd=1530628544685&cid=c010&dmn=www.scammed.by
Requested by
Host: www.scammed.by
URL: https://www.scammed.by/scam.php?id=233878
Protocol
HTTP/1.1
Server
104.111.218.204 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-218-204.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
3af49afa578abd38ffed0d8db543cf4ab965ba5f9a3f86c3b23924e280dbecb1
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.scammed.by/scam.php?id=233878
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Tue, 03 Jul 2018 14:35:44 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Mon, 02 Jul 2018 23:08:19 GMT
ETag
"901010c0dcd9d396b450386e489bc84d:1530573281"
Vary
Accept-Encoding
P3P
policyref="/w3c/p3p.xml", CP="DSP LAW NID OUR DEL SAM BUS UNI PUR COM NAV INT STA PRE LOC OTC"
Cache-Control
private, max-age=3600
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
application/javascript
Content-Length
860
Expires
Tue, 03 Jul 2018 15:35:44 GMT
t_.htm
t.sharethis.com/a/ Frame 57AB
0
0
Document
General
Full URL
https://t.sharethis.com/a/t_.htm?ver=0.154.5924&cid=c010
Requested by
Host: t.sharethis.com
URL: https://t.sharethis.com/1/d/t.dhj?rnd=1530628544685&cid=c010&dmn=www.scammed.by
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.218.204 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-218-204.deploy.static.akamaitechnologies.com
Software
/
Resource Hash

Request headers

Host
t.sharethis.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer
https://www.scammed.by/scam.php?id=233878
Accept-Encoding
gzip, deflate
Cookie
__stid=ZGAQMVs7icAAAAATSUHuAw==
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
31F3A51CFD51B711D20A1AF3040880A1
Referer
https://www.scammed.by/scam.php?id=233878

Response headers

ETag
"59dc49b7f19ac5bc08ebd49bf1a4243f:1530573136"
Last-Modified
Mon, 02 Jul 2018 23:08:13 GMT
Accept-Ranges
bytes
Vary
Accept-Encoding
Content-Encoding
gzip
Content-Length
783
Cache-Control
max-age=604800
Expires
Tue, 10 Jul 2018 14:35:44 GMT
Date
Tue, 03 Jul 2018 14:35:44 GMT
Connection
keep-alive
P3P
policyref="/w3c/p3p.xml", CP="DSP LAW NID OUR DEL SAM BUS UNI PUR COM NAV INT STA PRE LOC OTC"
Content-Type
text/html
xaOI6zd9HW9.js
staticxx.facebook.com/connect/xd_arbiter/r/ Frame 44E4
0
0
Document
General
Full URL
https://staticxx.facebook.com/connect/xd_arbiter/r/xaOI6zd9HW9.js?version=42
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_GB/all.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
staticxx.facebook.com
:scheme
https
:path
/connect/xd_arbiter/r/xaOI6zd9HW9.js?version=42
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer
https://www.scammed.by/scam.php?id=233878
accept-encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
31F3A51CFD51B711D20A1AF3040880A1
Referer
https://www.scammed.by/scam.php?id=233878

Response headers

status
200
expires
Mon, 01 Jul 2019 21:56:33 GMT
x-xss-protection
0
content-type
text/html; charset=utf-8
x-content-type-options
nosniff
cache-control
public,max-age=31536000,immutable
vary
Accept-Encoding
content-encoding
gzip
x-fb-debug
EQ7wQkoKx3/QaWtEVnNOYH4mSpJcN4otvpEr+dNBjq7IO37MnrV8O3w6wSfzy/qE47ABePMBhipqfylgA6XAMA==
content-length
13896
date
Tue, 03 Jul 2018 14:35:44 GMT
ads
googleads.g.doubleclick.net/pagead/ Frame 5CA3
0
0
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-0835246356757158&output=html&adk=1812271804&adf=3025194257&lmt=1530628544&plat=1%3A32776%2C2%3A32776%2C8%3A32776%2C9%3A32776%2C16%3A8388608%2C26%3A32768%2C30%3A34635776&guci=1.2.0.0.2.2.0&format=0x0&url=https%3A%2F%2Fwww.scammed.by%2Fscam.php%3Fid%3D233878&ea=0&flash=0&pra=5&wgl=1&adsid=NT&dt=1530628544668&bpp=6&bdt=631&fdt=8&idt=120&shv=r20180627&cbv=r20180604&saldr=aa&abxe=1&correlator=7511947836208&frm=20&pv=2&ga_vid=1696384071.1530628545&ga_sid=1530628545&ga_hid=636683424&ga_fc=0&iag=0&icsg=16544214165516&dssz=36&mdo=0&mso=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=0&ady=0&biw=1585&bih=1200&scr_x=0&scr_y=0&eid=21061122%2C368226401&oid=3&rx=0&eae=2&fc=1808&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cnr%7C&abl=CS&ppjl=u&fu=16&bc=7&osw_key=18644212&ifi=0&fsb=1&dtd=153
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20180627/r20180604/show_ads_impl.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:81c::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/ads?client=ca-pub-0835246356757158&output=html&adk=1812271804&adf=3025194257&lmt=1530628544&plat=1%3A32776%2C2%3A32776%2C8%3A32776%2C9%3A32776%2C16%3A8388608%2C26%3A32768%2C30%3A34635776&guci=1.2.0.0.2.2.0&format=0x0&url=https%3A%2F%2Fwww.scammed.by%2Fscam.php%3Fid%3D233878&ea=0&flash=0&pra=5&wgl=1&adsid=NT&dt=1530628544668&bpp=6&bdt=631&fdt=8&idt=120&shv=r20180627&cbv=r20180604&saldr=aa&abxe=1&correlator=7511947836208&frm=20&pv=2&ga_vid=1696384071.1530628545&ga_sid=1530628545&ga_hid=636683424&ga_fc=0&iag=0&icsg=16544214165516&dssz=36&mdo=0&mso=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=0&ady=0&biw=1585&bih=1200&scr_x=0&scr_y=0&eid=21061122%2C368226401&oid=3&rx=0&eae=2&fc=1808&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cnr%7C&abl=CS&ppjl=u&fu=16&bc=7&osw_key=18644212&ifi=0&fsb=1&dtd=153
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer
https://www.scammed.by/scam.php?id=233878
accept-encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
31F3A51CFD51B711D20A1AF3040880A1
Referer
https://www.scammed.by/scam.php?id=233878

Response headers

status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
gzip
date
Tue, 03 Jul 2018 14:35:44 GMT
server
cafe
cache-control
private
content-length
493
x-xss-protection
1; mode=block
set-cookie
test_cookie=CheckForPermission; expires=Tue, 03-Jul-2018 14:50:44 GMT; path=/; domain=.doubleclick.net
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="43,42,41,39,35",quic=":443"; ma=2592000; v="43,42,41,39,35"
expires
Tue, 03 Jul 2018 14:35:44 GMT
osd.js
pagead2.googlesyndication.com/pagead/js/r20180627/r20180604/
70 KB
26 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20180627/r20180604/osd.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20180627/r20180604/show_ads_impl.js
Protocol
SPDY
Server
2a00:1450:4001:821::2002 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
3db849d3db4a3623f8e7879eeb85508293c24b0f50dadf94428b35c3b1302d67
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.scammed.by/scam.php?id=233878
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Mon, 02 Jul 2018 11:12:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
98603
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="43,42,41,39,35",quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length
26314
x-xss-protection
1; mode=block
server
cafe
etag
16939274274452998373
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 16 Jul 2018 11:12:21 GMT

Verdicts & Comments Add Verdict or Comment

125 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| Eager object| CloudflareApps function| Tether function| Drop function| Tooltip function| Autolinker object| __cfQR function| $ function| jQuery function| DP_jQuery_1530628544463 number| minl function| doSearch object| stlib function| _$d function| _$d0 function| _$d_ function| _$d1 function| _$d2 function| _$de function| _$dt object| _all_services boolean| tpcCookiesEnableCheckingDone boolean| tpcCookiesEnabledStatus string| customProduct string| stWidgetVersion object| stButtons object| stWidget boolean| sop_pview_logged object| ShareThisEvent object| stLight boolean| st_showing boolean| opt_out object| gapi object| ___jsl string| GoogleAnalyticsObject function| ga function| init_hash boolean| showHoverbarReskinned boolean| isEsiLoaded boolean| stShowNewMobileWidget boolean| isMobileButtonLoaded boolean| stRecentServices boolean| iswhatsappCustomButton boolean| isKikCustomButton boolean| stIsLoggedIn object| servicesLoggedIn object| stFastShareObj boolean| useFastShare object| stButtonsLib function| Shareable function| shareLog undefined| __stPubGA object| async_buttons function| foursquareCallback function| __stgetPubGA function| plusoneCallback object| H object| mapsjs object| gaplugins object| gaGlobal object| osapi object| gadgets object| shindig object| iframer function| ToolbarApi object| iframes function| IframeBase function| Iframe function| IframeProxy function| IframeWindow object| __gapi_jstiming__ object| pano object| adsbygoogle function| atwpjp string| _atd function| _euc function| _duc object| _atc string| _atr object| addthis string| addthis_pub function| emdot object| _ate object| _adr object| addthis_conf function| addthis_open function| addthis_close function| addthis_sendto object| google_js_reporting_queue object| google_ad_modifications boolean| google_measure_js_timing object| googleToken object| googleIMState function| processGoogleToken object| google_reactive_ads_global_state function| google_spfd object| google_sv_map object| google_t12n_vars object| google_jobrunner object| google_iframe_oncopy function| cookieControl function| _cookieControlPoll object| CookieControl object| civicLicense function| ccAddAnalytics function| showHelp function| showHeader string| a string| b string| header object| FB object| _atw object| google_persistent_state_async object| google_pub_config object| __google_ad_urls number| google_global_correlator object| google_prev_clients object| ampInaboxIframes object| ampInaboxPendingMessages function| Goog_AdSense_getAdAdapterInstance boolean| google_osd_loaded boolean| google_onload_fired function| Goog_Osd_UnloadAdBlock function| Goog_Osd_UpdateElementToMeasure boolean| google_ama_all_ads_detection_enabled

1 Cookies

Domain/Path Name / Value
.scammed.by/ Name: __cfduid
Value: dd1e1516be144dca4d5200c5d0bd64d7f1530628543

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=0; preload
X-Content-Type-Options nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adservice.google.com
adservice.google.de
ajax.cloudflare.com
ajax.googleapis.com
apikeys.civiccomputing.com
apis.google.com
c.sharethis.mgr.consensu.org
cdn.adsoptimal.com
code.jquery.com
connect.facebook.net
googleads.g.doubleclick.net
js.api.here.com
l.sharethis.com
pagead2.googlesyndication.com
remote.vroptimal-3dx-assets.com
s7.addthis.com
scammed.by
staticxx.facebook.com
t.sharethis.com
ws.sharethis.com
www.google-analytics.com
www.scammed.by
104.111.214.46
104.111.218.204
104.111.219.46
104.111.247.181
18.195.89.79
2001:470:6e0a::1b:243
205.185.208.52
23.23.192.33
2400:cb00:2048:1::6813:c697
2400:cb00:2048:1::6814:3fa4
2400:cb00:2048:1::681b:bc01
2a00:1450:4001:812::200e
2a00:1450:4001:814::2002
2a00:1450:4001:817::2002
2a00:1450:4001:817::200a
2a00:1450:4001:81c::2002
2a00:1450:4001:820::200e
2a00:1450:4001:821::2002
2a03:2880:f01c:8012:face:b00c:0:3
52.29.181.2
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
0ae822b18c929c3cf57ce3fcc6132fa43c469d9c28216355b617dffd60b76ff9
0b54839255c52fc519c504a5808dfa4f6f152f6166430770a9100a8e6b508ed9
0ccb34426a4401898ad9937cee3d926ff53b87f5116c0f3f9b4952967dece0bb
0d58b521833287d982ea6d6e06f261efb0a288fc4da4af571684b62894f337fd
12ec2e3a43afa6cdbe5d654d922d54da418ce3bf5d26b4a9f2f356f22e1b70ad
13436b2fa07ef2a535ed0f3693b5ce81146d7402de676e42269371f5a28f094b
22811cbf567efc54ca8845fae95b34c24de750fdb26db32229733c1220564799
27a6be8425578376b41c169c706a00107f10057bae4bb15a7b771e626cd801fd
27d0b2f79b3a90ccf74c8be137edd09fd3be6230e634ab3308213a5d9d47ef44
28530cfdbf9598d46404bf17164265adb4e96ee723e428c79471b0d97bb315c2
355e349063e35aa54800572cbe95855638c31284b070ffd976d4c8e1de3753c0
3679277f52d43f71877718d642081af762cc75a536fbf824ce82143be81fcb63
38bc0f256821a9c0a02a1c0cedf8ff70c211e637ef77ac199de2fe0cf36ba9ec
3af49afa578abd38ffed0d8db543cf4ab965ba5f9a3f86c3b23924e280dbecb1
3bb5ec5a4012e4892b9432b94b2d0a29cf90311bf636497eaaa4e51315951b53
3db849d3db4a3623f8e7879eeb85508293c24b0f50dadf94428b35c3b1302d67
3fab1c883847e4b5a02f3749a9f4d9eab15cd4765873d3b2904a1a4c8755fba3
4271d882aaee9fc5efd17ae0356bfdd44242e285e5eb2c643a65ba17b7024799
4f0254b3ccd8c874b124afa6df5168b91c0b90b73710dc04c3cc955b0d120c04
577e7d8cd165a7414a824dafed6e3d994682fc73bec50bace60de3cdd62c0711
5a7a86e84b1ebca2888d0778e4e8f4e5b1528075bdbb63e0cad1b87c24271f0d
60ada0fd1c18419033db40c41fb87c2f275266b255d73394011533eb472cf22c
77b45eee60edacd2d1f85a296e07cc26db187a37e4cf2e7a7ebab132e56069c5
792c4f6798de7b418be52a9956d529475c5e70c47741e5e413c535c11c1e8b70
7e7fa886d5d75c745d95be4fc3c5bfb4c988019b3f643c669734612345e1b8c8
7f16575147629eb7ce887d3e99ba0974c9f344f6e6a4ac0f1cf66ab105b52676
87968ab2067d06814b3e47c8763d83088b6fe448ff5312ccc9777e564e84ffa0
95dc1b83a7c030dd13ab3e29df921f10e04208b28734f172ea232854264c3b05
97875e1cc37494327341a6d4444231a16127ab958907b9e879a87eb99808c7a0
9b6a1431817dfe90aa16dbfe5c4e086750b1654bf7519798168b0889a8077a53
9fa4534858d745ff92a99462c492bbccd27e5e1c936085bcd5ab5c64d11f59b7
b149a8485ef3d5aacf8ed75d939ab2902e051efba3185123c5f1beb574d72326
b604c326ef430c9a4bb7ce73fa11d30051a26f2af321b5dc253675b23a661668
ba41b333b3a6f37dfa60153ad40a6eef7080565f79c645ec1a03751c2f97fa4b
bedf011bf35ff35b6aa49777e7f70d129aaec45ce6075c8a20e954c5ee88e294
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4
c58361430bee315ecd8db1a6f17228e121aa538d7cfc6020e2deaa90bd8b5a02
c9f9153ac943d431588469318ff7b97ad2973d7d86c7ef718683f53bd1a93d12
cb04130a658379f5f8e1451690e054124c6c8a61d494614de402de63a7f6147f
cddc13f2b406c42d3fd25cdeb5e7dd2c644ccf8d68b2c78b714355e9a9d41150
cddf89e8c7a02ae35f48126518c828340ec3158e6f1d973997a841ccaa105607
e00af8e003e12778b595d257720107558eaac26548e31015711cb701e39c34b0
e2999a2b3a79ff5d44f11ee36fa64074a1d4cac8f2418515f5a8c532d5dffb78
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eefe9341d1561a79c89cb27edd0e4f856f319e11c5635408896fd94c93f7ee37
f82d31794273d8e1b83f257fec1ecd99a833a02e3fbb1a94848b70771988afcd