Report - linkfly.to/vidwo8d?_branch_match_id=1097963025624620187&_branch_referrer=H4sIAAAAAAAAA8soKSkottLXN00szzfXSywo0MvJzMvWDwgPjTDI8KtML0kCAJy9jaUiAAAA

Report Overview

Submitted URL
linkfly.to/vidwo8d?_branch_match_id=1097963025624620187&_branch_referrer=H4sIAAAAAAAAA8soKSkottLXN00szzfXSywo0MvJzMvWDwgPjTDI8KtML0kCAJy9jaUiAAAA
IP
104.21.39.217
ASN
#13335 CLOUDFLARENET
Submitted
2022-09-12 20:04:16
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
48

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	321 B	229 B	34.117.237.239
www.googletagmanager.com	75	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	366 B	75 kB	142.250.74.72
simplewebanalysis.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	752 B	806 B	52.28.172.243
lockfireshimself.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	5.3 kB	12 kB	173.233.137.36
youradexchange.com	273384	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	929 B	73 kB	35.190.41.116
region1.google-analytics.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	618 B	557 B	216.239.34.36
diminutioneconomy.com	158859	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	6.7 kB	46 kB	192.243.61.227
e1.o.lencr.org	6159	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	652 B	1.5 kB	95.101.11.115
skipdearbeautify.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	430 B	467 B	173.233.139.164
scemga.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.4 kB	472 kB	162.0.232.190
forgerylimit.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.2 kB	5.8 kB	173.233.137.44
cdn.cloudimagesb.com	23099	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.3 kB	596 kB	45.133.44.10
asacdn.com	184839	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	342 B	1.2 kB	172.67.201.216
fonts.gstatic.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	486 B	46 kB	142.250.74.163
addresseepaper.com	18169	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	343 B	24 kB	104.21.235.2
acdcdn.com	108449	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	342 B	1.2 kB	104.21.6.66
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	401 B	5.8 kB	143.204.55.110
counter9.stat.ovh	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	425 B	4.9 kB	37.187.129.45
lightingstipulate.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.1 kB	84 kB	192.243.61.225
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.6 kB	46 kB	34.120.237.76
fonts.googleapis.com	8877	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	381 B	8.4 kB	142.250.74.10
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	594 B	127 B	52.89.255.30
reapinject.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	4.4 kB	11 kB	192.243.61.225
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	329 B	737 B	93.184.220.29
banquetunarmedgrater.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	357 B	327 B	192.243.61.225
ashcdn.com	302752	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	342 B	1.2 kB	172.67.173.137
linkfly.to	183170	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.0 kB	3.5 kB	172.67.148.232
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	758 B	2.7 kB	143.204.55.36
ocsp.sectigo.com	487	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	984 B	2.9 kB	172.64.155.188
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.0 kB	4.2 kB	142.250.74.3
ocsp.sca1b.amazontrust.com	1015	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	338 B	944 B	54.230.245.118
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	5.2 kB	14 kB	95.101.11.115
graduatewonderentreaty.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.2 kB	5.8 kB	173.233.137.44
obituaryfuneral.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.2 kB	5.9 kB	173.233.137.36

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2022-09-12	medium	lightingstipulate.com	Sinkholed
2022-09-12	medium	lightingstipulate.com	Sinkholed
2022-09-12	medium	lightingstipulate.com	Sinkholed
2022-09-12	medium	lightingstipulate.com	Sinkholed
2022-09-12	medium	lightingstipulate.com	Sinkholed
2022-09-12	medium	lightingstipulate.com	Sinkholed
2022-09-12	medium	lockfireshimself.com	Sinkholed
2022-09-12	medium	lightingstipulate.com	Sinkholed
2022-09-12	medium	reapinject.com	Sinkholed
2022-09-12	medium	forgerylimit.com	Sinkholed
2022-09-12	medium	graduatewonderentreaty.com	Sinkholed
2022-09-12	medium	lockfireshimself.com	Sinkholed
2022-09-12	medium	lightingstipulate.com	Sinkholed
2022-09-12	medium	reapinject.com	Sinkholed
2022-09-12	medium	graduatewonderentreaty.com	Sinkholed
2022-09-12	medium	forgerylimit.com	Sinkholed
2022-09-12	medium	lockfireshimself.com	Sinkholed
2022-09-12	medium	reapinject.com	Sinkholed
2022-09-12	medium	lockfireshimself.com	Sinkholed
2022-09-12	medium	reapinject.com	Sinkholed
2022-09-12	medium	obituaryfuneral.com	Sinkholed
2022-09-12	medium	obituaryfuneral.com	Sinkholed
2022-09-12	medium	skipdearbeautify.com	Sinkholed
2022-09-12	medium	banquetunarmedgrater.com	Sinkholed

JavaScript (43)

	URL	Size	First Seen	Last Seen
	scemga.com/	339 B	2023-03-07	2023-03-17
Pretty URL scemga.com/ IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 15:23:47 Last Seen2023-03-17 11:31:36 Times Seen1 Hash f3b3c502a5423e8a60fe6ca61ef52f7c ff0522a2ceaa37b927fcd882ec6ac1231355cef0 99bab8d1777020783b97e5b4f440d04e1da673e1d5bcfa5d09931847250e9b5d Loading...

	http:blank	3.3 kB	2023-03-07	2023-03-07
Pretty URL http:blank IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 15:23:47 Last Seen2023-03-07 15:23:47 Times Seen1 Hash 89dadf48a80d6a6f22a2809baedcaa8d e9175799f67fe35d6d13f416a532367891c9a80a 0dc0189113cb7340983e19376cf86294fb44f19df5a1e5b8ba6b3b86b5579f2e Loading...

	diminutioneconomy.com/65/aa/28/65aa283021630dfd9030555c4c61a78c.js	85 kB	2023-03-07	2023-03-07
Pretty URL diminutioneconomy.com/65/aa/28/65aa283021630dfd9030555c4c61a78c.js IP 192.243.61.227 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:07:59 Last Seen2023-03-07 15:23:47 Times Seen1 Hash 5c19ec1eb7924788aff6162b9f25f9c3 069bf30f5a29b551f700784c5ea08174c37d3b4b 6767b7e73aa6b972ae670e2a3414b88755d3cf5424d246e8ce4fdddfde44c4df Loading...

	lightingstipulate.com/9935cef1b3bb2b1a4bb4c4b36a250640/invoke.js	27 kB	2023-03-07	2023-03-07
Pretty URL lightingstipulate.com/9935cef1b3bb2b1a4bb4c4b36a250640/invoke.js IP 192.243.61.225 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:39:10 Last Seen2023-03-07 15:26:33 Times Seen1 Hash c1505599c2491fac1199944eef659284 63f27728a60ec0076f36eacc739985392440af97 0ff6283054e5a1df161e4ec16c740bf98ed45b26a8bc2b6a226f0c7a899a2455 Loading...

	scemga.com/	192 B	2023-03-07	2023-03-17
Pretty URL scemga.com/ IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 15:23:47 Last Seen2023-03-17 11:31:37 Times Seen1 Hash c9a435a8c7f7f3945ba53caaf8c6df14 5deede3a46c2abc513c12794558966aa32b4e736 7bb9924e1fd9dbc9611acd7fa95338b0712d6717c50e36230a3000426bb8fe0f Loading...

	http:blank	3.3 kB	2023-03-07	2023-03-07
Pretty URL http:blank IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 15:23:47 Last Seen2023-03-07 15:23:47 Times Seen1 Hash f8309202b66331e5462c5dc9241cfbd1 a1a2d55866c3779c29e58fd01dd8a04342ef1d45 cc746c5308bcdfd7669de88d0ac43efd8053bb64ff79b9695d6cdb54b199ab6f Loading...

	banquetunarmedgrater.com/advertisers.js	0 B	2023-03-07	2024-04-26
Pretty URL banquetunarmedgrater.com/advertisers.js IP 192.243.61.225 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-26 06:07:45 Times Seen37084850 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	scemga.com/	339 B	2023-03-07	2023-03-17
Pretty URL scemga.com/ IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 15:23:47 Last Seen2023-03-17 11:31:37 Times Seen1 Hash 065dab418b05c95ecfabeeec22499bbd 7a750a355d85a329cd290607662818876c1347a0 74dfd7b24ab407cc45910c1831a205adf5de25cb2620cfc852a8d06aa34c38fb Loading...

	scemga.com/	340 B	2023-03-07	2023-03-17
Pretty URL scemga.com/ IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 15:23:47 Last Seen2023-03-17 11:31:37 Times Seen1 Hash 6acedf735e7723ec0b24ebe2ff005b8c 499687ddd932c8df8967dcf7b6a8c103de5731be 586769ffffe715340b41853db40fec521b96f112a4a2f1553710eca22d1d81fa Loading...

	scemga.com/	192 B	2023-03-07	2023-03-17
Pretty URL scemga.com/ IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 15:23:47 Last Seen2023-03-17 11:31:37 Times Seen1 Hash 5090115c66e8bb4fecf227be6e54ba2f cdebc518fc7a6451bbff55fa28ba062f02cfdad8 a14ffdfc35a420e24f6e5305dbb67bfd214b0781bfffcbe60d6bf419dc234cd2 Loading...

	scemga.com/	192 B	2023-03-07	2023-03-17
Pretty URL scemga.com/ IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 15:23:47 Last Seen2023-03-17 11:31:37 Times Seen1 Hash 065b32631ac5b37f3e64bc10e3be40ee 347cbd6826030073f313ad7454a1d478075f85a8 a308deea232684f341aced1b3ace60ae6f2d95de68122cb90b87e47a9fe34925 Loading...

	http:blank	145 B	2023-03-07	2023-03-17
Pretty URL http:blank IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 15:23:47 Last Seen2023-03-17 11:31:37 Times Seen1 Hash 88961787701441e62f86bac9f2ef18f5 b851da405126de5b18109ecb4fe560544dbadf8a 2083d0ee5d04a3d85aec7f3f15dd6597f4e3dde3b9212d275e7235555fe10cea Loading...

	http:blank	145 B	2023-03-07	2023-03-17
Pretty URL http:blank IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 15:23:47 Last Seen2023-03-17 11:31:37 Times Seen1 Hash 099d79779a569adbc157c962cf93e912 deadece40da038617bc187b55c95c21f3f91dbad 50ff9efa05cadcc8a37ddd3464c8dc1341c50fbbdf80269e76a7a29a399f3c8c Loading...

	scemga.com/js/video.js	1.8 MB	2023-03-07	2023-03-17
Pretty URL scemga.com/js/video.js IP 162.0.232.190 ASN #22612 NAMECHEAP-NET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:59:29 Last Seen2023-03-17 11:31:37 Times Seen1 Hash 0abe8ed1c5f417c8be8b381dc2366f62 1d3ac2c364eb09bb8f87efa30194590a4491d20a f67d297dfd82a1de0203c6ed2b60970e75ef4e0f9e3fdc3f7aa99d500e666b37 Loading...

	lightingstipulate.com/4410ffd8c93e6372e161f4b0a12f2ccd/invoke.js	27 kB	2023-03-07	2023-03-17
Pretty URL lightingstipulate.com/4410ffd8c93e6372e161f4b0a12f2ccd/invoke.js IP 192.243.61.225 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:02:10 Last Seen2023-03-17 12:45:59 Times Seen1 Hash 1197fa6e0a609d453b85a3c13aabd284 7700bc686043e48597be264f722dbf02a1a32cd6 c15959b0e3b21b6321509a20a9e97d4478984ad716893d5384facdc327a69bb3 Loading...

	http:blank	145 B	2023-03-07	2023-03-17
Pretty URL http:blank IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 15:23:47 Last Seen2023-03-17 11:31:37 Times Seen1 Hash ff4a9c81f35538dceb6f18614f6b396a 9bdef0fd2bbe5a0c54b53806fad214c6fac76e5e 348c6c0bd40f6ae4ca8e3182224f64848bf1f8d10393c91333bf4fe0f421e1d4 Loading...

	http:blank	3.2 kB	2023-03-07	2023-03-07
Pretty URL http:blank IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 15:23:47 Last Seen2023-03-07 15:23:47 Times Seen1 Hash 409213f261a7342caa9159c8fe81b634 3a3375631bddd3522698b4801480ecb8e3556e63 deeb64c729f8c8ce7f5afeeab81597d47c651a1f78501d0845b306e84e058dda Loading...

	ashcdn.com/script/suv4r.js	100 kB	2023-03-07	2023-03-17
Pretty URL ashcdn.com/script/suv4r.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:57:41 Last Seen2023-03-17 11:31:37 Times Seen1 Hash ee12a2805101262129d98f03537431b5 24664852702db2fb51002fd8b57912732f4a9bdd 2b38ec22917a480379e481b2f54923f486f50a11b3fdd8e810d783abff9216a5 Loading...

	lightingstipulate.com/79058c42da72db7016303f55ac74fc51/invoke.js	25 kB	2023-03-07	2023-03-17
Pretty URL lightingstipulate.com/79058c42da72db7016303f55ac74fc51/invoke.js IP 192.243.61.225 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 15:23:47 Last Seen2023-03-17 11:31:37 Times Seen1 Hash 4ff94fb8fb040bcc82a08ed0c32cc3f7 51103ad76655fa073a3775cf442ecf5e83ba23ce 50fa837a32400aee38ecc8af7c09ba27644ba6e16376ada3ada53bec190779d2 Loading...

	http:blank	3.3 kB	2023-03-07	2023-03-07
Pretty URL http:blank IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 15:23:47 Last Seen2023-03-07 15:23:47 Times Seen1 Hash b16e4208dde7bd455a0719eddf635d1b b8987ae5b22efa6d8a5cd7e0fea5b4d3f8941a38 7649fb6e8d52bddd8b851d9cad355acbcebdea230d7a37e6120e2e8b960067d8 Loading...

	http:blank	3.3 kB	2023-03-07	2023-03-07
Pretty URL http:blank IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 15:23:47 Last Seen2023-03-07 15:23:47 Times Seen1 Hash 42da4bd245708bb15b9fd241d7c6219c c0b1391160a012c255a27963d5dfaf2dba9a72b7 cd4e5910fb520229a6c1aad837c2ef92e15a2a0cef195d9f3c9dda7d2af63f4a Loading...

	http:blank	3.8 kB	2023-03-07	2023-03-07
Pretty URL http:blank IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 15:23:47 Last Seen2023-03-07 15:23:47 Times Seen1 Hash 6cf74c9836417ed3120c686f6adaaae4 a52bed45f1709bd0b34c14094b9d0e4cb7b5591f 1590bafe39294be5f0948e6c136d640b22378223baf2f022e7368a70f7a46017 Loading...

	scemga.com/	153 B	2023-03-07	2024-02-17
Pretty URL scemga.com/ IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 15:23:47 Last Seen2024-02-17 00:58:31 Times Seen4 Hash fbb532fa9b239763f6360e3756f1dcf6 3d7fef72efd376a505e68b9861ba7805c592e76b 8368f69e330e9acc9217d75dba15621652471330176afc138690e3cd2c2a2670 Loading...

	ashcdn.com/script/ut.js?cb=1663013036183	71 kB	2023-03-07	2023-03-17
Pretty URL ashcdn.com/script/ut.js?cb=1663013036183 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:17:45 Last Seen2023-03-17 12:47:54 Times Seen1 Hash c7304eebcb5069f68bd3fa9e74218a36 b7d3c152fabc148e7ccb23b62e771610315d13f1 6f6ce602bed449940565c8bfea9921659efafc0c5409a8242eda17e6e6554c31 Loading...

	lightingstipulate.com/4410ffd8c93e6372e161f4b0a12f2ccd/invoke.js	27 kB	2023-03-07	2023-07-02
Pretty URL lightingstipulate.com/4410ffd8c93e6372e161f4b0a12f2ccd/invoke.js IP 192.243.61.225 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:10:33 Last Seen2023-07-02 18:50:38 Times Seen4 Hash 154538d01abda552a224d216467b7d62 899f64e410e689cd3ce6c1a492e8c868eec1b17a 00c75270123cd1c970942b8bd2c6a5d1cf726ec27f7e2ba95e4935b22815f249 Loading...

	scemga.com/	65 B	2023-03-07	2023-03-17
Pretty URL scemga.com/ IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:59:29 Last Seen2023-03-17 11:31:37 Times Seen1 Hash 60cf39c077d9ec06ffe03a863fac61fb 7dd4971420e1b75dbd793fc441650631f2066bc8 40ca03a6a82791e10d1dc6477a06395792fc863393954699039cc826fa9d8385 Loading...

	www.googletagmanager.com/gtag/js?id=G-LR61DG565G	211 kB	2023-03-07	2023-03-07
Pretty URL www.googletagmanager.com/gtag/js?id=G-LR61DG565G IP 142.250.74.72 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 15:23:47 Last Seen2023-03-07 15:23:47 Times Seen1 Hash 4ea5ffa6c8120123fe4cb53f5d20c046 3a437f4d2251070eb26197350ada8f5376ce0cb9 bedd53d0036b4861c198fed950f14f0e4fe3a5aa3644bc55a2c68ba58a4f0848 Loading...

	http:blank	3.8 kB	2023-03-07	2023-03-07
Pretty URL http:blank IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 15:23:47 Last Seen2023-03-07 15:23:47 Times Seen1 Hash eeee9e219f6ca91c9964697b0940627a 22f7e0ab7114ab1e6c4c8e7d63286e8383da6f8e 7e73c954ce38c77ab4d0ec38131a746ec2d8f6eff3a6f768f78a0d19fbc0dc15 Loading...

	ashcdn.com/script/ippg.js	127 kB	2023-03-07	2023-03-17
Pretty URL ashcdn.com/script/ippg.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:28 Last Seen2023-03-17 12:47:53 Times Seen1 Hash 19bd97667ab7ce92b4860d2b6431db2d 78d72f8fb1ab7975e696fe6ab84e880526677ad7 51d957b66d5aa7c98f38b8e2db410f896c13c3686ac34297cc2a94dad90142cf Loading...

	ashcdn.com/script/intrf.js	98 kB	2023-03-07	2023-03-17
Pretty URL ashcdn.com/script/intrf.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:28 Last Seen2023-03-17 11:31:37 Times Seen1 Hash 2f318ef9ffab09db5001a42929b79d74 d82027373eb80f9380f04f8b54ac41e299095333 f8bfda92937ec53c67b1962466ce13d66c9b07a343147ca7c722d94dbe89289f Loading...

	acdcdn.com/script/atg.js	97 kB	2023-03-07	2023-03-17
Pretty URL acdcdn.com/script/atg.js IP 104.21.6.66 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:15:32 Last Seen2023-03-17 12:47:54 Times Seen1 Hash 707cd875914b84ed0ab47fd217006a27 3056602157bf2abf969b3c0b1f429945ced4a13c 8d7816c3d830fef1d0c33b9c219120adb5d48c1a29a99d000e425f0b34110c96 Loading...

	lightingstipulate.com/266a36cd73aff36a5161bebe0973d5be/invoke.js	27 kB	2023-03-07	2023-03-17
Pretty URL lightingstipulate.com/266a36cd73aff36a5161bebe0973d5be/invoke.js IP 192.243.61.225 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14:49 Last Seen2023-03-17 12:44:23 Times Seen1 Hash b8cee007823f0c7112ff4eec73c8a418 c3f2040019c003ed810da553347846ec100b45a8 3014d5c3ea0e16dbfa6b34f7fb62adc99f9c34b097bc45f70b0e9133209872b7 Loading...

	lightingstipulate.com/4410ffd8c93e6372e161f4b0a12f2ccd/invoke.js	27 kB	2023-03-07	2023-03-17
Pretty URL lightingstipulate.com/4410ffd8c93e6372e161f4b0a12f2ccd/invoke.js IP 192.243.61.225 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:27:43 Last Seen2023-03-17 12:45:59 Times Seen1 Hash f04f3d05457dce3af6c8a5b54d4e6083 9edeaffe66fa9f4e3457307a0ad29df1a3dcdb6c 418962cc05c4724891cbe27c6c74719ac699694db010d9ebd19286446e8520a8 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 8f45fc8efd69d0a83cf446b870ce614f	2.1 kB	2023-03-07	2023-03-07
Pretty Observations First Seen2023-03-07 15:23:47 Last Seen2023-03-07 15:23:47 Times Seen1 Hash 8f45fc8efd69d0a83cf446b870ce614f 2d81203772b0403d6e24cea9970176384187afc5 c385592f26958db1fa1b996161158868805ee12680431c1012d48496eeec8f60 Loading...

	#2 Eval - 79a4b3bef845fe0816a97a96f3cb5611	2.1 kB	2023-03-07	2023-03-07
Pretty Observations First Seen2023-03-07 15:23:47 Last Seen2023-03-07 15:23:47 Times Seen1 Hash 79a4b3bef845fe0816a97a96f3cb5611 d43b7257481e5b2b72a52911b0d62649ed911813 c27406bd33911a0fa25b57f37f51b52282913f6f41bf7206d59a67e16c88270c Loading...

	#3 Eval - 9a3bcbb8b19daffcd60391dc14d3668a	2.1 kB	2023-03-07	2023-03-07
Pretty Observations First Seen2023-03-07 15:23:47 Last Seen2023-03-07 15:23:47 Times Seen1 Hash 9a3bcbb8b19daffcd60391dc14d3668a 23b7e6df8efc934bb7b482b80acd45caf6cac2b2 b0e37380ce52a8a1ec4489193fb430fd2558fdae6a913d60100b6bcff07d5ade Loading...

	#4 Eval - a34c152bced797448eb3ff66b06e5877	2.1 kB	2023-03-07	2023-03-07
Pretty Observations First Seen2023-03-07 15:23:47 Last Seen2023-03-07 15:23:47 Times Seen1 Hash a34c152bced797448eb3ff66b06e5877 5586923405e76cfca4b55a9148887ff0812867ce 56018497c5ba3f288e3163a78930cf27eba17d495b7ec26090afe65b1058f2a7 Loading...

	#5 Eval - 8edb678fc2ba504247ded62331dfbb18	2.0 kB	2023-03-07	2023-03-07
Pretty Observations First Seen2023-03-07 15:23:47 Last Seen2023-03-07 15:23:47 Times Seen1 Hash 8edb678fc2ba504247ded62331dfbb18 02fa188f4ff3a371679ade47587208efe45e46df 506c66e5275cd058452a9fc86f6080987e13fc0cf67e67b5e0ca69823caff9da Loading...

	#6 Eval - 410a2cc173d7579d7b2887a7b64be582	2.1 kB	2023-03-07	2023-03-07
Pretty Observations First Seen2023-03-07 15:23:47 Last Seen2023-03-07 15:23:47 Times Seen1 Hash 410a2cc173d7579d7b2887a7b64be582 14b0d637223b2484a0bf7978c7853a7445ea5f2d 87ebc570903abae2728d3efdbba3a1cea86e98e18250bbe5cb9418f94710cdff Loading...

	#7 Eval - ba7a7b730f0349017614b6405366b8b7	2.1 kB	2023-03-07	2023-03-07
Pretty Observations First Seen2023-03-07 15:23:47 Last Seen2023-03-07 15:23:47 Times Seen1 Hash ba7a7b730f0349017614b6405366b8b7 8bd1133a507e160f316bc3ff15fb9b1ed08be596 6543e16353b360b85f5d45c67a586657e7d0ff2fec90d06d1905ac9994530826 Loading...

		Size	First Seen	Last Seen
	#1 Write - a66ba4db35334dd97162eb22eb887fd9	119 B	2023-03-07	2023-03-17
Pretty Observations First Seen2023-03-07 15:23:47 Last Seen2023-03-17 11:31:37 Times Seen1 Hash a66ba4db35334dd97162eb22eb887fd9 c5b12990c00216a144be038121c3668e596c3afe b581c26980b70fa367fa16838dbae7c8279f8a791a3eb644e74a46b064197695 Loading...

	#2 Write - d5a83aeb0fad863b065efe9ddbf2f564	119 B	2023-03-07	2023-03-17
Pretty Observations First Seen2023-03-07 15:23:47 Last Seen2023-03-17 11:31:37 Times Seen1 Hash d5a83aeb0fad863b065efe9ddbf2f564 da29f0a92b92656a841c2d832396311b5346225a 0b8be4e8eaca84734889018f514147a8ca1851a7393dc5a684a33c24a206a5a4 Loading...

	#3 Write - b9719e2ad35a60fa7b584b4178850c70	119 B	2023-03-07	2023-03-17
Pretty Observations First Seen2023-03-07 15:23:47 Last Seen2023-03-17 11:31:37 Times Seen1 Hash b9719e2ad35a60fa7b584b4178850c70 f85e754ff3a778101390adf8e299abf40af1af5a c70ccd8bb9b65701b061c14cde368e5063520a2e1d288269fa7674d69c6aa9c9 Loading...

HTTP Transactions (97)

URL IP Response Size

linkfly.to/vidwo8d?_branch_match_id=1097963025624620187&_branch_referrer=H4sIAAAAAAAAA8soKSkottLXN00szzfXSywo0MvJzMvWDwgPjTDI8KtML0kCAJy9jaUiAAAA

172.67.148.232

301 Moved Permanently

0 B

URL HTTP/1.1
linkfly.to/vidwo8d?_branch_match_id=1097963025624620187&_branch_referrer=H4sIAAAAAAAAA8soKSkottLXN00szzfXSywo0MvJzMvWDwgPjTDI8KtML0kCAJy9jaUiAAAA
IP
172.67.148.232:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /vidwo8d?_branch_match_id=1097963025624620187&_branch_referrer=H4sIAAAAAAAAA8soKSkottLXN00szzfXSywo0MvJzMvWDwgPjTDI8KtML0kCAJy9jaUiAAAA HTTP/1.1
Host: linkfly.to
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Date: Mon, 12 Sep 2022 20:04:05 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Mon, 12 Sep 2022 21:04:05 GMT
Location: https://linkfly.to/vidwo8d?_branch_match_id=1097963025624620187&_branch_referrer=H4sIAAAAAAAAA8soKSkottLXN00szzfXSywo0MvJzMvWDwgPjTDI8KtML0kCAJy9jaUiAAAA
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vyMIR0seL%2FRl5p%2FaePeAUyB8kh3LXXAolbS6%2BQDMfa8HM8qfVKODKnoBewbbMWF7MDGc6uwz49Zeol3Ri8azx2RKW%2B8QmBppAB8QSIBohn1ysxO7xIV96D4fX1k2"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 749b400d1c84b52d-OSL
alt-svc: h2=":443"; ma=60

firefox.settings.services.mozilla.com/v1/

143.204.55.36

200 OK

939 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/
IP
143.204.55.36:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
b593eb39329cfe060d55be5e4a5405e2
78e46c1028e9f94f8569303ad2d90d7df13a059a
08a810103557efe55ca4425ff0cf82593f1f54633df899127eaec9bee05d4d04

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, Alert, Content-Length, Content-Type, Backoff
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Mon, 12 Sep 2022 19:08:18 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 410f51195842d9b592b15d6588c36654.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 7maIfct6TN-pong387LVKh8UTTmmW9ifQdabcud3hHpHmrFj8lAGlA==
Age: 3347

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
76d5eb597558e3dee0d99719d17e71e0
f3a0f3932fa8059f27dc9422d523b938fa9a7d09
d16de6cc9eb0e1297f53dc1137bb764bf5c21a7727be32ad05afebd1fe9501ed

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D16DE6CC9EB0E1297F53DC1137BB764BF5C21A7727BE32AD05AFEBD1FE9501ED"
Last-Modified: Sat, 10 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4120
Expires: Mon, 12 Sep 2022 21:12:45 GMT
Date: Mon, 12 Sep 2022 20:04:05 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain

143.204.55.110

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP
143.204.55.110:0
ASN
#16509 AMAZON-02

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Mon, 12 Sep 2022 07:17:13 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 6480520a5e02f3163410e3134bd77baa.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: Xlu_Bun9EihTHgXaYdtg_XTnVkEBWYf7xVzBE5bhOMxEAngDNhGwdA==
age: 46013
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Mon, 12 Sep 2022 20:04:05 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

143.204.55.36

200 OK

329 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
143.204.55.36:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Mon, 12 Sep 2022 19:56:07 GMT
Expires: Mon, 12 Sep 2022 20:36:03 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 9dd61138197a68f8d69f12574aab6930.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: zIwieae4chFsSPTKLQJDvetvk-PF5yuOXmgDlEFLk0woIbK8sI1THA==
Age: 478

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
cb674936db4af4be99c3c397eff8c6ae
de79d76bac3fae5799b0ff35ecc19360595dfb06
992b884b64f9f6fdb76a6ba91c48fed329325b95b99d8003b282879a52093c08

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4589
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 20:04:06 GMT
Last-Modified: Mon, 12 Sep 2022 18:47:37 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 471

ocsp.sectigo.com/

172.64.155.188

200 OK

472 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
b04d2ad6f3f2222a94ac97e6bd0a14aa
5ac023836b023a50598f4af71a200dab2017ece4
f3c38423138b30e0dbfa854103bbec5fb9b324b8a91cb91e9f61aa307450706f

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 12 Sep 2022 20:04:06 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 08 Sep 2022 15:01:53 GMT
Expires: Thu, 15 Sep 2022 15:01:52 GMT
Etag: "5ac023836b023a50598f4af71a200dab2017ece4"
Cache-Control: max-age=240465,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 749b401338090af6-OSL

linkfly.to/vidwo8d?_branch_match_id=1097963025624620187&_branch_referrer=H4sIAAAAAAAAA8soKSkottLXN00szzfXSywo0MvJzMvWDwgPjTDI8KtML0kCAJy9jaUiAAAA

104.21.39.217

302 Found

1.9 kB

URL HTTP/2
linkfly.to/vidwo8d?_branch_match_id=1097963025624620187&_branch_referrer=H4sIAAAAAAAAA8soKSkottLXN00szzfXSywo0MvJzMvWDwgPjTDI8KtML0kCAJy9jaUiAAAA
IP
104.21.39.217:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.9 kB (1937 bytes)
Hash
4f4c25ec6b9b632fa32d7bd069b8a430
fd6a873495367e4e59f0942364d998c7b03fa3e0
90e8fd6a3094bb81499933eda85e411871b7cc0d2047c6cc90bb214bf8692089

HTTP Headers

GET /vidwo8d?_branch_match_id=1097963025624620187&_branch_referrer=H4sIAAAAAAAAA8soKSkottLXN00szzfXSywo0MvJzMvWDwgPjTDI8KtML0kCAJy9jaUiAAAA HTTP/1.1
Host: linkfly.to
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 302 Found
date: Mon, 12 Sep 2022 20:04:05 GMT
content-type: text/html; charset=utf-8
location: https://scemga.com
x-frame-options: SAMEORIGIN
vary: Accept-Language
content-language: en
x-content-type-options: nosniff, nosniff
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS,DELETE
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KJkWnatQkl6RUPi2f6ldR410wnMhBM9YjtDeRV6IKe8Cusi2pOCM5PfBG0edmhv1ZE678U0JQWGlANH5%2Byer8C3D49TE2R2VsFFtaEve%2BCvsBRgB6YQW%2BXbQ2f4B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 749b400ebe4f1c0a-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

push.services.mozilla.com/

52.89.255.30

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
52.89.255.30:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: PJzuD+0guVBTf5iaTCmeeg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: Uct/CN74Aqexd5BumQ8adj/WC5E=

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
6526c70eb74c821b7a95487ad9a4e13d
0b8c610a7755437ab815b845f52cbb27e6c95008
059d15ca6ac7cb1830286ae635731e03b56c01d7d050291dabe2b3f3db866c9a

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 20:04:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
c3d8032059a24d14d00c2ee5d8840c01
62efae1ea6aaea612a12d42b6e5b65d24be11437
2319fe90c8b4d3cc41ec9cce275c82d19fb764015196bd1c52dfb9c5d85b9b0b

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 20:04:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ff30dae5ba7732dd4088ec26f746075f
3bde4e7cc4c91bafefc2fe0caceb9c510350cc39
be71d0660a6cd7119459d95cd6ebba5823bf47f1ef5a6b642ee28c06b167fb8d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BE71D0660A6CD7119459D95CD6EBBA5823BF47F1EF5A6B642EE28C06B167FB8D"
Last-Modified: Sun, 11 Sep 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8814
Expires: Mon, 12 Sep 2022 22:31:00 GMT
Date: Mon, 12 Sep 2022 20:04:06 GMT
Connection: keep-alive

www.googletagmanager.com/gtag/js?id=G-LR61DG565G

142.250.74.72

200 OK

74 kB

URL HTTP/2
www.googletagmanager.com/gtag/js?id=G-LR61DG565G
IP
142.250.74.72:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (17807)
Size
74 kB (74266 bytes)
Hash
41354c1934fe904b4ba79a5689a1d7d9
efc69cbf02e85d0973cccca30448ac3a27d7c603
472550c201fb06ca320e198b21fd2df61d959015190831ddab2effb20a58d0b7

HTTP Headers

GET /gtag/js?id=G-LR61DG565G HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://scemga.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 12 Sep 2022 20:04:06 GMT
expires: Mon, 12 Sep 2022 20:04:06 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 74266
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
bff3a3f3f4f889b08163e7d307438790
c430c7c151973fa0e63ddf52e5624e1ce2282161
bce7d12a2343d8e43fbd05522fe82807ed48933a984aa113c284267364981750

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 20:04:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
ec7a5bb8e310f5c9c992cf85832d5445
e32b8e200a79da9008985e8e6c272f35b02581c5
6391e4c68631e272509ade559b8f568b03dd88be1956906332ae584f9faee00a

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 20:04:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

scemga.com/css/video-js.css

162.0.232.190

200 OK

9.5 kB

URL HTTP/2
scemga.com/css/video-js.css
IP
162.0.232.190:0
ASN
#22612 NAMECHEAP-NET

File type
ASCII text, with very long lines (5636)
Size
9.5 kB (9453 bytes)
Hash
f7102e2d30f01f9a4de439e15e10a710
95bd7de9db2cc7c946c8a44bc903b159311659ea
55bfa37a7bb0139098fef27b8f1e94c88dfcf49babcc446487cdc5242ed32511

HTTP Headers

GET /css/video-js.css HTTP/1.1
Host: scemga.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://scemga.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Mon, 19 Sep 2022 20:04:06 GMT
content-type: text/css
last-modified: Wed, 07 Nov 2018 23:58:40 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 9453
date: Mon, 12 Sep 2022 20:04:06 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2

scemga.com/css/estilos.css

162.0.232.190

200 OK

515 B

URL HTTP/2
scemga.com/css/estilos.css
IP
162.0.232.190:0
ASN
#22612 NAMECHEAP-NET

File type
ASCII text
Size
515 B (515 bytes)
Hash
182325a44bd1f9850c9c73a197244dbf
d0e51cd90607416dd6b9f625b95bd8412d066b0e
d9fc608b7d1678a023676ab2c7fad5f844bc458b321b67260679163cf1c5ad3c

HTTP Headers

GET /css/estilos.css HTTP/1.1
Host: scemga.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://scemga.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Mon, 19 Sep 2022 20:04:06 GMT
content-type: text/css
last-modified: Mon, 27 Jun 2022 01:40:13 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 515
date: Mon, 12 Sep 2022 20:04:06 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2

counter9.stat.ovh/private/contadorvisitasgratis.php?c=p9tpjma4ce67tky621bm7rwdpq4m2xyc

37.187.129.45

200 OK

4.7 kB

URL HTTP/1.1
counter9.stat.ovh/private/contadorvisitasgratis.php?c=p9tpjma4ce67tky621bm7rwdpq4m2xyc
IP
37.187.129.45:0
ASN
#16276 OVH SAS

File type
PNG image data, 357 x 51, 8-bit/color RGBA, non-interlaced\012- data
Size
4.7 kB (4716 bytes)
Hash
5d7bcb6be33ad6a209c0c615042e5029
e364320806bcdfa2e8f7b2d083dddfdfcd052618
a555c654a5c4002a3b5b22d74406f49a1966e8645a681bb3ecb76b59dd2dc256

HTTP Headers

GET /private/contadorvisitasgratis.php?c=p9tpjma4ce67tky621bm7rwdpq4m2xyc HTTP/1.1
Host: counter9.stat.ovh
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://scemga.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Mon, 12 Sep 2022 20:04:06 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips
X-Powered-By: PHP/5.4.16
Connection: close
Transfer-Encoding: chunked
Content-Type: image/png

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
4883787b7e994a8b281dcd6940065b2c
ae8bc94c6f526ba8f402f90a6752ee473cd3cfc8
61eb53f0d16fcb57155d873503cb3e2e91a6e3de33a24b59565a8ce6464bfe41

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "61EB53F0D16FCB57155D873503CB3E2E91A6E3DE33A24B59565A8CE6464BFE41"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21594
Expires: Tue, 13 Sep 2022 02:04:01 GMT
Date: Mon, 12 Sep 2022 20:04:07 GMT
Connection: keep-alive

lightingstipulate.com/79058c42da72db7016303f55ac74fc51/invoke.js

192.243.61.225

200 OK

9.3 kB

URL HTTP/1.1
lightingstipulate.com/79058c42da72db7016303f55ac74fc51/invoke.js
IP
192.243.61.225:0
ASN
#39572 DataWeb Global Group B.V.

File type
Unicode text, UTF-8 text, with very long lines (25096), with no line terminators
Size
9.3 kB (9287 bytes)
Hash
d8dfa387563260f248f027611a073390
84caa6e159731648f8c4af497e375d1bb675c736
1570eb7e793708fbc7a910da0147f6ba302aec8bf455680facaf8f54b899b4b7

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /79058c42da72db7016303f55ac74fc51/invoke.js HTTP/1.1
Host: lightingstipulate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://scemga.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Mon, 12 Sep 2022 20:04:07 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: a12c413020c2238b7d0936564dcdcd16
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

scemga.com/nube.png

162.0.232.190

200 OK

20 kB

URL HTTP/2
scemga.com/nube.png
IP
162.0.232.190:0
ASN
#22612 NAMECHEAP-NET

File type
PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced\012- data
Size
20 kB (20155 bytes)
Hash
8579e1c93db46f448176ca50eb2f1e7a
b1497db18e40758ff0e534f33486996076e3039b
875afae48a726638ebfa37894858353b5e42364d6b9e18ba6c16d5d2577d335c

HTTP Headers

GET /nube.png HTTP/1.1
Host: scemga.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://scemga.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Mon, 19 Sep 2022 20:04:03 GMT
content-type: image/png
last-modified: Mon, 12 Sep 2022 03:50:22 GMT
accept-ranges: bytes
content-length: 20155
date: Mon, 12 Sep 2022 20:04:03 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
477fd76de0b69553430d504fe527cc06
88fe80a099e610212f27427ae6fd5b4e03b3df16
f27bc8051a23fbe811318b8d49f5d27e3e992962a0e72f5d30a4790fe4f42748

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18869
Expires: Tue, 13 Sep 2022 01:18:36 GMT
Date: Mon, 12 Sep 2022 20:04:07 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
477fd76de0b69553430d504fe527cc06
88fe80a099e610212f27427ae6fd5b4e03b3df16
f27bc8051a23fbe811318b8d49f5d27e3e992962a0e72f5d30a4790fe4f42748

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18869
Expires: Tue, 13 Sep 2022 01:18:36 GMT
Date: Mon, 12 Sep 2022 20:04:07 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
477fd76de0b69553430d504fe527cc06
88fe80a099e610212f27427ae6fd5b4e03b3df16
f27bc8051a23fbe811318b8d49f5d27e3e992962a0e72f5d30a4790fe4f42748

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18869
Expires: Tue, 13 Sep 2022 01:18:36 GMT
Date: Mon, 12 Sep 2022 20:04:07 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
477fd76de0b69553430d504fe527cc06
88fe80a099e610212f27427ae6fd5b4e03b3df16
f27bc8051a23fbe811318b8d49f5d27e3e992962a0e72f5d30a4790fe4f42748

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18869
Expires: Tue, 13 Sep 2022 01:18:36 GMT
Date: Mon, 12 Sep 2022 20:04:07 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
477fd76de0b69553430d504fe527cc06
88fe80a099e610212f27427ae6fd5b4e03b3df16
f27bc8051a23fbe811318b8d49f5d27e3e992962a0e72f5d30a4790fe4f42748

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18869
Expires: Tue, 13 Sep 2022 01:18:36 GMT
Date: Mon, 12 Sep 2022 20:04:07 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fefa6ec5a-4e0b-4c94-b9da-4836fbaa107b.jpeg

34.120.237.76

200 OK

8.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fefa6ec5a-4e0b-4c94-b9da-4836fbaa107b.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.5 kB (8485 bytes)
Hash
e407da4d97d497925b1ab523fd416787
166741631fb93d109b18dde6d316b3fa3276aa8f
707460c02438da6114e35e0b6569d42c0f3fb747f8cb51002f4d52bedbcffa61

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fefa6ec5a-4e0b-4c94-b9da-4836fbaa107b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8485
x-amzn-requestid: a56c9282-2786-4ae7-9fc2-0468bcc820a8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YQ1k_FM1oAMFZ2Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631d02ec-753cc4f121c9b77d22bb82b5;Sampled=0
x-amzn-remapped-date: Sat, 10 Sep 2022 21:34:36 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Mfmj40aUc8l5RPk56M-pbqTwhde_HzYcmN5MDrfv-WFPhbpoShWYNw==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 ebe4011a81a36e2bf678f69ce1711330.cloudfront.net (CloudFront), 1.1 google
date: Sun, 11 Sep 2022 22:16:58 GMT
age: 78429
etag: "166741631fb93d109b18dde6d316b3fa3276aa8f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Open+Sans:300,400

142.250.74.10

200 OK

7.6 kB

URL HTTP/2
fonts.googleapis.com/css?family=Open+Sans:300,400
IP
142.250.74.10:0
ASN
#15169 GOOGLE

File type
data
Size
7.6 kB (7638 bytes)
Hash
6c07dc736b8be526441ac73c892a8fc7
72a8afc26d0504ad672a59f3c079340f9a08439b
ad5265d8eccd6ce76540e4aa4930893a8b44e705e33700e8f1e1536ec9eeb143

HTTP Headers

GET /css?family=Open+Sans:300,400 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://scemga.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 12 Sep 2022 20:04:06 GMT
date: Mon, 12 Sep 2022 20:04:06 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F81f9b0a3-fe8f-4665-9e54-9dfaf5d4876b.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.5 kB (9466 bytes)
Hash
6174529fff57758e958da5432344962f
05ec2076b32398d60ee77fab8c14345bc7dfe647
65284a76355864efa944dff5033575013c6d74a019a7b731e0236603f2f656a7

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F81f9b0a3-fe8f-4665-9e54-9dfaf5d4876b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9466
x-amzn-requestid: ba3f7eac-61c9-4b5f-ae8a-b372906a25ba
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YOTeoHMKoAMFr5Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631bff90-1e70e2c444242a2d46387986;Sampled=0
x-amzn-remapped-date: Sat, 10 Sep 2022 03:08:00 GMT
x-amz-cf-pop: SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: -SwaUjMInlOaGpH6yK1W1a57QCQMgY-l43RdUfKVtZA1zJzMrLzC6g==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 f7283f3fe2c258cf54f8b7d3dd272e0e.cloudfront.net (CloudFront), 1.1 google
date: Mon, 12 Sep 2022 04:04:42 GMT
age: 57565
etag: "05ec2076b32398d60ee77fab8c14345bc7dfe647"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a938fd0-09b1-4550-89f4-e81e9c6a8737.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.2 kB (4162 bytes)
Hash
b674daf3dc6e85ed054ab34d69979b86
47aaf5a3af2c25820d01d613c82b7f1279a298fc
7b9993ef69d4b77c1533ada040c85563b9cf7b1f5d007177c005f6cd7fdba1d3

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a938fd0-09b1-4550-89f4-e81e9c6a8737.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4162
x-amzn-requestid: 9dc27e34-69e1-439d-8974-1297584ef4d0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YSIhuHlWIAMFhOQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631d87a4-410e9ede524aa657609a057a;Sampled=0
x-amzn-remapped-date: Sun, 11 Sep 2022 07:00:52 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: UxATqmWDCTwVqA3ORIXXObWZZj158TSRUoaAr48b08sxdAxBicw5zA==
via: 1.1 6ba2a21321beeef65404429d0a4b6380.cloudfront.net (CloudFront), 1.1 707e733794d52100fde0ab21bf0b1462.cloudfront.net (CloudFront), 1.1 google
date: Mon, 12 Sep 2022 07:27:45 GMT
age: 45382
etag: "47aaf5a3af2c25820d01d613c82b7f1279a298fc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F75931920-737e-40b5-8dd6-d2070639ea2d.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.8 kB (8799 bytes)
Hash
c14088c4ca0d576e087feed41b7f1565
172b23f2ef39b6c3fdebb5441b10a95712206d0a
2699efa811ceac5420f5bd26c35a6f48b51854e29cbce7cbb62efb613db7d6b9

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F75931920-737e-40b5-8dd6-d2070639ea2d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8799
x-amzn-requestid: 1bcdf387-9ad2-449a-861e-3352b1744d23
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YUI-0G6vIAMFgbA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631e552b-42aa46af6315148106c4fdee;Sampled=0
x-amzn-remapped-date: Sun, 11 Sep 2022 21:37:47 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: g2mxKK8L5T4YkeD8JqNUuV_KfsIq8ypRMvxhsyzSZSEIP4gDl4zLVQ==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Sun, 11 Sep 2022 21:41:51 GMT
age: 80536
etag: "172b23f2ef39b6c3fdebb5441b10a95712206d0a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a6b50df-cdcd-4b44-9ed3-90a502ea29ad.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.8 kB (9815 bytes)
Hash
239262b6ab17cb19414c35cd4f761092
48eddcf9838e980e67cc8f9cbb05b475df2f0331
cd27cbce632d769288d9c33c5c8e887ba02df5677f10f7a6d03139b590ba24b4

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a6b50df-cdcd-4b44-9ed3-90a502ea29ad.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9815
x-amzn-requestid: 89243e57-94eb-4c6b-903f-aa01df030ecc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YUIxnEAjoAMF_Ig=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631e54d6-199403e2695b214711f5117f;Sampled=0
x-amzn-remapped-date: Sun, 11 Sep 2022 21:36:23 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: PWOeca9JRnIgEymeLVyqTBucBJ0j6OS9Rmqwd4CcAKixqo0zvb452w==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Sun, 11 Sep 2022 21:48:14 GMT
age: 80153
etag: "48eddcf9838e980e67cc8f9cbb05b475df2f0331"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

scemga.com/js/video.js

162.0.232.190

200 OK

388 kB

URL HTTP/2
scemga.com/js/video.js
IP
162.0.232.190:0
ASN
#22612 NAMECHEAP-NET

File type
ASCII text, with very long lines (491)
Size
388 kB (387652 bytes)
Hash
7169837f02c644469e7713267d71d5f3
3ca313c80300ed53312e64e6fb9dff1224fb1824
d82160a0bc997978978b8d6d5524b3dc7e5814e469919a4028c517a9947546d8

HTTP Headers

GET /js/video.js HTTP/1.1
Host: scemga.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://scemga.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Mon, 19 Sep 2022 20:04:06 GMT
content-type: application/javascript
last-modified: Wed, 07 Nov 2018 23:58:40 GMT
accept-ranges: bytes
content-encoding: br
vary: Accept-Encoding
content-length: 387652
date: Mon, 12 Sep 2022 20:04:06 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
bd7b5eb635d48acf1428c326eaa892a1
ba9f6c0db831a88b7d6dbdd98f19e76b4b501258
557466a3b642e90e352898073ff23f6a034c3b233e8aee0f0f69cd6ca83d49f4

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 20:04:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

142.250.74.163

200 OK

45 kB

URL HTTP/2
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Size
45 kB (44856 bytes)
Hash
565ce506190ad3af920b40baf1794cec
ad3cba5d06100e09449a864d3b5e58403b478b3d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db

HTTP Headers

GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://scemga.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 06 Sep 2022 08:31:01 GMT
expires: Wed, 06 Sep 2023 08:31:01 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
content-type: font/woff2
age: 559987
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
bd7b5eb635d48acf1428c326eaa892a1
ba9f6c0db831a88b7d6dbdd98f19e76b4b501258
557466a3b642e90e352898073ff23f6a034c3b233e8aee0f0f69cd6ca83d49f4

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 20:04:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

lightingstipulate.com/9935cef1b3bb2b1a4bb4c4b36a250640/invoke.js

192.243.61.225

200 OK

9.8 kB

URL HTTP/1.1
lightingstipulate.com/9935cef1b3bb2b1a4bb4c4b36a250640/invoke.js
IP
192.243.61.225:0
ASN
#39572 DataWeb Global Group B.V.

File type
exported SGML document, ASCII text, with very long lines (26949), with no line terminators
Size
9.8 kB (9782 bytes)
Hash
5c949fda31dad827adee517ccb1ea40c
d44fec9098cdda8ab2ae7de3d7533a8e0d5f5ffc
84ed58e5a2104af360972e38e7c7dbff0228b7d2ef17fb3ad74d0b0c4780dfb6

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /9935cef1b3bb2b1a4bb4c4b36a250640/invoke.js HTTP/1.1
Host: lightingstipulate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://scemga.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Mon, 12 Sep 2022 20:04:08 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c5d426c0928e567d52f17655a501f9b1
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

ocsp.sca1b.amazontrust.com/

54.230.245.118

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
54.230.245.118:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
349efb77dc286c5653310b0358a6221c
b943ed167db03fc167d8811af5b227b2a9fb9191
4f24854f12c2afa74b77b523fa34a78cc756ead857140680c1e76eb7668305a7

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Mon, 12 Sep 2022 20:04:08 GMT
Last-Modified: Mon, 12 Sep 2022 18:25:04 GMT
Server: ECS (nyb/1D06)
X-Cache: Miss from cloudfront
Via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: RM1FQhFmDnpxmqXpbCJXedeiCf9MCIlajPYK5dg12gs42-J_-knqPg==
Age: 5944

lightingstipulate.com/266a36cd73aff36a5161bebe0973d5be/invoke.js

192.243.61.225

200 OK

9.8 kB

URL HTTP/1.1
lightingstipulate.com/266a36cd73aff36a5161bebe0973d5be/invoke.js
IP
192.243.61.225:0
ASN
#39572 DataWeb Global Group B.V.

File type
exported SGML document, ASCII text, with very long lines (26941), with no line terminators
Size
9.8 kB (9779 bytes)
Hash
c66558bd1fed5ad6e66579044f0beb52
3c9048247e2d89390e41210afc052380df8cf618
2e34536e7fd2e98f651e4843b4c9b6901ebe8f3d448f9741696e56280691f754

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /266a36cd73aff36a5161bebe0973d5be/invoke.js HTTP/1.1
Host: lightingstipulate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://scemga.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Mon, 12 Sep 2022 20:04:08 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 08ea8b23322d8886874f44b462ca6e0a
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

simplewebanalysis.com/stats

52.28.172.243

200 OK

40 B

URL HTTP/2
simplewebanalysis.com/stats
IP
52.28.172.243:0
ASN
#16509 AMAZON-02

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
ce15ce44b207e8bed18a9b5f651dacd6
25835992d9c0da9d2ed6842e9da2866618eeebdc
227abd718470dc3aaa74e2c185ef061254c6cc688269233dcc28095549d5f974

HTTP Headers

GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://scemga.com
Connection: keep-alive
Referer: https://scemga.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Mon, 12 Sep 2022 20:04:08 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://scemga.com
access-control-allow-credentials: true
set-cookie: uid_id2=a79572d6-e488-4ffa-af3d-329be5d67d1b:1:1; expires=Thu, 09 Sep 2032 20:04:08 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

simplewebanalysis.com/stats

52.28.172.243

200 OK

40 B

URL HTTP/2
simplewebanalysis.com/stats
IP
52.28.172.243:0
ASN
#16509 AMAZON-02

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
84607b8d7a9dc23235093c4bd0edaa48
98f991eba57457aa82a4a763b3cc252c494f15ef
1b2a6cc902d12a225a2a60651482ca877c6851a59611a43cdc37e5e41cee5f72

HTTP Headers

GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://scemga.com
Connection: keep-alive
Referer: https://scemga.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Mon, 12 Sep 2022 20:04:08 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://scemga.com
access-control-allow-credentials: true
set-cookie: uid_id2=cfa4e371-e494-494c-ad0e-1d5196fcfcde:1:1; expires=Thu, 09 Sep 2032 20:04:08 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

lightingstipulate.com/4410ffd8c93e6372e161f4b0a12f2ccd/invoke.js

192.243.61.225

200 OK

9.8 kB

URL HTTP/1.1
lightingstipulate.com/4410ffd8c93e6372e161f4b0a12f2ccd/invoke.js
IP
192.243.61.225:0
ASN
#39572 DataWeb Global Group B.V.

File type
exported SGML document, ASCII text, with very long lines (26937), with no line terminators
Size
9.8 kB (9776 bytes)
Hash
8b3e5bfb8c37c7933d1b1ade18460532
858b87dd635a1dc8a1ec1258230e9cb47a785bd9
8f09b22d90eb6fbde7a7cd8db5585991e8f831cd4f7f889c6ec34ee8108657b5

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /4410ffd8c93e6372e161f4b0a12f2ccd/invoke.js HTTP/1.1
Host: lightingstipulate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://scemga.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Mon, 12 Sep 2022 20:04:08 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 1caaeb4f356d5073a25a3b7bc2c5a5d1
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

lightingstipulate.com/4410ffd8c93e6372e161f4b0a12f2ccd/invoke.js

192.243.61.225

200 OK

9.8 kB

URL HTTP/1.1
lightingstipulate.com/4410ffd8c93e6372e161f4b0a12f2ccd/invoke.js
IP
192.243.61.225:0
ASN
#39572 DataWeb Global Group B.V.

File type
exported SGML document, ASCII text, with very long lines (26961), with no line terminators
Size
9.8 kB (9786 bytes)
Hash
352345af24046b67fb921c43bde72b06
3b35cf35236e203d0a8ab4f2dc4dbe7af42eda5e
e326853a87bafa2caa9f54645dd7b47432106355aace2e6de2a26ee49206b4ba

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /4410ffd8c93e6372e161f4b0a12f2ccd/invoke.js HTTP/1.1
Host: lightingstipulate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://scemga.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Mon, 12 Sep 2022 20:04:09 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 424a05c6c49970b154f2807c5ae30a2b
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b065ea0014fa40d876db87b6c7985b87
383158fd96fc2cbd7ee7a252489b34957697f2bf
36b2d1e08fbf924d8f196ba80e031f2f0e86d0725f0bf270ab4a4cf3734fb399

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "36B2D1E08FBF924D8F196BA80E031F2F0E86D0725F0BF270AB4A4CF3734FB399"
Last-Modified: Mon, 12 Sep 2022 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3793
Expires: Mon, 12 Sep 2022 21:07:22 GMT
Date: Mon, 12 Sep 2022 20:04:09 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
5dc25adbca638e4a493bb2f9bdccd722
18168b8a51f6ab9e331eade0e76cffeb649eaf4b
502928763c74d2aea7774a18a586c69b9c2d7a1cc50e276f1366abfc3473aaa1

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "502928763C74D2AEA7774A18A586C69B9C2D7A1CC50E276F1366ABFC3473AAA1"
Last-Modified: Mon, 12 Sep 2022 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5583
Expires: Mon, 12 Sep 2022 21:37:12 GMT
Date: Mon, 12 Sep 2022 20:04:09 GMT
Connection: keep-alive

lightingstipulate.com/4410ffd8c93e6372e161f4b0a12f2ccd/invoke.js

192.243.61.225

200 OK

9.8 kB

URL HTTP/1.1
lightingstipulate.com/4410ffd8c93e6372e161f4b0a12f2ccd/invoke.js
IP
192.243.61.225:0
ASN
#39572 DataWeb Global Group B.V.

File type
exported SGML document, ASCII text, with very long lines (26937), with no line terminators
Size
9.8 kB (9776 bytes)
Hash
8b3e5bfb8c37c7933d1b1ade18460532
858b87dd635a1dc8a1ec1258230e9cb47a785bd9
8f09b22d90eb6fbde7a7cd8db5585991e8f831cd4f7f889c6ec34ee8108657b5

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /4410ffd8c93e6372e161f4b0a12f2ccd/invoke.js HTTP/1.1
Host: lightingstipulate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://scemga.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Mon, 12 Sep 2022 20:04:09 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 87ee11fcd4f156ad7d8334015f0bd091
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

scemga.com/video/keyboard.mp4

162.0.232.190

206 Partial Content

49 kB

URL HTTP/2
scemga.com/video/keyboard.mp4
IP
162.0.232.190:0
ASN
#22612 NAMECHEAP-NET

File type
ISO Media, Apple QuickTime movie, Apple QuickTime (.MOV/QT)\012- data
Size
49 kB (49347 bytes)
Hash
ca643c31925fe22bb4ee2a86c1ed39a9
cb617a3924a86206460b27d8b234b75af76d8c9b
36b1228252b447d642415dd74b6c3dbe9ff2e0cbc01360b43bdee1d9b24ec4b8

HTTP Headers

GET /video/keyboard.mp4 HTTP/1.1
Host: scemga.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Referer: https://scemga.com/
Range: bytes=0-
Connection: keep-alive
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 206 Partial Content
content-type: video/mp4
last-modified: Sat, 10 Sep 2022 03:47:50 GMT
content-range: bytes 0-232157/232158
content-length: 232158
date: Mon, 12 Sep 2022 20:04:08 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
279e23966ec0a262edc36219bb30ee6c
147d0e5f83e627e5a8e09247bef080fadedeadd0
295d242f1b8c87609e303484b44114b2d21fdf4f8de8539f0876081eddd29231

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "295D242F1B8C87609E303484B44114B2D21FDF4F8DE8539F0876081EDDD29231"
Last-Modified: Sun, 11 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16677
Expires: Tue, 13 Sep 2022 00:42:06 GMT
Date: Mon, 12 Sep 2022 20:04:09 GMT
Connection: keep-alive

173.233.137.36

307 Temporary Redirect

0 B

URL HTTP/1.1
lockfireshimself.com/watch.710955423134.js?key=9935cef1b3bb2b1a4bb4c4b36a250640&kw=%5B%22scemga%22%5D&refer=https%3A%2F%2Fscemga.com%2F&tz=0&dev=r&res=12.31&uuid=a79572d6-e488-4ffa-af3d-329be5d67d1b%3A1%3A1
IP
173.233.137.36:0
ASN
#7979 SERVERS-COM

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /watch.710955423134.js?key=9935cef1b3bb2b1a4bb4c4b36a250640&kw=%5B%22scemga%22%5D&refer=https%3A%2F%2Fscemga.com%2F&tz=0&dev=r&res=12.31&uuid=a79572d6-e488-4ffa-af3d-329be5d67d1b%3A1%3A1 HTTP/1.1
Host: lockfireshimself.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://scemga.com
Connection: keep-alive
Referer: https://scemga.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Mon, 12 Sep 2022 20:04:09 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://scemga.com
Access-Control-Allow-Origin: https://scemga.com
Access-Control-Allow-Credentials: true
Location: https://lockfireshimself.com/watch.710955423134.js?key=9935cef1b3bb2b1a4bb4c4b36a250640&kw=%5B%22scemga%22%5D&refer=https%3A%2F%2Fscemga.com%2F&tz=0&dev=r&res=12.31&uuid=a79572d6-e488-4ffa-af3d-329be5d67d1b%3A1%3A1&shu=0d4f4a4ec56dd417a9187bdfc618db8e4cca372adf47fb594b4742205d4c2642b0b97fc546034dbc376488b7d9ab4519d3b7006179de4d83058c158f71b43ad20b29f4c9f5ec2502063be5405ed31b7d0bd709132320c4b3c349e9f3d747ae0dd4491f&pst=1663013109&rmtc=t
Set-Cookie: u_pl=16430306; expires=Tue, 13 Sep 2022 20:04:09 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjQzMDMwNiwiayI6Ijk5MzVjZWYxYjNiYjJiMWE0YmI0YzRiMzZhMjUwNjQwIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNjA0Mzk1LCJwaWQiOjMzODk3MywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozMSwiYWlkIjoyNywicHQiOjQsInBrIjoibTR2NXpobWYiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOmZhbHNlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vc2NlbWdhLmNvbS8ifX0.xtjr82NOoz6Cget8zOhvlDYGN1eO9y8kKchioWQkKDQ; expires=Mon, 12 Sep 2022 20:05:09 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 36956271402eb0a934e7fe2acf545278
Strict-Transport-Security: max-age=0; includeSubdomains

lightingstipulate.com/4410ffd8c93e6372e161f4b0a12f2ccd/invoke.js

192.243.61.225

200 OK

9.8 kB

URL HTTP/1.1
lightingstipulate.com/4410ffd8c93e6372e161f4b0a12f2ccd/invoke.js
IP
192.243.61.225:0
ASN
#39572 DataWeb Global Group B.V.

File type
exported SGML document, ASCII text, with very long lines (26949), with no line terminators
Size
9.8 kB (9782 bytes)
Hash
5c949fda31dad827adee517ccb1ea40c
d44fec9098cdda8ab2ae7de3d7533a8e0d5f5ffc
84ed58e5a2104af360972e38e7c7dbff0228b7d2ef17fb3ad74d0b0c4780dfb6

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /4410ffd8c93e6372e161f4b0a12f2ccd/invoke.js HTTP/1.1
Host: lightingstipulate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://scemga.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Mon, 12 Sep 2022 20:04:09 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f33faa8c2ab586aa57890c44d9e6f83b
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

192.243.61.225

307 Temporary Redirect

0 B

URL HTTP/1.1
reapinject.com/watch.877513110519.js?key=4410ffd8c93e6372e161f4b0a12f2ccd&kw=%5B%22scemga%22%5D&refer=https%3A%2F%2Fscemga.com%2F&tz=0&dev=r&res=12.31&uuid=cfa4e371-e494-494c-ad0e-1d5196fcfcde%3A1%3A1
IP
192.243.61.225:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /watch.877513110519.js?key=4410ffd8c93e6372e161f4b0a12f2ccd&kw=%5B%22scemga%22%5D&refer=https%3A%2F%2Fscemga.com%2F&tz=0&dev=r&res=12.31&uuid=cfa4e371-e494-494c-ad0e-1d5196fcfcde%3A1%3A1 HTTP/1.1
Host: reapinject.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://scemga.com
Connection: keep-alive
Referer: https://scemga.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.22.0
Date: Mon, 12 Sep 2022 20:04:09 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://scemga.com
Access-Control-Allow-Origin: https://scemga.com
Access-Control-Allow-Credentials: true
Location: https://reapinject.com/watch.877513110519.js?key=4410ffd8c93e6372e161f4b0a12f2ccd&kw=%5B%22scemga%22%5D&refer=https%3A%2F%2Fscemga.com%2F&tz=0&dev=r&res=12.31&uuid=cfa4e371-e494-494c-ad0e-1d5196fcfcde%3A1%3A1&shu=dbff87d2ff538072ee41291585b2bb193347ec4c0d9fdcf867b1a13e0d44e8f5a1a03965dccf7fb7440515f22c565891859a554d33f4a99508d6dc1d5f26703a426a7b7cb6abd019bcc82969b9d57ebdf063c507&pst=1663013109&rmtc=t
Set-Cookie: u_pl=16429610; expires=Tue, 13 Sep 2022 20:04:09 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjQyOTYxMCwiayI6IjQ0MTBmZmQ4YzkzZTYzNzJlMTYxZjRiMGExMmYyY2NkIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNjA0Mzk1LCJwaWQiOjMzODk3MywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozMSwiYWlkIjo1LCJwdCI6NCwicGsiOiJqMTBlaGprcSIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo3OTk1NDE5NiwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjE4MTEwLCJvbiI6IkxpbnV4Iiwib3YiOiJVbmtub3duIiwiYmlkIjoxMTY2NzAsImJuIjoiRmlyZWZveCIsImJ2IjoiOTYuMCIsInd2IjpmYWxzZSwiZSI6ZmFsc2UsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9zY2VtZ2EuY29tLyJ9fQ.9uehDUanOVklfpY1wzpKxn6HnAxwRF_H-v0BDTutXI0; expires=Mon, 12 Sep 2022 20:05:09 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b5014ff7ebcdbcea83443d4b513545aa
Strict-Transport-Security: max-age=0; includeSubdomains

173.233.137.44

307 Temporary Redirect

0 B

URL HTTP/1.1
forgerylimit.com/watch.641546324693.js?key=266a36cd73aff36a5161bebe0973d5be&kw=%5B%22scemga%22%5D&refer=https%3A%2F%2Fscemga.com%2F&tz=0&dev=r&res=12.31&uuid=cfa4e371-e494-494c-ad0e-1d5196fcfcde%3A1%3A1
IP
173.233.137.44:0
ASN
#7979 SERVERS-COM

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /watch.641546324693.js?key=266a36cd73aff36a5161bebe0973d5be&kw=%5B%22scemga%22%5D&refer=https%3A%2F%2Fscemga.com%2F&tz=0&dev=r&res=12.31&uuid=cfa4e371-e494-494c-ad0e-1d5196fcfcde%3A1%3A1 HTTP/1.1
Host: forgerylimit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://scemga.com
Connection: keep-alive
Referer: https://scemga.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Mon, 12 Sep 2022 20:04:09 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://scemga.com
Access-Control-Allow-Origin: https://scemga.com
Access-Control-Allow-Credentials: true
Location: https://forgerylimit.com/watch.641546324693.js?key=266a36cd73aff36a5161bebe0973d5be&kw=%5B%22scemga%22%5D&refer=https%3A%2F%2Fscemga.com%2F&tz=0&dev=r&res=12.31&uuid=cfa4e371-e494-494c-ad0e-1d5196fcfcde%3A1%3A1&shu=d44d79820ee60b9f9f1c651ace0ee37106d97894181b187d3ba33c1d01e5514c3156e86b8933a511f1ea336a1daadbc62b7fdad0e2d7ee56eceabc1903ec8912c3d9e9ea63c26737e76d1123fbca906a4751d111db23cdac082194dc9a81&pst=1663013109&rmtc=t
Set-Cookie: u_pl=16429602; expires=Tue, 13 Sep 2022 20:04:09 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjQyOTYwMiwiayI6IjI2NmEzNmNkNzNhZmYzNmE1MTYxYmViZTA5NzNkNWJlIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNjA0Mzk1LCJwaWQiOjMzODk3MywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozMSwiYWlkIjozMiwicHQiOjQsInBrIjoiZXRwOHdjdWMiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOmZhbHNlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vc2NlbWdhLmNvbS8ifX0.6y_kUR8S_WinywlQ4Tf1nGEIxVsWyxYXXw0XMOi2y2g; expires=Mon, 12 Sep 2022 20:05:09 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d1a99682b184851f540c018e9af44ed5
Strict-Transport-Security: max-age=0; includeSubdomains

173.233.137.44

307 Temporary Redirect

0 B

URL HTTP/1.1
graduatewonderentreaty.com/watch.1069369306970.js?key=4410ffd8c93e6372e161f4b0a12f2ccd&kw=%5B%22scemga%22%5D&refer=https%3A%2F%2Fscemga.com%2F&tz=0&dev=r&res=12.31&uuid=cfa4e371-e494-494c-ad0e-1d5196fcfcde%3A1%3A1
IP
173.233.137.44:0
ASN
#7979 SERVERS-COM

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /watch.1069369306970.js?key=4410ffd8c93e6372e161f4b0a12f2ccd&kw=%5B%22scemga%22%5D&refer=https%3A%2F%2Fscemga.com%2F&tz=0&dev=r&res=12.31&uuid=cfa4e371-e494-494c-ad0e-1d5196fcfcde%3A1%3A1 HTTP/1.1
Host: graduatewonderentreaty.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://scemga.com
Connection: keep-alive
Referer: https://scemga.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Mon, 12 Sep 2022 20:04:09 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://scemga.com
Access-Control-Allow-Origin: https://scemga.com
Access-Control-Allow-Credentials: true
Location: https://graduatewonderentreaty.com/watch.1069369306970.js?key=4410ffd8c93e6372e161f4b0a12f2ccd&kw=%5B%22scemga%22%5D&refer=https%3A%2F%2Fscemga.com%2F&tz=0&dev=r&res=12.31&uuid=cfa4e371-e494-494c-ad0e-1d5196fcfcde%3A1%3A1&shu=95aaa2cb596fe98cd185dbb5a95fbc4fce2589b1f2e58d9004fdc11b842b395b0dcc11a64344140d43de3be6a3b38221ee5ec1bdd247d244fb4dcd8012832e18adf0eb5a293022ff9a8649383f88d7ee74a3f73f06821a6859c26c26092777af667c2555&pst=1663013109&rmtc=t
Set-Cookie: u_pl=16429610; expires=Tue, 13 Sep 2022 20:04:09 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjQyOTYxMCwiayI6IjQ0MTBmZmQ4YzkzZTYzNzJlMTYxZjRiMGExMmYyY2NkIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNjA0Mzk1LCJwaWQiOjMzODk3MywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozMSwiYWlkIjo1LCJwdCI6NCwicGsiOiJqMTBlaGprcSIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo3OTk1NDE5NiwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjE4MTEwLCJvbiI6IkxpbnV4Iiwib3YiOiJVbmtub3duIiwiYmlkIjoxMTY2NzAsImJuIjoiRmlyZWZveCIsImJ2IjoiOTYuMCIsInd2IjpmYWxzZSwiZSI6ZmFsc2UsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9zY2VtZ2EuY29tLyJ9fQ.9uehDUanOVklfpY1wzpKxn6HnAxwRF_H-v0BDTutXI0; expires=Mon, 12 Sep 2022 20:05:09 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 587382e8faabc00e5a3b9055b18866fa
Strict-Transport-Security: max-age=0; includeSubdomains

lockfireshimself.com/watch.710955423134.js?key=9935cef1b3bb2b1a4bb4c4b36a250640&kw=%5B%22scemga%22%5D&refer=https%3A%2F%2Fscemga.com%2F&tz=0&dev=r&res=12.31&uuid=a79572d6-e488-4ffa-af3d-329be5d67d1b%3A1%3A1&shu=0d4f4a4ec56dd417a9187bdfc618db8e4cca372adf47fb594b4742205d4c2642b0b97fc546034dbc376488b7d9ab4519d3b7006179de4d83058c158f71b43ad20b29f4c9f5ec2502063be5405ed31b7d0bd709132320c4b3c349e9f3d747ae0dd4491f&pst=1663013109&rmtc=t

173.233.137.36

200 OK

2.1 kB

URL HTTP/1.1
lockfireshimself.com/watch.710955423134.js?key=9935cef1b3bb2b1a4bb4c4b36a250640&kw=%5B%22scemga%22%5D&refer=https%3A%2F%2Fscemga.com%2F&tz=0&dev=r&res=12.31&uuid=a79572d6-e488-4ffa-af3d-329be5d67d1b%3A1%3A1&shu=0d4f4a4ec56dd417a9187bdfc618db8e4cca372adf47fb594b4742205d4c2642b0b97fc546034dbc376488b7d9ab4519d3b7006179de4d83058c158f71b43ad20b29f4c9f5ec2502063be5405ed31b7d0bd709132320c4b3c349e9f3d747ae0dd4491f&pst=1663013109&rmtc=t
IP
173.233.137.36:0
ASN
#7979 SERVERS-COM

File type
HTML document text\012- HTML document, ASCII text, with very long lines (2628)
Size
2.1 kB (2095 bytes)
Hash
6ca69d02de9bc861fbb1758920de9908
d755895d1a7a4986ebd6008e9a163f8179b3da1c
7580c29adde8a8f13285637b8e6c2af9c11b80d2f6a4759cacd0eb38be958b6e

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /watch.710955423134.js?key=9935cef1b3bb2b1a4bb4c4b36a250640&kw=%5B%22scemga%22%5D&refer=https%3A%2F%2Fscemga.com%2F&tz=0&dev=r&res=12.31&uuid=a79572d6-e488-4ffa-af3d-329be5d67d1b%3A1%3A1&shu=0d4f4a4ec56dd417a9187bdfc618db8e4cca372adf47fb594b4742205d4c2642b0b97fc546034dbc376488b7d9ab4519d3b7006179de4d83058c158f71b43ad20b29f4c9f5ec2502063be5405ed31b7d0bd709132320c4b3c349e9f3d747ae0dd4491f&pst=1663013109&rmtc=t HTTP/1.1
Host: lockfireshimself.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://scemga.com
Referer: https://scemga.com/
Connection: keep-alive
Cookie: u_pl=16430306; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjQzMDMwNiwiayI6Ijk5MzVjZWYxYjNiYjJiMWE0YmI0YzRiMzZhMjUwNjQwIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNjA0Mzk1LCJwaWQiOjMzODk3MywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozMSwiYWlkIjoyNywicHQiOjQsInBrIjoibTR2NXpobWYiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOmZhbHNlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vc2NlbWdhLmNvbS8ifX0.xtjr82NOoz6Cget8zOhvlDYGN1eO9y8kKchioWQkKDQ
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 12 Sep 2022 20:04:09 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://scemga.com
Access-Control-Allow-Origin: https://scemga.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=a79572d6-e488-4ffa-af3d-329be5d67d1b:1:1; expires=Mon, 19 Sep 2022 20:04:09 GMT; secure; SameSite=None
iprce5ccc7dc458cbfcbbbf63000535b14e5=3569807; expires=Tue, 13 Sep 2022 00:04:09 GMT; secure; SameSite=None
pdhtkv=true; expires=Tue, 13 Sep 2022 20:04:09 GMT; secure; SameSite=None
uncs=1; expires=Tue, 13 Sep 2022 20:04:09 GMT; secure; SameSite=None
pdhtkv27=true; expires=Tue, 13 Sep 2022 20:04:09 GMT; secure; SameSite=None
uncs27=1; expires=Tue, 13 Sep 2022 20:04:09 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: be179cdca9039dec99218cd4654ca099
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

lightingstipulate.com/4410ffd8c93e6372e161f4b0a12f2ccd/invoke.js

192.243.61.225

200 OK

9.8 kB

URL HTTP/1.1
lightingstipulate.com/4410ffd8c93e6372e161f4b0a12f2ccd/invoke.js
IP
192.243.61.225:0
ASN
#39572 DataWeb Global Group B.V.

File type
exported SGML document, ASCII text, with very long lines (26947), with no line terminators
Size
9.8 kB (9782 bytes)
Hash
50d9fd211fab19018a76e769e6da0a3c
ca1d22f3e74142a0a722233428f93cbac43c988f
c091f379d65d884407ca971b4637b28d6d441863bbcc1551a3e8d3f9875e0263

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /4410ffd8c93e6372e161f4b0a12f2ccd/invoke.js HTTP/1.1
Host: lightingstipulate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://scemga.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Mon, 12 Sep 2022 20:04:09 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 533f1e16af90028fc049a6c8e602805a
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

reapinject.com/watch.877513110519.js?key=4410ffd8c93e6372e161f4b0a12f2ccd&kw=%5B%22scemga%22%5D&refer=https%3A%2F%2Fscemga.com%2F&tz=0&dev=r&res=12.31&uuid=cfa4e371-e494-494c-ad0e-1d5196fcfcde%3A1%3A1&shu=dbff87d2ff538072ee41291585b2bb193347ec4c0d9fdcf867b1a13e0d44e8f5a1a03965dccf7fb7440515f22c565891859a554d33f4a99508d6dc1d5f26703a426a7b7cb6abd019bcc82969b9d57ebdf063c507&pst=1663013109&rmtc=t

192.243.61.225

200 OK

2.1 kB

URL HTTP/1.1
reapinject.com/watch.877513110519.js?key=4410ffd8c93e6372e161f4b0a12f2ccd&kw=%5B%22scemga%22%5D&refer=https%3A%2F%2Fscemga.com%2F&tz=0&dev=r&res=12.31&uuid=cfa4e371-e494-494c-ad0e-1d5196fcfcde%3A1%3A1&shu=dbff87d2ff538072ee41291585b2bb193347ec4c0d9fdcf867b1a13e0d44e8f5a1a03965dccf7fb7440515f22c565891859a554d33f4a99508d6dc1d5f26703a426a7b7cb6abd019bcc82969b9d57ebdf063c507&pst=1663013109&rmtc=t
IP
192.243.61.225:0
ASN
#39572 DataWeb Global Group B.V.

File type
HTML document text\012- HTML document, ASCII text, with very long lines (2580)
Size
2.1 kB (2062 bytes)
Hash
bb925516d02f7d7ac4d0b27567340c0e
681e3f13b565cc655c563893ee9ec9854dc561f5
55d0eff873bde832199d21e8db7f4b9cb4aaaa28790d5d9c489e42f3d211deb8

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /watch.877513110519.js?key=4410ffd8c93e6372e161f4b0a12f2ccd&kw=%5B%22scemga%22%5D&refer=https%3A%2F%2Fscemga.com%2F&tz=0&dev=r&res=12.31&uuid=cfa4e371-e494-494c-ad0e-1d5196fcfcde%3A1%3A1&shu=dbff87d2ff538072ee41291585b2bb193347ec4c0d9fdcf867b1a13e0d44e8f5a1a03965dccf7fb7440515f22c565891859a554d33f4a99508d6dc1d5f26703a426a7b7cb6abd019bcc82969b9d57ebdf063c507&pst=1663013109&rmtc=t HTTP/1.1
Host: reapinject.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://scemga.com
Referer: https://scemga.com/
Connection: keep-alive
Cookie: u_pl=16429610; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjQyOTYxMCwiayI6IjQ0MTBmZmQ4YzkzZTYzNzJlMTYxZjRiMGExMmYyY2NkIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNjA0Mzk1LCJwaWQiOjMzODk3MywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozMSwiYWlkIjo1LCJwdCI6NCwicGsiOiJqMTBlaGprcSIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo3OTk1NDE5NiwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjE4MTEwLCJvbiI6IkxpbnV4Iiwib3YiOiJVbmtub3duIiwiYmlkIjoxMTY2NzAsImJuIjoiRmlyZWZveCIsImJ2IjoiOTYuMCIsInd2IjpmYWxzZSwiZSI6ZmFsc2UsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9zY2VtZ2EuY29tLyJ9fQ.9uehDUanOVklfpY1wzpKxn6HnAxwRF_H-v0BDTutXI0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Mon, 12 Sep 2022 20:04:09 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://scemga.com
Access-Control-Allow-Origin: https://scemga.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=cfa4e371-e494-494c-ad0e-1d5196fcfcde:1:1; expires=Mon, 19 Sep 2022 20:04:09 GMT; secure; SameSite=None
iprc9432d38294fe7ecb35904c6861b9fc19=3569806; expires=Tue, 13 Sep 2022 00:04:09 GMT; secure; SameSite=None
pdhtkv=true; expires=Tue, 13 Sep 2022 20:04:09 GMT; secure; SameSite=None
uncs=1; expires=Tue, 13 Sep 2022 20:04:09 GMT; secure; SameSite=None
pdhtkv5=true; expires=Tue, 13 Sep 2022 20:04:09 GMT; secure; SameSite=None
uncs5=1; expires=Tue, 13 Sep 2022 20:04:09 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 5d1a2ca698c8f7b0e38f7fe5bfa1b1bd
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

graduatewonderentreaty.com/watch.1069369306970.js?key=4410ffd8c93e6372e161f4b0a12f2ccd&kw=%5B%22scemga%22%5D&refer=https%3A%2F%2Fscemga.com%2F&tz=0&dev=r&res=12.31&uuid=cfa4e371-e494-494c-ad0e-1d5196fcfcde%3A1%3A1&shu=95aaa2cb596fe98cd185dbb5a95fbc4fce2589b1f2e58d9004fdc11b842b395b0dcc11a64344140d43de3be6a3b38221ee5ec1bdd247d244fb4dcd8012832e18adf0eb5a293022ff9a8649383f88d7ee74a3f73f06821a6859c26c26092777af667c2555&pst=1663013109&rmtc=t

173.233.137.44

200 OK

2.1 kB

URL HTTP/1.1
graduatewonderentreaty.com/watch.1069369306970.js?key=4410ffd8c93e6372e161f4b0a12f2ccd&kw=%5B%22scemga%22%5D&refer=https%3A%2F%2Fscemga.com%2F&tz=0&dev=r&res=12.31&uuid=cfa4e371-e494-494c-ad0e-1d5196fcfcde%3A1%3A1&shu=95aaa2cb596fe98cd185dbb5a95fbc4fce2589b1f2e58d9004fdc11b842b395b0dcc11a64344140d43de3be6a3b38221ee5ec1bdd247d244fb4dcd8012832e18adf0eb5a293022ff9a8649383f88d7ee74a3f73f06821a6859c26c26092777af667c2555&pst=1663013109&rmtc=t
IP
173.233.137.44:0
ASN
#7979 SERVERS-COM

File type
HTML document text\012- HTML document, ASCII text, with very long lines (2636)
Size
2.1 kB (2096 bytes)
Hash
18d7ba42cde196883dabe1d807ffc981
319dc8e68126cd57a352e6b41cc5c9154a111164
836615298505825605f17ea35c050145985345e658c3444b6712b00d8bbf562d

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /watch.1069369306970.js?key=4410ffd8c93e6372e161f4b0a12f2ccd&kw=%5B%22scemga%22%5D&refer=https%3A%2F%2Fscemga.com%2F&tz=0&dev=r&res=12.31&uuid=cfa4e371-e494-494c-ad0e-1d5196fcfcde%3A1%3A1&shu=95aaa2cb596fe98cd185dbb5a95fbc4fce2589b1f2e58d9004fdc11b842b395b0dcc11a64344140d43de3be6a3b38221ee5ec1bdd247d244fb4dcd8012832e18adf0eb5a293022ff9a8649383f88d7ee74a3f73f06821a6859c26c26092777af667c2555&pst=1663013109&rmtc=t HTTP/1.1
Host: graduatewonderentreaty.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://scemga.com
Referer: https://scemga.com/
Connection: keep-alive
Cookie: u_pl=16429610; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjQyOTYxMCwiayI6IjQ0MTBmZmQ4YzkzZTYzNzJlMTYxZjRiMGExMmYyY2NkIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNjA0Mzk1LCJwaWQiOjMzODk3MywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozMSwiYWlkIjo1LCJwdCI6NCwicGsiOiJqMTBlaGprcSIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo3OTk1NDE5NiwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjE4MTEwLCJvbiI6IkxpbnV4Iiwib3YiOiJVbmtub3duIiwiYmlkIjoxMTY2NzAsImJuIjoiRmlyZWZveCIsImJ2IjoiOTYuMCIsInd2IjpmYWxzZSwiZSI6ZmFsc2UsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9zY2VtZ2EuY29tLyJ9fQ.9uehDUanOVklfpY1wzpKxn6HnAxwRF_H-v0BDTutXI0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 12 Sep 2022 20:04:09 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://scemga.com
Access-Control-Allow-Origin: https://scemga.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=cfa4e371-e494-494c-ad0e-1d5196fcfcde:1:1; expires=Mon, 19 Sep 2022 20:04:09 GMT; secure; SameSite=None
iprc9432d38294fe7ecb35904c6861b9fc19=3569806; expires=Tue, 13 Sep 2022 00:04:09 GMT; secure; SameSite=None
pdhtkv=true; expires=Tue, 13 Sep 2022 20:04:09 GMT; secure; SameSite=None
uncs=1; expires=Tue, 13 Sep 2022 20:04:09 GMT; secure; SameSite=None
pdhtkv5=true; expires=Tue, 13 Sep 2022 20:04:09 GMT; secure; SameSite=None
uncs5=1; expires=Tue, 13 Sep 2022 20:04:09 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 7613f4470d271659fba07a66378e7402
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

forgerylimit.com/watch.641546324693.js?key=266a36cd73aff36a5161bebe0973d5be&kw=%5B%22scemga%22%5D&refer=https%3A%2F%2Fscemga.com%2F&tz=0&dev=r&res=12.31&uuid=cfa4e371-e494-494c-ad0e-1d5196fcfcde%3A1%3A1&shu=d44d79820ee60b9f9f1c651ace0ee37106d97894181b187d3ba33c1d01e5514c3156e86b8933a511f1ea336a1daadbc62b7fdad0e2d7ee56eceabc1903ec8912c3d9e9ea63c26737e76d1123fbca906a4751d111db23cdac082194dc9a81&pst=1663013109&rmtc=t

173.233.137.44

200 OK

2.1 kB

URL HTTP/1.1
forgerylimit.com/watch.641546324693.js?key=266a36cd73aff36a5161bebe0973d5be&kw=%5B%22scemga%22%5D&refer=https%3A%2F%2Fscemga.com%2F&tz=0&dev=r&res=12.31&uuid=cfa4e371-e494-494c-ad0e-1d5196fcfcde%3A1%3A1&shu=d44d79820ee60b9f9f1c651ace0ee37106d97894181b187d3ba33c1d01e5514c3156e86b8933a511f1ea336a1daadbc62b7fdad0e2d7ee56eceabc1903ec8912c3d9e9ea63c26737e76d1123fbca906a4751d111db23cdac082194dc9a81&pst=1663013109&rmtc=t
IP
173.233.137.44:0
ASN
#7979 SERVERS-COM

File type
HTML document text\012- HTML document, ASCII text, with very long lines (2617)
Size
2.1 kB (2081 bytes)
Hash
562e0a70addbf4c05f98100bee352b00
00a0b309ef989b060891b50b59a0569a336e0562
3b6b9322f708409df052ebe6e7a6d319f55d25d5607fa6a9cc99ee9f41f41c7d

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /watch.641546324693.js?key=266a36cd73aff36a5161bebe0973d5be&kw=%5B%22scemga%22%5D&refer=https%3A%2F%2Fscemga.com%2F&tz=0&dev=r&res=12.31&uuid=cfa4e371-e494-494c-ad0e-1d5196fcfcde%3A1%3A1&shu=d44d79820ee60b9f9f1c651ace0ee37106d97894181b187d3ba33c1d01e5514c3156e86b8933a511f1ea336a1daadbc62b7fdad0e2d7ee56eceabc1903ec8912c3d9e9ea63c26737e76d1123fbca906a4751d111db23cdac082194dc9a81&pst=1663013109&rmtc=t HTTP/1.1
Host: forgerylimit.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://scemga.com
Referer: https://scemga.com/
Connection: keep-alive
Cookie: u_pl=16429602; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjQyOTYwMiwiayI6IjI2NmEzNmNkNzNhZmYzNmE1MTYxYmViZTA5NzNkNWJlIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNjA0Mzk1LCJwaWQiOjMzODk3MywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozMSwiYWlkIjozMiwicHQiOjQsInBrIjoiZXRwOHdjdWMiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOmZhbHNlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vc2NlbWdhLmNvbS8ifX0.6y_kUR8S_WinywlQ4Tf1nGEIxVsWyxYXXw0XMOi2y2g
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 12 Sep 2022 20:04:09 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://scemga.com
Access-Control-Allow-Origin: https://scemga.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=cfa4e371-e494-494c-ad0e-1d5196fcfcde:1:1; expires=Mon, 19 Sep 2022 20:04:09 GMT; secure; SameSite=None
iprcea8a32e01d85b51b3408d45755d475cf=3570421; expires=Tue, 13 Sep 2022 00:04:09 GMT; secure; SameSite=None
pdhtkv=true; expires=Tue, 13 Sep 2022 20:04:09 GMT; secure; SameSite=None
uncs=1; expires=Tue, 13 Sep 2022 20:04:09 GMT; secure; SameSite=None
pdhtkv32=true; expires=Tue, 13 Sep 2022 20:04:09 GMT; secure; SameSite=None
uncs32=1; expires=Tue, 13 Sep 2022 20:04:09 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b095b716565ad5e04e98b7df91c45f51
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
09ba627272befd0f5ff19db41767b0c4
e262f240ad6e9c4036a1469b5e1d8b9552806ec0
d5c2c3f9401d006b7e078d210c9760789889abd6d6fca60072e6c57f18c82fa6

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D5C2C3F9401D006B7E078D210C9760789889ABD6D6FCA60072E6C57F18C82FA6"
Last-Modified: Mon, 12 Sep 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17413
Expires: Tue, 13 Sep 2022 00:54:22 GMT
Date: Mon, 12 Sep 2022 20:04:09 GMT
Connection: keep-alive

173.233.137.36

307 Temporary Redirect

0 B

URL HTTP/1.1
lockfireshimself.com/watch.122724536212.js?key=4410ffd8c93e6372e161f4b0a12f2ccd&kw=%5B%22scemga%22%5D&refer=https%3A%2F%2Fscemga.com%2F&tz=0&dev=r&res=12.31&uuid=cfa4e371-e494-494c-ad0e-1d5196fcfcde%3A1%3A1
IP
173.233.137.36:0
ASN
#7979 SERVERS-COM

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /watch.122724536212.js?key=4410ffd8c93e6372e161f4b0a12f2ccd&kw=%5B%22scemga%22%5D&refer=https%3A%2F%2Fscemga.com%2F&tz=0&dev=r&res=12.31&uuid=cfa4e371-e494-494c-ad0e-1d5196fcfcde%3A1%3A1 HTTP/1.1
Host: lockfireshimself.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://scemga.com
Connection: keep-alive
Referer: https://scemga.com/
Cookie: u_pl=16430306; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjQzMDMwNiwiayI6Ijk5MzVjZWYxYjNiYjJiMWE0YmI0YzRiMzZhMjUwNjQwIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNjA0Mzk1LCJwaWQiOjMzODk3MywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozMSwiYWlkIjoyNywicHQiOjQsInBrIjoibTR2NXpobWYiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOmZhbHNlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vc2NlbWdhLmNvbS8ifX0.xtjr82NOoz6Cget8zOhvlDYGN1eO9y8kKchioWQkKDQ
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Mon, 12 Sep 2022 20:04:09 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://scemga.com
Access-Control-Allow-Origin: https://scemga.com
Access-Control-Allow-Credentials: true
Location: https://lockfireshimself.com/watch.122724536212.js?key=4410ffd8c93e6372e161f4b0a12f2ccd&kw=%5B%22scemga%22%5D&refer=https%3A%2F%2Fscemga.com%2F&tz=0&dev=r&res=12.31&uuid=cfa4e371-e494-494c-ad0e-1d5196fcfcde%3A1%3A1&shu=0c5342ee29b1ce635d8ca8931ace9d66ef206b9975620de3ae05d10353641694c1b3e364041ae3ab15c45348195520598908caf0ccdd045584d8ecb0e0be968b79b9265290c948c358c0425552fea80c904a45a030617425ee9a6f6f2291e81fe4&pst=1663013109&rmtc=t
Set-Cookie: u_pl=16430306,16429610; expires=Tue, 13 Sep 2022 20:04:09 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjQyOTYxMCwiayI6IjQ0MTBmZmQ4YzkzZTYzNzJlMTYxZjRiMGExMmYyY2NkIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNjA0Mzk1LCJwaWQiOjMzODk3MywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozMSwiYWlkIjo1LCJwdCI6NCwicGsiOiJqMTBlaGprcSIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo3OTk1NDE5NiwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjE4MTEwLCJvbiI6IkxpbnV4Iiwib3YiOiJVbmtub3duIiwiYmlkIjoxMTY2NzAsImJuIjoiRmlyZWZveCIsImJ2IjoiOTYuMCIsInd2IjpmYWxzZSwiZSI6ZmFsc2UsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9zY2VtZ2EuY29tLyJ9fQ.9uehDUanOVklfpY1wzpKxn6HnAxwRF_H-v0BDTutXI0; expires=Mon, 12 Sep 2022 20:05:09 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 78ec5a2ecd08a7a4da2459594b8f9c62
Strict-Transport-Security: max-age=0; includeSubdomains

192.243.61.225

307 Temporary Redirect

0 B

URL HTTP/1.1
reapinject.com/watch.1379733139334.js?key=4410ffd8c93e6372e161f4b0a12f2ccd&kw=%5B%22scemga%22%5D&refer=https%3A%2F%2Fscemga.com%2F&tz=0&dev=r&res=12.31&uuid=cfa4e371-e494-494c-ad0e-1d5196fcfcde%3A1%3A1
IP
192.243.61.225:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /watch.1379733139334.js?key=4410ffd8c93e6372e161f4b0a12f2ccd&kw=%5B%22scemga%22%5D&refer=https%3A%2F%2Fscemga.com%2F&tz=0&dev=r&res=12.31&uuid=cfa4e371-e494-494c-ad0e-1d5196fcfcde%3A1%3A1 HTTP/1.1
Host: reapinject.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://scemga.com
Connection: keep-alive
Referer: https://scemga.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.22.0
Date: Mon, 12 Sep 2022 20:04:09 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://scemga.com
Access-Control-Allow-Origin: https://scemga.com
Access-Control-Allow-Credentials: true
Location: https://reapinject.com/watch.1379733139334.js?key=4410ffd8c93e6372e161f4b0a12f2ccd&kw=%5B%22scemga%22%5D&refer=https%3A%2F%2Fscemga.com%2F&tz=0&dev=r&res=12.31&uuid=cfa4e371-e494-494c-ad0e-1d5196fcfcde%3A1%3A1&shu=08af36ede06be74d064551d86c3bad6ac606f605c1ff33426c0332343a4c91999a5bc0552fff0a36cda9561d5ea4a2a9c302fc77661e9ece0f9d4a770f7930269aa5a83a56991c7899b3cf17f6796e61c9b9f1&pst=1663013109&rmtc=t
Set-Cookie: u_pl=16429610; expires=Tue, 13 Sep 2022 20:04:09 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjQyOTYxMCwiayI6IjQ0MTBmZmQ4YzkzZTYzNzJlMTYxZjRiMGExMmYyY2NkIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNjA0Mzk1LCJwaWQiOjMzODk3MywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozMSwiYWlkIjo1LCJwdCI6NCwicGsiOiJqMTBlaGprcSIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo3OTk1NDE5NiwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjE4MTEwLCJvbiI6IkxpbnV4Iiwib3YiOiJVbmtub3duIiwiYmlkIjoxMTY2NzAsImJuIjoiRmlyZWZveCIsImJ2IjoiOTYuMCIsInd2IjpmYWxzZSwiZSI6ZmFsc2UsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9zY2VtZ2EuY29tLyJ9fQ.9uehDUanOVklfpY1wzpKxn6HnAxwRF_H-v0BDTutXI0; expires=Mon, 12 Sep 2022 20:05:09 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: da291e37e14645094a0430fe8c29ad81
Strict-Transport-Security: max-age=0; includeSubdomains

cdn.cloudimagesb.com/cti/56/ef/55/56ef55f6ef3bc03e69b8d66da27f0cd1/1658920055.png

45.133.44.10

200 OK

67 kB

URL HTTP/2
cdn.cloudimagesb.com/cti/56/ef/55/56ef55f6ef3bc03e69b8d66da27f0cd1/1658920055.png
IP
45.133.44.10:0
ASN
#39572 DataWeb Global Group B.V.

File type
PNG image data, 468 x 60, 8-bit/color RGBA, non-interlaced\012- data
Size
67 kB (67174 bytes)
Hash
a98b4585db1c6db06d6857c73bb75fcb
02a896b08a79e873b2dd26200ee1f0665dc1c80a
fc08e863ffafe25aa63fe8b60c2d5135fc5f52caf0abae4da3f1a90e0f8ed96c

HTTP Headers

GET /cti/56/ef/55/56ef55f6ef3bc03e69b8d66da27f0cd1/1658920055.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Mon, 12 Sep 2022 20:04:09 GMT
content-type: image/png
content-length: 67174
server: nginx/1.17.6
last-modified: Wed, 27 Jul 2022 11:07:43 GMT
etag: "62e11c7f-10666"
expires: Wed, 14 Sep 2022 20:04:09 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

cdn.cloudimagesb.com/cti/43/ff/51/43ff51c07da75eaedd548042d5154cfe/1658930770.jpg

45.133.44.10

200 OK

25 kB

URL HTTP/2
cdn.cloudimagesb.com/cti/43/ff/51/43ff51c07da75eaedd548042d5154cfe/1658930770.jpg
IP
45.133.44.10:0
ASN
#39572 DataWeb Global Group B.V.

File type
JPEG image data, baseline, precision 8, 320x50, components 3\012- data
Size
25 kB (24714 bytes)
Hash
d465d02b90e928dfd9d9846e102a9dac
22f7333777bec813bd9a7b870913a2b79b6d2fe4
e393d4f1c6b5d4973e157f0f10764b92037dc18239500f42b72bed8ecef462fd

HTTP Headers

GET /cti/43/ff/51/43ff51c07da75eaedd548042d5154cfe/1658930770.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Mon, 12 Sep 2022 20:04:09 GMT
content-type: image/jpeg
content-length: 24714
server: nginx/1.17.6
last-modified: Wed, 27 Jul 2022 14:06:18 GMT
etag: "62e1465a-608a"
expires: Wed, 14 Sep 2022 20:04:09 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

ocsp.sectigo.com/

172.64.155.188

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
9e964b51358332e262bd8771a3cbeb92
24dd8b4200ae4512ec82f9a57a25dbb6f0e9432d
62aaddf84a2f5ff5c15659c948932f7cf8f976f893c98bc083c56b3ad6434b84

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 12 Sep 2022 20:04:09 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sat, 10 Sep 2022 17:22:25 GMT
Expires: Sat, 17 Sep 2022 17:22:24 GMT
Etag: "24dd8b4200ae4512ec82f9a57a25dbb6f0e9432d"
Cache-Control: max-age=421694,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 749b40288b180af6-OSL

cdn.cloudimagesb.com/cti/7d/00/a0/7d00a008556ebc4e68d1de531274e928/1658920033.png

45.133.44.10

200 OK

144 kB

URL HTTP/2
cdn.cloudimagesb.com/cti/7d/00/a0/7d00a008556ebc4e68d1de531274e928/1658920033.png
IP
45.133.44.10:0
ASN
#39572 DataWeb Global Group B.V.

File type
PNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced\012- data
Size
144 kB (144379 bytes)
Hash
33c304429dc1a4408a96e6a74ffa2feb
c45fa8e65528d1bb2b46bf8a28af9eeaa1903d04
dbed482e5948ead5587d30a22306a5b611305f704de940bd22c76daf90e0a314

HTTP Headers

GET /cti/7d/00/a0/7d00a008556ebc4e68d1de531274e928/1658920033.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Mon, 12 Sep 2022 20:04:09 GMT
content-type: image/png
content-length: 144379
server: nginx/1.17.6
last-modified: Wed, 27 Jul 2022 11:07:21 GMT
etag: "62e11c69-233fb"
expires: Wed, 14 Sep 2022 20:04:09 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

lockfireshimself.com/watch.122724536212.js?key=4410ffd8c93e6372e161f4b0a12f2ccd&kw=%5B%22scemga%22%5D&refer=https%3A%2F%2Fscemga.com%2F&tz=0&dev=r&res=12.31&uuid=cfa4e371-e494-494c-ad0e-1d5196fcfcde%3A1%3A1&shu=0c5342ee29b1ce635d8ca8931ace9d66ef206b9975620de3ae05d10353641694c1b3e364041ae3ab15c45348195520598908caf0ccdd045584d8ecb0e0be968b79b9265290c948c358c0425552fea80c904a45a030617425ee9a6f6f2291e81fe4&pst=1663013109&rmtc=t

173.233.137.36

200 OK

2.4 kB

URL HTTP/1.1
lockfireshimself.com/watch.122724536212.js?key=4410ffd8c93e6372e161f4b0a12f2ccd&kw=%5B%22scemga%22%5D&refer=https%3A%2F%2Fscemga.com%2F&tz=0&dev=r&res=12.31&uuid=cfa4e371-e494-494c-ad0e-1d5196fcfcde%3A1%3A1&shu=0c5342ee29b1ce635d8ca8931ace9d66ef206b9975620de3ae05d10353641694c1b3e364041ae3ab15c45348195520598908caf0ccdd045584d8ecb0e0be968b79b9265290c948c358c0425552fea80c904a45a030617425ee9a6f6f2291e81fe4&pst=1663013109&rmtc=t
IP
173.233.137.36:0
ASN
#7979 SERVERS-COM

File type
HTML document, ASCII text, with very long lines (2936)
Size
2.4 kB (2363 bytes)
Hash
abecdf1ec2d5772c407a2d5b0c381cc6
e129852d8cb2b2c3208e3b6b7ad7aba31a6b7e2e
4235e9cbd67e5affb3bc5c8debc4b55e3f2cbd309be5465c55e8b398f05a9bf5

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /watch.122724536212.js?key=4410ffd8c93e6372e161f4b0a12f2ccd&kw=%5B%22scemga%22%5D&refer=https%3A%2F%2Fscemga.com%2F&tz=0&dev=r&res=12.31&uuid=cfa4e371-e494-494c-ad0e-1d5196fcfcde%3A1%3A1&shu=0c5342ee29b1ce635d8ca8931ace9d66ef206b9975620de3ae05d10353641694c1b3e364041ae3ab15c45348195520598908caf0ccdd045584d8ecb0e0be968b79b9265290c948c358c0425552fea80c904a45a030617425ee9a6f6f2291e81fe4&pst=1663013109&rmtc=t HTTP/1.1
Host: lockfireshimself.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://scemga.com
Referer: https://scemga.com/
Connection: keep-alive
Cookie: u_pl=16430306,16429610; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjQyOTYxMCwiayI6IjQ0MTBmZmQ4YzkzZTYzNzJlMTYxZjRiMGExMmYyY2NkIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNjA0Mzk1LCJwaWQiOjMzODk3MywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozMSwiYWlkIjo1LCJwdCI6NCwicGsiOiJqMTBlaGprcSIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo3OTk1NDE5NiwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjE4MTEwLCJvbiI6IkxpbnV4Iiwib3YiOiJVbmtub3duIiwiYmlkIjoxMTY2NzAsImJuIjoiRmlyZWZveCIsImJ2IjoiOTYuMCIsInd2IjpmYWxzZSwiZSI6ZmFsc2UsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9zY2VtZ2EuY29tLyJ9fQ.9uehDUanOVklfpY1wzpKxn6HnAxwRF_H-v0BDTutXI0; uid_id2=a79572d6-e488-4ffa-af3d-329be5d67d1b:1:1; iprce5ccc7dc458cbfcbbbf63000535b14e5=3569807; pdhtkv=true; uncs=1; pdhtkv27=true; uncs27=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 12 Sep 2022 20:04:09 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://scemga.com
Access-Control-Allow-Origin: https://scemga.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=cfa4e371-e494-494c-ad0e-1d5196fcfcde:1:1; expires=Mon, 19 Sep 2022 20:04:09 GMT; secure; SameSite=None
pdhtkv=true; expires=Tue, 13 Sep 2022 20:04:09 GMT; secure; SameSite=None
uncs=1; expires=Tue, 13 Sep 2022 20:04:09 GMT; secure; SameSite=None
pdhtkv5=true; expires=Tue, 13 Sep 2022 20:04:09 GMT; secure; SameSite=None
uncs5=1; expires=Tue, 13 Sep 2022 20:04:09 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 36f02bf1ac00d805e69c8ec76915cb39
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

cdn.cloudimagesb.com/cti/96/64/f2/9664f226fa61ddbdd7ebea02d8e43bbf/1627979045.png

45.133.44.10

200 OK

150 kB

URL HTTP/2
cdn.cloudimagesb.com/cti/96/64/f2/9664f226fa61ddbdd7ebea02d8e43bbf/1627979045.png
IP
45.133.44.10:0
ASN
#39572 DataWeb Global Group B.V.

File type
PNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced\012- data
Size
150 kB (149685 bytes)
Hash
e7d35967d5b4bada68ebcfd8adf31493
e03ab93358befd526f05f2fa8197b98e07a50bea
6ba59bc77806df1b35b248a8f1315cf2fc0d8def3282e6d2f6246594e0608730

HTTP Headers

GET /cti/96/64/f2/9664f226fa61ddbdd7ebea02d8e43bbf/1627979045.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Mon, 12 Sep 2022 20:04:09 GMT
content-type: image/png
content-length: 149685
server: nginx/1.17.6
last-modified: Tue, 03 Aug 2021 08:24:14 GMT
etag: "6108fd2e-248b5"
expires: Wed, 14 Sep 2022 20:04:09 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d65d55d5e1415578c614cadaf31a781d
277e3fe73f2f6ca4b6ec4fb7ab3d23f1865ed046
805dae20ed59ef252e6dc776314b83caf89a0a8ad44418887b9fb4d876be9d13

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "805DAE20ED59EF252E6DC776314B83CAF89A0A8AD44418887B9FB4D876BE9D13"
Last-Modified: Mon, 12 Sep 2022 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20625
Expires: Tue, 13 Sep 2022 01:47:54 GMT
Date: Mon, 12 Sep 2022 20:04:09 GMT
Connection: keep-alive

ocsp.sectigo.com/

172.64.155.188

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
9e964b51358332e262bd8771a3cbeb92
24dd8b4200ae4512ec82f9a57a25dbb6f0e9432d
62aaddf84a2f5ff5c15659c948932f7cf8f976f893c98bc083c56b3ad6434b84

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 12 Sep 2022 20:04:09 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sat, 10 Sep 2022 17:22:25 GMT
Expires: Sat, 17 Sep 2022 17:22:24 GMT
Etag: "24dd8b4200ae4512ec82f9a57a25dbb6f0e9432d"
Cache-Control: max-age=421694,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 749b4029ecc50af6-OSL

reapinject.com/watch.1379733139334.js?key=4410ffd8c93e6372e161f4b0a12f2ccd&kw=%5B%22scemga%22%5D&refer=https%3A%2F%2Fscemga.com%2F&tz=0&dev=r&res=12.31&uuid=cfa4e371-e494-494c-ad0e-1d5196fcfcde%3A1%3A1&shu=08af36ede06be74d064551d86c3bad6ac606f605c1ff33426c0332343a4c91999a5bc0552fff0a36cda9561d5ea4a2a9c302fc77661e9ece0f9d4a770f7930269aa5a83a56991c7899b3cf17f6796e61c9b9f1&pst=1663013109&rmtc=t

192.243.61.225

200 OK

2.0 kB

URL HTTP/1.1
reapinject.com/watch.1379733139334.js?key=4410ffd8c93e6372e161f4b0a12f2ccd&kw=%5B%22scemga%22%5D&refer=https%3A%2F%2Fscemga.com%2F&tz=0&dev=r&res=12.31&uuid=cfa4e371-e494-494c-ad0e-1d5196fcfcde%3A1%3A1&shu=08af36ede06be74d064551d86c3bad6ac606f605c1ff33426c0332343a4c91999a5bc0552fff0a36cda9561d5ea4a2a9c302fc77661e9ece0f9d4a770f7930269aa5a83a56991c7899b3cf17f6796e61c9b9f1&pst=1663013109&rmtc=t
IP
192.243.61.225:0
ASN
#39572 DataWeb Global Group B.V.

File type
HTML document, ASCII text, with very long lines (2432)
Size
2.0 kB (1985 bytes)
Hash
b5f48a3429c6c999e469fe12c67a0792
62144c68b44e2d4589fc4730a8d8e3dab745ac34
013970a9d6bad75fa66269e73365733425d917542a7b802f804dcd767126e83c

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /watch.1379733139334.js?key=4410ffd8c93e6372e161f4b0a12f2ccd&kw=%5B%22scemga%22%5D&refer=https%3A%2F%2Fscemga.com%2F&tz=0&dev=r&res=12.31&uuid=cfa4e371-e494-494c-ad0e-1d5196fcfcde%3A1%3A1&shu=08af36ede06be74d064551d86c3bad6ac606f605c1ff33426c0332343a4c91999a5bc0552fff0a36cda9561d5ea4a2a9c302fc77661e9ece0f9d4a770f7930269aa5a83a56991c7899b3cf17f6796e61c9b9f1&pst=1663013109&rmtc=t HTTP/1.1
Host: reapinject.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://scemga.com
Referer: https://scemga.com/
Connection: keep-alive
Cookie: u_pl=16429610; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjQyOTYxMCwiayI6IjQ0MTBmZmQ4YzkzZTYzNzJlMTYxZjRiMGExMmYyY2NkIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNjA0Mzk1LCJwaWQiOjMzODk3MywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozMSwiYWlkIjo1LCJwdCI6NCwicGsiOiJqMTBlaGprcSIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo3OTk1NDE5NiwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjE4MTEwLCJvbiI6IkxpbnV4Iiwib3YiOiJVbmtub3duIiwiYmlkIjoxMTY2NzAsImJuIjoiRmlyZWZveCIsImJ2IjoiOTYuMCIsInd2IjpmYWxzZSwiZSI6ZmFsc2UsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9zY2VtZ2EuY29tLyJ9fQ.9uehDUanOVklfpY1wzpKxn6HnAxwRF_H-v0BDTutXI0; uid_id2=cfa4e371-e494-494c-ad0e-1d5196fcfcde:1:1; iprc9432d38294fe7ecb35904c6861b9fc19=3569806; pdhtkv=true; uncs=1; pdhtkv5=true; uncs5=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Mon, 12 Sep 2022 20:04:09 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://scemga.com
Access-Control-Allow-Origin: https://scemga.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=cfa4e371-e494-494c-ad0e-1d5196fcfcde:1:1; expires=Mon, 19 Sep 2022 20:04:09 GMT; secure; SameSite=None
pdhtkv=true; expires=Tue, 13 Sep 2022 20:04:09 GMT; secure; SameSite=None
uncs=1; expires=Tue, 13 Sep 2022 20:04:09 GMT; secure; SameSite=None
pdhtkv5=true; expires=Tue, 13 Sep 2022 20:04:09 GMT; secure; SameSite=None
uncs5=1; expires=Tue, 13 Sep 2022 20:04:09 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b1199fbaa050b7130934d64c0fdf41c4
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
935cdbef39997d1e92de9bc9421f3463
d463b34ae7144298a6432cc52fcb52893336b892
ba3aaa69f8d66627b1cee0468f3e9f480af0b3113510cea2b7ea6b65d920ef02

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BA3AAA69F8D66627B1CEE0468F3E9F480AF0B3113510CEA2B7EA6B65D920EF02"
Last-Modified: Mon, 12 Sep 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19507
Expires: Tue, 13 Sep 2022 01:29:17 GMT
Date: Mon, 12 Sep 2022 20:04:10 GMT
Connection: keep-alive

cdn.cloudimagesb.com/cti/fe/3b/00/fe3b00c58303840cb3ab664e9686952e/1627915911.png

45.133.44.10

200 OK

136 kB

URL HTTP/2
cdn.cloudimagesb.com/cti/fe/3b/00/fe3b00c58303840cb3ab664e9686952e/1627915911.png
IP
45.133.44.10:0
ASN
#39572 DataWeb Global Group B.V.

File type
PNG image data, 300 x 250, 8-bit/color RGB, non-interlaced\012- data
Size
136 kB (136090 bytes)
Hash
11675ef6f5c8559ec0ade47755155665
20df6be038de603b97f849e07460cd0600b34867
4d361374b3e2e4f8de896a1f1014d500ed0802bf028d2c7bbd606f9e87ba88a4

HTTP Headers

GET /cti/fe/3b/00/fe3b00c58303840cb3ab664e9686952e/1627915911.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Mon, 12 Sep 2022 20:04:10 GMT
content-type: image/png
content-length: 136090
server: nginx/1.17.6
last-modified: Mon, 02 Aug 2021 14:51:59 GMT
etag: "6108068f-2139a"
expires: Wed, 14 Sep 2022 20:04:10 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

173.233.137.36

307 Temporary Redirect

0 B

URL HTTP/1.1
obituaryfuneral.com/watch.615080537639.js?key=4410ffd8c93e6372e161f4b0a12f2ccd&kw=%5B%22scemga%22%5D&refer=https%3A%2F%2Fscemga.com%2F&tz=0&dev=r&res=12.31&uuid=cfa4e371-e494-494c-ad0e-1d5196fcfcde%3A1%3A1
IP
173.233.137.36:0
ASN
#7979 SERVERS-COM

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /watch.615080537639.js?key=4410ffd8c93e6372e161f4b0a12f2ccd&kw=%5B%22scemga%22%5D&refer=https%3A%2F%2Fscemga.com%2F&tz=0&dev=r&res=12.31&uuid=cfa4e371-e494-494c-ad0e-1d5196fcfcde%3A1%3A1 HTTP/1.1
Host: obituaryfuneral.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://scemga.com
Connection: keep-alive
Referer: https://scemga.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Mon, 12 Sep 2022 20:04:10 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://scemga.com
Access-Control-Allow-Origin: https://scemga.com
Access-Control-Allow-Credentials: true
Location: https://obituaryfuneral.com/watch.615080537639.js?key=4410ffd8c93e6372e161f4b0a12f2ccd&kw=%5B%22scemga%22%5D&refer=https%3A%2F%2Fscemga.com%2F&tz=0&dev=r&res=12.31&uuid=cfa4e371-e494-494c-ad0e-1d5196fcfcde%3A1%3A1&shu=d3053b72680e07e42db8d0edab01302483d9e5a72bf4875b57e1938441f3ed1e8219d6e0145b4d7011b48134bc4364bc8e37858dd70c69c51b0447b3cb2cb0aa1b917d633d2dc0b9aa077107d76540d79ed797b74dd4b786da79ae18c1bb64ed4a&pst=1663013110&rmtc=t
Set-Cookie: u_pl=16429610; expires=Tue, 13 Sep 2022 20:04:10 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjQyOTYxMCwiayI6IjQ0MTBmZmQ4YzkzZTYzNzJlMTYxZjRiMGExMmYyY2NkIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNjA0Mzk1LCJwaWQiOjMzODk3MywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozMSwiYWlkIjo1LCJwdCI6NCwicGsiOiJqMTBlaGprcSIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo3OTk1NDE5NiwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjE4MTEwLCJvbiI6IkxpbnV4Iiwib3YiOiJVbmtub3duIiwiYmlkIjoxMTY2NzAsImJuIjoiRmlyZWZveCIsImJ2IjoiOTYuMCIsInd2IjpmYWxzZSwiZSI6ZmFsc2UsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9zY2VtZ2EuY29tLyJ9fQ.9uehDUanOVklfpY1wzpKxn6HnAxwRF_H-v0BDTutXI0; expires=Mon, 12 Sep 2022 20:05:10 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 037db4f3242b2cc3a3e3e7345b3a8f40
Strict-Transport-Security: max-age=0; includeSubdomains

youradexchange.com/script/push.php?r=6021554&ipp=1&mads=2&position=top&czid=tzvkjx4zym&aggr=3&atag=1&ppv=1&ab_test=AdOpt_B_nocapping-2021-12-08v1&cbpage=https%3A%2F%2Fscemga.com%2F&cbref=

35.190.41.116

204 No Content

39 kB

URL HTTP/2
youradexchange.com/script/push.php?r=6021554&ipp=1&mads=2&position=top&czid=tzvkjx4zym&aggr=3&atag=1&ppv=1&ab_test=AdOpt_B_nocapping-2021-12-08v1&cbpage=https%3A%2F%2Fscemga.com%2F&cbref=
IP
35.190.41.116:0
ASN
#15169 GOOGLE

File type
data
Size
39 kB (38818 bytes)
Hash
2e3e073989c0c95adbd73e8c3b148775
6e3b8907c26ed65d1940c398eb3d0f9da2f27ad7
12896d2b2660ce9810e6ee0f3cb1b16fb4805ac61bb4a24610c1bda2cca277ae

HTTP Headers

GET /script/push.php?r=6021554&ipp=1&mads=2&position=top&czid=tzvkjx4zym&aggr=3&atag=1&ppv=1&ab_test=AdOpt_B_nocapping-2021-12-08v1&cbpage=https%3A%2F%2Fscemga.com%2F&cbref= HTTP/1.1
Host: youradexchange.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://scemga.com
Connection: keep-alive
Referer: https://scemga.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 204 No Content
server: openresty
date: Mon, 12 Sep 2022 20:04:10 GMT
access-control-allow-origin: *
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

youradexchange.com/ad/czcf.php?cz=tzvkjx4zym

35.190.41.116

200 OK

34 kB

URL HTTP/2
youradexchange.com/ad/czcf.php?cz=tzvkjx4zym
IP
35.190.41.116:0
ASN
#15169 GOOGLE

File type
data
Size
34 kB (34083 bytes)
Hash
6fd50ad00f55f7b5b8ed7afdec1b9e65
9bb4f566ab07cc54c4387867a017541dd6b61d8a
578a2e8d7464fbbc448c580fab6e3b54664eb0517878f666b9448e45bf310ea6

HTTP Headers

GET /ad/czcf.php?cz=tzvkjx4zym HTTP/1.1
Host: youradexchange.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://scemga.com
Connection: keep-alive
Referer: https://scemga.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: openresty
date: Mon, 12 Sep 2022 20:04:09 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

obituaryfuneral.com/watch.615080537639.js?key=4410ffd8c93e6372e161f4b0a12f2ccd&kw=%5B%22scemga%22%5D&refer=https%3A%2F%2Fscemga.com%2F&tz=0&dev=r&res=12.31&uuid=cfa4e371-e494-494c-ad0e-1d5196fcfcde%3A1%3A1&shu=d3053b72680e07e42db8d0edab01302483d9e5a72bf4875b57e1938441f3ed1e8219d6e0145b4d7011b48134bc4364bc8e37858dd70c69c51b0447b3cb2cb0aa1b917d633d2dc0b9aa077107d76540d79ed797b74dd4b786da79ae18c1bb64ed4a&pst=1663013110&rmtc=t

173.233.137.36

200 OK

2.3 kB

URL HTTP/1.1
obituaryfuneral.com/watch.615080537639.js?key=4410ffd8c93e6372e161f4b0a12f2ccd&kw=%5B%22scemga%22%5D&refer=https%3A%2F%2Fscemga.com%2F&tz=0&dev=r&res=12.31&uuid=cfa4e371-e494-494c-ad0e-1d5196fcfcde%3A1%3A1&shu=d3053b72680e07e42db8d0edab01302483d9e5a72bf4875b57e1938441f3ed1e8219d6e0145b4d7011b48134bc4364bc8e37858dd70c69c51b0447b3cb2cb0aa1b917d633d2dc0b9aa077107d76540d79ed797b74dd4b786da79ae18c1bb64ed4a&pst=1663013110&rmtc=t
IP
173.233.137.36:0
ASN
#7979 SERVERS-COM

File type
HTML document, ASCII text, with very long lines (2917)
Size
2.3 kB (2322 bytes)
Hash
bf2d84d3dd2e31de57f04c70df207807
42abbb654858d39881bb7ce92a7f58bbd25af78f
e4a65a0e3bd96588efb6ec93065ca0c666a81859c074da3223fd096c4b2f9abe

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /watch.615080537639.js?key=4410ffd8c93e6372e161f4b0a12f2ccd&kw=%5B%22scemga%22%5D&refer=https%3A%2F%2Fscemga.com%2F&tz=0&dev=r&res=12.31&uuid=cfa4e371-e494-494c-ad0e-1d5196fcfcde%3A1%3A1&shu=d3053b72680e07e42db8d0edab01302483d9e5a72bf4875b57e1938441f3ed1e8219d6e0145b4d7011b48134bc4364bc8e37858dd70c69c51b0447b3cb2cb0aa1b917d633d2dc0b9aa077107d76540d79ed797b74dd4b786da79ae18c1bb64ed4a&pst=1663013110&rmtc=t HTTP/1.1
Host: obituaryfuneral.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://scemga.com
Referer: https://scemga.com/
Connection: keep-alive
Cookie: u_pl=16429610; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjQyOTYxMCwiayI6IjQ0MTBmZmQ4YzkzZTYzNzJlMTYxZjRiMGExMmYyY2NkIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNjA0Mzk1LCJwaWQiOjMzODk3MywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozMSwiYWlkIjo1LCJwdCI6NCwicGsiOiJqMTBlaGprcSIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo3OTk1NDE5NiwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjE4MTEwLCJvbiI6IkxpbnV4Iiwib3YiOiJVbmtub3duIiwiYmlkIjoxMTY2NzAsImJuIjoiRmlyZWZveCIsImJ2IjoiOTYuMCIsInd2IjpmYWxzZSwiZSI6ZmFsc2UsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9zY2VtZ2EuY29tLyJ9fQ.9uehDUanOVklfpY1wzpKxn6HnAxwRF_H-v0BDTutXI0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 12 Sep 2022 20:04:10 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://scemga.com
Access-Control-Allow-Origin: https://scemga.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=cfa4e371-e494-494c-ad0e-1d5196fcfcde:1:1; expires=Mon, 19 Sep 2022 20:04:10 GMT; secure; SameSite=None
pdhtkv=true; expires=Tue, 13 Sep 2022 20:04:10 GMT; secure; SameSite=None
uncs=1; expires=Tue, 13 Sep 2022 20:04:10 GMT; secure; SameSite=None
pdhtkv5=true; expires=Tue, 13 Sep 2022 20:04:10 GMT; secure; SameSite=None
uncs5=1; expires=Tue, 13 Sep 2022 20:04:10 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e5e7e39907d9922e14104750fcbea059
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

region1.google-analytics.com/g/collect?v=2&tid=G-LR61DG565G&gtm=2oe970&_p=988587455&cid=1332081747.1663013037&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1663013037&sct=1&seg=0&dl=https%3A%2F%2Fscemga.com%2F&dt=SCEMGA&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1

216.239.34.36

204 No Content

0 B

URL HTTP/2
region1.google-analytics.com/g/collect?v=2&tid=G-LR61DG565G&gtm=2oe970&_p=988587455&cid=1332081747.1663013037&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1663013037&sct=1&seg=0&dl=https%3A%2F%2Fscemga.com%2F&dt=SCEMGA&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
IP
216.239.34.36:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-LR61DG565G&gtm=2oe970&_p=988587455&cid=1332081747.1663013037&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1663013037&sct=1&seg=0&dl=https%3A%2F%2Fscemga.com%2F&dt=SCEMGA&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://scemga.com
Connection: keep-alive
Referer: https://scemga.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 204 No Content
access-control-allow-origin: https://scemga.com
date: Mon, 12 Sep 2022 20:04:10 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

scemga.com/favicon.ico

162.0.232.190

404 Not Found

1.2 kB

URL HTTP/2
scemga.com/favicon.ico
IP
162.0.232.190:0
ASN
#22612 NAMECHEAP-NET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
1.2 kB (1238 bytes)
Hash
0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: scemga.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://scemga.com/
Connection: keep-alive
Cookie: dom3ic8zudi28v8lr6fgphwffqoz0j6c=cfa4e371-e494-494c-ad0e-1d5196fcfcde%3A1%3A1; _ga_LR61DG565G=GS1.1.1663013037.1.0.1663013037.0.0.0; _ga=GA1.1.1332081747.1663013037
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
content-type: text/html
content-length: 1238
date: Mon, 12 Sep 2022 20:04:10 GMT
server: LiteSpeed
x-turbo-charged-by: LiteSpeed
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload;
referrer-policy: no-referrer-when-downgrade
X-Firefox-Spdy: h2

diminutioneconomy.com/ntv.json?key=79058c42da72db7016303f55ac74fc51&vstc=3&uuid=cfa4e371-e494-494c-ad0e-1d5196fcfcde%3A1%3A1&custom=%7B%22d37e3bc4%22%3A%22b%22%7D

192.243.61.227

200 OK

13 kB

URL HTTP/1.1
diminutioneconomy.com/ntv.json?key=79058c42da72db7016303f55ac74fc51&vstc=3&uuid=cfa4e371-e494-494c-ad0e-1d5196fcfcde%3A1%3A1&custom=%7B%22d37e3bc4%22%3A%22b%22%7D
IP
192.243.61.227:0
ASN
#39572 DataWeb Global Group B.V.

File type
JSON data\012- , Unicode text, UTF-8 text, with very long lines (13025), with no line terminators
Size
13 kB (13026 bytes)
Hash
d28f55d8361e894f23c29a71e24cfdf4
4bfd62c0ccd943dc70d018b35b98b64e481a99df
f78164e0041f76388e312a096fe639b1957df359f2b16345b9ca32f0eb848a88

HTTP Headers

GET /ntv.json?key=79058c42da72db7016303f55ac74fc51&vstc=3&uuid=cfa4e371-e494-494c-ad0e-1d5196fcfcde%3A1%3A1&custom=%7B%22d37e3bc4%22%3A%22b%22%7D HTTP/1.1
Host: diminutioneconomy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://scemga.com
Connection: keep-alive
Referer: https://scemga.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Mon, 12 Sep 2022 20:04:10 GMT
Content-Type: application/json
Content-Length: 13026
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://scemga.com
Access-Control-Allow-Origin: https://scemga.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=16437760; expires=Tue, 13 Sep 2022 20:04:10 GMT; secure; SameSite=None
uid_id2=cfa4e371-e494-494c-ad0e-1d5196fcfcde:1:1; expires=Mon, 19 Sep 2022 20:04:10 GMT; secure; SameSite=None
pdhtkv=true; expires=Tue, 13 Sep 2022 20:04:10 GMT; secure; SameSite=None
uncs=1; expires=Tue, 13 Sep 2022 20:04:10 GMT; secure; SameSite=None
pdhtkv49=true; expires=Tue, 13 Sep 2022 20:04:10 GMT; secure; SameSite=None
uncs49=1; expires=Tue, 13 Sep 2022 20:04:10 GMT; secure; SameSite=None
nlec79058c42da72db7016303f55ac74fc51=[3637745,2229215,2229214]; expires=Mon, 12 Sep 2022 20:04:15 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 474cab851a4657939dc2a903be9deb41
Strict-Transport-Security: max-age=0; includeSubdomains

cdn.cloudimagesb.com/si/b9/5d/e2/b95de288caeec55111c172964c8a9c84/1662036680.jpg

45.133.44.10

200 OK

21 kB

URL HTTP/2
cdn.cloudimagesb.com/si/b9/5d/e2/b95de288caeec55111c172964c8a9c84/1662036680.jpg
IP
45.133.44.10:0
ASN
#39572 DataWeb Global Group B.V.

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 320x240, components 3\012- data
Size
21 kB (20566 bytes)
Hash
8f4953c1b8baece7bb7d226247561ce2
da5d440970606602026d7900a55ae2fd27a3f170
8fd9df7d8e48ff2519631e82e01519d4f1c65abd41ec977c18abb58df9832919

HTTP Headers

GET /si/b9/5d/e2/b95de288caeec55111c172964c8a9c84/1662036680.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://scemga.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Mon, 12 Sep 2022 20:04:10 GMT
content-type: image/jpeg
content-length: 20566
server: nginx/1.17.6
last-modified: Thu, 01 Sep 2022 12:51:28 GMT
etag: "6310aad0-5056"
expires: Wed, 14 Sep 2022 20:04:10 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

cdn.cloudimagesb.com/cti/4e/61/98/4e619871efbab123abb0e0121e08e11d/1628586907.jpg

45.133.44.10

200 OK

23 kB

URL HTTP/2
cdn.cloudimagesb.com/cti/4e/61/98/4e619871efbab123abb0e0121e08e11d/1628586907.jpg
IP
45.133.44.10:0
ASN
#39572 DataWeb Global Group B.V.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 320x240, components 3\012- data
Size
23 kB (22883 bytes)
Hash
c6f19781c79ff746b99178f813cfbff2
5c307e43c63001535aa3a3683777dbb1a7f0775b
816b5a5d078f27271fa2d7c210d708f386a6f9fbd9242531b07f0b051382870d

HTTP Headers

GET /cti/4e/61/98/4e619871efbab123abb0e0121e08e11d/1628586907.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://scemga.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Mon, 12 Sep 2022 20:04:10 GMT
content-type: image/jpeg
content-length: 22883
server: nginx/1.17.6
last-modified: Tue, 10 Aug 2021 09:15:16 GMT
etag: "611243a4-5963"
expires: Wed, 14 Sep 2022 20:04:10 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

cdn.cloudimagesb.com/cti/5d/60/ed/5d60edea793259cd719bfa3d19bcae3e/1628587069.jpg

45.133.44.10

200 OK

28 kB

URL HTTP/2
cdn.cloudimagesb.com/cti/5d/60/ed/5d60edea793259cd719bfa3d19bcae3e/1628587069.jpg
IP
45.133.44.10:0
ASN
#39572 DataWeb Global Group B.V.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 321x240, components 3\012- data
Size
28 kB (27606 bytes)
Hash
f4fabf64be47ce667e0cfc150667b36c
234d722efa06cbedfdad9c1bb497a942997741dd
272b7875492a55c6f53a4e4704e715cc5b3cc4e5093758cbfedd95441bfe98d8

HTTP Headers

GET /cti/5d/60/ed/5d60edea793259cd719bfa3d19bcae3e/1628587069.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://scemga.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Mon, 12 Sep 2022 20:04:10 GMT
content-type: image/jpeg
content-length: 27606
server: nginx/1.17.6
last-modified: Tue, 10 Aug 2021 09:17:59 GMT
etag: "61124447-6bd6"
expires: Wed, 14 Sep 2022 20:04:10 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

diminutioneconomy.com/ren.gif?sid=H4sIAAAAAAAC%2F1RST4gcxRutzu7vh%2F8uSg4KhgwikmB2t7unp3vHHIJxXQmuSUwUPQhSXVU9W251V1PVPT1ZDyYGJDcHPOmp580m0biIXgWD9AZEFoTMbQ%2BuZ48i5uBJZlxc%2FaD7%2B169d3jfq%2FpoVO4TFyXdW3lNb0ql6FJn0W2deNvzTrfWZFYOWoPl8N0wON0y%2FRe64aJ7svWKYBt6yXc91%2FVcr7UqjUj0YGlKQubbXW%2Bx6y4G%2FqLXCTAw%2F8W2dGCpA97fJ09A8sn8PecoJGuQpV%2BvCLtR6PzUy2mpaKEN%2Bvz2m9lGpqsM6eGYGAdJdvtADW3vr96Fzm7O7EL3%2FxHGckKcH%2B4izm4fmETc35r5jBVEhpg%2FiqrfQKgGkjZg%2Bjokv08AxnH%2BArL01nltKnrlb5ZO2QmZf%2FA7ZDUh8z8fRZZ%2BdVbJQeuyVmUhdWYxSGrIQQPZa5CXOyg2j0BWO2DFh5D8J7L0YA1ZunXBKg3J955lCQ1EO%2FIWRNANFoJuwBYod8WCxzteN0xYwriYBSRlA5k0UGIIah2U0086KBMHZe4g5Xst5nle5HJG3eUuY20eiTjkrkejxKOeGy6jZNMdhijyIZgagpmryM21z3k7Eu2YBaMYG3IIU34Pu17D8v%2FDFhPivP4B%2BrxGJQgqS1BRgkoSVAVB1a9vcmV9W9%2Fiypaxd9D9g96ux7rojehNXfRERkb5Pnl8luOfE4INsdeKum5nmQU%2Bp5HP48j1wrbbTjodyqIgYR0PVtaQ9shs6005IU%2B%2B%2FzxyOSH%2FO3UMMd2BVTtg8jho6YFW48h3QdfHwbKLzeyOZSLt0UWmU3BdIy%2FmUVxxRmqfPDVzEV37DYLtntk%2B8Ufz8TsnwUyN3NR4T94j6Kkb40u6IluXdGXJNxfyQqZyk05v%2BnJBCzF351VxpdKGn1uxwy9eZFNiOm6%2FIWyxRjMus54lX56VnAuzqg0T5Ltz9i0RXyzt%2BtnSZGW%2BdvGl1XNpboS1UmcNqLz%2FWAMmJ%2BTh3ZXZEz62ug5pGpiyRlrukoOC1Dtg%2BVXYfPfMnae3H%2FKe%2BxVWz8GoQ02cO6jKemz8%2BPBQSQIlDjGNa9h%2F4fhwHtkb6BkftLiOLK3RNzX6qgZVQ9jykXGRm90zP346rc8Qq7lxrMzcVqyM%2BmQW7YQ8M%2FfL9LcPK%2FdaUbvt0rDb8aKIiigO%2FOUk9DilfhD6YUjbKOyEHR9%2B%2BxcAAAD%2F%2FwEAAP%2F%2FlXOTI5cEAAA%3D

192.243.61.227

200 OK

7 B

URL HTTP/1.1
diminutioneconomy.com/ren.gif?sid=H4sIAAAAAAAC%2F1RST4gcxRutzu7vh%2F8uSg4KhgwikmB2t7unp3vHHIJxXQmuSUwUPQhSXVU9W251V1PVPT1ZDyYGJDcHPOmp580m0biIXgWD9AZEFoTMbQ%2BuZ48i5uBJZlxc%2FaD7%2B169d3jfq%2FpoVO4TFyXdW3lNb0ql6FJn0W2deNvzTrfWZFYOWoPl8N0wON0y%2FRe64aJ7svWKYBt6yXc91%2FVcr7UqjUj0YGlKQubbXW%2Bx6y4G%2FqLXCTAw%2F8W2dGCpA97fJ09A8sn8PecoJGuQpV%2BvCLtR6PzUy2mpaKEN%2Bvz2m9lGpqsM6eGYGAdJdvtADW3vr96Fzm7O7EL3%2FxHGckKcH%2B4izm4fmETc35r5jBVEhpg%2FiqrfQKgGkjZg%2Bjokv08AxnH%2BArL01nltKnrlb5ZO2QmZf%2FA7ZDUh8z8fRZZ%2BdVbJQeuyVmUhdWYxSGrIQQPZa5CXOyg2j0BWO2DFh5D8J7L0YA1ZunXBKg3J955lCQ1EO%2FIWRNANFoJuwBYod8WCxzteN0xYwriYBSRlA5k0UGIIah2U0086KBMHZe4g5Xst5nle5HJG3eUuY20eiTjkrkejxKOeGy6jZNMdhijyIZgagpmryM21z3k7Eu2YBaMYG3IIU34Pu17D8v%2FDFhPivP4B%2BrxGJQgqS1BRgkoSVAVB1a9vcmV9W9%2Fiypaxd9D9g96ux7rojehNXfRERkb5Pnl8luOfE4INsdeKum5nmQU%2Bp5HP48j1wrbbTjodyqIgYR0PVtaQ9shs6005IU%2B%2B%2FzxyOSH%2FO3UMMd2BVTtg8jho6YFW48h3QdfHwbKLzeyOZSLt0UWmU3BdIy%2FmUVxxRmqfPDVzEV37DYLtntk%2B8Ufz8TsnwUyN3NR4T94j6Kkb40u6IluXdGXJNxfyQqZyk05v%2BnJBCzF351VxpdKGn1uxwy9eZFNiOm6%2FIWyxRjMus54lX56VnAuzqg0T5Ltz9i0RXyzt%2BtnSZGW%2BdvGl1XNpboS1UmcNqLz%2FWAMmJ%2BTh3ZXZEz62ug5pGpiyRlrukoOC1Dtg%2BVXYfPfMnae3H%2FKe%2BxVWz8GoQ02cO6jKemz8%2BPBQSQIlDjGNa9h%2F4fhwHtkb6BkftLiOLK3RNzX6qgZVQ9jykXGRm90zP346rc8Qq7lxrMzcVqyM%2BmQW7YQ8M%2FfL9LcPK%2FdaUbvt0rDb8aKIiigO%2FOUk9DilfhD6YUjbKOyEHR9%2B%2BxcAAAD%2F%2FwEAAP%2F%2FlXOTI5cEAAA%3D
IP
192.243.61.227:0
ASN
#39572 DataWeb Global Group B.V.

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

HTTP Headers

GET /ren.gif?sid=H4sIAAAAAAAC%2F1RST4gcxRutzu7vh%2F8uSg4KhgwikmB2t7unp3vHHIJxXQmuSUwUPQhSXVU9W251V1PVPT1ZDyYGJDcHPOmp580m0biIXgWD9AZEFoTMbQ%2BuZ48i5uBJZlxc%2FaD7%2B169d3jfq%2FpoVO4TFyXdW3lNb0ql6FJn0W2deNvzTrfWZFYOWoPl8N0wON0y%2FRe64aJ7svWKYBt6yXc91%2FVcr7UqjUj0YGlKQubbXW%2Bx6y4G%2FqLXCTAw%2F8W2dGCpA97fJ09A8sn8PecoJGuQpV%2BvCLtR6PzUy2mpaKEN%2Bvz2m9lGpqsM6eGYGAdJdvtADW3vr96Fzm7O7EL3%2FxHGckKcH%2B4izm4fmETc35r5jBVEhpg%2FiqrfQKgGkjZg%2Bjokv08AxnH%2BArL01nltKnrlb5ZO2QmZf%2FA7ZDUh8z8fRZZ%2BdVbJQeuyVmUhdWYxSGrIQQPZa5CXOyg2j0BWO2DFh5D8J7L0YA1ZunXBKg3J955lCQ1EO%2FIWRNANFoJuwBYod8WCxzteN0xYwriYBSRlA5k0UGIIah2U0086KBMHZe4g5Xst5nle5HJG3eUuY20eiTjkrkejxKOeGy6jZNMdhijyIZgagpmryM21z3k7Eu2YBaMYG3IIU34Pu17D8v%2FDFhPivP4B%2BrxGJQgqS1BRgkoSVAVB1a9vcmV9W9%2Fiypaxd9D9g96ux7rojehNXfRERkb5Pnl8luOfE4INsdeKum5nmQU%2Bp5HP48j1wrbbTjodyqIgYR0PVtaQ9shs6005IU%2B%2B%2FzxyOSH%2FO3UMMd2BVTtg8jho6YFW48h3QdfHwbKLzeyOZSLt0UWmU3BdIy%2FmUVxxRmqfPDVzEV37DYLtntk%2B8Ufz8TsnwUyN3NR4T94j6Kkb40u6IluXdGXJNxfyQqZyk05v%2BnJBCzF351VxpdKGn1uxwy9eZFNiOm6%2FIWyxRjMus54lX56VnAuzqg0T5Ltz9i0RXyzt%2BtnSZGW%2BdvGl1XNpboS1UmcNqLz%2FWAMmJ%2BTh3ZXZEz62ug5pGpiyRlrukoOC1Dtg%2BVXYfPfMnae3H%2FKe%2BxVWz8GoQ02cO6jKemz8%2BPBQSQIlDjGNa9h%2F4fhwHtkb6BkftLiOLK3RNzX6qgZVQ9jykXGRm90zP346rc8Qq7lxrMzcVqyM%2BmQW7YQ8M%2FfL9LcPK%2FdaUbvt0rDb8aKIiigO%2FOUk9DilfhD6YUjbKOyEHR9%2B%2BxcAAAD%2F%2FwEAAP%2F%2FlXOTI5cEAAA%3D HTTP/1.1
Host: diminutioneconomy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://scemga.com/
Cookie: u_pl=16437760; uid_id2=cfa4e371-e494-494c-ad0e-1d5196fcfcde:1:1; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; nlec79058c42da72db7016303f55ac74fc51=[3637745,2229215,2229214]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Mon, 12 Sep 2022 20:04:10 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: bdd1fb2ee96e55bd573d136630556863
Strict-Transport-Security: max-age=0; includeSubdomains

diminutioneconomy.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSQYgcRRutye7%2FI3pRyUFBySAiitnZ7p6e7hlzCMa4ElyzMVH0JtVV1ZNyq7uaqu7pyXowMaA5DnjSU8%2Bb3ayui%2BhVcJHZgMiisHPbg%2BvZowhBPMmMi6MfdH%2Ffq%2FcO73tVHw6LY%2BKgoEcXX9MbUim63Go49Wffdt1z9VWZFv16vx28E%2Fjn6qb3QidoOM%2FVXxFsXS97jus4ruPWV6QRse4vT0nIbLfjNjpOw%2FcabstH3%2FwX26IGS2vgvWPyKCSfLN6rnYZkY6TJVxeFXc91dvblpFA01wY9vv1mup7qMkUyH2NTQ5xun6ih7eHKHnS6NbML3ftHGMkJqX2%2FhyjdPjGJqLc58xkpiBQRfwhlbwyhxpB0DKZvQ%2FJDAjCOy2tIk7uXtSnpjb9ZOmUnZPH%2B75DlhCz%2BfBpp8uUFJfv1a1oVudSpRT%2BuIPtjyO4YWbGPfOMUZLkPln8AyX8iy%2FdXkSaba1ZpSH70NIupL5qhuyT8jr%2Fkd3y2RLkjllzecjtBzGLGxSwgKceQ8RhKDEBtDcX0kzUUcQ1FVkPCj%2BrMdd3Q4Yw67Q5jTR6KKOCOS8PYpa4TtFGw6Q4D5NkATA3AzE1k5tZnvBmKZsT8YYR1OYApvoO9XsHy%2F8PmE1J7%2FX30eIVSEJSWoKQEpSQoc4KyV21xZT1b3eXKFpF70r2T3qxGOu8O6ZbOuyIlw%2ByYPDLL8c8Jwbo4qocdp9Vmvsdp6PEodNyg6TTjVouy0I9Zy4WVFaQ9Ndt6Q07IY%2B89j0xOyP%2FOPomI7sOqfTB5BrRwQctR6Dmg10d%2B28FGumOZSLq0wXQCritk%2BSLyG7WhOiaPz1w8tfALBDs4v%2FPE7gPuM7%2BCmQqZqfCuvEfQVXdGV3VJNq%2Fq0pKv17JcJnKDTm%2F6Wk5zsbDzqrhRasMvXbSDz19kU2I67r4hbL5KUy7TriVfXJCcC7OiDRPk20v2LRFdKez1C4VJi2z1yksrl5LMCGulTseg8nDtDzA5IYu39mZP%2BOEfP4I0Y5iiQlIckJOC1Ptg2U3YbO7e6gUYNddE2SmURTUyXjQ%2FVJJAiTmmUQX7LxzN56G9g67xQPPbSJMKPVOhpypQNYAtHhzlmTk4%2F8Mn0%2FoUkVoYRcosbEbKqI8nJLz12yzf6e8YVh7Vw2bToUGn5YYhFWHke%2B04cDmlnh94QUCbyO2EnRl88xcAAAD%2F%2FwEAAP%2F%2FjeVmEZcEAAA%3D

192.243.61.227

200 OK

7 B

URL HTTP/1.1
diminutioneconomy.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSQYgcRRutye7%2FI3pRyUFBySAiitnZ7p6e7hlzCMa4ElyzMVH0JtVV1ZNyq7uaqu7pyXowMaA5DnjSU8%2Bb3ayui%2BhVcJHZgMiisHPbg%2BvZowhBPMmMi6MfdH%2Ffq%2FcO73tVHw6LY%2BKgoEcXX9MbUim63Go49Wffdt1z9VWZFv16vx28E%2Fjn6qb3QidoOM%2FVXxFsXS97jus4ruPWV6QRse4vT0nIbLfjNjpOw%2FcabstH3%2FwX26IGS2vgvWPyKCSfLN6rnYZkY6TJVxeFXc91dvblpFA01wY9vv1mup7qMkUyH2NTQ5xun6ih7eHKHnS6NbML3ftHGMkJqX2%2FhyjdPjGJqLc58xkpiBQRfwhlbwyhxpB0DKZvQ%2FJDAjCOy2tIk7uXtSnpjb9ZOmUnZPH%2B75DlhCz%2BfBpp8uUFJfv1a1oVudSpRT%2BuIPtjyO4YWbGPfOMUZLkPln8AyX8iy%2FdXkSaba1ZpSH70NIupL5qhuyT8jr%2Fkd3y2RLkjllzecjtBzGLGxSwgKceQ8RhKDEBtDcX0kzUUcQ1FVkPCj%2BrMdd3Q4Yw67Q5jTR6KKOCOS8PYpa4TtFGw6Q4D5NkATA3AzE1k5tZnvBmKZsT8YYR1OYApvoO9XsHy%2F8PmE1J7%2FX30eIVSEJSWoKQEpSQoc4KyV21xZT1b3eXKFpF70r2T3qxGOu8O6ZbOuyIlw%2ByYPDLL8c8Jwbo4qocdp9Vmvsdp6PEodNyg6TTjVouy0I9Zy4WVFaQ9Ndt6Q07IY%2B89j0xOyP%2FOPomI7sOqfTB5BrRwQctR6Dmg10d%2B28FGumOZSLq0wXQCritk%2BSLyG7WhOiaPz1w8tfALBDs4v%2FPE7gPuM7%2BCmQqZqfCuvEfQVXdGV3VJNq%2Fq0pKv17JcJnKDTm%2F6Wk5zsbDzqrhRasMvXbSDz19kU2I67r4hbL5KUy7TriVfXJCcC7OiDRPk20v2LRFdKez1C4VJi2z1yksrl5LMCGulTseg8nDtDzA5IYu39mZP%2BOEfP4I0Y5iiQlIckJOC1Ptg2U3YbO7e6gUYNddE2SmURTUyXjQ%2FVJJAiTmmUQX7LxzN56G9g67xQPPbSJMKPVOhpypQNYAtHhzlmTk4%2F8Mn0%2FoUkVoYRcosbEbKqI8nJLz12yzf6e8YVh7Vw2bToUGn5YYhFWHke%2B04cDmlnh94QUCbyO2EnRl88xcAAAD%2F%2FwEAAP%2F%2FjeVmEZcEAAA%3D
IP
192.243.61.227:0
ASN
#39572 DataWeb Global Group B.V.

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

HTTP Headers

GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSQYgcRRutye7%2FI3pRyUFBySAiitnZ7p6e7hlzCMa4ElyzMVH0JtVV1ZNyq7uaqu7pyXowMaA5DnjSU8%2Bb3ayui%2BhVcJHZgMiisHPbg%2BvZowhBPMmMi6MfdH%2Ffq%2FcO73tVHw6LY%2BKgoEcXX9MbUim63Go49Wffdt1z9VWZFv16vx28E%2Fjn6qb3QidoOM%2FVXxFsXS97jus4ruPWV6QRse4vT0nIbLfjNjpOw%2FcabstH3%2FwX26IGS2vgvWPyKCSfLN6rnYZkY6TJVxeFXc91dvblpFA01wY9vv1mup7qMkUyH2NTQ5xun6ih7eHKHnS6NbML3ftHGMkJqX2%2FhyjdPjGJqLc58xkpiBQRfwhlbwyhxpB0DKZvQ%2FJDAjCOy2tIk7uXtSnpjb9ZOmUnZPH%2B75DlhCz%2BfBpp8uUFJfv1a1oVudSpRT%2BuIPtjyO4YWbGPfOMUZLkPln8AyX8iy%2FdXkSaba1ZpSH70NIupL5qhuyT8jr%2Fkd3y2RLkjllzecjtBzGLGxSwgKceQ8RhKDEBtDcX0kzUUcQ1FVkPCj%2BrMdd3Q4Yw67Q5jTR6KKOCOS8PYpa4TtFGw6Q4D5NkATA3AzE1k5tZnvBmKZsT8YYR1OYApvoO9XsHy%2F8PmE1J7%2FX30eIVSEJSWoKQEpSQoc4KyV21xZT1b3eXKFpF70r2T3qxGOu8O6ZbOuyIlw%2ByYPDLL8c8Jwbo4qocdp9Vmvsdp6PEodNyg6TTjVouy0I9Zy4WVFaQ9Ndt6Q07IY%2B89j0xOyP%2FOPomI7sOqfTB5BrRwQctR6Dmg10d%2B28FGumOZSLq0wXQCritk%2BSLyG7WhOiaPz1w8tfALBDs4v%2FPE7gPuM7%2BCmQqZqfCuvEfQVXdGV3VJNq%2Fq0pKv17JcJnKDTm%2F6Wk5zsbDzqrhRasMvXbSDz19kU2I67r4hbL5KUy7TriVfXJCcC7OiDRPk20v2LRFdKez1C4VJi2z1yksrl5LMCGulTseg8nDtDzA5IYu39mZP%2BOEfP4I0Y5iiQlIckJOC1Ptg2U3YbO7e6gUYNddE2SmURTUyXjQ%2FVJJAiTmmUQX7LxzN56G9g67xQPPbSJMKPVOhpypQNYAtHhzlmTk4%2F8Mn0%2FoUkVoYRcosbEbKqI8nJLz12yzf6e8YVh7Vw2bToUGn5YYhFWHke%2B04cDmlnh94QUCbyO2EnRl88xcAAAD%2F%2FwEAAP%2F%2FjeVmEZcEAAA%3D HTTP/1.1
Host: diminutioneconomy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://scemga.com/
Cookie: u_pl=16437760; uid_id2=cfa4e371-e494-494c-ad0e-1d5196fcfcde:1:1; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; nlec79058c42da72db7016303f55ac74fc51=[3637745,2229215,2229214]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Mon, 12 Sep 2022 20:04:10 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 604c6ceba86a78ad98c1de5f5c271dc6
Strict-Transport-Security: max-age=0; includeSubdomains

diminutioneconomy.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSQYgcRRStyawielHJQUHJICKK2dnunp7uGXMIxrgSXLMxUfQm1VXVk3Kru5qq7unJejAxEHIc8KSnnjebROMiehVcZDYgsijs3PbgevYoQhBPMpPF0Q%2FF%2F6%2FeO7z%2Fqm6MikPioKAHZ9%2FSm1IputJuOo0X33fdU401mRaDxqATfBD4pxqm%2F0o3aDovNd4QbEOveI7rOK7jNlalEbEerMxIyGy76za7TtP3mm7bx8D8H9uiBktr4P1D8iQkny7dqx2HZBOkyTdnhd3IdXby9aRQNNcGfX7n3XQj1WWKZDHGpoY4vXOkhrb7qzvQ6a25Xej%2Bv8JITkntxx1E6Z0jk4j6W3OfkYJIEfHHUPYnEGoCSSdg%2Bjok3ycA4zi%2FjjS5fV6bkl55wNIZOyVL9%2F%2BELKdk6dfjSJOvzyg5aFzSqsilTi0GcQU5mED2JsiKXeSbxyDLXbD8E0j%2BC1m5v4Y02Vq3SkPyg%2BdZTH3RCt1l4Xf9Zb%2Frs2XKHbHs8rbbDWIWMy7mAUk5gYwnUGIIamsoZkfWUMQ1FFkNCT9oMNd1Q4cz6nS6jLV4KKKAOy4NY5e6TtBBwWY7DJFnQzA1BDNXkZlrX%2FBWKFoR80cRNuQQpvgB9nIFyx%2BGzaek9vbH6PMKpSAoLUFJCUpJUOYEZb%2B6xZX1bHWbK1tE7lH3jnqrGuu8N6K3dN4TKRllh%2BSJeY5%2FTwk2xEEj7DrtDvM9TkOPR6HjBi2nFbfblIV%2BzNourKwg7bH51ptySp766GVkckoeOvksIroLq3bB5AnQwgUtx6HngF4e%2Bx0Hm%2Bldy0TSo02mE3BdIcuXkF%2BpjdQheXru4rn6IQTbO333me1H3Bd%2BBzMVMlPhQ3mPoKduji%2Fqkmxd1KUl365nuUzkJp299KWc5qJ%2B901xpdSGnztrh1%2B%2BymbEbNx%2BR9h8jaZcpj1LvjojORdmVRsmyPfn7HsiulDYy2cKkxbZ2oXXVs8lmRHWSp1OQOX%2B%2Bl9gckqWru3Mv%2FDjP9%2BANBOYokJS7JGjgtS7YNlV2Gzh3uo6jFpooqyOsqjGxosWl0oSKLHANKpg%2F4OjxTyyN9EzHmh%2BHWlSoW8q9FUFqoawxaPjPDN7p3%2F6bFafI1L1caRMfStSRn06JeG1P2b5%2FvYgZCsPGmGr5dCg23bDkIow8r1OHLicUs8PvCCgLeR2yk4Mv%2FsHAAD%2F%2FwEAAP%2F%2Fn92AapcEAAA%3D

192.243.61.227

200 OK

7 B

URL HTTP/1.1
diminutioneconomy.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSQYgcRRStyawielHJQUHJICKK2dnunp7uGXMIxrgSXLMxUfQm1VXVk3Kru5qq7unJejAxEHIc8KSnnjebROMiehVcZDYgsijs3PbgevYoQhBPMpPF0Q%2FF%2F6%2FeO7z%2Fqm6MikPioKAHZ9%2FSm1IputJuOo0X33fdU401mRaDxqATfBD4pxqm%2F0o3aDovNd4QbEOveI7rOK7jNlalEbEerMxIyGy76za7TtP3mm7bx8D8H9uiBktr4P1D8iQkny7dqx2HZBOkyTdnhd3IdXby9aRQNNcGfX7n3XQj1WWKZDHGpoY4vXOkhrb7qzvQ6a25Xej%2Bv8JITkntxx1E6Z0jk4j6W3OfkYJIEfHHUPYnEGoCSSdg%2Bjok3ycA4zi%2FjjS5fV6bkl55wNIZOyVL9%2F%2BELKdk6dfjSJOvzyg5aFzSqsilTi0GcQU5mED2JsiKXeSbxyDLXbD8E0j%2BC1m5v4Y02Vq3SkPyg%2BdZTH3RCt1l4Xf9Zb%2Frs2XKHbHs8rbbDWIWMy7mAUk5gYwnUGIIamsoZkfWUMQ1FFkNCT9oMNd1Q4cz6nS6jLV4KKKAOy4NY5e6TtBBwWY7DJFnQzA1BDNXkZlrX%2FBWKFoR80cRNuQQpvgB9nIFyx%2BGzaek9vbH6PMKpSAoLUFJCUpJUOYEZb%2B6xZX1bHWbK1tE7lH3jnqrGuu8N6K3dN4TKRllh%2BSJeY5%2FTwk2xEEj7DrtDvM9TkOPR6HjBi2nFbfblIV%2BzNourKwg7bH51ptySp766GVkckoeOvksIroLq3bB5AnQwgUtx6HngF4e%2Bx0Hm%2Bldy0TSo02mE3BdIcuXkF%2BpjdQheXru4rn6IQTbO333me1H3Bd%2BBzMVMlPhQ3mPoKduji%2Fqkmxd1KUl365nuUzkJp299KWc5qJ%2B901xpdSGnztrh1%2B%2BymbEbNx%2BR9h8jaZcpj1LvjojORdmVRsmyPfn7HsiulDYy2cKkxbZ2oXXVs8lmRHWSp1OQOX%2B%2Bl9gckqWru3Mv%2FDjP9%2BANBOYokJS7JGjgtS7YNlV2Gzh3uo6jFpooqyOsqjGxosWl0oSKLHANKpg%2F4OjxTyyN9EzHmh%2BHWlSoW8q9FUFqoawxaPjPDN7p3%2F6bFafI1L1caRMfStSRn06JeG1P2b5%2FvYgZCsPGmGr5dCg23bDkIow8r1OHLicUs8PvCCgLeR2yk4Mv%2FsHAAD%2F%2FwEAAP%2F%2Fn92AapcEAAA%3D
IP
192.243.61.227:0
ASN
#39572 DataWeb Global Group B.V.

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

HTTP Headers

GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSQYgcRRStyawielHJQUHJICKK2dnunp7uGXMIxrgSXLMxUfQm1VXVk3Kru5qq7unJejAxEHIc8KSnnjebROMiehVcZDYgsijs3PbgevYoQhBPMpPF0Q%2FF%2F6%2FeO7z%2Fqm6MikPioKAHZ9%2FSm1IputJuOo0X33fdU401mRaDxqATfBD4pxqm%2F0o3aDovNd4QbEOveI7rOK7jNlalEbEerMxIyGy76za7TtP3mm7bx8D8H9uiBktr4P1D8iQkny7dqx2HZBOkyTdnhd3IdXby9aRQNNcGfX7n3XQj1WWKZDHGpoY4vXOkhrb7qzvQ6a25Xej%2Bv8JITkntxx1E6Z0jk4j6W3OfkYJIEfHHUPYnEGoCSSdg%2Bjok3ycA4zi%2FjjS5fV6bkl55wNIZOyVL9%2F%2BELKdk6dfjSJOvzyg5aFzSqsilTi0GcQU5mED2JsiKXeSbxyDLXbD8E0j%2BC1m5v4Y02Vq3SkPyg%2BdZTH3RCt1l4Xf9Zb%2Frs2XKHbHs8rbbDWIWMy7mAUk5gYwnUGIIamsoZkfWUMQ1FFkNCT9oMNd1Q4cz6nS6jLV4KKKAOy4NY5e6TtBBwWY7DJFnQzA1BDNXkZlrX%2FBWKFoR80cRNuQQpvgB9nIFyx%2BGzaek9vbH6PMKpSAoLUFJCUpJUOYEZb%2B6xZX1bHWbK1tE7lH3jnqrGuu8N6K3dN4TKRllh%2BSJeY5%2FTwk2xEEj7DrtDvM9TkOPR6HjBi2nFbfblIV%2BzNourKwg7bH51ptySp766GVkckoeOvksIroLq3bB5AnQwgUtx6HngF4e%2Bx0Hm%2Bldy0TSo02mE3BdIcuXkF%2BpjdQheXru4rn6IQTbO333me1H3Bd%2BBzMVMlPhQ3mPoKduji%2Fqkmxd1KUl365nuUzkJp299KWc5qJ%2B901xpdSGnztrh1%2B%2BymbEbNx%2BR9h8jaZcpj1LvjojORdmVRsmyPfn7HsiulDYy2cKkxbZ2oXXVs8lmRHWSp1OQOX%2B%2Bl9gckqWru3Mv%2FDjP9%2BANBOYokJS7JGjgtS7YNlV2Gzh3uo6jFpooqyOsqjGxosWl0oSKLHANKpg%2F4OjxTyyN9EzHmh%2BHWlSoW8q9FUFqoawxaPjPDN7p3%2F6bFafI1L1caRMfStSRn06JeG1P2b5%2FvYgZCsPGmGr5dCg23bDkIow8r1OHLicUs8PvCCgLeR2yk4Mv%2FsHAAD%2F%2FwEAAP%2F%2Fn92AapcEAAA%3D HTTP/1.1
Host: diminutioneconomy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://scemga.com/
Cookie: u_pl=16437760; uid_id2=cfa4e371-e494-494c-ad0e-1d5196fcfcde:1:1; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; nlec79058c42da72db7016303f55ac74fc51=[3637745,2229215,2229214]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Mon, 12 Sep 2022 20:04:10 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d7fd4786558fb4b033987025dd19050d
Strict-Transport-Security: max-age=0; includeSubdomains

diminutioneconomy.com/65/aa/28/65aa283021630dfd9030555c4c61a78c.js

192.243.61.227

200 OK

29 kB

URL HTTP/1.1
diminutioneconomy.com/65/aa/28/65aa283021630dfd9030555c4c61a78c.js
IP
192.243.61.227:0
ASN
#39572 DataWeb Global Group B.V.

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Size
29 kB (28750 bytes)
Hash
c7eab4a38c842e27b3b522a43611fa00
785bd3a3cb90df6f3c7c1dc83d451c947c0b58ff
0fcd98527df29545fcbf1d1ca8a237db6b8acbc34b4d1689197b4d8cc1fff43b

HTTP Headers

GET /65/aa/28/65aa283021630dfd9030555c4c61a78c.js HTTP/1.1
Host: diminutioneconomy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://scemga.com/
Cookie: u_pl=16437760; uid_id2=cfa4e371-e494-494c-ad0e-1d5196fcfcde:1:1; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; nlec79058c42da72db7016303f55ac74fc51=[3637745,2229215,2229214]
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Mon, 12 Sep 2022 20:04:10 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 1b1ab3028f0419499ff700ef7ceb00cf
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

e1.o.lencr.org/

95.101.11.115

200 OK

346 B

URL HTTP/1.1
e1.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
346 B (346 bytes)
Hash
b32a5e9b733c4d6d00fa0ae101956367
a584d7ac68cf4e1e8d897ef1b0ba8d4d3037e997
6d41a9ea960766d6c7a93e01b3da41b93b651a3e38b00ec9873794c4bbdbee5b

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "6D41A9EA960766D6C7A93E01B3DA41B93B651A3E38B00EC9873794C4BBDBEE5B"
Last-Modified: Sat, 10 Sep 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19146
Expires: Tue, 13 Sep 2022 01:23:17 GMT
Date: Mon, 12 Sep 2022 20:04:11 GMT
Connection: keep-alive

e1.o.lencr.org/

95.101.11.115

200 OK

346 B

URL HTTP/1.1
e1.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
346 B (346 bytes)
Hash
b32a5e9b733c4d6d00fa0ae101956367
a584d7ac68cf4e1e8d897ef1b0ba8d4d3037e997
6d41a9ea960766d6c7a93e01b3da41b93b651a3e38b00ec9873794c4bbdbee5b

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "6D41A9EA960766D6C7A93E01B3DA41B93B651A3E38B00EC9873794C4BBDBEE5B"
Last-Modified: Sat, 10 Sep 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19146
Expires: Tue, 13 Sep 2022 01:23:17 GMT
Date: Mon, 12 Sep 2022 20:04:11 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
992a1ffc097e77b6d26183db2fe6c614
b0bb0b755aeb8c5903429bf206e74c727ebca792
879e7f8481df8c88576bc8a0319cc430d69433b25021c88481ed1086122c2448

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "879E7F8481DF8C88576BC8A0319CC430D69433B25021C88481ED1086122C2448"
Last-Modified: Mon, 12 Sep 2022 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3032
Expires: Mon, 12 Sep 2022 20:54:43 GMT
Date: Mon, 12 Sep 2022 20:04:11 GMT
Connection: keep-alive

skipdearbeautify.com/pixel/purst?dl=0&th=0&sc=0&rs=5755&rd=5755&fd=442&bv=22.8.v.2&tmpl=136

173.233.139.164

200 OK

0 B

URL HTTP/1.1
skipdearbeautify.com/pixel/purst?dl=0&th=0&sc=0&rs=5755&rd=5755&fd=442&bv=22.8.v.2&tmpl=136
IP
173.233.139.164:0
ASN
#7979 SERVERS-COM

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /pixel/purst?dl=0&th=0&sc=0&rs=5755&rd=5755&fd=442&bv=22.8.v.2&tmpl=136 HTTP/1.1
Host: skipdearbeautify.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://scemga.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 12 Sep 2022 20:04:11 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
503237177a3d86d83f4c970effc37833
e2c733d5fe37ec941521578d5bdcf0bcad00d7e5
16380371ae5fc51ca985271a1fccdcd8e203b4af6134e8ffbe4e957a04180764

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "16380371AE5FC51CA985271A1FCCDCD8E203B4AF6134E8FFBE4E957A04180764"
Last-Modified: Sun, 11 Sep 2022 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20156
Expires: Tue, 13 Sep 2022 01:40:07 GMT
Date: Mon, 12 Sep 2022 20:04:11 GMT
Connection: keep-alive

banquetunarmedgrater.com/advertisers.js

192.243.61.225

200 OK

0 B

URL HTTP/1.1
banquetunarmedgrater.com/advertisers.js
IP
192.243.61.225:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /advertisers.js HTTP/1.1
Host: banquetunarmedgrater.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://scemga.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Mon, 12 Sep 2022 20:04:11 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d58877c706cc552bf0828fbb9496962d
Strict-Transport-Security: max-age=0; includeSubdomains

addresseepaper.com/sfp.js

104.21.235.2

200 OK

23 kB

URL HTTP/2
addresseepaper.com/sfp.js
IP
104.21.235.2:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Size
23 kB (23084 bytes)
Hash
22d0be38cff37c2a380b8d37351ac495
92d8c874ea32e8a72d42338358e8ee973c4da1f0
e9f42bbe705429c897274d46011313905f41a829c154581a9b2185441662dbd3

HTTP Headers

GET /sfp.js HTTP/1.1
Host: addresseepaper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://scemga.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Mon, 12 Sep 2022 20:04:11 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 7699ada527ef624aaee575629189ae2d
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Mon, 12 Sep 2022 20:04:11 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=78fQIIujfoiTrCKhn75%2BdBZ6N%2FDdaT4pvcbs2cgurATra%2B7nM86gSvHDfKx8il%2B5EgzTG%2FsttinCiA%2FwlqaT7PRN1Y60wDxmjSs9EDuz2mTMi%2BQ8QPm8UOGd9JezpOEMmmn6FsY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 749b4031580a71cc-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

acdcdn.com/script/atg.js

104.21.6.66

200 OK

0 B

URL HTTP/2
acdcdn.com/script/atg.js
IP
104.21.6.66:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /script/atg.js HTTP/1.1
Host: acdcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://scemga.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Mon, 12 Sep 2022 20:04:06 GMT
content-type: application/javascript
x-guploader-uploadid: ADPycdsYeMqd1h5xQQ8mpDKYtDFSfEcoFRndqO0Lhz4JeNqWUKIBGJyxBwgvyViDBSmCnx5pT9AlBOBILkVPdquixeyLvaL45rUd
x-goog-generation: 1662291096576502
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 97006
x-goog-hash: crc32c=cP6rPg==, md5=cHzYdZFLhO0KtH/SFwBqJw==
x-goog-storage-class: MULTI_REGIONAL
access-control-allow-origin: *
expires: Mon, 12 Sep 2022 19:49:52 GMT
cache-control: public, max-age=14400
age: 3269
last-modified: Sun, 04 Sep 2022 11:31:36 GMT
etag: W/"707cd875914b84ed0ab47fd217006a27"
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VgfvRLPNPim78kbt4XqjgE0YKp7ozqZFbLCP6IP03rPHGnoDU3tYUXvmM%2FbIJS4WyZ3vcgZkpVR5%2Fi5JwFgi4hPHYgX1BvXHQOnKOo2u2Mbu2bPu79x1o0IhmHmZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 749b40156937b529-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

asacdn.com/script/atg.js

172.67.201.216

200 OK

0 B

URL HTTP/2
asacdn.com/script/atg.js
IP
172.67.201.216:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /script/atg.js HTTP/1.1
Host: asacdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://scemga.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Mon, 12 Sep 2022 20:04:06 GMT
content-type: application/javascript
x-guploader-uploadid: ADPycdsYeMqd1h5xQQ8mpDKYtDFSfEcoFRndqO0Lhz4JeNqWUKIBGJyxBwgvyViDBSmCnx5pT9AlBOBILkVPdquixeyLvaL45rUd
x-goog-generation: 1662291096576502
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 97006
x-goog-hash: crc32c=cP6rPg==, md5=cHzYdZFLhO0KtH/SFwBqJw==
x-goog-storage-class: MULTI_REGIONAL
access-control-allow-origin: *
expires: Mon, 12 Sep 2022 19:49:52 GMT
cache-control: public, max-age=14400
age: 3295
last-modified: Sun, 04 Sep 2022 11:31:36 GMT
etag: W/"707cd875914b84ed0ab47fd217006a27"
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1WaBFW0yUKBiSjX2l09cWvQtmxyftAjz%2FnZq5kod2pCp0wwt3UL5hXDbSUN2k%2BFrL8pi0rVZm3xBpASSFnDoIfWX0b5Sm7tvQIIN6IfqtaogMl5iu0eCgnx5d3Ui"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 749b40155d430b39-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

ashcdn.com/script/atg.js

172.67.173.137

200 OK

0 B

URL HTTP/2
ashcdn.com/script/atg.js
IP
172.67.173.137:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /script/atg.js HTTP/1.1
Host: ashcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://scemga.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Mon, 12 Sep 2022 20:04:06 GMT
content-type: application/javascript
x-guploader-uploadid: ADPycdsYeMqd1h5xQQ8mpDKYtDFSfEcoFRndqO0Lhz4JeNqWUKIBGJyxBwgvyViDBSmCnx5pT9AlBOBILkVPdquixeyLvaL45rUd
x-goog-generation: 1662291096576502
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 97006
x-goog-hash: crc32c=cP6rPg==, md5=cHzYdZFLhO0KtH/SFwBqJw==
x-goog-storage-class: MULTI_REGIONAL
access-control-allow-origin: *
expires: Mon, 12 Sep 2022 19:49:52 GMT
cache-control: public, max-age=14400
age: 2759
last-modified: Sun, 04 Sep 2022 11:31:36 GMT
etag: W/"707cd875914b84ed0ab47fd217006a27"
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7DhWUb%2F8uVcn4o0FkT1Fw3vkUrQZXkCE7RqIj0UZ0%2BxqRGTSP3eTzwF2oFciKXdt2E1CbKdBukjcTfOAO3q%2Bx24EmacUtVQg2qh3g9h%2BdYyrQwRadzNk8hiYgZbd"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 749b40156c3db4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (43)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations