Report - wecima.best/category/%D8%A3%D9%81%D9%84%D8%A7%D9%85/%D8%A7%D9%81%D9%84%D8%A7%D9%85-%D9%88%D8

Report Overview

Visited public
2023-10-24 20:44:38
Tags
URL
wecima.best/category/%D8%A3%D9%81%D9%84%D8%A7%D9%85/%D8%A7%D9%81%D9%84%D8%A7%D9%85-%D9%88%D8
Finishing URL
mycima17.wecima.watch/category/%D8%A3%D9%81%D9%84%D8%A7%D9%85/%D8%A7%D9%81%D9%84%D8%A7%D9%85-%D9%88%D8
IP / ASN
104.21.32.134
#13335 CLOUDFLARENET
Title
مشاهدة ماى سيما MYCIMA وى سيما WECIMA افلام و مسلسلات اون لاين - وى سيما wecima ماى سيما mycima

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
inklinkor.com	unknown	2022-04-01	2022-04-01 13:44:00	2023-10-24 16:21:27	406 B	105 kB	104.21.91.63
fleraprt.com	unknown	2022-01-14	2022-01-14 23:55:14	2023-10-24 18:32:41	543 B	491 B	139.45.195.254
site-assets.fontawesome.com	299062	2012-10-18	2022-02-10 07:20:21	2023-10-24 18:22:42	1.6 kB	1.2 MB	104.18.22.52
gorillasneer.com	unknown	2023-09-23	2023-09-23 03:46:53	2023-10-24 20:20:29	491 B	467 B	173.233.137.52
my.rtmark.net	9054	2014-10-29	2015-02-04 10:54:57	2023-10-24 19:25:16	1.4 kB	1.5 kB	139.45.195.8
banquetunarmedgrater.com	unknown	2022-08-04	2022-08-04 17:12:50	2023-10-24 19:35:23	421 B	845 B	172.64.199.37
wecima.tube	unknown	2023-02-02	2023-02-02 03:54:18	2023-10-24 15:26:09	462 B	6.4 kB	188.114.97.1
cameesse.net	unknown	2023-10-18	2023-10-18 14:31:33	2023-10-24 16:44:39	3.2 kB	177 kB	139.45.197.242
friendshipmale.com	unknown	2022-10-21	2022-10-21 14:15:25	2023-10-24 19:33:11	407 B	28 kB	172.64.163.2
mycima17.wecima.watch	unknown	2023-02-02	2023-10-24 04:05:45	2023-10-24 15:26:09	4.8 kB	354 kB	172.67.192.85
lr.bezoarschrysid.com	unknown	2023-09-21	2023-09-21 14:20:55	2023-10-24 15:25:38	425 B	1.4 kB	172.255.6.150
alteredyacht.com	unknown	2023-08-22	2023-08-22 03:51:26	2023-10-24 15:26:09	443 B	24 kB	173.233.137.52
www.googletagmanager.com	75	2011-11-11	2013-05-22 04:07:37	2023-10-24 19:34:38	895 B	331 kB	142.250.74.168
tzegilo.com	unknown	2022-01-14	2022-01-14 16:27:15	2023-10-24 18:32:41	406 B	20 kB	172.64.201.36
unseenreport.com	unknown	2022-03-30	2022-03-30 16:33:17	2023-10-24 19:23:27	747 B	424 B	192.243.61.227
professionalswebcheck.com	unknown	2022-04-01	2022-04-02 00:47:29	2023-10-24 19:03:53	450 B	430 B	35.157.63.144
wecima.best	unknown	2023-02-02	2023-02-02 03:26:28	2023-10-22 18:19:07	548 B	90 kB	172.67.152.74
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2023-10-24 19:07:45	2.1 kB	52 kB	216.58.207.227
groorsoa.net	unknown	2023-10-23	2023-10-24 03:50:52	2023-10-24 18:13:51	1.7 kB	6.8 kB	139.45.197.245
soumehoo.net	unknown	2023-09-13	2023-09-13 17:06:05	2023-10-24 16:52:43	406 B	32 kB	139.45.197.242

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-10-24	medium	gorillasneer.com	Sinkholed
2023-10-24	medium	cameesse.net	Sinkholed
2023-10-24	medium	cameesse.net	Sinkholed
2023-10-24	medium	cameesse.net	Sinkholed
2023-10-24	medium	soumehoo.net	Sinkholed
2023-10-24	medium	cameesse.net	Sinkholed
2023-10-24	medium	cameesse.net	Sinkholed
2023-10-24	medium	unseenreport.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (20)

	URL	From	Size	First Seen	Last Seen
	mycima17.wecima.watch/wp-content/themes/Mycima2021/components/packs/%23footer/js/owl.carousel.min.js?ver=6.2.2	ScriptElement	95 kB	2023-03-07	2025-04-09
Pretty URL mycima17.wecima.watch/wp-content/themes/Mycima2021/components/packs/%23footer/js/owl.carousel.min.js?ver=6.2.2 IP 172.67.192.85 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:39 Last Seen2025-04-09 05:14 Times Seen125 Hash fcdee094e98d38fe380e1b5aad9bf444 d0ea8bb98673c7daa2da3af292eeea39a4f7479a ab97310577a6474ae4b0bd9bb8ef5267698bb9fa61127cb358d4512676d90488 Loading...

	www.googletagmanager.com/gtag/js?id=UA-128370636-1&l=dataLayer&cx=c	ScriptElement	177 kB	2023-10-24	2023-10-24
Pretty URL www.googletagmanager.com/gtag/js?id=UA-128370636-1&l=dataLayer&cx=c IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-24 22:44 Last Seen2023-10-24 22:44 Times Seen1 Hash 53db75e9822d03b6fbee26c74a17e140 4528927a60e33b8f38f498f35f9bf99ec325c488 6c09de43c548581111135763731447d458961eab73a9b6e42771028bd74b8c28 Loading...

	www.google-analytics.com/analytics.js	ScriptElement	4.7 kB	2023-04-11	2025-05-16
Pretty URL www.google-analytics.com/analytics.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2025-05-16 03:41 Times Seen342375 Hash f24128d0c9cba7be2916c693427a3483 1b6397d496ea896ebc2018b01b995cee4f166029 58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8 Loading...

	banquetunarmedgrater.com/advertisers.js	ScriptElement	0 B	0001-01-01	2025-05-16
Pretty URL banquetunarmedgrater.com/advertisers.js IP 172.64.199.37 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen0001-01-01 00:00 Last Seen2025-05-16 03:43 Times Seen4694149 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	cameesse.net/1?z=4807448	ScriptElement	43 kB	2023-10-24	2023-10-24
Pretty URL cameesse.net/1?z=4807448 IP 139.45.197.242 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-24 22:44 Last Seen2023-10-24 22:44 Times Seen1 Hash e8976c2962c2ecbfe9d1087e0a8e4ba2 5a553f6baef461a00485f231090202428789eeae f6c728fd1e8cec30dafda403d1858496e31d8d21be6d618c01f9d5ec8298c857 Loading...

	tzegilo.com/stattag.js	ScriptElement	19 kB	2023-09-07	2024-08-21
Pretty URL tzegilo.com/stattag.js IP 172.64.201.36 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-07 20:07 Last Seen2024-08-21 07:20 Times Seen2395 Hash 89e89aea544ea2785d49cc4cd9cf26f6 7d53437a89eb9861038ee27a8ff0e3bb70fa2a0b 86da38693fcea056d36588a4146e85392f784c457511de416fec32034aafa4f9 Loading...

	mycima17.wecima.watch/category/%D8%A3%D9%81%D9%84%D8%A7%D9%85/%D8%A7%D9%81%D9%84%D8%A7%D9%85-%D9%88%D8	ScriptElement	158 B	2023-03-25	2025-04-09
Pretty URL mycima17.wecima.watch/category/%D8%A3%D9%81%D9%84%D8%A7%D9%85/%D8%A7%D9%81%D9%84%D8%A7%D9%85-%D9%88%D8 IP 172.67.192.85 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-25 21:52 Last Seen2025-04-09 05:14 Times Seen116 Hash d8df6d4045b4e1124661b5df5086c10e c17b97603a604f539a451c6d001308b0654b909c b9848daa1b8d843e20a1540f95910ea8e5190b6e22ba895ed2d1ab380f7c48d1 Loading...

	mycima17.wecima.watch/category/%D8%A3%D9%81%D9%84%D8%A7%D9%85/%D8%A7%D9%81%D9%84%D8%A7%D9%85-%D9%88%D8	ScriptElement	815 B	2023-10-24	2024-08-21
Pretty URL mycima17.wecima.watch/category/%D8%A3%D9%81%D9%84%D8%A7%D9%85/%D8%A7%D9%81%D9%84%D8%A7%D9%85-%D9%88%D8 IP 172.67.192.85 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-10-24 15:26 Last Seen2024-08-21 03:36 Times Seen6 Hash 2876e32f5013cf7d229d562a1d9dfa1b 04dd833f6f00da3942a899d6332372d8c7618bc1 5fcf6b200e26f9407566afa30324cba8013528c54983fa49bd9e616a5419ed32 Loading...

	alteredyacht.com/5a/ab/22/5aab22948fc5f2edc2ca37dff2cd916f.js	ScriptElement	60 kB	2023-10-24	2023-10-24
Pretty URL alteredyacht.com/5a/ab/22/5aab22948fc5f2edc2ca37dff2cd916f.js IP 173.233.137.52 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-24 22:44 Last Seen2023-10-24 22:44 Times Seen1 Hash 2b139a24ed9b1077f210ce7900a995c6 10419b82bed172f45e1779410d6d8884f3dc779d 37b42d85427227f84cd3cc3943414796ed513b901f21da134949f4268aed2791 Loading...

	friendshipmale.com/sfp.js	ScriptElement	86 kB	2023-08-25	2023-11-23
Pretty URL friendshipmale.com/sfp.js IP 172.64.163.2 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-25 12:30 Last Seen2023-11-23 01:47 Times Seen6642 Hash 2d0450888479d4ddda305bd96206b240 5b4595aab1cd3f854718e05db9be0c65a12ab2f6 44de073e74ff24c6b1c0fe1f3ac5b33d793560e85ef24fb6ce89e76c2cf90af6 Loading...

	mycima17.wecima.watch/wp-content/themes/Mycima2021/components/packs/%23footer/js/jquery-3.4.1.min.js?ver=6.2.2	ScriptElement	88 kB	2023-03-07	2025-05-07
Pretty URL mycima17.wecima.watch/wp-content/themes/Mycima2021/components/packs/%23footer/js/jquery-3.4.1.min.js?ver=6.2.2 IP 172.67.192.85 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:26 Last Seen2025-05-07 10:21 Times Seen271 Hash b4999cbb6a73a9b312f635cff75e5a53 c7b683fc72d06eac129185c3e60362f5c1adc2a8 736173659d4431b8a53a08aacc1bec3ad3a2f44df5209c09d76c265374698302 Loading...

	www.googletagmanager.com/gtag/js?id=G-6JHTFKY3P3	ScriptElement	265 kB	2023-10-24	2023-10-24
Pretty URL www.googletagmanager.com/gtag/js?id=G-6JHTFKY3P3 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-24 22:38 Last Seen2023-10-24 22:44 Times Seen2 Hash 28128627c622baaa1acd35bd2835966a 12bf82375b2b9e3e412fb7a7a2b1be5b78d74dd0 80daabca41a816537e2a332cd79dd8a30122f3c16f111c7036194a5b3dcae1a4 Loading...

	inklinkor.com/tag.min.js	ScriptElement	81 kB	2023-10-24	2023-10-25
Pretty URL inklinkor.com/tag.min.js IP 104.21.91.63 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-24 14:35 Last Seen2023-10-25 16:05 Times Seen46 Hash 474dba3a642160f36e8ec94becf98c31 53d45fffb21880197fb13420dcba07d4672d0074 642e0985aa008fe7c0dca1f853abc71212586c361bdead71f1c8d107f9c0ff04 Loading...

	soumehoo.net/400/5097541	ScriptElement	82 kB	2024-08-21	2024-08-21
Pretty URL soumehoo.net/400/5097541 IP 139.45.197.242 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-21 03:33 Last Seen2024-08-21 03:33 Times Seen1 Hash a4886574cc78b22cc49d9406543a8292 bed7ea178bfed37de8f638c24dc9aaeaf9ee5aa7 6638b0b461472f0c92240e27a15a63d125a414f19210925a3f2da9ce99dbd507 Loading...

	mycima17.wecima.watch/category/%D8%A3%D9%81%D9%84%D8%A7%D9%85/%D8%A7%D9%81%D9%84%D8%A7%D9%85-%D9%88%D8	ScriptElement	193 B	2023-05-27	2025-04-01
Pretty URL mycima17.wecima.watch/category/%D8%A3%D9%81%D9%84%D8%A7%D9%85/%D8%A7%D9%81%D9%84%D8%A7%D9%85-%D9%88%D8 IP 172.67.192.85 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-05-27 13:08 Last Seen2025-04-01 06:42 Times Seen144 Hash 82455ac64431deea965cf4b1ffc05c92 9f35df08bd07430163df6795cb73e39c98848019 2b084b56d488c9519ac67d0da4aa9d1488d51fbb731ecf657cd231975213ed51 Loading...

	unknown	Function	79 B	2023-04-11	2025-05-16
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 21:38 Last Seen2025-05-16 03:29 Times Seen112823 Hash aa049e2749b8531cb8f233c2f64fc2b2 b611a5a62c1813ae5b4763378b3a4a565556530a e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2 Loading...

	unknown	Function	37 B	2023-04-11	2025-05-16
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 21:31 Last Seen2025-05-16 03:32 Times Seen264861 Hash 29d0c84b9d1d8da446a6062c6a840ad9 6d6b3a6065667c7c50d92f3889c85ed65a9ad784 3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1 Loading...

	mycima17.wecima.watch/wp-content/themes/Mycima2021/components/packs/%23footer/js/setup.js?1199092626&ver=6.2.2	ScriptElement	153 kB	2023-03-25	2024-08-21
Pretty URL mycima17.wecima.watch/wp-content/themes/Mycima2021/components/packs/%23footer/js/setup.js?1199092626&ver=6.2.2 IP 172.67.192.85 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-25 21:52 Last Seen2024-08-21 08:31 Times Seen84 Hash 01d86e0593e8805ec600bce502493839 7de61d6bc3f856ed4643c4d9ed9d843ac3277b4e 4f7d4554a7292450b3ff6ae2142e033a0daf173134a052a6681921f8270ca9be Loading...

	mycima17.wecima.watch/category/%D8%A3%D9%81%D9%84%D8%A7%D9%85/sandbox%20eval%20code		147 B	2023-04-11	2025-05-16
Pretty URL mycima17.wecima.watch/category/%D8%A3%D9%81%D9%84%D8%A7%D9%85/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-11 21:07 Last Seen2025-05-16 03:41 Times Seen343192 Hash 92b651082ce234f66bb544e678befda3 14c21c55ddce43b6f677caadf51d4ab98c6a3df8 25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded Loading...

	cameesse.net/27/1a35f96fe99c6fb6ce26f56167ed6e04	ScriptElement	412 kB	2023-10-19	2024-08-21
Pretty URL cameesse.net/27/1a35f96fe99c6fb6ce26f56167ed6e04 IP 139.45.197.242 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-19 14:32 Last Seen2024-08-21 04:07 Times Seen290 Hash e3d10345a5e4f16d7842e70768393edd 96f2cc5910d6179f94a71eb9710d24504bb4b5c8 105cdd8ee1488423586ad4e289970eafc093376355ecc88bfc3eaed4ea3f2432 Loading...

HTTP Transactions (40)

URL IP Response Size

mycima17.wecima.watch/category/%D8%A3%D9%81%D9%84%D8%A7%D9%85/%D8%A7%D9%81%D9%84%D8%A7%D9%85-%D9%88%D8

172.67.192.85

404 Not Found

0 B

URL User Request GET HTTP/3
mycima17.wecima.watch/category/%D8%A3%D9%81%D9%84%D8%A7%D9%85/%D8%A7%D9%81%D9%84%D8%A7%D9%85-%D9%88%D8
IP
172.67.192.85:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectwecima.watch
FingerprintB7:D4:0A:4C:01:E5:AD:7B:78:9E:57:40:6B:0A:65:9F:93:2F:7D:52
ValidityTue, 26 Sep 2023 13:10:12 GMT - Mon, 25 Dec 2023 13:10:11 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /category/%D8%A3%D9%81%D9%84%D8%A7%D9%85/%D8%A7%D9%81%D9%84%D8%A7%D9%85-%D9%88%D8 HTTP/1.1
Host: mycima17.wecima.watch
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Date: Tue, 24 Oct 2023 20:44:18 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Tue, 24 Oct 2023 21:44:18 GMT
Location: https://mycima17.wecima.watch/category/%D8%A3%D9%81%D9%84%D8%A7%D9%85/%D8%A7%D9%81%D9%84%D8%A7%D9%85-%D9%88%D8
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x8CyQSIa9lMF5hFkXQKFk4B85B4CgaM7j8Oh3jEElw%2FyyYb02b8dHraeloOm2cFIpI%2B5pI5btwlG1yXTLLT%2BpNqYTgAGafEZ1RrQwEkAArHzeEzs4%2BzMxwS7TksWi8lyAFHMm58Egrg%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 81b50e971d6856cc-OSL
alt-svc: h2=":443"; ma=60

wecima.best/category/%D8%A3%D9%81%D9%84%D8%A7%D9%85/%D8%A7%D9%81%D9%84%D8%A7%D9%85-%D9%88%D8

172.67.152.74

301 Moved Permanently

89 kB

URL User Request GET HTTP/2
wecima.best/category/%D8%A3%D9%81%D9%84%D8%A7%D9%85/%D8%A7%D9%81%D9%84%D8%A7%D9%85-%D9%88%D8
IP
172.67.152.74:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectwecima.best
Fingerprint45:90:3A:12:D0:4F:06:F4:D4:FA:61:77:9C:5C:5A:19:25:C4:DE:89
ValidityTue, 26 Sep 2023 02:21:19 GMT - Mon, 25 Dec 2023 02:21:18 GMT

File type
data
Size
89 kB (89339 bytes)
Hash
ef3d72f81c078c92e223a7cc75e93a3a
3b0475d7328c38898250460323ecb88a32bc8183
5d3125aff7b2504a97383e0fd543f926fc9c199ba5c38fdaa71573492d5bcae7

HTTP Headers

GET /category/%D8%A3%D9%81%D9%84%D8%A7%D9%85/%D8%A7%D9%81%D9%84%D8%A7%D9%85-%D9%88%D8 HTTP/1.1
Host: wecima.best
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Tue, 24 Oct 2023 20:44:17 GMT
content-type: text/html
location: https://mycima17.wecima.watch/category/%D8%A3%D9%81%D9%84%D8%A7%D9%85/%D8%A7%D9%81%D9%84%D8%A7%D9%85-%D9%88%D8
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8rWGuEolbUQ7EG3Srjc%2BgwAQPKdNvzST0AhqsKjkgZ7jkfz1jDJlg6FQmCG9rCi7YKYbPBoA3noL4YrZbROd2%2Bf4hs6FD4DW2beqCTM2vHLbmh00hCPtnupDmp%2BBVg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 81b50e946aa8b527-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

fonts.gstatic.com/s/tajawal/v3/Iurf6YBj_oCad4k1l8KiHrFpiQ.woff2

216.58.207.227

200 OK

9.9 kB

URL GET HTTP/2
fonts.gstatic.com/s/tajawal/v3/Iurf6YBj_oCad4k1l8KiHrFpiQ.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://mycima17.wecima.watch/category/%D8%A3%D9%81%D9%84%D8%A7%D9%85/%D8%A7%D9%81%D9%84%D8%A7%D9%85-%D9%88%D8
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint55:7F:79:64:ED:7A:04:50:63:54:9C:32:2A:AF:B7:95:17:D7:E0:33
ValidityThu, 28 Sep 2023 05:32:05 GMT - Thu, 21 Dec 2023 05:32:04 GMT

File type
Web Open Font Format (Version 2), TrueType, length 9864, version 1.0\012- data
Size
9.9 kB (9864 bytes)
Hash
9751651b345afc0e49ca1a302c19a294
05393c6e747f5e8a3c7fbee5fe15cad4c80837e1
d5aa3e4c58493f8d3693be4962e94e08d14e178ef4f0be2a27369a8813498e54

HTTP Headers

GET /s/tajawal/v3/Iurf6YBj_oCad4k1l8KiHrFpiQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://mycima17.wecima.watch
DNT: 1
Connection: keep-alive
Referer: https://mycima17.wecima.watch/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 9864
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 20 Oct 2023 10:30:59 GMT
expires: Sat, 19 Oct 2024 10:30:59 GMT
cache-control: public, max-age=31536000
age: 382399
last-modified: Tue, 16 Jul 2019 03:31:06 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/bevan/v12/4iCj6KZ0a9NXjG8dWCs.woff2

216.58.207.227

200 OK

20 kB

URL GET HTTP/2
fonts.gstatic.com/s/bevan/v12/4iCj6KZ0a9NXjG8dWCs.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://mycima17.wecima.watch/category/%D8%A3%D9%81%D9%84%D8%A7%D9%85/%D8%A7%D9%81%D9%84%D8%A7%D9%85-%D9%88%D8
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint55:7F:79:64:ED:7A:04:50:63:54:9C:32:2A:AF:B7:95:17:D7:E0:33
ValidityThu, 28 Sep 2023 05:32:05 GMT - Thu, 21 Dec 2023 05:32:04 GMT

File type
Web Open Font Format (Version 2), TrueType, length 19984, version 1.0\012- data
Size
20 kB (19984 bytes)
Hash
0db10b5d1f471ef6c3a30158ff403106
ea993e87704687d1399a3b1fd79aa84c47659c82
e0e544b2864b4c3d7425f4eff9f9365b629abcbaf37f03d0bf5ba381f227d48a

HTTP Headers

GET /s/bevan/v12/4iCj6KZ0a9NXjG8dWCs.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://mycima17.wecima.watch
DNT: 1
Connection: keep-alive
Referer: https://mycima17.wecima.watch/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 19984
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 21 Oct 2023 01:27:49 GMT
expires: Sun, 20 Oct 2024 01:27:49 GMT
cache-control: public, max-age=31536000
age: 328589
last-modified: Tue, 01 Sep 2020 03:51:37 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/tajawal/v3/Iurf6YBj_oCad4k1l5anHrFpiQ.woff2

216.58.207.227

200 OK

11 kB

URL GET HTTP/2
fonts.gstatic.com/s/tajawal/v3/Iurf6YBj_oCad4k1l5anHrFpiQ.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://mycima17.wecima.watch/category/%D8%A3%D9%81%D9%84%D8%A7%D9%85/%D8%A7%D9%81%D9%84%D8%A7%D9%85-%D9%88%D8
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint55:7F:79:64:ED:7A:04:50:63:54:9C:32:2A:AF:B7:95:17:D7:E0:33
ValidityThu, 28 Sep 2023 05:32:05 GMT - Thu, 21 Dec 2023 05:32:04 GMT

File type
Web Open Font Format (Version 2), TrueType, length 10580, version 1.0\012- data
Size
11 kB (10580 bytes)
Hash
245d8f75ea8c5799e5de85a8a7bd4172
7f546a6c551e87bb224124789c11fdb2f6429479
2f96f4fd6fe569f64e044e0409274b2f2d79976497a9b275deb497dbbfc542b0

HTTP Headers

GET /s/tajawal/v3/Iurf6YBj_oCad4k1l5anHrFpiQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://mycima17.wecima.watch
DNT: 1
Connection: keep-alive
Referer: https://mycima17.wecima.watch/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 10580
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 20 Oct 2023 11:06:08 GMT
expires: Sat, 19 Oct 2024 11:06:08 GMT
cache-control: public, max-age=31536000
age: 380290
last-modified: Tue, 16 Jul 2019 03:31:01 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/tajawal/v3/Iurf6YBj_oCad4k1l8KiHrRpiYlJ.woff2

216.58.207.227

200 OK

8.5 kB

URL GET HTTP/2
fonts.gstatic.com/s/tajawal/v3/Iurf6YBj_oCad4k1l8KiHrRpiYlJ.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://mycima17.wecima.watch/category/%D8%A3%D9%81%D9%84%D8%A7%D9%85/%D8%A7%D9%81%D9%84%D8%A7%D9%85-%D9%88%D8
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint55:7F:79:64:ED:7A:04:50:63:54:9C:32:2A:AF:B7:95:17:D7:E0:33
ValidityThu, 28 Sep 2023 05:32:05 GMT - Thu, 21 Dec 2023 05:32:04 GMT

File type
Web Open Font Format (Version 2), TrueType, length 8488, version 1.0\012- data
Size
8.5 kB (8488 bytes)
Hash
b405dddf4639fdf946fed00d4b91139c
5df4eb97753c51715b996fcec1dec7e55877404b
b0d3610919043227b56c8d5130e2ead271a067bb1b930678d5af24bbbae7c16f

HTTP Headers

GET /s/tajawal/v3/Iurf6YBj_oCad4k1l8KiHrRpiYlJ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://mycima17.wecima.watch
DNT: 1
Connection: keep-alive
Referer: https://mycima17.wecima.watch/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 8488
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 20 Oct 2023 22:20:56 GMT
expires: Sat, 19 Oct 2024 22:20:56 GMT
cache-control: public, max-age=31536000
age: 339802
last-modified: Tue, 16 Jul 2019 03:31:11 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

lr.bezoarschrysid.com/rYwzTSZUOMXA4Xx/40334

172.255.6.150

200 OK

20 B

URL GET HTTP/1.1
lr.bezoarschrysid.com/rYwzTSZUOMXA4Xx/40334
IP
172.255.6.150:443
ASN
#7979 SERVERS-COM

Requested by
https://mycima17.wecima.watch/category/%D8%A3%D9%81%D9%84%D8%A7%D9%85/%D8%A7%D9%81%D9%84%D8%A7%D9%85-%D9%88%D8
Certificate
IssuerLet's Encrypt
Subjectlr.bezoarschrysid.com
FingerprintAA:74:92:8E:74:AC:52:42:E8:8F:17:9F:F3:75:7A:BE:68:26:94:FA
ValidityThu, 21 Sep 2023 11:19:49 GMT - Wed, 20 Dec 2023 11:19:48 GMT

File type
gzip compressed data, from Unix\012- data
Size
20 B (20 bytes)
Hash
7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2

HTTP Headers

GET /rYwzTSZUOMXA4Xx/40334 HTTP/1.1
Host: lr.bezoarschrysid.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mycima17.wecima.watch/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 24 Oct 2023 20:44:18 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://mycima17.wecima.watch
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Set-Cookie: GL_UI4=eJw9jU1Sg0AQhSH8RQ1oV3EAj8AQMcnSTVbegZphGhwD06lmQuLtHa3S3fteffVeEASr8hHCJY0husgGnl8aXe97Ve31tsZq34vda9UoIbp6u1PycIA7M7dOqhFdDOt5kuxat8SwGdAim67tSGMOT976a06WrjaGRLG0Oodk8saYQ6aYrjNyGUFs5YSQHQ1jTzdvyE9iiIQQPhvrc1jBiuYyKu4heTf2cis2aVAUaQAP51G6nnhqjfaYDCw1QvgG6046HIi%2FINM4nxydAWjU7b%2F%2Fe5qMP2uQalxM55HcB%2FI3ouZOdQ%3D%3D; expires=Wed, 25-Oct-2023 20:44:18 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJwVyM0KgkAUhuE5hxiIJPjIC%2FAKTMsWbrNl6MIrMIsYGObIzNjP3WeLd%2FG8SilOE7CZkNRlXhd5dcjLUwV6gtsOPDroVvx7%2BII8uDiCvcOmC1ayRmYXlz9i9TfIYHu25pP1YudoxAXw0roZbvaxv%2FRX0KQJHEUzONxTBXrp3Q9e7R3S; expires=Wed, 25-Oct-2023 20:44:18 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff

mycima17.wecima.watch/insights.php

172.67.192.85

200 OK

3.6 kB

URL POST HTTP/3
mycima17.wecima.watch/insights.php
IP
172.67.192.85:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mycima17.wecima.watch/category/%D8%A3%D9%81%D9%84%D8%A7%D9%85/%D8%A7%D9%81%D9%84%D8%A7%D9%85-%D9%88%D8
Certificate
IssuerGoogle Trust Services LLC
Subjectwecima.watch
FingerprintB7:D4:0A:4C:01:E5:AD:7B:78:9E:57:40:6B:0A:65:9F:93:2F:7D:52
ValidityTue, 26 Sep 2023 13:10:12 GMT - Mon, 25 Dec 2023 13:10:11 GMT

File type
JSON data\012- , ASCII text, with no line terminators
Size
3.6 kB (3572 bytes)
Hash
8865e071362b4f4f1d48ceabb68ab9ac
84ddf2e1e9ec626efff891b6a71936df21060469
29f0bd45f34cceb944da3a717bd2c722e2c5c182baf37d54ea1aaa885b896a91

HTTP Headers

POST /insights.php HTTP/1.1
Host: mycima17.wecima.watch
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 12
Origin: https://mycima17.wecima.watch
DNT: 1
Connection: keep-alive
Referer: https://mycima17.wecima.watch/category/%D8%A3%D9%81%D9%84%D8%A7%D9%85/%D8%A7%D9%81%D9%84%D8%A7%D9%85-%D9%88%D8
Cookie: _ga_6JHTFKY3P3=GS1.1.1698180259.1.0.1698180259.0.0.0; _ga=GA1.1.1248481869.1698180260
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 24 Oct 2023 20:44:19 GMT
content-type: application/json
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HEE8Qos1abgLhw2inkQENUBmOdVrHPFm27U%2B1pbbi9SnA%2BcJJRMw1NnU4%2F0a0xqm5shuDCZIcOeNUkmVvXXZ5Ey9PyqugyxZMhtbjhD%2BlPcWMvk44gRt2yI3lozNplzqXp39F2HR2XI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 81b50e9b8853b515-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

alteredyacht.com/5a/ab/22/5aab22948fc5f2edc2ca37dff2cd916f.js

173.233.137.52

200 OK

24 kB

URL GET HTTP/1.1
alteredyacht.com/5a/ab/22/5aab22948fc5f2edc2ca37dff2cd916f.js
IP
173.233.137.52:443
ASN
#7979 SERVERS-COM

Requested by
https://mycima17.wecima.watch/category/%D8%A3%D9%81%D9%84%D8%A7%D9%85/%D8%A7%D9%81%D9%84%D8%A7%D9%85-%D9%88%D8
Certificate
IssuerLet's Encrypt
Subjectalteredyacht.com
Fingerprint19:5F:34:04:D0:B1:63:4D:D0:A6:04:B1:17:7A:5D:BC:5A:49:1F:12
ValiditySat, 21 Oct 2023 06:12:09 GMT - Fri, 19 Jan 2024 06:12:08 GMT

File type
ASCII text, with very long lines (60281), with no line terminators
Size
24 kB (23513 bytes)
Hash
2b139a24ed9b1077f210ce7900a995c6
10419b82bed172f45e1779410d6d8884f3dc779d
37b42d85427227f84cd3cc3943414796ed513b901f21da134949f4268aed2791

HTTP Headers

GET /5a/ab/22/5aab22948fc5f2edc2ca37dff2cd916f.js HTTP/1.1
Host: alteredyacht.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mycima17.wecima.watch/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 24 Oct 2023 20:44:19 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 52d68180d453f0ea7c4758670a8bca78
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

www.googletagmanager.com/gtag/js?id=UA-128370636-1&l=dataLayer&cx=c

142.250.74.168

200 OK

65 kB

URL GET HTTP/3
www.googletagmanager.com/gtag/js?id=UA-128370636-1&l=dataLayer&cx=c
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://mycima17.wecima.watch/category/%D8%A3%D9%81%D9%84%D8%A7%D9%85/%D8%A7%D9%81%D9%84%D8%A7%D9%85-%D9%88%D8
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint81:B9:A4:E4:E4:84:05:A7:F6:52:4F:E2:74:27:36:05:0D:74:15:89
ValidityThu, 28 Sep 2023 05:26:20 GMT - Thu, 21 Dec 2023 05:26:19 GMT

File type
ASCII text, with very long lines (3026)
Size
65 kB (64560 bytes)
Hash
53db75e9822d03b6fbee26c74a17e140
4528927a60e33b8f38f498f35f9bf99ec325c488
6c09de43c548581111135763731447d458961eab73a9b6e42771028bd74b8c28

HTTP Headers

GET /gtag/js?id=UA-128370636-1&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mycima17.wecima.watch/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 24 Oct 2023 20:44:19 GMT
expires: Tue, 24 Oct 2023 20:44:19 GMT
cache-control: private, max-age=900
last-modified: Tue, 24 Oct 2023 20:21:07 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 64560
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

inklinkor.com/tag.min.js

104.21.91.63

200 OK

104 kB

URL GET HTTP/2
inklinkor.com/tag.min.js
IP
104.21.91.63:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mycima17.wecima.watch/category/%D8%A3%D9%81%D9%84%D8%A7%D9%85/%D8%A7%D9%81%D9%84%D8%A7%D9%85-%D9%88%D8
Certificate
IssuerGoogle Trust Services LLC
Subjectinklinkor.com
Fingerprint5D:E8:2B:4E:1D:87:E7:D0:24:0C:11:4B:6D:AF:1B:8A:38:CB:A3:6E
ValidityMon, 23 Oct 2023 14:48:09 GMT - Sun, 21 Jan 2024 14:48:08 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
104 kB (104015 bytes)
Hash
474dba3a642160f36e8ec94becf98c31
53d45fffb21880197fb13420dcba07d4672d0074
642e0985aa008fe7c0dca1f853abc71212586c361bdead71f1c8d107f9c0ff04

HTTP Headers

GET /tag.min.js HTTP/1.1
Host: inklinkor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mycima17.wecima.watch/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 24 Oct 2023 20:44:19 GMT
content-type: text/javascript; charset=utf-8
x-trace-id: e1212f2c0fa321a8402272955ec7e086
cache-control: max-age=86400
last-modified: Tue, 24 Oct 2023 11:03:01 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
pragma: no-cache
expires: Wed, 25 Oct 2023 20:35:30 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 529
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=arZRSWfYCIz0csS78rQWCouMxxREFyWwzwtMucK6ZqFXlvNhrUBpElYrd%2FYZG4kBWCX2QPaT6MByIm7OFzkzcX7llEtivBvQEhHLXMw6Z8kX4C7a7Hjbfm9CG%2BWcIJz8"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 81b50e9baa1f5690-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

site-assets.fontawesome.com/releases/v6.0.0/webfonts/fa-light-300.woff2

104.18.22.52

200 OK

392 kB

URL GET HTTP/2
site-assets.fontawesome.com/releases/v6.0.0/webfonts/fa-light-300.woff2
IP
104.18.22.52:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mycima17.wecima.watch/category/%D8%A3%D9%81%D9%84%D8%A7%D9%85/%D8%A7%D9%81%D9%84%D8%A7%D9%85-%D9%88%D8
Certificate
IssuerDigiCert Inc
Subject*.fontawesome.com
Fingerprint6C:69:02:A7:9B:07:84:8E:D0:3D:0A:10:61:8E:01:80:88:37:EF:5E
ValidityTue, 22 Nov 2022 00:00:00 GMT - Sat, 23 Dec 2023 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 392136, version 768.256\012- data
Size
392 kB (392136 bytes)
Hash
2cb9262f4870f225de120af23500828a
0330732496c970248a96c6df732b4b6e8407246f
d9c0c73c3e6a75d59ff20ce5e1d4bdec5ee8c6f2724ff0deb6cddb8f7f207dbe

HTTP Headers

GET /releases/v6.0.0/webfonts/fa-light-300.woff2 HTTP/1.1
Host: site-assets.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://mycima17.wecima.watch
DNT: 1
Connection: keep-alive
Referer: https://site-assets.fontawesome.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 24 Oct 2023 20:44:19 GMT
content-type: font/woff2
content-length: 392136
x-amz-id-2: Sn9AlkMtjxcooGoiqBrc7H3H8a7lBbP13rlTjpMP3FMOwrzwv+r49EYwON3JpK4H2eTUCCblYrDLQA3r6rwIdg==
x-amz-request-id: D2YZK4FDPRR22PA8
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Mon, 07 Feb 2022 20:26:45 GMT
etag: "2cb9262f4870f225de120af23500828a"
cache-control: max-age=31556926
cf-cache-status: HIT
age: 76995
accept-ranges: bytes
server: cloudflare
cf-ray: 81b50e9d7cf75687-OSL
X-Firefox-Spdy: h2

site-assets.fontawesome.com/releases/v6.0.0/webfonts/fa-regular-400.woff2

104.18.22.52

200 OK

358 kB

URL GET HTTP/2
site-assets.fontawesome.com/releases/v6.0.0/webfonts/fa-regular-400.woff2
IP
104.18.22.52:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mycima17.wecima.watch/category/%D8%A3%D9%81%D9%84%D8%A7%D9%85/%D8%A7%D9%81%D9%84%D8%A7%D9%85-%D9%88%D8
Certificate
IssuerDigiCert Inc
Subject*.fontawesome.com
Fingerprint6C:69:02:A7:9B:07:84:8E:D0:3D:0A:10:61:8E:01:80:88:37:EF:5E
ValidityTue, 22 Nov 2022 00:00:00 GMT - Sat, 23 Dec 2023 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 357732, version 768.256\012- data
Size
358 kB (357732 bytes)
Hash
aca950cc283a103f77e0001fb67043b7
bf0d2965fbc75a8a23ca081c7094a95535d46ca6
d2d786476ddb1827a07bc0ac83e78cee6d262a16092b6064c166091132f09b65

HTTP Headers

GET /releases/v6.0.0/webfonts/fa-regular-400.woff2 HTTP/1.1
Host: site-assets.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://mycima17.wecima.watch
DNT: 1
Connection: keep-alive
Referer: https://site-assets.fontawesome.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 24 Oct 2023 20:44:19 GMT
content-type: font/woff2
content-length: 357732
x-amz-id-2: GWq72ZjYgYt3207f7lmLBGqqd07/83JxUFi/UZGcuQOclj78mIj/tfulm1ACrTN+t/uhyh513FiT0+za6pELGg==
x-amz-request-id: D2YXQDSANFFWT4Y1
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Mon, 07 Feb 2022 20:26:45 GMT
etag: "aca950cc283a103f77e0001fb67043b7"
cache-control: max-age=31556926
cf-cache-status: HIT
age: 76995
accept-ranges: bytes
server: cloudflare
cf-ray: 81b50e9dbd315687-OSL
X-Firefox-Spdy: h2

gorillasneer.com/pixel/purst?dl=0&th=0&sc=0&rs=1014&rd=1014&fd=550&bv=23.10.v.29&tmpl=70

173.233.137.52

200 OK

0 B

URL GET HTTP/1.1
gorillasneer.com/pixel/purst?dl=0&th=0&sc=0&rs=1014&rd=1014&fd=550&bv=23.10.v.29&tmpl=70
IP
173.233.137.52:443
ASN
#7979 SERVERS-COM

Requested by
https://mycima17.wecima.watch/category/%D8%A3%D9%81%D9%84%D8%A7%D9%85/%D8%A7%D9%81%D9%84%D8%A7%D9%85-%D9%88%D8
Certificate
IssuerLet's Encrypt
Subjectgorillasneer.com
FingerprintAF:75:CF:26:FD:C9:28:1A:06:4B:83:FD:6D:FE:82:0F:20:33:34:3A
ValiditySat, 23 Sep 2023 00:44:48 GMT - Fri, 22 Dec 2023 00:44:47 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/purst?dl=0&th=0&sc=0&rs=1014&rd=1014&fd=550&bv=23.10.v.29&tmpl=70 HTTP/1.1
Host: gorillasneer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mycima17.wecima.watch/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 24 Oct 2023 20:44:19 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

banquetunarmedgrater.com/advertisers.js

172.64.199.37

200 OK

0 B

URL GET HTTP/2
banquetunarmedgrater.com/advertisers.js
IP
172.64.199.37:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mycima17.wecima.watch/category/%D8%A3%D9%81%D9%84%D8%A7%D9%85/%D8%A7%D9%81%D9%84%D8%A7%D9%85-%D9%88%D8
Certificate
IssuerGoogle Trust Services LLC
Subjectbanquetunarmedgrater.com
Fingerprint77:2B:76:51:D0:51:70:02:2E:BF:B7:9B:02:8B:5A:A4:91:FA:0B:9E
ValidityMon, 11 Sep 2023 08:34:11 GMT - Sun, 10 Dec 2023 08:34:10 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /advertisers.js HTTP/1.1
Host: banquetunarmedgrater.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mycima17.wecima.watch/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 24 Oct 2023 20:44:19 GMT
content-type: application/javascript
content-length: 0
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=172800
x-request-id: c56ef65e27525cb259e47c4ccb9a2432
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Tue, 24 Oct 2023 20:44:19 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R1XwFnTZcutAXakixttOAkauLZYiacm2wiJ9OyVCkHK0UcoveYlcHcT2UJH%2B%2B5vF8iwUJmXkj%2FzVCcAi302liXT1pZgLr%2B6eurA2EqHD3SewKKqVdlQUtpWxzBnoBVe%2FsT2jGbX%2FNpmB8mc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 81b50e9f2d8a23d8-LHR
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

wecima.tube/wp-content/uploads/2023/02/wecima-favicon-1.png

188.114.97.1

301 Moved Permanently

5.7 kB

URL GET HTTP/2
wecima.tube/wp-content/uploads/2023/02/wecima-favicon-1.png
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mycima17.wecima.watch/category/%D8%A3%D9%81%D9%84%D8%A7%D9%85/%D8%A7%D9%81%D9%84%D8%A7%D9%85-%D9%88%D8
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint38:85:67:EA:CB:D5:AA:EA:AA:13:D8:8E:A0:F9:5E:3A:EC:0B:54:66
ValidityThu, 02 Feb 2023 00:00:00 GMT - Fri, 02 Feb 2024 23:59:59 GMT

File type
data
Size
5.7 kB (5654 bytes)
Hash
1a85eb31bd19467c5b67050103cbb106
6e250902546d110adf8d30c9fda9df1e6a82be88
b82a0d1d847e5825068a185c406f8322db2158962eb9245205daf75487649196

HTTP Headers

GET /wp-content/uploads/2023/02/wecima-favicon-1.png HTTP/1.1
Host: wecima.tube
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mycima17.wecima.watch/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Tue, 24 Oct 2023 20:44:20 GMT
content-type: text/html
location: https://mycima17.wecima.watch/wp-content/uploads/2023/02/wecima-favicon-1.png
cache-control: max-age=31536000
cf-cache-status: HIT
age: 156
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KE6O%2Fv33%2FbfuDzefhGlNh0vtV2HS2Jagiv32xFkdAqrd4IvIwMKsnKR1uyLFTfe%2FVaPeFonG%2Fo0x1FfSZCdCwMu3XcFpx5mLmXvZqvTXg9qfaW7%2FeKAUiH28%2FUBt6A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 81b50ea48ff9b517-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cameesse.net/1?z=4967771

139.45.197.242

404 Not Found

7 B

URL GET HTTP/2
cameesse.net/1?z=4967771
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://mycima17.wecima.watch/category/%D8%A3%D9%81%D9%84%D8%A7%D9%85/%D8%A7%D9%81%D9%84%D8%A7%D9%85-%D9%88%D8
Certificate
IssuerLet's Encrypt
Subjectcameesse.net
Fingerprint95:AE:4C:29:A9:9F:0C:04:38:32:00:81:30:07:95:A7:F8:B0:77:D6
ValidityWed, 18 Oct 2023 10:27:53 GMT - Tue, 16 Jan 2024 10:27:52 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
3b66fb7a307f3ca29bd59b2f354055bd
d6ae6ccb37eb272d94d4a5191fa50372f4d06bba
de68e8f959bc131328db7581860711517d6ae1eb03aa047043dc7f826906e5a4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /1?z=4967771 HTTP/1.1
Host: cameesse.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mycima17.wecima.watch/
Cookie: scm=1; OAID=c05c33bfb77a47518edaf8408868c389; oaidts=1698180259
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
server: nginx
date: Tue, 24 Oct 2023 20:44:20 GMT
content-type: text/plain; charset=utf-8
content-length: 7
access-control-allow-credentials: true
access-control-allow-origin: 
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: 0c51aada533dccef1b2a7a32546de718
access-control-expose-headers: X-Sc
X-Firefox-Spdy: h2

friendshipmale.com/sfp.js

172.64.163.2

200 OK

27 kB

URL GET HTTP/2
friendshipmale.com/sfp.js
IP
172.64.163.2:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mycima17.wecima.watch/category/%D8%A3%D9%81%D9%84%D8%A7%D9%85/%D8%A7%D9%81%D9%84%D8%A7%D9%85-%D9%88%D8
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint08:6F:D8:CB:9E:0C:0A:98:2E:C5:CD:21:8E:0B:76:2B:50:6F:B6:37
ValiditySat, 18 Feb 2023 00:00:00 GMT - Sat, 17 Feb 2024 23:59:59 GMT

File type
Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Size
27 kB (27151 bytes)
Hash
2d0450888479d4ddda305bd96206b240
5b4595aab1cd3f854718e05db9be0c65a12ab2f6
44de073e74ff24c6b1c0fe1f3ac5b33d793560e85ef24fb6ce89e76c2cf90af6

HTTP Headers

GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mycima17.wecima.watch/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 24 Oct 2023 20:44:19 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 971d88215df074f89a08a0f5cf7edaf5
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Tue, 24 Oct 2023 20:44:19 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2tLExnm65wpGkTC%2BGWCByzIguzWp0tEfj7jvNKucAT1aLt%2Fm5%2B%2B3SEntzqr6B%2B%2FXs4Ce0y4xoHN8axC7QrdHLnrRrMzaDZKPmQQXS4tbZnMeGNc2N5zM33hHr0E3Dp%2FOpg81EsI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 81b50e9d49a36358-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

groorsoa.net/?rb=XectBGEK5dVeqNPdhGlHs9UNwfyR6FAJqvctJgKD82_XGFgYjQgB80JGn06Y0jYM5iuHVXEA_Pn8-GmH5_VGVeoJY6e2nldZqwxVB40A6HczWqok_JHz6D9wTWC7SrqcEcdW8EE9EPdip-qbLNZWXpbZlhYtC4ZfzSSqbHQFufq3G6PVBXkNJP3CTKMgeJ8-SFuGyAN6Y_MDtSQSDGDacFCM4nG6R6z7lgfGRQ%3D%3D&request_ab2=0&zoneid=4796941&js_build=iclick-v1.611.0&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wih=1024&wiw=1280&wfc=0&pl=https%3A%2F%2Fmycima17.wecima.watch%2Fcategory%2F%25D8%25A3%25D9%2581%25D9%2584%25D8%25A7%25D9%2585%2F%25D8%25A7%25D9%2581%25D9%2584%25D8%25A7%25D9%2585-%25D9%2588%25D8&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&wgl=&js_build=iclick-v1.611.0&bs=cfabac80-1ccc-43c8-bf46-64ff03f0f40c&userId=q8do115413bb861251876k1q2icly813&m=link

139.45.197.245

200 OK

1.5 kB

URL GET HTTP/2
groorsoa.net/?rb=XectBGEK5dVeqNPdhGlHs9UNwfyR6FAJqvctJgKD82_XGFgYjQgB80JGn06Y0jYM5iuHVXEA_Pn8-GmH5_VGVeoJY6e2nldZqwxVB40A6HczWqok_JHz6D9wTWC7SrqcEcdW8EE9EPdip-qbLNZWXpbZlhYtC4ZfzSSqbHQFufq3G6PVBXkNJP3CTKMgeJ8-SFuGyAN6Y_MDtSQSDGDacFCM4nG6R6z7lgfGRQ%3D%3D&request_ab2=0&zoneid=4796941&js_build=iclick-v1.611.0&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wih=1024&wiw=1280&wfc=0&pl=https%3A%2F%2Fmycima17.wecima.watch%2Fcategory%2F%25D8%25A3%25D9%2581%25D9%2584%25D8%25A7%25D9%2585%2F%25D8%25A7%25D9%2581%25D9%2584%25D8%25A7%25D9%2585-%25D9%2588%25D8&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&wgl=&js_build=iclick-v1.611.0&bs=cfabac80-1ccc-43c8-bf46-64ff03f0f40c&userId=q8do115413bb861251876k1q2icly813&m=link
IP
139.45.197.245:443
ASN
#9002 RETN Limited

Requested by
https://mycima17.wecima.watch/category/%D8%A3%D9%81%D9%84%D8%A7%D9%85/%D8%A7%D9%81%D9%84%D8%A7%D9%85-%D9%88%D8
Certificate
IssuerLet's Encrypt
Subjectgroorsoa.net
FingerprintD7:6E:83:AB:7A:9A:E5:7C:B8:7B:8D:12:E4:FD:B6:E5:71:49:D0:F8
ValidityMon, 23 Oct 2023 16:34:15 GMT - Sun, 21 Jan 2024 16:34:14 GMT

File type
gzip compressed data, max speed, from Unix\012- data
Size
1.5 kB (1490 bytes)
Hash
022ef178666cc3885187390060bbb0ea
38866048ed7c7eb84db1d00d4fc575adb3fd7f91
64718a4392da9f4a4fd0e5b6c3dfd674578854eccb4b04dd87895e5a43328ed3

HTTP Headers

GET /?rb=XectBGEK5dVeqNPdhGlHs9UNwfyR6FAJqvctJgKD82_XGFgYjQgB80JGn06Y0jYM5iuHVXEA_Pn8-GmH5_VGVeoJY6e2nldZqwxVB40A6HczWqok_JHz6D9wTWC7SrqcEcdW8EE9EPdip-qbLNZWXpbZlhYtC4ZfzSSqbHQFufq3G6PVBXkNJP3CTKMgeJ8-SFuGyAN6Y_MDtSQSDGDacFCM4nG6R6z7lgfGRQ%3D%3D&request_ab2=0&zoneid=4796941&js_build=iclick-v1.611.0&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wih=1024&wiw=1280&wfc=0&pl=https%3A%2F%2Fmycima17.wecima.watch%2Fcategory%2F%25D8%25A3%25D9%2581%25D9%2584%25D8%25A7%25D9%2585%2F%25D8%25A7%25D9%2581%25D9%2584%25D8%25A7%25D9%2585-%25D9%2588%25D8&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&wgl=&js_build=iclick-v1.611.0&bs=cfabac80-1ccc-43c8-bf46-64ff03f0f40c&userId=q8do115413bb861251876k1q2icly813&m=link HTTP/1.1
Host: groorsoa.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mycima17.wecima.watch/
Origin: https://mycima17.wecima.watch
DNT: 1
Connection: keep-alive
Cookie: OAID=0e83d4833f46430da80c713b54881905; oaidts=1698180259
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 24 Oct 2023 20:44:20 GMT
content-type: application/json
x-trace-id: b5b6943d98a3eafb8ab00b65540ab64d
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: https://mycima17.wecima.watch
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=q8do115413bb861251876k1q2icly813; expires=Wed, 23 Oct 2024 20:44:20 GMT; path=/; secure; SameSite=None
oaidts=1698180260; expires=Wed, 23 Oct 2024 20:44:20 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Tue, 31 Oct 2023 20:44:20 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

cameesse.net/9?z=4807448&ng=1&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fmycima17.wecima.watch%2Fcategory%2F%25D8%25A3%25D9%2581%25D9%2584%25D8%25A7%25D9%2585%2F%25D8%25A7%25D9%2581%25D9%2584%25D8%25A7%25D9%2585-%25D9%2588%25D8&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&oaid=q8do115413bb861251876k1q2icly813

139.45.197.242

200 OK

0 B

URL POST HTTP/2
cameesse.net/9?z=4807448&ng=1&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fmycima17.wecima.watch%2Fcategory%2F%25D8%25A3%25D9%2581%25D9%2584%25D8%25A7%25D9%2585%2F%25D8%25A7%25D9%2581%25D9%2584%25D8%25A7%25D9%2585-%25D9%2588%25D8&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&oaid=q8do115413bb861251876k1q2icly813
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://mycima17.wecima.watch/category/%D8%A3%D9%81%D9%84%D8%A7%D9%85/%D8%A7%D9%81%D9%84%D8%A7%D9%85-%D9%88%D8
Certificate
IssuerLet's Encrypt
Subjectcameesse.net
Fingerprint95:AE:4C:29:A9:9F:0C:04:38:32:00:81:30:07:95:A7:F8:B0:77:D6
ValidityWed, 18 Oct 2023 10:27:53 GMT - Tue, 16 Jan 2024 10:27:52 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /9?z=4807448&ng=1&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fmycima17.wecima.watch%2Fcategory%2F%25D8%25A3%25D9%2581%25D9%2584%25D8%25A7%25D9%2585%2F%25D8%25A7%25D9%2581%25D9%2584%25D8%25A7%25D9%2585-%25D9%2588%25D8&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&oaid=q8do115413bb861251876k1q2icly813 HTTP/1.1
Host: cameesse.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://mycima17.wecima.watch/
Origin: https://mycima17.wecima.watch
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 204 No Content
server: nginx
date: Tue, 24 Oct 2023 20:44:21 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://mycima17.wecima.watch
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2

139.45.197.242

200 OK

7 B

URL POST HTTP/2
cameesse.net/9?z=4807448&ng=1&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fmycima17.wecima.watch%2Fcategory%2F%25D8%25A3%25D9%2581%25D9%2584%25D8%25A7%25D9%2585%2F%25D8%25A7%25D9%2581%25D9%2584%25D8%25A7%25D9%2585-%25D9%2588%25D8&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&oaid=q8do115413bb861251876k1q2icly813
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://mycima17.wecima.watch/category/%D8%A3%D9%81%D9%84%D8%A7%D9%85/%D8%A7%D9%81%D9%84%D8%A7%D9%85-%D9%88%D8
Certificate
IssuerLet's Encrypt
Subjectcameesse.net
Fingerprint95:AE:4C:29:A9:9F:0C:04:38:32:00:81:30:07:95:A7:F8:B0:77:D6
ValidityWed, 18 Oct 2023 10:27:53 GMT - Tue, 16 Jan 2024 10:27:52 GMT

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
a97eb6fbe6f13b601d5d48c0eba8baae
736efb938caf3d0edec406932ada889f1a4f2268
a04bf061f53e0011fd2f43bdf081526344f003c50146c88c42c2d95ef22c1821

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /9?z=4807448&ng=1&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fmycima17.wecima.watch%2Fcategory%2F%25D8%25A3%25D9%2581%25D9%2584%25D8%25A7%25D9%2585%2F%25D8%25A7%25D9%2581%25D9%2584%25D8%25A7%25D9%2585-%25D9%2588%25D8&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=0&sah=1024&drf=&hil=1&ist=0&oaid=q8do115413bb861251876k1q2icly813 HTTP/1.1
Host: cameesse.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 190
Origin: https://mycima17.wecima.watch
DNT: 1
Connection: keep-alive
Referer: https://mycima17.wecima.watch/
Cookie: scm=1; OAID=c05c33bfb77a47518edaf8408868c389; oaidts=1698180259
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 24 Oct 2023 20:44:21 GMT
content-type: application/javascript
content-length: 7
access-control-allow-credentials: true
access-control-allow-origin: https://mycima17.wecima.watch
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: 1e0afe99f51b6bd44ac4aa5ce1d25019
access-control-expose-headers: X-Sc
set-cookie: OAID=q8do115413bb861251876k1q2icly813; expires=Wed, 23 Oct 2024 20:44:21 GMT; secure; SameSite=None
oaidts=1698180259; expires=Wed, 23 Oct 2024 20:44:21 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2

soumehoo.net/400/5097541

139.45.197.242

200 OK

31 kB

URL GET HTTP/2
soumehoo.net/400/5097541
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://mycima17.wecima.watch/category/%D8%A3%D9%81%D9%84%D8%A7%D9%85/%D8%A7%D9%81%D9%84%D8%A7%D9%85-%D9%88%D8
Certificate
IssuerLet's Encrypt
Subjectsoumehoo.net
FingerprintF5:39:03:CC:85:44:8A:CC:6A:B3:0D:B7:57:C8:AB:4E:A3:FE:EB:66
ValidityWed, 13 Sep 2023 09:58:44 GMT - Tue, 12 Dec 2023 09:58:43 GMT

File type
gzip compressed data, max speed, from Unix\012- data
Size
31 kB (31438 bytes)
Hash
9cc7a3983dd99967d0c38f0dfe4bca65
c1fa3e2095a65f37338c7a6663c68ca2ec1d41d5
f4f525198369321693c1765cbadc013b0fcbaf4d51661ed342d834cd2d63c397

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /400/5097541 HTTP/1.1
Host: soumehoo.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mycima17.wecima.watch/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 24 Oct 2023 20:44:20 GMT
content-type: application/javascript
x-trace-id: 02638960b8b6434528ef89df23e24157
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
set-cookie: OAID=0dd00930ba1645648a8faf71da634af2; expires=Wed, 23 Oct 2024 20:44:20 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

cameesse.net/27/1a35f96fe99c6fb6ce26f56167ed6e04

139.45.197.242

200 OK

130 kB

URL GET HTTP/2
cameesse.net/27/1a35f96fe99c6fb6ce26f56167ed6e04
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://mycima17.wecima.watch/category/%D8%A3%D9%81%D9%84%D8%A7%D9%85/%D8%A7%D9%81%D9%84%D8%A7%D9%85-%D9%88%D8
Certificate
IssuerLet's Encrypt
Subjectcameesse.net
Fingerprint95:AE:4C:29:A9:9F:0C:04:38:32:00:81:30:07:95:A7:F8:B0:77:D6
ValidityWed, 18 Oct 2023 10:27:53 GMT - Tue, 16 Jan 2024 10:27:52 GMT

File type
gzip compressed data, max speed, from Unix\012- data
Size
130 kB (130395 bytes)
Hash
29726f11880aa32396badac1c08b185a
af26b03ada47465be66fcd6865a7a8d6d2648799
e63fab5dc155c7c60ae27eb495c70f90bbd94fe7dfda22d15d46fb02c05e2bb7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /27/1a35f96fe99c6fb6ce26f56167ed6e04 HTTP/1.1
Host: cameesse.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mycima17.wecima.watch/
Cookie: scm=1; OAID=c05c33bfb77a47518edaf8408868c389; oaidts=1698180259
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 24 Oct 2023 20:44:20 GMT
content-type: application/javascript
access-control-allow-credentials: true
access-control-allow-origin: 
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: e622c8276c257ca737e327cbbc361e9c
cache-control: max-age:290304000, public
last-modified: Thu, 19 Oct 2023 07:17:48 GMT
expires: Thu, 18 Nov 2083 07:17:48 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2

mycima17.wecima.watch/wp-includes/css/classic-themes.min.css?ver=6.2.2

172.67.192.85

200 OK

291 B

URL GET HTTP/3
mycima17.wecima.watch/wp-includes/css/classic-themes.min.css?ver=6.2.2
IP
172.67.192.85:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mycima17.wecima.watch/category/%D8%A3%D9%81%D9%84%D8%A7%D9%85/%D8%A7%D9%81%D9%84%D8%A7%D9%85-%D9%88%D8
Certificate
IssuerGoogle Trust Services LLC
Subjectwecima.watch
FingerprintB7:D4:0A:4C:01:E5:AD:7B:78:9E:57:40:6B:0A:65:9F:93:2F:7D:52
ValidityTue, 26 Sep 2023 13:10:12 GMT - Mon, 25 Dec 2023 13:10:11 GMT

File type
ASCII text, with no line terminators
Size
291 B (291 bytes)
Hash
2485a0fab337da61deb41cc4aa994c1b
af1a1d4c6b7c287dc881dd4f46b6b547ac5a5353
7e0bdafc01d81aed845a69d0a32120145155f75aca4c603d8952de7ecc5c6410

HTTP Headers

GET /wp-includes/css/classic-themes.min.css?ver=6.2.2 HTTP/1.1
Host: mycima17.wecima.watch
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mycima17.wecima.watch/category/%D8%A3%D9%81%D9%84%D8%A7%D9%85/%D8%A7%D9%81%D9%84%D8%A7%D9%85-%D9%88%D8
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 24 Oct 2023 20:44:18 GMT
content-type: text/css
last-modified: Thu, 08 Jun 2023 18:55:51 GMT
etag: W/"64822437-123"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4313
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XZMQY%2BVIHZLL2Qr%2FOmrRdBWt%2FMdssktK9MDPASz1y9GdyDPKTzbpjoYs%2BdTqUsGH3EkRnk5pyITc1IhIAd4cKManwp%2FMlRUSWsNVFWct5lYZGujxkyb6cjX8Xt%2Fqso6S8Z%2F4QLRPJvA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 81b50e993d99b515-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

site-assets.fontawesome.com/releases/v6.0.0/css/all.css

104.18.22.52

200 OK

466 kB

URL GET HTTP/2
site-assets.fontawesome.com/releases/v6.0.0/css/all.css
IP
104.18.22.52:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mycima17.wecima.watch/category/%D8%A3%D9%81%D9%84%D8%A7%D9%85/%D8%A7%D9%81%D9%84%D8%A7%D9%85-%D9%88%D8
Certificate
IssuerDigiCert Inc
Subject*.fontawesome.com
Fingerprint6C:69:02:A7:9B:07:84:8E:D0:3D:0A:10:61:8E:01:80:88:37:EF:5E
ValidityTue, 22 Nov 2022 00:00:00 GMT - Sat, 23 Dec 2023 23:59:59 GMT

File type
ASCII text, with very long lines (65360)
Size
466 kB (465728 bytes)
Hash
c8ccf9786058107114b343d52efb40bc
f690727a3f4aede7f2287320db4a07874381c10c
7ef19507353beb14a0415f80892c79742e8bd5072cfafd0e8806b12baeb7ef2d

HTTP Headers

GET /releases/v6.0.0/css/all.css HTTP/1.1
Host: site-assets.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mycima17.wecima.watch/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 24 Oct 2023 20:44:19 GMT
content-type: text/css
x-amz-id-2: 337fVZ4ZdAKxyzLnKE2d+X71JOK4Oe9XxTBYW44KQJLUzI1Pgj+HvUUa7hlvsA8Uwn/cBkw1fX0=
x-amz-request-id: G4RKZP5PY830TVGW
last-modified: Mon, 07 Feb 2022 20:23:49 GMT
etag: W/"c8ccf9786058107114b343d52efb40bc"
cache-control: max-age=31556926
cf-cache-status: HIT
age: 22709709
vary: Accept-Encoding
server: cloudflare
cf-ray: 81b50e9c380db4f3-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

my.rtmark.net/gid.js?userId=q8do115413bb861251876k1q2icly813

139.45.195.8

200 OK

65 B

URL GET HTTP/2
my.rtmark.net/gid.js?userId=q8do115413bb861251876k1q2icly813
IP
139.45.195.8:443
ASN
#9002 RETN Limited

Requested by
https://mycima17.wecima.watch/category/%D8%A3%D9%81%D9%84%D8%A7%D9%85/%D8%A7%D9%81%D9%84%D8%A7%D9%85-%D9%88%D8
Certificate
IssuerLet's Encrypt
Subjectrtmark.net
FingerprintE8:81:4E:79:89:89:BE:CE:75:1F:E0:2A:60:54:8A:A4:11:2E:F7:42
ValiditySat, 07 Oct 2023 15:22:00 GMT - Fri, 05 Jan 2024 15:21:59 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
65 B (65 bytes)
Hash
22a11ae35624f19529348e89349c7278
881aea70d8370f519f4ee8beca79886964fffd85
ebbe5d976227f335170cf721ab93db6d84fe8ee1afe1faca4bac8a3fc238ce07

HTTP Headers

GET /gid.js?userId=q8do115413bb861251876k1q2icly813 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mycima17.wecima.watch
DNT: 1
Connection: keep-alive
Referer: https://mycima17.wecima.watch/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 24 Oct 2023 20:44:20 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://mycima17.wecima.watch
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=q8do115413bb861251876k1q2icly813; expires=Wed, 23 Oct 2024 20:44:20 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=G-6JHTFKY3P3

142.250.74.168

200 OK

265 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=G-6JHTFKY3P3
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://mycima17.wecima.watch/category/%D8%A3%D9%81%D9%84%D8%A7%D9%85/%D8%A7%D9%81%D9%84%D8%A7%D9%85-%D9%88%D8
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint81:B9:A4:E4:E4:84:05:A7:F6:52:4F:E2:74:27:36:05:0D:74:15:89
ValidityThu, 28 Sep 2023 05:26:20 GMT - Thu, 21 Dec 2023 05:26:19 GMT

File type
ASCII text, with very long lines (3651)
Size
265 kB (265126 bytes)
Hash
28128627c622baaa1acd35bd2835966a
12bf82375b2b9e3e412fb7a7a2b1be5b78d74dd0
80daabca41a816537e2a332cd79dd8a30122f3c16f111c7036194a5b3dcae1a4

HTTP Headers

GET /gtag/js?id=G-6JHTFKY3P3 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mycima17.wecima.watch/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 24 Oct 2023 20:44:18 GMT
expires: Tue, 24 Oct 2023 20:44:18 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 89184
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

mycima17.wecima.watch/wp-content/themes/Mycima2021/components/packs/%23footer/js/jquery-3.4.1.min.js?ver=6.2.2

172.67.192.85

200 OK

88 kB

URL GET HTTP/3
mycima17.wecima.watch/wp-content/themes/Mycima2021/components/packs/%23footer/js/jquery-3.4.1.min.js?ver=6.2.2
IP
172.67.192.85:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mycima17.wecima.watch/category/%D8%A3%D9%81%D9%84%D8%A7%D9%85/%D8%A7%D9%81%D9%84%D8%A7%D9%85-%D9%88%D8
Certificate
IssuerGoogle Trust Services LLC
Subjectwecima.watch
FingerprintB7:D4:0A:4C:01:E5:AD:7B:78:9E:57:40:6B:0A:65:9F:93:2F:7D:52
ValidityTue, 26 Sep 2023 13:10:12 GMT - Mon, 25 Dec 2023 13:10:11 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
88 kB (88059 bytes)
Hash
b4999cbb6a73a9b312f635cff75e5a53
c7b683fc72d06eac129185c3e60362f5c1adc2a8
736173659d4431b8a53a08aacc1bec3ad3a2f44df5209c09d76c265374698302

HTTP Headers

GET /wp-content/themes/Mycima2021/components/packs/%23footer/js/jquery-3.4.1.min.js?ver=6.2.2 HTTP/1.1
Host: mycima17.wecima.watch
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mycima17.wecima.watch/category/%D8%A3%D9%81%D9%84%D8%A7%D9%85/%D8%A7%D9%81%D9%84%D8%A7%D9%85-%D9%88%D8
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 24 Oct 2023 20:44:18 GMT
content-type: application/javascript; charset=utf-8
last-modified: Sun, 22 Aug 2021 16:57:00 GMT
etag: W/"612281dc-157fb"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4312
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c%2F9OuSu0OMhhtmtbjg0sNypoQcpJyE2ZvL88e2L7ctel%2BEeC58AydSMj9mG%2F09rzssw28QW0hiQA2iEEAJKMgkruAN1ZIAaKuw7tODIvZkvHlUuj9lDDZ2FEvDBtURWbe4ejryZXLwg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 81b50e993d9db515-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

mycima17.wecima.watch/wp-content/themes/Mycima2021/components/packs/%23footer/js/owl.carousel.min.js?ver=6.2.2

172.67.192.85

200 OK

95 kB

URL GET HTTP/3
mycima17.wecima.watch/wp-content/themes/Mycima2021/components/packs/%23footer/js/owl.carousel.min.js?ver=6.2.2
IP
172.67.192.85:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mycima17.wecima.watch/category/%D8%A3%D9%81%D9%84%D8%A7%D9%85/%D8%A7%D9%81%D9%84%D8%A7%D9%85-%D9%88%D8
Certificate
IssuerGoogle Trust Services LLC
Subjectwecima.watch
FingerprintB7:D4:0A:4C:01:E5:AD:7B:78:9E:57:40:6B:0A:65:9F:93:2F:7D:52
ValidityTue, 26 Sep 2023 13:10:12 GMT - Mon, 25 Dec 2023 13:10:11 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
95 kB (95124 bytes)
Hash
fcdee094e98d38fe380e1b5aad9bf444
d0ea8bb98673c7daa2da3af292eeea39a4f7479a
ab97310577a6474ae4b0bd9bb8ef5267698bb9fa61127cb358d4512676d90488

HTTP Headers

GET /wp-content/themes/Mycima2021/components/packs/%23footer/js/owl.carousel.min.js?ver=6.2.2 HTTP/1.1
Host: mycima17.wecima.watch
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mycima17.wecima.watch/category/%D8%A3%D9%81%D9%84%D8%A7%D9%85/%D8%A7%D9%81%D9%84%D8%A7%D9%85-%D9%88%D8
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 24 Oct 2023 20:44:18 GMT
content-type: application/javascript; charset=utf-8
last-modified: Sun, 22 Aug 2021 16:57:00 GMT
etag: W/"612281dc-17394"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4312
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=h5Z6tMhZ9pdrdK%2BaEchZiLhNywa%2B6BtvyXKAQQ1W51sVIf32fpJZ%2BDCVCbGgxClvvxqGwN7D%2Fw1XuyyXd6TkvjfEF2h0AsTQSbtMfMJYKdUZtO990PfUtAxsYdd8ZckObblH6U9F%2FKo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 81b50e993da0b515-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

tzegilo.com/stattag.js

172.64.201.36

200 OK

19 kB

URL GET HTTP/2
tzegilo.com/stattag.js
IP
172.64.201.36:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mycima17.wecima.watch/category/%D8%A3%D9%81%D9%84%D8%A7%D9%85/%D8%A7%D9%81%D9%84%D8%A7%D9%85-%D9%88%D8
Certificate
IssuerGoogle Trust Services LLC
Subjecttzegilo.com
Fingerprint52:B8:ED:73:BB:55:6F:9C:F8:97:7C:04:34:2B:AD:DB:55:0A:C9:6A
ValidityThu, 05 Oct 2023 17:59:18 GMT - Wed, 03 Jan 2024 17:59:17 GMT

File type
ASCII text, with very long lines (18369)
Size
19 kB (19019 bytes)
Hash
89e89aea544ea2785d49cc4cd9cf26f6
7d53437a89eb9861038ee27a8ff0e3bb70fa2a0b
86da38693fcea056d36588a4146e85392f784c457511de416fec32034aafa4f9

HTTP Headers

GET /stattag.js HTTP/1.1
Host: tzegilo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mycima17.wecima.watch/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 24 Oct 2023 20:44:21 GMT
content-type: application/javascript
last-modified: Thu, 07 Sep 2023 08:19:52 GMT
etag: W/"64f987a8-4a4b"
link: <https://flerap.com/>; rel=preconnect; crossorigin, <https://fleraprt.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 412
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0F%2FVvrw9aksh0qHBzdz1ifDzDyU%2B5KyN%2BL0HEUknwjh8QsIym7LZwUXtmjlXHhsapQr6fvP%2FQ6Rikc9hGnFdHuMIDkMc6Sompg0Z2EwALSATLvWH1Ml%2FdwRiDz%2F8Rg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 81b50eaa7de72403-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cameesse.net/1?z=4807448

139.45.197.242

200 OK

43 kB

URL GET HTTP/2
cameesse.net/1?z=4807448
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://mycima17.wecima.watch/category/%D8%A3%D9%81%D9%84%D8%A7%D9%85/%D8%A7%D9%81%D9%84%D8%A7%D9%85-%D9%88%D8
Certificate
IssuerLet's Encrypt
Subjectcameesse.net
Fingerprint95:AE:4C:29:A9:9F:0C:04:38:32:00:81:30:07:95:A7:F8:B0:77:D6
ValidityWed, 18 Oct 2023 10:27:53 GMT - Tue, 16 Jan 2024 10:27:52 GMT

File type
ASCII text, with very long lines (41880)
Size
43 kB (42925 bytes)
Hash
e8976c2962c2ecbfe9d1087e0a8e4ba2
5a553f6baef461a00485f231090202428789eeae
f6c728fd1e8cec30dafda403d1858496e31d8d21be6d618c01f9d5ec8298c857

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /1?z=4807448 HTTP/1.1
Host: cameesse.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mycima17.wecima.watch/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 24 Oct 2023 20:44:19 GMT
content-type: text/javascript
access-control-allow-credentials: true
access-control-allow-origin: 
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: 0241948295bcbd8205b5a6a9ea700919
access-control-expose-headers: X-Sc
x-sc: hT1pvXyEz3tH7GTVL8p7_CIm0WjoWyn4eSqUmBmBO3Fj8Z_Ti8qoeuPf57Dp_lDd6OsEnQ6Xx8q8y2xaIaR7ZRCz2EQ=
set-cookie: scm=1; expires=Wed, 23 Oct 2024 20:44:19 GMT; secure; SameSite=None
OAID=c05c33bfb77a47518edaf8408868c389; expires=Wed, 23 Oct 2024 20:44:19 GMT; secure; SameSite=None
oaidts=1698180259; expires=Wed, 23 Oct 2024 20:44:19 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

my.rtmark.net/gid.js?userId=0e83d4833f46430da80c713b54881905

0.0.0.0

0 B

URL GET
my.rtmark.net/gid.js?userId=0e83d4833f46430da80c713b54881905
IP
0.0.0.0:0
ASN
#0

Requested by
https://mycima17.wecima.watch/category/%D8%A3%D9%81%D9%84%D8%A7%D9%85/%D8%A7%D9%81%D9%84%D8%A7%D9%85-%D9%88%D8

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /gid.js?userId=0e83d4833f46430da80c713b54881905 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mycima17.wecima.watch
DNT: 1
Connection: keep-alive
Referer: https://mycima17.wecima.watch/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

unseenreport.com/pxf.gif?uuid=76baea28-0d3f-4116-9191-65dbdfcc1a3e&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=14.2079&b_frame=0&pk=5aab22948fc5f2edc2ca37dff2cd916f&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=20

192.243.61.227

200 OK

0 B

URL GET HTTP/1.1
unseenreport.com/pxf.gif?uuid=76baea28-0d3f-4116-9191-65dbdfcc1a3e&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=14.2079&b_frame=0&pk=5aab22948fc5f2edc2ca37dff2cd916f&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=20
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://mycima17.wecima.watch/category/%D8%A3%D9%81%D9%84%D8%A7%D9%85/%D8%A7%D9%81%D9%84%D8%A7%D9%85-%D9%88%D8
Certificate
IssuerLet's Encrypt
Subject*.unseenreport.com
FingerprintBE:8C:78:D1:BA:58:B8:88:10:09:32:1D:31:7A:D9:4A:09:BF:6C:7A
ValiditySat, 23 Sep 2023 07:33:12 GMT - Fri, 22 Dec 2023 07:33:11 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=76baea28-0d3f-4116-9191-65dbdfcc1a3e&eb=a996fe56ed028c08f89591a4a8a9c431&te=4cb725660c43031e3b06c75892d96c5a&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A109.0)%20Gecko%2F20100101%20Firefox%2F111.0&dev=e&res=14.2079&b_frame=0&pk=5aab22948fc5f2edc2ca37dff2cd916f&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=20 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mycima17.wecima.watch/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 24 Oct 2023 20:44:22 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 63633b92eadca4c10bb502ad84fe63c5
Strict-Transport-Security: max-age=0; includeSubdomains

mycima17.wecima.watch/wp-content/themes/Mycima2021/components/packs/%23header/netflix.png

172.67.192.85

200 OK

3.5 kB

URL GET HTTP/3
mycima17.wecima.watch/wp-content/themes/Mycima2021/components/packs/%23header/netflix.png
IP
172.67.192.85:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mycima17.wecima.watch/category/%D8%A3%D9%81%D9%84%D8%A7%D9%85/%D8%A7%D9%81%D9%84%D8%A7%D9%85-%D9%88%D8
Certificate
IssuerGoogle Trust Services LLC
Subjectwecima.watch
FingerprintB7:D4:0A:4C:01:E5:AD:7B:78:9E:57:40:6B:0A:65:9F:93:2F:7D:52
ValidityTue, 26 Sep 2023 13:10:12 GMT - Mon, 25 Dec 2023 13:10:11 GMT

File type
PNG image data, 60 x 60, 8-bit/color RGBA, non-interlaced\012- data
Size
3.5 kB (3533 bytes)
Hash
54110064037a44285faf10b2cbe55e87
b2677d46ed052bfda6eecbb61ee5539349f5603d
c5b633a4f58b811923c6d41cbe24939af6aebb02e6796169c1797f0eeb31bdd4

HTTP Headers

GET /wp-content/themes/Mycima2021/components/packs/%23header/netflix.png HTTP/1.1
Host: mycima17.wecima.watch
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mycima17.wecima.watch/category/%D8%A3%D9%81%D9%84%D8%A7%D9%85/%D8%A7%D9%81%D9%84%D8%A7%D9%85-%D9%88%D8
Cookie: _ga_6JHTFKY3P3=GS1.1.1698180259.1.0.1698180259.0.0.0; _ga=GA1.1.1248481869.1698180260
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 24 Oct 2023 20:44:19 GMT
content-type: image/png
content-length: 3533
last-modified: Sun, 22 Aug 2021 16:56:59 GMT
etag: "612281db-dcd"
vary: Accept, Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 4312
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XaI49IW18D5iQ23CHG41X9%2BXO8IRfCA5%2BgSGNyXwiZ0BhbpM9sAREaOYfOetiF9elzR0w4TAYFEpTyll0PC8q%2FQ9LWEKyuSvkm7S%2BPeCeHnhcShsKr%2FJLblxh4m%2B9mBN0o489zuJ8P8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 81b50e9c08b8b515-OSL
alt-svc: h3=":443"; ma=86400

groorsoa.net/5/4796941/?oo=1&js_build=iclick-v1.611.0

139.45.197.245

200 OK

2.8 kB

URL GET HTTP/2
groorsoa.net/5/4796941/?oo=1&js_build=iclick-v1.611.0
IP
139.45.197.245:443
ASN
#9002 RETN Limited

Requested by
https://mycima17.wecima.watch/category/%D8%A3%D9%81%D9%84%D8%A7%D9%85/%D8%A7%D9%81%D9%84%D8%A7%D9%85-%D9%88%D8
Certificate
IssuerLet's Encrypt
Subjectgroorsoa.net
FingerprintD7:6E:83:AB:7A:9A:E5:7C:B8:7B:8D:12:E4:FD:B6:E5:71:49:D0:F8
ValidityMon, 23 Oct 2023 16:34:15 GMT - Sun, 21 Jan 2024 16:34:14 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (3070), with no line terminators
Size
2.8 kB (2830 bytes)
Hash
932c825fa275d8c1835d7925df9eeb21
811f9c30455aa7229eee1b0e199519ff0f9bb40c
5d3d3c6f5d6c81aeebf6bd189ecbbe74ffe1cbed9731ca55d20b9babca3520a5

HTTP Headers

GET /5/4796941/?oo=1&js_build=iclick-v1.611.0 HTTP/1.1
Host: groorsoa.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mycima17.wecima.watch
DNT: 1
Connection: keep-alive
Referer: https://mycima17.wecima.watch/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 24 Oct 2023 20:44:19 GMT
content-type: application/json
x-trace-id: 20d210638892fce4a1ab00c6ea4e999b
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: https://mycima17.wecima.watch
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=0e83d4833f46430da80c713b54881905; expires=Wed, 23 Oct 2024 20:44:19 GMT; path=/; secure; SameSite=None
oaidts=1698180259; expires=Wed, 23 Oct 2024 20:44:19 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

professionalswebcheck.com/stats

35.157.63.144

200 OK

40 B

URL GET HTTP/2
professionalswebcheck.com/stats
IP
35.157.63.144:443
ASN
#16509 AMAZON-02

Requested by
https://mycima17.wecima.watch/category/%D8%A3%D9%81%D9%84%D8%A7%D9%85/%D8%A7%D9%81%D9%84%D8%A7%D9%85-%D9%88%D8
Certificate
IssuerAmazon
Subjectprofessionalswebcheck.com
Fingerprint75:E9:08:FD:96:58:C7:98:43:E8:21:27:A8:E9:B9:A4:55:28:F2:0C
ValidityWed, 30 Aug 2023 00:00:00 GMT - Fri, 27 Sep 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
9d6b00cc3f0b9db0e24fb19d6367d5b5
6c875f4738af04001d5420e8c8f385561611791a
b57be00d40ea5d1fc863588edb4693d7d6a210f0dd0313115c66eb5b5a22f8a6

HTTP Headers

GET /stats HTTP/1.1
Host: professionalswebcheck.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mycima17.wecima.watch
DNT: 1
Connection: keep-alive
Referer: https://mycima17.wecima.watch/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 24 Oct 2023 20:44:19 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://mycima17.wecima.watch
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=76baea28-0d3f-4116-9191-65dbdfcc1a3e:1:1; expires=Fri, 21 Oct 2033 20:44:19 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f

139.45.195.254

200 OK

12 B

URL POST HTTP/1.1
fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
IP
139.45.195.254:443
ASN
#9002 RETN Limited

Requested by
https://mycima17.wecima.watch/category/%D8%A3%D9%81%D9%84%D8%A7%D9%85/%D8%A7%D9%81%D9%84%D8%A7%D9%85-%D9%88%D8
Certificate
IssuerSectigo Limited
Subjectfleraprt.com
FingerprintA4:AF:A0:00:99:C9:85:E5:30:F6:F3:F2:B5:4F:AE:4F:D0:46:74:A9
ValidityMon, 09 Jan 2023 00:00:00 GMT - Sun, 14 Jan 2024 23:59:59 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
6949f52318584a4b51c719a9b84a7287
9fbd870c6afd4bdd6fbbd87f52df2c81dd23e905
72603096ec3515dbc615ab8837fd1b15e91ee827bc7af41d71c9882b08699375

HTTP Headers

POST /log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f HTTP/1.1
Host: fleraprt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1430
Origin: https://mycima17.wecima.watch
DNT: 1
Connection: keep-alive
Referer: https://mycima17.wecima.watch/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Tue, 24 Oct 2023 20:44:24 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://mycima17.wecima.watch
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

mycima17.wecima.watch/wp-content/themes/Mycima2021/components/packs/%23footer/js/setup.js?1199092626&ver=6.2.2

172.67.192.85

200 OK

153 kB

URL GET HTTP/3
mycima17.wecima.watch/wp-content/themes/Mycima2021/components/packs/%23footer/js/setup.js?1199092626&ver=6.2.2
IP
172.67.192.85:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mycima17.wecima.watch/category/%D8%A3%D9%81%D9%84%D8%A7%D9%85/%D8%A7%D9%81%D9%84%D8%A7%D9%85-%D9%88%D8
Certificate
IssuerGoogle Trust Services LLC
Subjectwecima.watch
FingerprintB7:D4:0A:4C:01:E5:AD:7B:78:9E:57:40:6B:0A:65:9F:93:2F:7D:52
ValidityTue, 26 Sep 2023 13:10:12 GMT - Mon, 25 Dec 2023 13:10:11 GMT

File type

Size
153 kB (152752 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /wp-content/themes/Mycima2021/components/packs/%23footer/js/setup.js?1199092626&ver=6.2.2 HTTP/1.1
Host: mycima17.wecima.watch
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mycima17.wecima.watch/category/%D8%A3%D9%81%D9%84%D8%A7%D9%85/%D8%A7%D9%81%D9%84%D8%A7%D9%85-%D9%88%D8
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 24 Oct 2023 20:44:18 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 13 Feb 2023 19:31:57 GMT
etag: W/"63ea902d-254b0"
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jluev6yERDWPESrWvz%2F08pq55Au%2Bo0i45eVa8Rm%2F8C3fhreO5AR6GfGWFQiHunQcrClWvUpKgycg%2B6NCNYlImoNS9SnwOOc0T8LYgtf%2BL7flFPeNQqwedL2F24yKHnyc8OVpCbC4aSg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 81b50e993da2b515-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

mycima17.wecima.watch/wp-content/uploads/2023/02/wecima-favicon-1.png

172.67.192.85

200 OK

5.5 kB

URL GET HTTP/3
mycima17.wecima.watch/wp-content/uploads/2023/02/wecima-favicon-1.png
IP
172.67.192.85:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mycima17.wecima.watch/category/%D8%A3%D9%81%D9%84%D8%A7%D9%85/%D8%A7%D9%81%D9%84%D8%A7%D9%85-%D9%88%D8
Certificate
IssuerGoogle Trust Services LLC
Subjectwecima.watch
FingerprintB7:D4:0A:4C:01:E5:AD:7B:78:9E:57:40:6B:0A:65:9F:93:2F:7D:52
ValidityTue, 26 Sep 2023 13:10:12 GMT - Mon, 25 Dec 2023 13:10:11 GMT

File type
PNG image data, 271 x 211, 8-bit/color RGBA, non-interlaced\012- data
Size
5.5 kB (5499 bytes)
Hash
de6cab0eb34528ddc75c0bba91468367
805566b4421a52ccbc7ddea87282ce4df241f64e
ab33b59200764ca718a5f977d0eccf57c27d02560c59ba3a9b12af1819b1f7fa

HTTP Headers

GET /wp-content/uploads/2023/02/wecima-favicon-1.png HTTP/1.1
Host: mycima17.wecima.watch
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mycima17.wecima.watch/
DNT: 1
Connection: keep-alive
Cookie: _ga_6JHTFKY3P3=GS1.1.1698180259.1.0.1698180259.0.0.0; _ga=GA1.1.1248481869.1698180260
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 24 Oct 2023 20:44:20 GMT
content-type: image/png
content-length: 5499
last-modified: Mon, 13 Feb 2023 20:21:20 GMT
etag: "63ea9bc0-157b"
vary: Accept, Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 3404
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6fV1Upc3WI%2FA%2BhtbyfbXjGfZ7NWQFty%2FX1egeyh3v1q0TqgDNmMLgQhX1PmyMN3ejI8muAO673%2F52tPI2aaHZ9JL1QgtQO33m1sb4ylwTzy1LEe3Ml2W69BkZB2BcNNBNPgZHK70hbM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 81b50ea4993ab515-OSL
alt-svc: h3=":443"; ma=86400

my.rtmark.net/gid.js?userId=q8do115413bb861251876k1q2icly813

139.45.195.8

200 OK

65 B

URL GET HTTP/2
my.rtmark.net/gid.js?userId=q8do115413bb861251876k1q2icly813
IP
139.45.195.8:443
ASN
#9002 RETN Limited

Requested by
https://mycima17.wecima.watch/category/%D8%A3%D9%81%D9%84%D8%A7%D9%85/%D8%A7%D9%81%D9%84%D8%A7%D9%85-%D9%88%D8
Certificate
IssuerLet's Encrypt
Subjectrtmark.net
FingerprintE8:81:4E:79:89:89:BE:CE:75:1F:E0:2A:60:54:8A:A4:11:2E:F7:42
ValiditySat, 07 Oct 2023 15:22:00 GMT - Fri, 05 Jan 2024 15:21:59 GMT

File type
troff or preprocessor input, ASCII text, with no line terminators
Size
65 B (65 bytes)
Hash
22a11ae35624f19529348e89349c7278
881aea70d8370f519f4ee8beca79886964fffd85
ebbe5d976227f335170cf721ab93db6d84fe8ee1afe1faca4bac8a3fc238ce07

HTTP Headers

GET /gid.js?userId=q8do115413bb861251876k1q2icly813 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mycima17.wecima.watch
DNT: 1
Connection: keep-alive
Referer: https://mycima17.wecima.watch/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 24 Oct 2023 20:44:21 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://mycima17.wecima.watch
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=q8do115413bb861251876k1q2icly813; expires=Wed, 23 Oct 2024 20:44:21 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (20)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by