amclicks.com/x/7768/16944/0/4874966/590413665212051457/kOkrLEpHjF/0/0/0/
44.194.247.48301 Moved Permanently 134 B URL HTTP/1.1 amclicks.com/x/7768/16944/0/4874966/590413665212051457/kOkrLEpHjF/0/0/0/
IP 44.194.247.48:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4aa7a432bb447f094408f1bd6229c605
1965c4952cc8c082a6307ed67061a57aab6632fa
34ccdc351dc93dbf30a8630521968421091e3ed19c31a16e32c2eabb55c6a73a
GET /x/7768/16944/0/4874966/590413665212051457/kOkrLEpHjF/0/0/0/ HTTP/1.1
Host: amclicks.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: awselb/2.0
Date: Sun, 04 Sep 2022 22:07:03 GMT
Content-Type: text/html
Content-Length: 134
Connection: keep-alive
Location: https://amclicks.com:443/x/7768/16944/0/4874966/590413665212051457/kOkrLEpHjF/0/0/0/
firefox.settings.services.mozilla.com/v1/
143.204.55.115200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.115:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 91dd975a7b17b2922dd23c0e49314e40
57a2ece1e3cee7c4ebf927f2ba92f52cac395fe2
09966873bbf317f8910c59544cfde2a6d46e8acd2905797cc7c85c6b4d18ea8a
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Content-Type, Alert, Backoff, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sun, 04 Sep 2022 21:44:24 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 6a757ab2991da716151f94ca00b38098.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: TCa7wyq2GUEouZJkYybH019Hc0Z9XgJBgzViMVkFx7euWjTzUg7nYA==
Age: 1359
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d931e0142ef5ffe9cdb4c4c6bfcb9bc9
d9c4caf525e8926b042a14f38d374cc4033ed768
f610984fb0a75b3a31424faa860cbc8172c7f21804df1dc14fbb685b7c456f29
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F610984FB0A75B3A31424FAA860CBC8172C7F21804DF1DC14FBB685B7C456F29"
Last-Modified: Sat, 03 Sep 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6493
Expires: Sun, 04 Sep 2022 23:55:16 GMT
Date: Sun, 04 Sep 2022 22:07:03 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
143.204.55.49200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP 143.204.55.49:0
File type PEM certificate\012- , ASCII text
Hash 742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Sun, 04 Sep 2022 01:15:18 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 dbfaae0db03f11cf713bbcbdb25be4a2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: UTc_riaMSBI4ZrO9y5v9UBwe2R1obrQ3CkcTuUt2Yqp22Dv3394DmA==
age: 75106
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 04 Sep 2022 22:07:03 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
54.230.245.118200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.118:0
Hash c20da56822e5ca51b6356f4f363fe3d0
210790f3deccbe7794c70d00e80925b242c4ce72
096f26a8e96be089133523a4a05ebb23d1dcb0ccd44f13b0d719a54ddb77353b
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sun, 04 Sep 2022 22:07:03 GMT
Last-Modified: Sun, 04 Sep 2022 22:05:18 GMT
Server: ECS (dcb/7FA7)
X-Cache: Miss from cloudfront
Via: 1.1 9d4a908d41124cba1276d6cef8f00c60.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: UnYRg9szhZgACsPJ7MgMHFzEZT2RzGAoUCqoyEPFNLXv-u8FavV3kQ==
Age: 105
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.115200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.115:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, ETag, Backoff, Last-Modified, Pragma, Cache-Control, Expires, Content-Type, Content-Length, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Sun, 04 Sep 2022 21:38:16 GMT
Cache-Control: max-age=3600
Expires: Sun, 04 Sep 2022 22:08:19 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 bcd5dadccb0831729969c938747ff79a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: pCahiIaX_VOYRcYIn3pCHXrnsa5NeSIt3kQ0ysZGcen2RJRznb6smA==
Age: 1727
amclicks.com/x/7768/16944/0/4874966/590413665212051457/kOkrLEpHjF/0/0/0/
44.194.247.48200 OK 189 B URL HTTP/2 amclicks.com/x/7768/16944/0/4874966/590413665212051457/kOkrLEpHjF/0/0/0/
IP 44.194.247.48:0
File type HTML document, ASCII text, with no line terminators
Hash 1aaaaed07997f146eb378ddcff3a2ecd
1b368a0215d9299689d0158dfabbcd79f90081d7
ba79b56d7b09fc9c10fefad73c8ddf0f87fdeeff91e2c777043fd0b0e4241f92
GET /x/7768/16944/0/4874966/590413665212051457/kOkrLEpHjF/0/0/0/ HTTP/1.1
Host: amclicks.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Sun, 04 Sep 2022 22:07:03 GMT
content-type: text/html; charset=UTF-8
content-length: 189
server: Apache/2.4.41 (Ubuntu)
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: ci_session=3fslictje9lqcskbkgh6rv8phffitms2; expires=Mon, 05-Sep-2022 00:07:03 GMT; Max-Age=7200; path=/; HttpOnly; SameSite=Lax
ref=1; expires=Sun, 04-Sep-2022 23:07:03 GMT; Max-Age=3600
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 77d035f38a45e8a1ec30d5fe9611880b
01cf34de95257da64dac90edf5a86203f1160271
7dc687d6bb1679ba5567e58b4f8c1e78766e7ee36273ba7f62068c595d57f7f3
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4883
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 04 Sep 2022 22:07:04 GMT
Last-Modified: Sun, 04 Sep 2022 20:45:41 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 471
amclicks.com/x/7768/16944/0/4874966/590413665212051457/kOkrLEpHjF/0/0/0/
44.194.247.48302 Found 0 B URL HTTP/2 amclicks.com/x/7768/16944/0/4874966/590413665212051457/kOkrLEpHjF/0/0/0/
IP 44.194.247.48:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /x/7768/16944/0/4874966/590413665212051457/kOkrLEpHjF/0/0/0/ HTTP/1.1
Host: amclicks.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://amclicks.com/x/7768/16944/0/4874966/590413665212051457/kOkrLEpHjF/0/0/0/
Cookie: ref=1; ci_session=3fslictje9lqcskbkgh6rv8phffitms2
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 302 Found
date: Sun, 04 Sep 2022 22:07:04 GMT
content-type: text/html; charset=UTF-8
content-length: 0
location: https://monthlysweeps.us/go/to/4mmjuy/key/b573df1d4fbe0d9e69819fb590c6512a/aid/16944/s1/4874966/?em=0&
server: Apache/2.4.41 (Ubuntu)
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: ref=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0
X-Firefox-Spdy: h2
push.services.mozilla.com/
52.43.253.52101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.43.253.52:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 24x7g69gFGQcUAb1j+Rjqg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: o2/2NR3La/xX5DXfAv56RbMcDyo=
ocsp.sca1b.amazontrust.com/
54.230.245.118200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.118:0
Hash edb800e237a40e215407893552ef1ef3
908a3938d62bb37da6c031ee1394b614a363266d
2b509c3844e773883d63181ffb58a99057ea10ff45ee837780d7157ee028dbf8
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sun, 04 Sep 2022 22:07:04 GMT
Last-Modified: Sun, 04 Sep 2022 21:46:00 GMT
Server: ECS (nyb/1D2C)
X-Cache: Miss from cloudfront
Via: 1.1 9d4a908d41124cba1276d6cef8f00c60.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: MkCg9qGKn_VNCTf-UByXycrtQ1ROJz0JEgSCDtEmkP4lPTkRMqbceQ==
Age: 1265
monthlysweeps.us/go/to/4mmjuy/key/b573df1d4fbe0d9e69819fb590c6512a/aid/16944/s1/4874966/?em=0&
44.194.247.48301 Moved Permanently 312 B URL HTTP/2 monthlysweeps.us/go/to/4mmjuy/key/b573df1d4fbe0d9e69819fb590c6512a/aid/16944/s1/4874966/?em=0&
IP 44.194.247.48:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash af507637cbd79cbc886fad253481a604
3d0f20d995969e2906fef3f640e47750a4d4034c
d14f7ab0ce6fedba5309da9dbf1ae3c68c0a115bfc786138bb9319f0b54d9e11
GET /go/to/4mmjuy/key/b573df1d4fbe0d9e69819fb590c6512a/aid/16944/s1/4874966/?em=0& HTTP/1.1
Host: monthlysweeps.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://amclicks.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
date: Sun, 04 Sep 2022 22:07:04 GMT
content-type: text/html; charset=iso-8859-1
content-length: 312
location: http://monthlysweeps.us/go/to/4mmjuy/key/b573df1d4fbe0d9e69819fb590c6512a/aid/16944/s1/4874966?em=0&
server: Apache/2.4.41 (Ubuntu)
X-Firefox-Spdy: h2
monthlysweeps.us/go/to/4mmjuy/key/b573df1d4fbe0d9e69819fb590c6512a/aid/16944/s1/4874966?em=0&
44.194.247.48301 Moved Permanently 134 B URL HTTP/1.1 monthlysweeps.us/go/to/4mmjuy/key/b573df1d4fbe0d9e69819fb590c6512a/aid/16944/s1/4874966?em=0&
IP 44.194.247.48:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4aa7a432bb447f094408f1bd6229c605
1965c4952cc8c082a6307ed67061a57aab6632fa
34ccdc351dc93dbf30a8630521968421091e3ed19c31a16e32c2eabb55c6a73a
GET /go/to/4mmjuy/key/b573df1d4fbe0d9e69819fb590c6512a/aid/16944/s1/4874966?em=0& HTTP/1.1
Host: monthlysweeps.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: awselb/2.0
Date: Sun, 04 Sep 2022 22:07:04 GMT
Content-Type: text/html
Content-Length: 134
Connection: keep-alive
Location: https://monthlysweeps.us:443/go/to/4mmjuy/key/b573df1d4fbe0d9e69819fb590c6512a/aid/16944/s1/4874966?em=0&
monthlysweeps.us/go/to/4mmjuy/key/b573df1d4fbe0d9e69819fb590c6512a/aid/16944/s1/4874966?em=0&
44.194.247.48200 OK 9.9 kB URL HTTP/2 monthlysweeps.us/go/to/4mmjuy/key/b573df1d4fbe0d9e69819fb590c6512a/aid/16944/s1/4874966?em=0&
IP 44.194.247.48:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (939)
Hash f65e9d643433dd56c8fe785344ff61a0
2a6c2822479779acb8f4b172061e051acbc654b2
f17ead2a2b81a2c071aae2fe377727017de628e50cf2fe99fba2544ed314fac8
GET /go/to/4mmjuy/key/b573df1d4fbe0d9e69819fb590c6512a/aid/16944/s1/4874966?em=0& HTTP/1.1
Host: monthlysweeps.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Sep 2022 22:07:04 GMT
content-type: text/html; charset=UTF-8
content-length: 9945
server: Apache/2.4.41 (Ubuntu)
set-cookie: ci_session=gklrgnhfp5hsjhq50aglq7p0n2h0r3b2; path=/; HttpOnly; SameSite=Lax
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, no-store, max-age=0, no-cache
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 9b13e1ef10b6290e24199c04a0934866
8c364a3b697f439a4af3390643b6a5e1acd0c255
24729a0156f4228c8d9c849a31e243c7c3d1f1b10315770caff65eaf0103cdbd
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4812
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 04 Sep 2022 22:07:05 GMT
Last-Modified: Sun, 04 Sep 2022 20:46:53 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 280
monthlysweeps.us/assets/css/datepicker.css
44.194.247.48200 OK 818 B URL HTTP/2 monthlysweeps.us/assets/css/datepicker.css
IP 44.194.247.48:0
File type ASCII text, with very long lines (3335), with no line terminators
Hash 3240fc33175e0e388f26fbac8bf8cff3
cf1a645948c9ce996e1560b9569f56822c4f9ba8
9077f43ae19f62f65d930304d4f77d3ce23ec0d4ba41e1284dac8702fbc05f96
GET /assets/css/datepicker.css HTTP/1.1
Host: monthlysweeps.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://monthlysweeps.us/go/to/4mmjuy/key/b573df1d4fbe0d9e69819fb590c6512a/aid/16944/s1/4874966?em=0&
Cookie: ci_session=gklrgnhfp5hsjhq50aglq7p0n2h0r3b2
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Sep 2022 22:07:05 GMT
content-type: text/css
content-length: 818
server: Apache/2.4.41 (Ubuntu)
last-modified: Mon, 26 Jul 2021 18:17:06 GMT
etag: "d07-5c80ac2c970f8-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
monthlysweeps.us/assets/css/loading_icon_1.css
44.194.247.48200 OK 580 B URL HTTP/2 monthlysweeps.us/assets/css/loading_icon_1.css
IP 44.194.247.48:0
Hash b6b8913a6a3ad6881037667493551ec5
3daae516738f878875bb15766ca06a2ed9ee442b
cc46b8ab8bf6a609d0c9336a46ef8b217c15fb2ecdef548c5c4d6ce6ebdb52cf
GET /assets/css/loading_icon_1.css HTTP/1.1
Host: monthlysweeps.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://monthlysweeps.us/go/to/4mmjuy/key/b573df1d4fbe0d9e69819fb590c6512a/aid/16944/s1/4874966?em=0&
Cookie: ci_session=gklrgnhfp5hsjhq50aglq7p0n2h0r3b2
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Sep 2022 22:07:05 GMT
content-type: text/css
content-length: 580
server: Apache/2.4.41 (Ubuntu)
last-modified: Mon, 26 Jul 2021 18:17:07 GMT
etag: "db0-5c80ac2ce37a0-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
monthlysweeps.us/assets/css/sweeps.css
44.194.247.48200 OK 1.6 kB URL HTTP/2 monthlysweeps.us/assets/css/sweeps.css
IP 44.194.247.48:0
Hash a5c77602d9ceb6c6450244ffb0baf0d1
0a8756bf9ec23f2957f9165941196551cc046cf7
d1bdae39d462d3c7ccb9f86a413c69df0026d2c06558af9b691a0e98bf0cdd4e
GET /assets/css/sweeps.css HTTP/1.1
Host: monthlysweeps.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://monthlysweeps.us/go/to/4mmjuy/key/b573df1d4fbe0d9e69819fb590c6512a/aid/16944/s1/4874966?em=0&
Cookie: ci_session=gklrgnhfp5hsjhq50aglq7p0n2h0r3b2
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Sep 2022 22:07:05 GMT
content-type: text/css
content-length: 1639
server: Apache/2.4.41 (Ubuntu)
last-modified: Fri, 02 Sep 2022 17:56:19 GMT
etag: "172c-5e7b572772120-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/bootstrap-formhelpers/2.3.0/js/bootstrap-formhelpers.min.js
104.17.24.14200 OK 59 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/bootstrap-formhelpers/2.3.0/js/bootstrap-formhelpers.min.js
IP 104.17.24.14:0
File type Unicode text, UTF-8 text, with very long lines (65274)
Hash a63b2977b01b6e2d2e2086c3f63a3c9a
560409f64e40f5078e1ba8d496657badd7a3a6ee
4a477bb786727bd8c49a1dbc25dd37dcce7f2ceece74576dffd8a3da739b034f
GET /ajax/libs/bootstrap-formhelpers/2.3.0/js/bootstrap-formhelpers.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://monthlysweeps.us/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Sep 2022 22:07:05 GMT
content-type: application/javascript; charset=utf-8
content-length: 58913
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03d8e-46f6d"
last-modified: Mon, 04 May 2020 16:06:38 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 5372399
expires: Fri, 25 Aug 2023 22:07:05 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5Y0Wbb9jpAvzqnSN%2FXSesFDKUohmT416oCfKR%2BG%2FHl7oBZ9i6sH2GwYQAR8hQAxolz%2FnuUH52nLfbjK2gQDEsSqdYv%2F3qQgVggcKZWRTI0X8JPHtBzUxmgleM3edRcDb%2Bs4WkTRa"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 745a0938eb1cb506-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
code.jquery.com/jquery-3.3.1.min.js
69.16.175.42200 OK 30 kB URL HTTP/2 code.jquery.com/jquery-3.3.1.min.js
IP 69.16.175.42:0
File type ASCII text, with very long lines (65451)
Hash d549b312f7a7d228b4ec229a6547dfdc
0766794582ad530ec0f8c2595f741086afffa312
f6488b2915e0ceee723f4320492511d46c6ba1860d5975d085e6da8913f55f44
GET /jquery-3.3.1.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://monthlysweeps.us/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Sep 2022 22:07:05 GMT
content-encoding: gzip
content-length: 30288
content-type: application/javascript; charset=utf-8
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
accept-ranges: bytes
server: nginx
etag: W/"611feac9-1538f"
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-hw: 1662329225.dop015.sk1.t,1662329225.cds262.sk1.hn,1662329225.cds072.sk1.c
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.0/umd/popper.min.js
104.17.24.14200 OK 6.5 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.0/umd/popper.min.js
IP 104.17.24.14:0
File type ASCII text, with very long lines (20322)
Hash df9fe6d48e380554eb0ec9687bed3246
207263d754220200c1916edfbda262f62223ecf5
91d57502b7260e6752c2b5f1636d77707929fa9f09da28589691e61816a448f9
GET /ajax/libs/popper.js/1.14.0/umd/popper.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://monthlysweeps.us/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Sep 2022 22:07:05 GMT
content-type: application/javascript; charset=utf-8
content-length: 6458
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03fa9-500f"
last-modified: Mon, 04 May 2020 16:15:37 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 5372472
expires: Fri, 25 Aug 2023 22:07:05 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6V6AdnOHZyDno9nMXC7NlfcBIoxAvhLeZ1VllG7XiqZO4EMce29z2SWWb5X9hdPU99wtD4ONRrsMxdjwAd5s04OevElKvXVJdIyx99%2F5voWuHQb569gPJPQcLxdyQpcjzWx6mrKp"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 745a0938eb1eb506-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ads.pro-market.net/ads/scripts/site-141028.js
23.36.76.115200 OK 1.1 kB URL HTTP/1.1 ads.pro-market.net/ads/scripts/site-141028.js
IP 23.36.76.115:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (514), with CRLF line terminators
Hash 540b7c85a21cf48ee81735b2ffcc335f
e5eaedc157c73717aab322629e3f1ad8569bc0a1
aa2916440a5dc9e91cc213dc3503845a97fe91cfd12fe8e6cd92032b675a4da9
GET /ads/scripts/site-141028.js HTTP/1.1
Host: ads.pro-market.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://monthlysweeps.us/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Last-Modified: Tue, 23 Jul 2019 13:39:45 GMT
Server: nginx/1.0.15
Content-Type: application/x-javascript
Content-Encoding: gzip
Content-Length: 1101
Cache-Control: max-age=86400
Date: Sun, 04 Sep 2022 22:07:05 GMT
Connection: keep-alive
Vary: Accept-Encoding
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 9b13e1ef10b6290e24199c04a0934866
8c364a3b697f439a4af3390643b6a5e1acd0c255
24729a0156f4228c8d9c849a31e243c7c3d1f1b10315770caff65eaf0103cdbd
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4812
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 04 Sep 2022 22:07:05 GMT
Last-Modified: Sun, 04 Sep 2022 20:46:53 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 280
cdn.jsdelivr.net/jquery.validation/1.15.0/additional-methods.min.js
151.101.85.229200 OK 5.2 kB URL HTTP/2 cdn.jsdelivr.net/jquery.validation/1.15.0/additional-methods.min.js
IP 151.101.85.229:0
File type Unicode text, UTF-8 text, with very long lines (17590)
Hash 4c0e8d136f8e41d83cb99f52be04f280
eecf9c91f361ac05dfaa6b7167aea6f0d4ddf7cd
81659fd2d8cc8d38327f4450954654b19dbb8a95a2b1e402e47869f0ca9dddc6
GET /jquery.validation/1.15.0/additional-methods.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://monthlysweeps.us/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
etag: W/"4547-g4rGbD7KxrYTawSb3Q4U8vAilSw"
content-encoding: gzip
accept-ranges: bytes
date: Sun, 04 Sep 2022 22:07:05 GMT
age: 2925332
x-served-by: cache-fra19122-FRA, cache-bma1681-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
content-length: 5199
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash a73c40e0fed317f31e35a24d5b5e2d0d
fb19e9d403e37956762ebb527260576860161872
4a38f2cc8997dada402e2cce06bbd8776cbad2075b00696d00efa59ad5388644
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Sep 2022 22:07:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash e55281415ad2c89f8e871f59400c8dc1
bc7ca4131f13d89604161eb0641352670c28c033
1e9c57dbee44db8c9aab44449f9f0cb502a6d9f6473de439daf26414d0d2517a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Sep 2022 22:07:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
104.18.21.226200 OK 1.5 kB URL HTTP/1.1 ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
IP 104.18.21.226:0
Hash 826f1ffec6122171746e30345846a293
9321a8723c442c7a3cd74a028a89d33a7d0ce307
842a67126bf15c19ea23146654365606720701c750a239bbcc632d626cfcaef6
POST /ca/gsatlasr3dvtlsca2022q1 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 22:07:05 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "3731F01556CB6C6A60A891B0F5EBBC36F4769634"
Expires: Mon, 05 Sep 2022 08:00:00 GMT
Last-Modified: Sun, 04 Sep 2022 20:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 3354
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 745a09398fa6fab8-OSL
www.google.com/recaptcha/api.js?render=6LdnFqEUAAAAAFM5s_aRoZZO_zDhqoVv6uCdscQi
142.250.74.164200 OK 583 B URL HTTP/2 www.google.com/recaptcha/api.js?render=6LdnFqEUAAAAAFM5s_aRoZZO_zDhqoVv6uCdscQi
IP 142.250.74.164:0
File type ASCII text, with very long lines (884), with no line terminators
Hash 3791f6cd969502e9e7b2904df8124169
1531da6cc5b52d9d4eb8744eb4c055719a44d209
ed049f63c093cce75cf1df275b3785eabbaad2edf5b663cb55a948c0fb366e4a
GET /recaptcha/api.js?render=6LdnFqEUAAAAAFM5s_aRoZZO_zDhqoVv6uCdscQi HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://monthlysweeps.us/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
expires: Sun, 04 Sep 2022 22:07:05 GMT
date: Sun, 04 Sep 2022 22:07:05 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 583
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash a73c40e0fed317f31e35a24d5b5e2d0d
fb19e9d403e37956762ebb527260576860161872
4a38f2cc8997dada402e2cce06bbd8776cbad2075b00696d00efa59ad5388644
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Sep 2022 22:07:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
use.fontawesome.com/releases/v5.15.4/webfonts/fa-solid-900.woff2
104.21.63.54200 OK 78 kB URL HTTP/2 use.fontawesome.com/releases/v5.15.4/webfonts/fa-solid-900.woff2
IP 104.21.63.54:0
File type Web Open Font Format (Version 2), TrueType, length 78268, version 331.-31196\012- data
Hash d824df7eb2e268626a2dd9a6a741ac4e
0ccb2c814a7e4ca12c4778821633809cb0361eaa
9834b82ad26e2a37583d22676a12dd2eb0fe7c80356a2114d0db1aa8b3899537
GET /releases/v5.15.4/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://monthlysweeps.us
Connection: keep-alive
Referer: https://use.fontawesome.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Sep 2022 22:07:05 GMT
content-type: font/woff2
content-length: 78268
x-amz-id-2: mdiDvY0sbgHVjregnd781st54+0pccrOI/5iNzvFFVM+9ASH+6AQKRpcTZ716/8m9+nPLgncrSQ=
x-amz-request-id: 95ZB14SR49ZZSQCK
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Wed, 04 Aug 2021 20:43:47 GMT
etag: "d824df7eb2e268626a2dd9a6a741ac4e"
cache-control: max-age=31556926
cf-cache-status: HIT
age: 158335
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BmPBJ2RAAONfQuMXxcdE2veIA4Zy4BVU5%2F1so%2BQdOswRtpOYI2FTqr%2FFixvTwghd46BSRziTaQtJtYS9GsnB9ZjTE6Xhg5jn9UMYTmLBBad99OWdoY7UHaRSc6XXLxX1igOBm6Hs"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 745a0939ea57b524-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 420a6ffc72857f7132a9065de7c844a9
dee617384561d0790b72f096336b73ade7950579
c98bdc53f1f22291c4b954e9bd5f6432cfe3d5b24e3680b4ada3fc3a696e79d7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Sep 2022 22:07:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
monthlysweeps.us/assets/js/datepicker.js
44.194.247.48200 OK 5.3 kB URL HTTP/2 monthlysweeps.us/assets/js/datepicker.js
IP 44.194.247.48:0
File type ASCII text, with very long lines (16878)
Hash 6c28af1b6fa9301701dfefc5dbfe5159
134cfa1c0a5a837f002034b8ea1a8c6243b96bac
4a47c7c7ccb099528d7387eadcc4989bbbc17d75981507635d015da4711bb932
Analyzer Verdict Alert fortinet Phishing
GET /assets/js/datepicker.js HTTP/1.1
Host: monthlysweeps.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://monthlysweeps.us/go/to/4mmjuy/key/b573df1d4fbe0d9e69819fb590c6512a/aid/16944/s1/4874966?em=0&
Cookie: ci_session=gklrgnhfp5hsjhq50aglq7p0n2h0r3b2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Sep 2022 22:07:05 GMT
content-type: application/javascript
content-length: 5285
server: Apache/2.4.41 (Ubuntu)
last-modified: Mon, 26 Jul 2021 18:17:09 GMT
etag: "42ac-5c80ac2fab258-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 3958546039b436bd448017432b45c949
45aadab2339c0718b57200a1b2849073c04f08f5
903f9b9e0ccec46513fb56991790db64f79dd2548f6240c4905cf9f19bdaa783
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Sep 2022 22:07:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 3958546039b436bd448017432b45c949
45aadab2339c0718b57200a1b2849073c04f08f5
903f9b9e0ccec46513fb56991790db64f79dd2548f6240c4905cf9f19bdaa783
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Sep 2022 22:07:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
use.fontawesome.com/releases/v5.15.4/css/fontawesome.css
104.21.63.54200 OK 13 kB URL HTTP/2 use.fontawesome.com/releases/v5.15.4/css/fontawesome.css
IP 104.21.63.54:0
File type ASCII text, with very long lines (57687)
Hash a5e8c04e2ebda62913b141c75693ea50
62c978d32a664bb3e09c0b3035e7558df0871ca0
be22c4326ad9e3481ba256dd303c2fdb50d35d43a890486a11d1cd4c706e8f55
GET /releases/v5.15.4/css/fontawesome.css HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://monthlysweeps.us
Connection: keep-alive
Referer: https://monthlysweeps.us/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Sep 2022 22:07:05 GMT
content-type: text/css
x-amz-id-2: 8SnHluPMPysAuQ+sdGb/5aer5x1/6BITEJiqsgGg3yik/6oo1VJQ6cuxzNsTEDm1Qd+Tihu6hTrGgnYBe0UyCg==
x-amz-request-id: 782FGP6SSRT2E761
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Wed, 04 Aug 2021 20:43:22 GMT
etag: W/"a227f005fa7ae066c1068ac4b963514c"
cache-control: max-age=31556926
cf-cache-status: HIT
age: 133242
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FXI0PGCLOrcdAcu7d0sfiKSqqeOI1ZEZ6%2F5X8nhaXVVbLStXKt%2FO%2B9DKAIgN95cA5WQIA85lMla8pBEFnceIq8mwcJZ1PNgoiS2Vmuym3zBP8IUMz0h%2FR%2Fy99vJs4bowwvcaS7ra"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 745a0938b912b524-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 3958546039b436bd448017432b45c949
45aadab2339c0718b57200a1b2849073c04f08f5
903f9b9e0ccec46513fb56991790db64f79dd2548f6240c4905cf9f19bdaa783
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Sep 2022 22:07:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/oswald/v49/TK3IWkUHHAIjg75cFRf3bXL8LICs1_Fv40pKlN4NNSeSASz7FmlWHYg.woff2
142.250.74.163200 OK 18 kB URL HTTP/2 fonts.gstatic.com/s/oswald/v49/TK3IWkUHHAIjg75cFRf3bXL8LICs1_Fv40pKlN4NNSeSASz7FmlWHYg.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 17908, version 1.0\012- data
Hash e46b4e2e3b47cc232937ebf72b4c537e
2675bc06ee643b8c935370325a327efb74746e6a
d8543b5dcaea1fc4a0301dc12b5b2adc9079e0794dd6a45879588fb844f3438e
GET /s/oswald/v49/TK3IWkUHHAIjg75cFRf3bXL8LICs1_Fv40pKlN4NNSeSASz7FmlWHYg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://monthlysweeps.us
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 17908
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 29 Aug 2022 21:38:33 GMT
expires: Tue, 29 Aug 2023 21:38:33 GMT
cache-control: public, max-age=31536000
age: 520112
last-modified: Mon, 18 Jul 2022 19:23:34 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
monthlysweeps.us/assets/img/sweepstakes250/one.png
44.194.247.48200 OK 801 B URL HTTP/2 monthlysweeps.us/assets/img/sweepstakes250/one.png
IP 44.194.247.48:0
File type PNG image data, 58 x 58, 8-bit colormap, non-interlaced\012- data
Hash 03744c9d39310c5d2af2cf2a23616580
603f0d70ddc7d77f6341dc0caf9e0740b33ae061
afbc2f9fe529022b98f966b254c8d3173a40998fdd01ee3739df99a8a3169a0b
GET /assets/img/sweepstakes250/one.png HTTP/1.1
Host: monthlysweeps.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://monthlysweeps.us/go/to/4mmjuy/key/b573df1d4fbe0d9e69819fb590c6512a/aid/16944/s1/4874966?em=0&
Cookie: ci_session=gklrgnhfp5hsjhq50aglq7p0n2h0r3b2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Sep 2022 22:07:05 GMT
content-type: image/png
content-length: 801
server: Apache/2.4.41 (Ubuntu)
last-modified: Thu, 01 Dec 2016 21:16:31 GMT
etag: "321-5429f55d7e9c0"
accept-ranges: bytes
X-Firefox-Spdy: h2
monthlysweeps.us/assets/img/sweepstakes250/two.png
44.194.247.48200 OK 915 B URL HTTP/2 monthlysweeps.us/assets/img/sweepstakes250/two.png
IP 44.194.247.48:0
File type PNG image data, 58 x 58, 8-bit colormap, non-interlaced\012- data
Hash a1914f8236d7704856f5c5762e86c109
ea40712fad474fab16b7e2f1505bcb42302cd6ec
6c21621aeb7ad165ee758074b65bbf2fa35498a74320a940c52a3208375ef26d
GET /assets/img/sweepstakes250/two.png HTTP/1.1
Host: monthlysweeps.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://monthlysweeps.us/go/to/4mmjuy/key/b573df1d4fbe0d9e69819fb590c6512a/aid/16944/s1/4874966?em=0&
Cookie: ci_session=gklrgnhfp5hsjhq50aglq7p0n2h0r3b2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Sep 2022 22:07:05 GMT
content-type: image/png
content-length: 915
server: Apache/2.4.41 (Ubuntu)
last-modified: Thu, 01 Dec 2016 21:16:30 GMT
etag: "393-5429f55c8a780"
accept-ranges: bytes
X-Firefox-Spdy: h2
fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh6UVSwiPGQ.woff2
142.250.74.163200 OK 23 kB URL HTTP/2 fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh6UVSwiPGQ.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 23040, version 1.0\012- data
Hash de69cf9e514df447d1b0bb16f49d2457
2ac78601179c3a63ba3f3f3081556b12ddcaf655
c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49
GET /s/lato/v23/S6u9w4BMUTPHh6UVSwiPGQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://monthlysweeps.us
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 23040
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 30 Aug 2022 17:10:21 GMT
expires: Wed, 30 Aug 2023 17:10:21 GMT
cache-control: public, max-age=31536000
age: 449804
last-modified: Tue, 26 Apr 2022 15:56:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2
142.250.74.163200 OK 24 kB URL HTTP/2 fonts.gstatic.com/s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 23580, version 1.0\012- data
Hash e1b3b5908c9cf23dfb2b9c52b9a023ab
fcd4136085f2a03481d9958cc6793a5ed98e714c
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
GET /s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://monthlysweeps.us
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 23580
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 30 Aug 2022 17:10:21 GMT
expires: Wed, 30 Aug 2023 17:10:21 GMT
cache-control: public, max-age=31536000
age: 449804
last-modified: Tue, 26 Apr 2022 15:48:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 3958546039b436bd448017432b45c949
45aadab2339c0718b57200a1b2849073c04f08f5
903f9b9e0ccec46513fb56991790db64f79dd2548f6240c4905cf9f19bdaa783
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Sep 2022 22:07:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
monthlysweeps.us/assets/img/campaign/1253_welcome.png
44.194.247.48200 OK 258 kB URL HTTP/2 monthlysweeps.us/assets/img/campaign/1253_welcome.png
IP 44.194.247.48:0
File type PNG image data, 550 x 350, 8-bit/color RGBA, non-interlaced\012- data
Size 258 kB (258018 bytes)
Hash 4ab082dfa4d24ddc5faa6ae9be0b7e7a
0a66d5fa8c56b01c42656bad7fd0358e35f0b5a7
c916d279aa3477141699255e5f01031b8d891bbea0cadf185ddad136866da02b
GET /assets/img/campaign/1253_welcome.png HTTP/1.1
Host: monthlysweeps.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://monthlysweeps.us/go/to/4mmjuy/key/b573df1d4fbe0d9e69819fb590c6512a/aid/16944/s1/4874966?em=0&
Cookie: ci_session=gklrgnhfp5hsjhq50aglq7p0n2h0r3b2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Sep 2022 22:07:05 GMT
content-type: image/png
content-length: 258018
server: Apache/2.4.41 (Ubuntu)
last-modified: Thu, 10 Feb 2022 18:45:24 GMT
etag: "3efe2-5d7ae5a63e210"
accept-ranges: bytes
X-Firefox-Spdy: h2
monthlysweeps.us/assets/img/campaign/1253_bg.jpg
44.194.247.48200 OK 475 kB URL HTTP/2 monthlysweeps.us/assets/img/campaign/1253_bg.jpg
IP 44.194.247.48:0
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=1080, bps=0, PhotometricIntepretation=RGB, orientation=upper-left, width=1920], progressive, precision 8, 1920x1080, components 3\012- data
Size 475 kB (474838 bytes)
Hash 9f9ec0bd4b699f784446c17a1273a4ac
e79666717b7b004f554e6bfec1d073b4627ed3a7
9b092cd2a17b5e84e2e12622d1cad8c40f2df0aa44a8b0d7a320a1e1209aca41
GET /assets/img/campaign/1253_bg.jpg HTTP/1.1
Host: monthlysweeps.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://monthlysweeps.us/go/to/4mmjuy/key/b573df1d4fbe0d9e69819fb590c6512a/aid/16944/s1/4874966?em=0&
Cookie: ci_session=gklrgnhfp5hsjhq50aglq7p0n2h0r3b2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Sep 2022 22:07:05 GMT
content-type: image/jpeg
content-length: 474838
server: Apache/2.4.41 (Ubuntu)
last-modified: Thu, 10 Feb 2022 18:54:27 GMT
etag: "73ed6-5d7ae7abcb0c8"
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash bc48f9fa10713ddb64df526b4e6ab950
72bfdf324d421ad2b5c85ce8889306548e469f72
e86afecb10f79cbe3fcb8b8b9655fd720f66c33a7207169cd56845c92e039145
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 04 Sep 2022 22:07:05 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Fri, 02 Sep 2022 02:10:13 GMT
Expires: Fri, 09 Sep 2022 02:10:12 GMT
Etag: "72bfdf324d421ad2b5c85ce8889306548e469f72"
Cache-Control: max-age=359586,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 745a093a7eee1c06-OSL
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b15f3f14bd92b7a544ec2347e6810c7b
dd55fd8396d796082edabb5ab6e2d7fb3b51b731
87c27c4b0288f31faa405ba5247767d1f299938551bd284212ee487dbb0deb63
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "87C27C4B0288F31FAA405BA5247767D1F299938551BD284212EE487DBB0DEB63"
Last-Modified: Fri, 02 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14646
Expires: Mon, 05 Sep 2022 02:11:11 GMT
Date: Sun, 04 Sep 2022 22:07:05 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b15f3f14bd92b7a544ec2347e6810c7b
dd55fd8396d796082edabb5ab6e2d7fb3b51b731
87c27c4b0288f31faa405ba5247767d1f299938551bd284212ee487dbb0deb63
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "87C27C4B0288F31FAA405BA5247767D1F299938551BD284212EE487DBB0DEB63"
Last-Modified: Fri, 02 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14646
Expires: Mon, 05 Sep 2022 02:11:11 GMT
Date: Sun, 04 Sep 2022 22:07:05 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b15f3f14bd92b7a544ec2347e6810c7b
dd55fd8396d796082edabb5ab6e2d7fb3b51b731
87c27c4b0288f31faa405ba5247767d1f299938551bd284212ee487dbb0deb63
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "87C27C4B0288F31FAA405BA5247767D1F299938551BD284212EE487DBB0DEB63"
Last-Modified: Fri, 02 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14646
Expires: Mon, 05 Sep 2022 02:11:11 GMT
Date: Sun, 04 Sep 2022 22:07:05 GMT
Connection: keep-alive
ldsapi.tmginteractive.com/generateplacementscript.aspx?placement=13488000&publisher=139136&affid=1253169444874966&subid=1253169444874966
209.151.244.116200 OK 700 B URL HTTP/1.1 ldsapi.tmginteractive.com/generateplacementscript.aspx?placement=13488000&publisher=139136&affid=1253169444874966&subid=1253169444874966
IP 209.151.244.116:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (852), with CRLF line terminators
Hash bc0f1a642c70ed72a8408134af3c2bcd
d0030cebf7ebd497c79f9cc3408c9ec7bca8c92f
ec9741f93d54e0b427beff13ac1d8e949b75f2ff7517506edb092f4acd0917f5
GET /generateplacementscript.aspx?placement=13488000&publisher=139136&affid=1253169444874966&subid=1253169444874966 HTTP/1.1
Host: ldsapi.tmginteractive.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://monthlysweeps.us/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: *
X-Service-Ip: 110
Date: Sun, 04 Sep 2022 22:07:04 GMT
Content-Length: 700
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F514b7fbd-ae99-4219-bd03-50e907f92b7b.jpeg
34.120.237.76200 OK 15 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F514b7fbd-ae99-4219-bd03-50e907f92b7b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ca50f9c56ff869b0b63ca71b1a9f8170
13b16ca74113dfd52ccf23e6bb39307fc713f984
76b85dd7e018ab4b3d4b2610f90dbca61d0f05d38a3b905fee789af131ae7538
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F514b7fbd-ae99-4219-bd03-50e907f92b7b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 14855
x-amzn-requestid: 65cf850b-227a-4318-a00e-d7cd4ef81489
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X5wjuGtpoAMFvvA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6313c7b1-54bc36741984491b0509d173;Sampled=0
x-amzn-remapped-date: Sat, 03 Sep 2022 21:31:29 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: M9Y8U9vqVs1ATiPP9jLPybTJ-xwC--5oiRUpj9-imTWfh6_rmtL5Kw==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Sep 2022 14:29:26 GMT
age: 27459
etag: "13b16ca74113dfd52ccf23e6bb39307fc713f984"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa54e2726-407f-4a8a-8d19-21de249844f5.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa54e2726-407f-4a8a-8d19-21de249844f5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash fc4ceb10dd9fcaab21ae58dcf10c401f
6ce530af682094dc5413db9de02565691fab4da7
84ad58e126cce2ab6b1568ffe89a116bc1de0310bb72d4530eead2fb8191572c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa54e2726-407f-4a8a-8d19-21de249844f5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11380
x-amzn-requestid: 61f37e21-33a8-49e6-b384-4ca1fcfbffa5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Xz8TLFA3oAMFQjg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63117414-42de5c4128eb9e011d848356;Sampled=0
x-amzn-remapped-date: Fri, 02 Sep 2022 03:10:12 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: s0voKdiDdj0mq8-VRFSWcYcQXaWti7929bpdKSQMWDoVCmOAPepuDg==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Sep 2022 03:48:57 GMT
age: 65888
etag: "6ce530af682094dc5413db9de02565691fab4da7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc410b0d8-b008-47cc-bbf7-a762c06e0fcd.png
34.120.237.76200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc410b0d8-b008-47cc-bbf7-a762c06e0fcd.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6bb4b1d74f1443bc3328301ab3ae6464
2768253dacaaad6cb498c6b2eb7694208b0ce0a6
07dcc95dab7757402998a5a61b540c965ce95c8bd51a814a09438981693b563a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc410b0d8-b008-47cc-bbf7-a762c06e0fcd.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8688
x-amzn-requestid: 1c5fbc89-8ce8-4792-b713-f2c0ceeab737
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X5wifFJYoAMFi0g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6313c7a9-214311e155c661ff77d89906;Sampled=0
x-amzn-remapped-date: Sat, 03 Sep 2022 21:31:21 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: qWfbakQgavws0aT7URut5AdyniAYkEZcd3nz2mtU2zzT7ZhipObNEg==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 4f3feb5c4393987d42d1971d404d7cea.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Sep 2022 21:44:32 GMT
age: 1353
etag: "2768253dacaaad6cb498c6b2eb7694208b0ce0a6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F37a5a560-36c9-4ce4-9cd9-c63ef9dd80e0.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F37a5a560-36c9-4ce4-9cd9-c63ef9dd80e0.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b827f0dcea3d5bfab9139d239e9f0155
ffe21e93486c5763ae6ee17fe39c6dbb0cb3e714
de9a30cf34ccda6ee06845151a41f489b42a0f9072b481b717abef90095e3f35
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F37a5a560-36c9-4ce4-9cd9-c63ef9dd80e0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10349
x-amzn-requestid: a1564fd3-2042-449b-baa8-7e06abf02fd2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X5w-6EHXIAMFQaw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6313c85f-26179fef7b74e89f05022fe7;Sampled=0
x-amzn-remapped-date: Sat, 03 Sep 2022 21:34:23 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: RTb9HYlXQLizx__DP8Pd9FGTylC1RDwk_YoqL8ZbcFnAAu4s0EmTKQ==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Sep 2022 22:13:00 GMT
age: 86045
etag: "ffe21e93486c5763ae6ee17fe39c6dbb0cb3e714"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcd43481e-3c33-4c05-9216-2cc734e840b4.jpeg
34.120.237.76200 OK 9.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcd43481e-3c33-4c05-9216-2cc734e840b4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1bdfdf7e36f78f2f0e4d7ede9fdb76a8
babb88202741bbf2d4fd25e0731a4a7a6fcc28f8
949ea108642789e1014150909060f11d99608f082760d0e868a90282f2768d43
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcd43481e-3c33-4c05-9216-2cc734e840b4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9690
x-amzn-requestid: 614c99f8-116a-4603-bcde-3fbd5bfa14d5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X5wx1HInIAMFiYA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6313c80b-25c09c3227d72395408782f0;Sampled=0
x-amzn-remapped-date: Sat, 03 Sep 2022 21:32:59 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: yzPHrri8V02gVOmIBfBfEiny6w522Ycn9U0Z_-L3VnHgUuhVkuWVdg==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Sep 2022 21:51:41 GMT
age: 924
etag: "babb88202741bbf2d4fd25e0731a4a7a6fcc28f8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F09148d75-a4a3-47e6-8d91-01e8dfad4bc7.jpeg
34.120.237.76200 OK 8.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F09148d75-a4a3-47e6-8d91-01e8dfad4bc7.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 0eecb70391b63b662d13355e32d95ea1
5d5c724e26af57967b9a132a77d3986ba8d6ed9c
2c7f2aa1c725a5d39daf44ee746bb24b5c15aab41c67cf160814f7f87d1aacdf
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F09148d75-a4a3-47e6-8d91-01e8dfad4bc7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8931
x-amzn-requestid: cfc0940f-ad6a-4535-91b7-70b200af68d5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X5wwGEVEoAMFriw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6313c800-5b6e6e5e3401eba533fb63df;Sampled=0
x-amzn-remapped-date: Sat, 03 Sep 2022 21:32:48 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: aa71ssSsXM8Z0Q2V4AitycF3hefEZXNqIYsr0vsJyhpE9cDpNEwh6Q==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 b8c4a4ca04bb1976e020396d211bc8dc.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Sep 2022 22:14:56 GMT
age: 85929
etag: "5d5c724e26af57967b9a132a77d3986ba8d6ed9c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ldsapi.tmginteractive.com/GenericPlacementScriptDiv.aspx?tmgrt=ancs&mainPlacement=13488000&hasLoadOptimation=0&hasMinAssets=1&placement=13488000&publisher=139136&affid=1253169444874966&subid=1253169444874966
209.151.244.116200 OK 4.8 kB URL HTTP/1.1 ldsapi.tmginteractive.com/GenericPlacementScriptDiv.aspx?tmgrt=ancs&mainPlacement=13488000&hasLoadOptimation=0&hasMinAssets=1&placement=13488000&publisher=139136&affid=1253169444874966&subid=1253169444874966
IP 209.151.244.116:0
File type HTML document text\012- HTML document, ASCII text, with very long lines (15023), with CRLF line terminators
Hash 3dc3ec8e80efb66cbc110be1921657ca
7091cb21ab07c463f9d8bdf63618ac6d984988c8
c40370f29669b90634a49a048166972d6c0ec858f3d2b1d6eba8d3d3b4229a07
GET /GenericPlacementScriptDiv.aspx?tmgrt=ancs&mainPlacement=13488000&hasLoadOptimation=0&hasMinAssets=1&placement=13488000&publisher=139136&affid=1253169444874966&subid=1253169444874966 HTTP/1.1
Host: ldsapi.tmginteractive.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://monthlysweeps.us/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: *
X-Service-Ip: 110
Date: Sun, 04 Sep 2022 22:07:05 GMT
Content-Length: 4803
tmgassets.azureedge.net/amsus/ldsapi/assets/images/spacer.gif
13.107.213.53200 OK 43 B URL HTTP/2 tmgassets.azureedge.net/amsus/ldsapi/assets/images/spacer.gif
IP 13.107.213.53:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
File type GIF image data, version 89a, 1 x 1\012- data
Hash 325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
GET /amsus/ldsapi/assets/images/spacer.gif HTTP/1.1
Host: tmgassets.azureedge.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://monthlysweeps.us/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
content-type: image/gif
content-md5: MlRyYBVx8x4b8AZ0w2jTNQ==
last-modified: Fri, 21 May 2021 12:34:19 GMT
etag: 0x8D91C54C1586655
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-cache: TCP_HIT
x-ms-request-id: d410f27b-701e-0025-7181-c0cc40000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref-originshield: 0hiEVYwAAAAD7LpDAv+70SbA9XkCJaVNmRlJBMjMxMDUwNDE4MDMzADI4NTljMDM1LTBmN2YtNDlmOS04ZjQ3LTVlMTU4YmUzMmM1NQ==
x-azure-ref: 0iiEVYwAAAAD0oLfkycDrRabIbMdTJmN6U1RPRURHRTE4MTIAMjg1OWMwMzUtMGY3Zi00OWY5LThmNDctNWUxNThiZTMyYzU1
date: Sun, 04 Sep 2022 22:07:05 GMT
X-Firefox-Spdy: h2
tmgassets.azureedge.net/amsus/ns/assets/awesome-font/font-awesome.css?version=120419
13.107.213.53200 OK 520 B URL HTTP/2 tmgassets.azureedge.net/amsus/ns/assets/awesome-font/font-awesome.css?version=120419
IP 13.107.213.53:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
File type ASCII text, with very long lines (520), with no line terminators
Hash 004c48ee12ed64e223dae51fffda80ca
a3a70b71586d8573a400bd4a2a0eb9bf8ec39c17
735903b0b0ffc434c5dd315d19c20594526dd23bcc44480e69edfbe20f4fb117
GET /amsus/ns/assets/awesome-font/font-awesome.css?version=120419 HTTP/1.1
Host: tmgassets.azureedge.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://monthlysweeps.us/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 520
content-type: text/css
content-md5: AExI7hLtZOIj2uUf/9qAyg==
last-modified: Fri, 21 May 2021 11:01:09 GMT
etag: 0x8D91C47BDA9A147
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-cache: TCP_HIT
x-ms-request-id: 6d15716f-301e-0022-47d0-bf3ac5000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref-originshield: 07u4UYwAAAACEO2QM3qcET4yRVa4+gtsmRlJBMjMxMDUwNDE4MDIxADI4NTljMDM1LTBmN2YtNDlmOS04ZjQ3LTVlMTU4YmUzMmM1NQ==
x-azure-ref: 0iiEVYwAAAAB8mcTn7JexRoFnLohyMuW5U1RPRURHRTE4MTIAMjg1OWMwMzUtMGY3Zi00OWY5LThmNDctNWUxNThiZTMyYzU1
date: Sun, 04 Sep 2022 22:07:05 GMT
X-Firefox-Spdy: h2
tmgassets.azureedge.net/amsus/ldsapi/assets/script/common.min.js?version=20220828a
13.107.213.53200 OK 24 kB URL HTTP/2 tmgassets.azureedge.net/amsus/ldsapi/assets/script/common.min.js?version=20220828a
IP 13.107.213.53:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
File type ASCII text, with very long lines (65536), with no line terminators
Hash 7a154094233c4d621b84909728fbb4e7
59c6079921cd56c9bf6039cf677cc492cf207200
6dc31efb8c0a4302b3990b03d7bacecf166a8961fa6fc840e1b9991dc2f0307e
GET /amsus/ldsapi/assets/script/common.min.js?version=20220828a HTTP/1.1
Host: tmgassets.azureedge.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://monthlysweeps.us/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
content-encoding: br
content-md5: C98KMsPh+rQSk6xnvM0d/A==
last-modified: Sun, 28 Aug 2022 09:11:49 GMT
etag: 0x8DA88D5570B7368
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-cache: TCP_HIT
x-ms-request-id: 0fd97e06-e01e-0020-7a3a-bf383f000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref-originshield: 0C84TYwAAAADRHdn2ZCL9TJX5eDQPKqu3QU1TMDRFREdFMTgwNgAyODU5YzAzNS0wZjdmLTQ5ZjktOGY0Ny01ZTE1OGJlMzJjNTU=
x-azure-ref: 0iiEVYwAAAADufeMsLNURS5n3/CUKfEl+U1RPRURHRTE4MTIAMjg1OWMwMzUtMGY3Zi00OWY5LThmNDctNWUxNThiZTMyYzU1
date: Sun, 04 Sep 2022 22:07:05 GMT
X-Firefox-Spdy: h2
ldsapi.tmginteractive.com/ManageImpressions/ReportViaJsCampaign.aspx?hKey=1298769904&affid=1253169444874966&subid=1253169444874966&Placement=13488000&Publisher=139136&CurrentCamps=10023.10023/226/0/225&PreviousCamps=&TrackOn=load&IP_ADDRESS=91.90.42.154&UserEmail=&postfn=beacon&oovar=
209.151.244.116200 OK 710 B URL HTTP/1.1 ldsapi.tmginteractive.com/ManageImpressions/ReportViaJsCampaign.aspx?hKey=1298769904&affid=1253169444874966&subid=1253169444874966&Placement=13488000&Publisher=139136&CurrentCamps=10023.10023/226/0/225&PreviousCamps=&TrackOn=load&IP_ADDRESS=91.90.42.154&UserEmail=&postfn=beacon&oovar=
IP 209.151.244.116:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (351), with CRLF line terminators
Hash 9f0898b2c68d222f503f10c76a4a3947
01eab3f237f8278fc48176b49eecf00838964929
0048969af51e0176292d53cd6d5268ed22a7d2b7273854051d6144dbef9cf598
POST /ManageImpressions/ReportViaJsCampaign.aspx?hKey=1298769904&affid=1253169444874966&subid=1253169444874966&Placement=13488000&Publisher=139136&CurrentCamps=10023.10023/226/0/225&PreviousCamps=&TrackOn=load&IP_ADDRESS=91.90.42.154&UserEmail=&postfn=beacon&oovar= HTTP/1.1
Host: ldsapi.tmginteractive.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 0
Origin: https://monthlysweeps.us
Connection: keep-alive
Referer: https://monthlysweeps.us/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: *
X-Service-Ip: 105
Date: Sun, 04 Sep 2022 22:07:08 GMT
Content-Length: 710
tmgassets.azureedge.net/amsus/ns/assets/awesome-font/fontawesome-webfont.woff?v=4.1.0
13.107.213.53200 OK 84 kB URL HTTP/2 tmgassets.azureedge.net/amsus/ns/assets/awesome-font/fontawesome-webfont.woff?v=4.1.0
IP 13.107.213.53:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
File type Web Open Font Format, TrueType, length 83760, version 1.0\012- data
Hash fdf491ce5ff5b2da02708cd0e9864719
7f2f3c55c2de192387c351b995115f6b79e09173
66db52b456efe7e29cec11fa09421d03cb09e37ed1b567307ec0444fd605ce31
GET /amsus/ns/assets/awesome-font/fontawesome-webfont.woff?v=4.1.0 HTTP/1.1
Host: tmgassets.azureedge.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://monthlysweeps.us
Connection: keep-alive
Referer: https://tmgassets.azureedge.net/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 83760
content-type: font/woff
content-md5: /fSRzl/1stoCcIzQ6YZHGQ==
last-modified: Fri, 21 May 2021 11:01:16 GMT
etag: 0x8D91C47C18878E8
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-cache: TCP_HIT
x-ms-request-id: 776fb09f-301e-000b-4bee-be4c87000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref-originshield: 0hiEVYwAAAACteXyKTgWNQYnu7EQR50NJRlJBMjMxMDUwNDE3MDI1ADI4NTljMDM1LTBmN2YtNDlmOS04ZjQ3LTVlMTU4YmUzMmM1NQ==
access-control-allow-headers: *
access-control-allow-methods: GET
x-azure-ref: 0iyEVYwAAAAC32i2w6vdFS5m0t97aonu7U1RPRURHRTE4MTIAMjg1OWMwMzUtMGY3Zi00OWY5LThmNDctNWUxNThiZTMyYzU1
date: Sun, 04 Sep 2022 22:07:06 GMT
X-Firefox-Spdy: h2
tmgassets.azureedge.net/amsus/ldsapi/assets/script/common-extentions.min.js?20220828a
13.107.213.53200 OK 1.0 kB URL HTTP/2 tmgassets.azureedge.net/amsus/ldsapi/assets/script/common-extentions.min.js?20220828a
IP 13.107.213.53:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
File type Unicode text, UTF-8 (with BOM) text, with very long lines (3045), with no line terminators
Hash c6c70da90a44b68370a1ca070ff5a845
e8fed1d288baa4a964e25bb6c37ce1791a1094e0
a14fe1a6d959ce477d46dc7fa357ac73e5b08b0850510fbef73949f9c3bc010f
GET /amsus/ldsapi/assets/script/common-extentions.min.js?20220828a HTTP/1.1
Host: tmgassets.azureedge.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://monthlysweeps.us/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
content-encoding: br
content-md5: G3v7pHqbSC0Gvp9zsfwXIA==
last-modified: Wed, 09 Jun 2021 12:26:50 GMT
etag: 0x8D92B41DB6898DE
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-cache: TCP_HIT
x-ms-request-id: 678ee566-901e-0049-0389-c06793000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref-originshield: 07u4UYwAAAAAI9aNqFPYkRr+D36EixsM4RlJBMjMxMDUwNDE3MDI5ADI4NTljMDM1LTBmN2YtNDlmOS04ZjQ3LTVlMTU4YmUzMmM1NQ==
x-azure-ref: 0iiEVYwAAAACkeOTXWB2xRpL49qhDMJ1/U1RPRURHRTE4MTIAMjg1OWMwMzUtMGY3Zi00OWY5LThmNDctNWUxNThiZTMyYzU1
date: Sun, 04 Sep 2022 22:07:05 GMT
X-Firefox-Spdy: h2
monthlysweeps.us/go/api/zip/undefined?get_param=value
44.194.247.48200 OK 111 B URL HTTP/2 monthlysweeps.us/go/api/zip/undefined?get_param=value
IP 44.194.247.48:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 4072747d6757278fe77c6970474ad27d
7404af04b7ef1db62f26e0a08fe82ab5a184e901
7d911cc2e66702b54cfca359fb39a67a65259e9ed6706c4a78516d20a4670e6f
Analyzer Verdict Alert fortinet Phishing
GET /go/api/zip/undefined?get_param=value HTTP/1.1
Host: monthlysweeps.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://monthlysweeps.us/go/to/4mmjuy/key/b573df1d4fbe0d9e69819fb590c6512a/aid/16944/s1/4874966?em=0&
Cookie: ci_session=gklrgnhfp5hsjhq50aglq7p0n2h0r3b2
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Sep 2022 22:07:07 GMT
content-type: application/json; charset=UTF-8
content-length: 111
server: Apache/2.4.41 (Ubuntu)
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
set-cookie: ci_session=gklrgnhfp5hsjhq50aglq7p0n2h0r3b2; path=/; HttpOnly; SameSite=Lax
cache-control: no-store, no-cache, must-revalidate, no-store, max-age=0, no-cache
X-Firefox-Spdy: h2
tmgassets.azureedge.net/amsus/ns/js/13488000.min.js?54k4j202254j09ckl04llk158jkk070500
13.107.213.53200 OK 967 B URL HTTP/2 tmgassets.azureedge.net/amsus/ns/js/13488000.min.js?54k4j202254j09ckl04llk158jkk070500
IP 13.107.213.53:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
File type ASCII text, with CRLF line terminators
Hash 391eff08ffb2219dbe25f8c60c90fd73
ccd0af4e9b5d00d800606aaa660b7fb02160846f
630e1666c2510bfb7799db6736c8c02c1dae3a618d236804b83a180c4ea096d3
GET /amsus/ns/js/13488000.min.js?54k4j202254j09ckl04llk158jkk070500 HTTP/1.1
Host: tmgassets.azureedge.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://monthlysweeps.us/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
content-encoding: br
content-md5: 9wgtvP0cVsloq3UaPunwsA==
last-modified: Mon, 14 Mar 2022 19:57:50 GMT
etag: 0x8DA05F4EB4E2F58
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-cache: TCP_HIT
x-ms-request-id: e6358f31-401e-0062-5a3a-bf132b000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref-originshield: 0C84TYwAAAADITWJnxQ2nTqB7Lgha+XGxQU1TMDRFREdFMTgxNwAyODU5YzAzNS0wZjdmLTQ5ZjktOGY0Ny01ZTE1OGJlMzJjNTU=
x-azure-ref: 0iiEVYwAAAADupdccY9VBS7ZKs7mZ5AoVU1RPRURHRTE4MTIAMjg1OWMwMzUtMGY3Zi00OWY5LThmNDctNWUxNThiZTMyYzU1
date: Sun, 04 Sep 2022 22:07:05 GMT
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
54.230.245.118200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.118:0
Hash 0bf26d91cd34509d5fedb2bc94062353
f7a067498300eaa6e8b9ae4f3bc65f0e112f9056
7a3ddb479a093d513f8a2609052cbdd08c71e1d059f4a3e82d7f8c9a7d139091
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sun, 04 Sep 2022 22:07:07 GMT
Last-Modified: Sun, 04 Sep 2022 20:54:32 GMT
Server: ECS (nyb/1D1F)
X-Cache: Miss from cloudfront
Via: 1.1 9d4a908d41124cba1276d6cef8f00c60.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: LKe5fqRA36CViwatESzHv7F8KuZ9u0C42EI9MlX-c4XoQlOSQ6H-UA==
Age: 4355
www.gstatic.com/recaptcha/releases/duyHVVR9Brf6N2GewjkPRfsA/recaptcha__en.js
142.250.74.163200 OK 158 kB URL HTTP/2 www.gstatic.com/recaptcha/releases/duyHVVR9Brf6N2GewjkPRfsA/recaptcha__en.js
IP 142.250.74.163:0
File type HTML document, ASCII text, with very long lines (579)
Size 158 kB (158056 bytes)
Hash d63a69f898e1d00cfc7c871744ded8c4
e166540eccb571c95c8c1135c2168cf5df306991
ed7892ca1498d6dfc0ff8b354ab8c409eed81b1fa77b427467815d0c7f45021c
GET /recaptcha/releases/duyHVVR9Brf6N2GewjkPRfsA/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://monthlysweeps.us
Connection: keep-alive
Referer: https://monthlysweeps.us/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 158056
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 02 Sep 2022 21:31:14 GMT
expires: Sat, 02 Sep 2023 21:31:14 GMT
cache-control: public, max-age=31536000
last-modified: Fri, 02 Sep 2022 18:40:58 GMT
content-type: text/javascript
age: 174953
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
tmgassets.azureedge.net/amsus/ldsapi/assets/script/clientfp.min.js?version=20211103
13.107.213.53200 OK 16 kB URL HTTP/2 tmgassets.azureedge.net/amsus/ldsapi/assets/script/clientfp.min.js?version=20211103
IP 13.107.213.53:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
File type Unicode text, UTF-8 (with BOM) text, with very long lines (3119)
Hash c0564f68f50733ebfc731b33d7256246
8dda770ed93c68f35a14bb8d26b2bfb38829c517
337560e3346bf6d79509306b46e40320197bf393fb40282b9a68e61f3e6805e1
GET /amsus/ldsapi/assets/script/clientfp.min.js?version=20211103 HTTP/1.1
Host: tmgassets.azureedge.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://monthlysweeps.us/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
content-encoding: br
content-md5: E4ptMzZLxbawD4B7RV5YCQ==
last-modified: Wed, 03 Nov 2021 09:07:36 GMT
etag: 0x8D99EA961032FA1
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-cache: TCP_HIT
x-ms-request-id: 1206a064-101e-0053-0fc7-be48fc000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref-originshield: 07u4UYwAAAACltqxDLZpQRrVRSj25PYkCRlJBMjMxMDUwNDE4MDUzADI4NTljMDM1LTBmN2YtNDlmOS04ZjQ3LTVlMTU4YmUzMmM1NQ==
x-azure-ref: 0iiEVYwAAAAAmSonY2exfR7FLq7bzNu6XU1RPRURHRTE4MTIAMjg1OWMwMzUtMGY3Zi00OWY5LThmNDctNWUxNThiZTMyYzU1
date: Sun, 04 Sep 2022 22:07:05 GMT
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 194d72d26ddeaa8a8a266839eb707300
86427a0db92a3b4bd2690ad361109559c7212992
ab77f42ccfa0c649217777139f0d14a6742039596ee37a045c5fe96e7ca32338
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Sep 2022 22:07:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google-analytics.com/analytics.js
142.250.74.174200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1325)
Hash 56f5d7f608e25d64207135f045f988cb
901eb59372ae330ae85e1384da93479b21ae1082
1910daea79e5a9d04829a91e432dfa56f45a80a3e14a8cf667fec73af9fd3d29
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://monthlysweeps.us/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20006
date: Sun, 04 Sep 2022 20:41:12 GMT
expires: Sun, 04 Sep 2022 22:41:12 GMT
cache-control: public, max-age=7200
age: 5155
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
monthlysweeps.us/favicon.ico
44.194.247.48200 OK 5.4 kB URL HTTP/2 monthlysweeps.us/favicon.ico
IP 44.194.247.48:0
File type MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Hash b0a102991e7332643ae57365023c00c8
4ea4c55c982e08bda104d2e8e981594c067cef24
1dfc58ffbcb07c761f79eb6b46f50b3789bd21e41a0b4cb1aca82b1dd8020fcc
GET /favicon.ico HTTP/1.1
Host: monthlysweeps.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://monthlysweeps.us/go/to/4mmjuy/key/b573df1d4fbe0d9e69819fb590c6512a/aid/16944/s1/4874966?em=0&
Cookie: ci_session=gklrgnhfp5hsjhq50aglq7p0n2h0r3b2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Sep 2022 22:07:07 GMT
content-type: image/vnd.microsoft.icon
content-length: 5430
server: Apache/2.4.41 (Ubuntu)
last-modified: Mon, 26 Jul 2021 18:17:08 GMT
etag: "1536-5c80ac2e78fe8"
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 194d72d26ddeaa8a8a266839eb707300
86427a0db92a3b4bd2690ad361109559c7212992
ab77f42ccfa0c649217777139f0d14a6742039596ee37a045c5fe96e7ca32338
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Sep 2022 22:07:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.sca1b.amazontrust.com/
54.230.245.118200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.118:0
Hash 6064def67bc55b45ac299ddc4d22f62c
4ef4f36a1441a330994b65481ba96815fa75e5fd
b33cdf2a57a02a085e6344d9a2370b550108d75b1c55130d662243be00e5b47e
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: 'max-age=158059'
Date: Sun, 04 Sep 2022 22:07:08 GMT
Server: ECS (dcb/7F83)
X-Cache: Miss from cloudfront
Via: 1.1 9d4a908d41124cba1276d6cef8f00c60.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: kKNpdLeGoq-J-WhnNgp7cd971uQObwjk-OUnul6F5dRVWR9Z_tiS-w==
static.hotjar.com/c/hotjar-2865935.js?sv=6
54.230.111.113200 OK 2.3 kB URL HTTP/2 static.hotjar.com/c/hotjar-2865935.js?sv=6
IP 54.230.111.113:0
File type ASCII text, with very long lines (3790)
Hash 34bc381ed92e8b6d5b1a4281a37ddb93
670661137398fb33e7ade8101992ae2918487f26
1d73f49826e5544faa33d7a2ead260c0fc8673a3016102e1e2d7285c0fbf945d
GET /c/hotjar-2865935.js?sv=6 HTTP/1.1
Host: static.hotjar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://monthlysweeps.us/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
date: Sun, 04 Sep 2022 22:07:03 GMT
access-control-allow-origin: *
cache-control: max-age=60
content-encoding: br
cross-origin-resource-policy: cross-origin
etag: W/cdf0fb79f7832bf25f64d0162a1e258b
strict-transport-security: max-age=86400; includeSubDomains
x-cache-hit: 1
x-content-type-options: nosniff
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 fc5e625db631bc657fc73f189d53fa14.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: dLPzTZZfMCgV74p-M4StaCoWXUv7soGqinzgea5D0EwVq42XzvbG1g==
age: 4
X-Firefox-Spdy: h2
script.hotjar.com/modules.d5eb3c97b67a0b8958ff.js
143.204.55.46200 OK 66 kB URL HTTP/2 script.hotjar.com/modules.d5eb3c97b67a0b8958ff.js
IP 143.204.55.46:0
File type Unicode text, UTF-8 text, with very long lines (48715)
Hash 5a03435fb2b1019b1b00d7bc5c267f72
6d9116f703cb7fced1cfb7eba229302f4950e4b0
555555e6799149ac64f285eb30f78583dfa52fc0d23dbb75c357897873b8cb97
GET /modules.d5eb3c97b67a0b8958ff.js HTTP/1.1
Host: script.hotjar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://monthlysweeps.us/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
content-length: 65509
date: Fri, 02 Sep 2022 09:50:06 GMT
accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=31536000
content-encoding: br
cross-origin-resource-policy: cross-origin
etag: "5a03435fb2b1019b1b00d7bc5c267f72"
last-modified: Fri, 02 Sep 2022 09:49:47 GMT
strict-transport-security: max-age=86400; includeSubDomains
x-content-type-options: nosniff
x-robots-tag: none
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 1d8cf7c8865ed1078c19a98771ad34ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 6XXq1HhbaPBl_Ib410oAx_jMa7EGdt_H-MVfKuJ5153TxhUu-NQfew==
age: 217022
X-Firefox-Spdy: h2
tmgassets.azureedge.net/amsus/ldsapi/assets/script/browserdetect.min.js?version=120419
13.107.213.53200 OK 1.0 kB URL HTTP/2 tmgassets.azureedge.net/amsus/ldsapi/assets/script/browserdetect.min.js?version=120419
IP 13.107.213.53:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
File type Unicode text, UTF-8 (with BOM) text, with very long lines (2046), with no line terminators
Hash f569068e6b95cdf047c7612b5e97295b
5561fa721450c4edd2f2dde35c4d15f50ec58b3f
33fe196d0425d8e62dc402be7a0e6b442c789f06273664d934d964b00edfa70b
GET /amsus/ldsapi/assets/script/browserdetect.min.js?version=120419 HTTP/1.1
Host: tmgassets.azureedge.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://monthlysweeps.us/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
content-encoding: br
content-md5: Shzc0tuaykHxXX+tfi+uUQ==
last-modified: Fri, 21 May 2021 12:34:19 GMT
etag: 0x8D91C54C1586655
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-cache: TCP_HIT
x-ms-request-id: 6f071b76-a01e-002c-62ce-bed6ce000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref-originshield: 0hiEVYwAAAAByfktztU7wRK1M3bE09VFLRlJBMjMxMDUwNDE4MDA5ADI4NTljMDM1LTBmN2YtNDlmOS04ZjQ3LTVlMTU4YmUzMmM1NQ==
x-azure-ref: 0iiEVYwAAAAAF0jVXrDO5SqZThZvCbyGFU1RPRURHRTE4MTIAMjg1OWMwMzUtMGY3Zi00OWY5LThmNDctNWUxNThiZTMyYzU1
date: Sun, 04 Sep 2022 22:07:05 GMT
X-Firefox-Spdy: h2
vars.hotjar.com/box-1ada912494ba7fc7aca15fcef1c2a7ae.html
143.204.55.118200 OK 1.0 kB URL HTTP/2 vars.hotjar.com/box-1ada912494ba7fc7aca15fcef1c2a7ae.html
IP 143.204.55.118:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2431), with no line terminators
Hash 0b3d3f4206ab84d8861a8cc4b2ddbe66
4561b7c0419b65db5c1314be2143bd1734e88d89
ec42652b198c82469afbe5e6e69312a25425c1fd38d379cf3761b328ecd48e4a
GET /box-1ada912494ba7fc7aca15fcef1c2a7ae.html HTTP/1.1
Host: vars.hotjar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://monthlysweeps.us/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1044
date: Wed, 13 Jul 2022 08:33:06 GMT
accept-ranges: bytes
cache-control: max-age=31536000
content-encoding: br
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
etag: "0b3d3f4206ab84d8861a8cc4b2ddbe66"
last-modified: Wed, 13 Jul 2022 08:32:20 GMT
strict-transport-security: max-age=86400; includeSubDomains
x-robots-tag: none
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 dbfaae0db03f11cf713bbcbdb25be4a2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: S8lRMq37bxjnKGyw7f7ZZrp8lIsN6oVIQCX2Xqls3TvfvNjExtDfVA==
age: 4628042
X-Firefox-Spdy: h2
pbid.pro-market.net/engine?site=141028;size=1x1;e=0;dt=0;category=i1kh9%3A%20%20vgmtitpkdexx1%20ts%20of%20ao%20cveiuz%20b6f%20udgvcf2lv7sejli6599907s5s8ly413i%202zd%209f134%200s%20l8qciy5%20fu%20s%20-%202wcmoxv%2055mtqw;kw=nwelylh056dpt%20lk%20%7C%201jjfeu%207awt%20kjjc%20%7C%20lf5fyqla9l%200n6vpb1jcds;rnd=(1662329223259)
107.178.240.89200 OK 556 B URL HTTP/2 pbid.pro-market.net/engine?site=141028;size=1x1;e=0;dt=0;category=i1kh9%3A%20%20vgmtitpkdexx1%20ts%20of%20ao%20cveiuz%20b6f%20udgvcf2lv7sejli6599907s5s8ly413i%202zd%209f134%200s%20l8qciy5%20fu%20s%20-%202wcmoxv%2055mtqw;kw=nwelylh056dpt%20lk%20%7C%201jjfeu%207awt%20kjjc%20%7C%20lf5fyqla9l%200n6vpb1jcds;rnd=(1662329223259)
IP 107.178.240.89:0
Hash 5bfd393a547667ac5cc3adbfa1bbc072
56674ea5f1718836a1c12f424127d8ba71afd2df
d19051b111a2f9aa35f969aa78ee5f7598d9ba1ed1f63e19ed6f4ab9d12a39c8
GET /engine?site=141028;size=1x1;e=0;dt=0;category=i1kh9%3A%20%20vgmtitpkdexx1%20ts%20of%20ao%20cveiuz%20b6f%20udgvcf2lv7sejli6599907s5s8ly413i%202zd%209f134%200s%20l8qciy5%20fu%20s%20-%202wcmoxv%2055mtqw;kw=nwelylh056dpt%20lk%20%7C%201jjfeu%207awt%20kjjc%20%7C%20lf5fyqla9l%200n6vpb1jcds;rnd=(1662329223259) HTTP/1.1
Host: pbid.pro-market.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://monthlysweeps.us/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Apache-Coyote/1.1
p3p: CP="NOI DSP COR NID CURa ADMo TAIa PSAo PSDo OUR SAMo BUS UNI PUR COM NAV INT DEM CNT STA PRE LOC"
anserver: gapp-eu-4.c.datonics-gcp-01.internal
set-cookie: anProfile="0+1+4=21x+1f=1+1g=2+1j=57:1+rs=s+rt=5B5A2A9A+s0=(6v)+s2=(rhphfv)"; Domain=.pro-market.net; Max-Age=15552000; Path=/; Secure; SameSite=None;
pragma: no-cache
cache-control: no-cache, no-store, must-revalidate
expires: Mon, 1 Jan 1990 0:0:0 GMT
access-control-allow-origin: *
content-type: text/html
content-encoding: gzip
vary: Accept-Encoding
date: Sun, 04 Sep 2022 22:07:06 GMT
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-39232759-1&cid=1329409399.1662329224&jid=1092781993&gjid=55082511&_gid=711995765.1662329224&_u=IEBAAEAAAAAAAC~&z=1396571887
142.251.1.157200 OK 1 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-39232759-1&cid=1329409399.1662329224&jid=1092781993&gjid=55082511&_gid=711995765.1662329224&_u=IEBAAEAAAAAAAC~&z=1396571887
IP 142.251.1.157:0
File type very short file (no magic)
Hash c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-39232759-1&cid=1329409399.1662329224&jid=1092781993&gjid=55082511&_gid=711995765.1662329224&_u=IEBAAEAAAAAAAC~&z=1396571887 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://monthlysweeps.us
Connection: keep-alive
Referer: https://monthlysweeps.us/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://monthlysweeps.us
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sun, 04 Sep 2022 22:07:08 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 1931a32d83e4feb5268887bcb07fcc1e
6fb75c21ced29544dd6d7c3b0ef79adf65718a39
d794fae0b82097a2e97af2f21b6c243832081f88036a2a56bbeeabb08790d88d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Sep 2022 22:07:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
142.250.74.163200 OK 15 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 15344, version 1.0\012- data
Hash 5d4aeb4e5f5ef754e307d7ffaef688bd
06db651cdf354c64a7383ea9c77024ef4fb4cef8
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15344
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 03 Sep 2022 12:31:58 GMT
expires: Sun, 03 Sep 2023 12:31:58 GMT
cache-control: public, max-age=31536000
age: 120910
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
142.250.74.163200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 15552, version 1.0\012- data
Hash 285467176f7fe6bb6a9c6873b3dad2cc
ea04e4ff5142ddd69307c183def721a160e0a64e
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15552
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 02 Sep 2022 00:48:31 GMT
expires: Sat, 02 Sep 2023 00:48:31 GMT
cache-control: public, max-age=31536000
age: 249517
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
d2m2wsoho8qq12.cloudfront.net/iframe.html?token=D3393727-BA22-2FAD-CDF5-CFD228DDEEF0&apiurl=https%3A%2F%2Fcreate.leadid.com%2F2.11.9&lck=3CCED9A6-4A67-D637-ACDC-CCF79B4A5210&lac=FCB958C1-1AC9-561E-1E7C-7EB79158EEC4
143.204.42.49200 OK 1.4 kB URL HTTP/1.1 d2m2wsoho8qq12.cloudfront.net/iframe.html?token=D3393727-BA22-2FAD-CDF5-CFD228DDEEF0&apiurl=https%3A%2F%2Fcreate.leadid.com%2F2.11.9&lck=3CCED9A6-4A67-D637-ACDC-CCF79B4A5210&lac=FCB958C1-1AC9-561E-1E7C-7EB79158EEC4
IP 143.204.42.49:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash ef825b8a88a51cd76a51d08dfc1d4f99
5bf247bd91a4be0c3b76a70ec8e5e462de0e9f3b
2ac453ec379c3e7b0fa69b810ecf2d6771de3e7611a2599a20f8e8ce9a240af1
GET /iframe.html?token=D3393727-BA22-2FAD-CDF5-CFD228DDEEF0&apiurl=https%3A%2F%2Fcreate.leadid.com%2F2.11.9&lck=3CCED9A6-4A67-D637-ACDC-CCF79B4A5210&lac=FCB958C1-1AC9-561E-1E7C-7EB79158EEC4 HTTP/1.1
Host: d2m2wsoho8qq12.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://monthlysweeps.us/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Last-Modified: Thu, 02 Jun 2022 15:26:15 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Encoding: gzip
Date: Sun, 04 Sep 2022 03:33:14 GMT
ETag: W/"6298d697-dbb"
X-Cache: Hit from cloudfront
Via: 1.1 057fdebf738f5915bf38a78949190758.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: G7ouYDziGP1FgTlb8VByfAaWnCk-hLkjgclxAbDGq9vN9NyLysgtkQ==
Age: 66834
ocsp.sca1b.amazontrust.com/
54.230.245.118200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.118:0
Hash 1513eca75dfe6b198077d98a2ca80c94
e8a76e4e2bcfb69e52cb8938c69c46e5bc51b57c
5820e00fa93ec410dad6360484aba78400021692598e7ba1b6e9c20fb9295f35
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sun, 04 Sep 2022 22:07:09 GMT
Last-Modified: Sun, 04 Sep 2022 20:24:02 GMT
Server: ECS (nyb/1D12)
X-Cache: Miss from cloudfront
Via: 1.1 9d4a908d41124cba1276d6cef8f00c60.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: D6AuK-XIbn9KD9nje9ZGI_ZPf2rcX1MNZ27Jxsw8bpbxtyrQ9Y03_A==
Age: 6187
api.trustedform.com/certs
34.231.74.145201 Created 475 B URL HTTP/2 api.trustedform.com/certs
IP 34.231.74.145:0
File type JSON data\012- , ASCII text, with very long lines (475), with no line terminators
Hash afde3e196db51dcb11796767812edb53
e37af10a633990253e85eedaabd4b50cb7a56be3
22859e4931caee880b755956043367d66e13d5a9cf661ebf6b32de7aed2709ad
POST /certs HTTP/1.1
Host: api.trustedform.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 642
Origin: https://monthlysweeps.us
Connection: keep-alive
Referer: https://monthlysweeps.us/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 201 Created
date: Sun, 04 Sep 2022 22:07:09 GMT
content-type: application/json; charset=utf-8
content-length: 475
access-control-allow-credentials: true
access-control-allow-origin: *
access-control-expose-headers:
cache-control: max-age=0, private, must-revalidate
server: Cowboy
X-Firefox-Spdy: h2
ws8.hotjar.com/api/v2/client/ws
54.246.176.35101 Switching Protocols 0 B URL HTTP/1.1 ws8.hotjar.com/api/v2/client/ws
IP 54.246.176.35:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/v2/client/ws HTTP/1.1
Host: ws8.hotjar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://monthlysweeps.us
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: iaP/6UNDnKPsPBwTgOzxxw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Date: Sun, 04 Sep 2022 22:07:09 GMT
Content-Type: application/octet-stream
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: m01O3h1PFEFH2bN/aeUQK1MCD3M=
Sec-WebSocket-Extensions: permessage-deflate
ocsp.sca1b.amazontrust.com/
54.230.245.118200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.118:0
Hash 38c24a787b04c281ad408ba8499a81f9
3e9504518d56c1bc3ae38dd877f0fbbfbdd23828
67fa51304e197e256267e4ca6424f15332947fd0c32a0d323a5b57ba0dcb5154
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sun, 04 Sep 2022 22:07:09 GMT
Last-Modified: Sun, 04 Sep 2022 21:12:31 GMT
Server: ECS (nyb/1D0E)
X-Cache: Miss from cloudfront
Via: 1.1 9d4a908d41124cba1276d6cef8f00c60.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: N_v7IKug1wHfRqqKPvaiKySt742urMUCmuodO6-yOklzv_Z-Tw6L4A==
Age: 3278
api.trustedform.com/certs/e8630cbbc18bb73cc412bd0003d52a22c4cb9e23/fingerprints
34.231.74.145204 No Content 0 B URL HTTP/2 api.trustedform.com/certs/e8630cbbc18bb73cc412bd0003d52a22c4cb9e23/fingerprints
IP 34.231.74.145:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /certs/e8630cbbc18bb73cc412bd0003d52a22c4cb9e23/fingerprints HTTP/1.1
Host: api.trustedform.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 262
Origin: https://monthlysweeps.us
Connection: keep-alive
Referer: https://monthlysweeps.us/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Sun, 04 Sep 2022 22:07:09 GMT
access-control-allow-credentials: true
access-control-allow-origin: *
access-control-expose-headers:
cache-control: max-age=0, private, must-revalidate
server: Cowboy
X-Firefox-Spdy: h2
create.leadid.com/2.11.9/InitFormData?msn=4&pid=417f2d84-5273-43d8-ade5-65f1722bd26d&token=D3393727-BA22-2FAD-CDF5-CFD228DDEEF0&_=980300258
107.22.230.101200 OK 20 B URL HTTP/2 create.leadid.com/2.11.9/InitFormData?msn=4&pid=417f2d84-5273-43d8-ade5-65f1722bd26d&token=D3393727-BA22-2FAD-CDF5-CFD228DDEEF0&_=980300258
IP 107.22.230.101:0
Hash 7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2
POST /2.11.9/InitFormData?msn=4&pid=417f2d84-5273-43d8-ade5-65f1722bd26d&token=D3393727-BA22-2FAD-CDF5-CFD228DDEEF0&_=980300258 HTTP/1.1
Host: create.leadid.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 944
Origin: https://monthlysweeps.us
Connection: keep-alive
Referer: https://monthlysweeps.us/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Sep 2022 22:07:09 GMT
content-type: text/plain;charset=UTF-8
server: nginx
set-cookie: rgisanonymous=false; expires=Tue, 04-Oct-2022 22:07:09 GMT; Max-Age=2592000; path=/
rguserid=d8e9a48c-9376-4214-9cb2-3e6f9a25f249; expires=Tue, 04-Oct-2022 22:07:09 GMT; Max-Age=2592000; path=/
rguuid=true; expires=Tue, 04-Oct-2022 22:07:09 GMT; Max-Age=2592000; path=/
rgisanonymous=true; expires=Tue, 04-Oct-2022 22:07:09 GMT; Max-Age=2592000; path=/
cache-control: no-cache, must-revalidate
expires: Sat, 26 Jul 1997 05:00:00 GMT
access-control-allow-origin: *
access-control-allow-headers: X-Requested-With, Content-Type
access-control-max-age: 1728000
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
X-Firefox-Spdy: h2
deviceid.trueleadid.com/iframe.html?token=D3393727-BA22-2FAD-CDF5-CFD228DDEEF0&apiurl=https%3A%2F%2Fcreate.leadid.com%2F2.11.9&lck=3CCED9A6-4A67-D637-ACDC-CCF79B4A5210&lac=FCB958C1-1AC9-561E-1E7C-7EB79158EEC4
23.23.142.3200 OK 10 kB URL HTTP/2 deviceid.trueleadid.com/iframe.html?token=D3393727-BA22-2FAD-CDF5-CFD228DDEEF0&apiurl=https%3A%2F%2Fcreate.leadid.com%2F2.11.9&lck=3CCED9A6-4A67-D637-ACDC-CCF79B4A5210&lac=FCB958C1-1AC9-561E-1E7C-7EB79158EEC4
IP 23.23.142.3:0
Hash b6dd5d83436d7a304344f63521f71eb0
139d0db8ad8ab89388c5956560ba305b566d02af
696fa58c1d6c89e330a8cca18620971f4e802e96c0a79aa7570aba99bf23a033
GET /iframe.html?token=D3393727-BA22-2FAD-CDF5-CFD228DDEEF0&apiurl=https%3A%2F%2Fcreate.leadid.com%2F2.11.9&lck=3CCED9A6-4A67-D637-ACDC-CCF79B4A5210&lac=FCB958C1-1AC9-561E-1E7C-7EB79158EEC4 HTTP/1.1
Host: deviceid.trueleadid.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://d2m2wsoho8qq12.cloudfront.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Sep 2022 22:07:09 GMT
content-type: text/html
server: nginx
last-modified: Mon, 13 Jun 2022 14:52:50 GMT
etag: W/"62a74f42-1049"
expires: Mon, 05 Sep 2022 22:07:09 GMT
p3p: CP="NOI DSP COR NID CUR ADM DEV OUR BUS"
cache-control: max-age=86400, public
content-encoding: gzip
X-Firefox-Spdy: h2
use.fontawesome.com/releases/v5.15.4/css/solid.css
104.21.63.54200 OK 0 B URL HTTP/2 use.fontawesome.com/releases/v5.15.4/css/solid.css
IP 104.21.63.54:0
GET /releases/v5.15.4/css/solid.css HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://monthlysweeps.us
Connection: keep-alive
Referer: https://monthlysweeps.us/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Sep 2022 22:07:05 GMT
content-type: text/css
x-amz-id-2: fZ6g45sdiFZbxMzk14Z5TmdQknFHlKGV14pIuivrIyL2iIwuZeViNEDCvZiiP/IUuxLCrGFoqB4=
x-amz-request-id: XFEQC6FH1WYKMEV3
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Wed, 04 Aug 2021 20:43:22 GMT
etag: W/"685a6b10be9f3db25acf78c5e7ba7379"
cache-control: max-age=31556926
cf-cache-status: HIT
age: 158336
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BD5HP9Qz%2BXXLnvZwOv5%2Ba3I6p25uMQ0P5SACArwcGDjR8mQPUTXtpL5HP9wfY5J1eKrh%2BwyUfO3umPJsrd8xZQudmc7pK6oLUVl5IP0dhZav%2FNA%2FPECvLMi2cUrT%2BnuRVCULKXT8"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 745a0938c926b524-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
stackpath.bootstrapcdn.com/bootstrap/4.1.0/js/bootstrap.min.js
104.18.11.207200 OK 0 B URL HTTP/2 stackpath.bootstrapcdn.com/bootstrap/4.1.0/js/bootstrap.min.js
IP 104.18.11.207:0
GET /bootstrap/4.1.0/js/bootstrap.min.js HTTP/1.1
Host: stackpath.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://monthlysweeps.us/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Sep 2022 22:07:05 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
cdn-edgestorageid: 565, 718, 718
last-modified: Mon, 25 Jan 2021 22:04:05 GMT
cdn-cachedat: 2021-06-08 18:02:12
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cache-control: public, max-age=31919000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-content-type-options: nosniff
cdn-requestid: a9c552a6ef500abddb12a9852509d4ed
cdn-status: 200
cdn-cache: HIT
cf-cache-status: HIT
age: 7775378
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 745a0938dc300b51-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
tmgassets.azureedge.net/amsus/ns/css/13488000.min.css?54k4j202254j09ckl04llk158jkk070500
13.107.213.53200 OK 0 B URL HTTP/2 tmgassets.azureedge.net/amsus/ns/css/13488000.min.css?54k4j202254j09ckl04llk158jkk070500
IP 13.107.213.53:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
GET /amsus/ns/css/13488000.min.css?54k4j202254j09ckl04llk158jkk070500 HTTP/1.1
Host: tmgassets.azureedge.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://monthlysweeps.us/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css
content-encoding: br
content-md5: WEcI6Omll5/fQKo/f35d8g==
last-modified: Mon, 14 Mar 2022 19:57:50 GMT
etag: 0x8DA05F4EB4EA477
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-cache: TCP_HIT
x-ms-request-id: 51bb2f24-801e-005d-473a-bfa4f7000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref-originshield: 0C84TYwAAAAB8N2Wf9CVNR52L2uNxj1GPQU1TMDRFREdFMTkxMgAyODU5YzAzNS0wZjdmLTQ5ZjktOGY0Ny01ZTE1OGJlMzJjNTU=
x-azure-ref: 0iiEVYwAAAACFdjE8d35dQIARnOPT1MIqU1RPRURHRTE4MTIAMjg1OWMwMzUtMGY3Zi00OWY5LThmNDctNWUxNThiZTMyYzU1
date: Sun, 04 Sep 2022 22:07:05 GMT
X-Firefox-Spdy: h2
create.leadid.com/2.11.9/GenerateToken?msn=1&pid=417f2d84-5273-43d8-ade5-65f1722bd26d&_=980300255
107.22.230.101200 OK 0 B URL HTTP/2 create.leadid.com/2.11.9/GenerateToken?msn=1&pid=417f2d84-5273-43d8-ade5-65f1722bd26d&_=980300255
IP 107.22.230.101:0
POST /2.11.9/GenerateToken?msn=1&pid=417f2d84-5273-43d8-ade5-65f1722bd26d&_=980300255 HTTP/1.1
Host: create.leadid.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 262
Origin: https://monthlysweeps.us
Connection: keep-alive
Referer: https://monthlysweeps.us/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Sep 2022 22:07:08 GMT
content-type: text/plain;charset=UTF-8
server: nginx
set-cookie: rgisanonymous=false; expires=Tue, 04-Oct-2022 22:07:08 GMT; Max-Age=2592000; path=/
rguserid=4abe188f-476d-430e-a2f3-732276e070ef; expires=Tue, 04-Oct-2022 22:07:08 GMT; Max-Age=2592000; path=/
rguuid=true; expires=Tue, 04-Oct-2022 22:07:08 GMT; Max-Age=2592000; path=/
rgisanonymous=true; expires=Tue, 04-Oct-2022 22:07:08 GMT; Max-Age=2592000; path=/
cache-control: no-cache, must-revalidate
expires: Sat, 26 Jul 1997 05:00:00 GMT
access-control-allow-origin: *
access-control-allow-headers: X-Requested-With, Content-Type
access-control-max-age: 1728000
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Lato:400,700|Oswald:400,600,700
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Lato:400,700|Oswald:400,600,700
IP 142.250.74.10:0
GET /css?family=Lato:400,700|Oswald:400,600,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://monthlysweeps.us/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 04 Sep 2022 22:07:05 GMT
date: Sun, 04 Sep 2022 22:07:05 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
create.leadid.com/2.11.9/SaveDom?msn=2&pid=417f2d84-5273-43d8-ade5-65f1722bd26d&token=D3393727-BA22-2FAD-CDF5-CFD228DDEEF0&_=980300256
107.22.230.101200 OK 0 B URL HTTP/2 create.leadid.com/2.11.9/SaveDom?msn=2&pid=417f2d84-5273-43d8-ade5-65f1722bd26d&token=D3393727-BA22-2FAD-CDF5-CFD228DDEEF0&_=980300256
IP 107.22.230.101:0
POST /2.11.9/SaveDom?msn=2&pid=417f2d84-5273-43d8-ade5-65f1722bd26d&token=D3393727-BA22-2FAD-CDF5-CFD228DDEEF0&_=980300256 HTTP/1.1
Host: create.leadid.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 494
Origin: https://monthlysweeps.us
Connection: keep-alive
Referer: https://monthlysweeps.us/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Sep 2022 22:07:08 GMT
content-type: text/plain;charset=UTF-8
server: nginx
set-cookie: rgisanonymous=false; expires=Tue, 04-Oct-2022 22:07:08 GMT; Max-Age=2592000; path=/
rguserid=aa13513f-c669-46a4-bea4-e78f8de5c768; expires=Tue, 04-Oct-2022 22:07:08 GMT; Max-Age=2592000; path=/
rguuid=true; expires=Tue, 04-Oct-2022 22:07:08 GMT; Max-Age=2592000; path=/
rgisanonymous=true; expires=Tue, 04-Oct-2022 22:07:08 GMT; Max-Age=2592000; path=/
cache-control: no-cache, must-revalidate
expires: Sat, 26 Jul 1997 05:00:00 GMT
access-control-allow-origin: *
access-control-allow-headers: X-Requested-With, Content-Type
access-control-max-age: 1728000
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
X-Firefox-Spdy: h2
create.leadid.com/2.11.9/InitFormData?msn=3&pid=417f2d84-5273-43d8-ade5-65f1722bd26d&token=D3393727-BA22-2FAD-CDF5-CFD228DDEEF0&_=980300257
107.22.230.101200 OK 0 B URL HTTP/2 create.leadid.com/2.11.9/InitFormData?msn=3&pid=417f2d84-5273-43d8-ade5-65f1722bd26d&token=D3393727-BA22-2FAD-CDF5-CFD228DDEEF0&_=980300257
IP 107.22.230.101:0
POST /2.11.9/InitFormData?msn=3&pid=417f2d84-5273-43d8-ade5-65f1722bd26d&token=D3393727-BA22-2FAD-CDF5-CFD228DDEEF0&_=980300257 HTTP/1.1
Host: create.leadid.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 12855
Origin: https://monthlysweeps.us
Connection: keep-alive
Referer: https://monthlysweeps.us/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Sep 2022 22:07:09 GMT
content-type: text/plain;charset=UTF-8
server: nginx
set-cookie: rgisanonymous=false; expires=Tue, 04-Oct-2022 22:07:09 GMT; Max-Age=2592000; path=/
rguserid=8a2d9be0-49c1-4596-a699-aeeed559ddea; expires=Tue, 04-Oct-2022 22:07:09 GMT; Max-Age=2592000; path=/
rguuid=true; expires=Tue, 04-Oct-2022 22:07:09 GMT; Max-Age=2592000; path=/
rgisanonymous=true; expires=Tue, 04-Oct-2022 22:07:09 GMT; Max-Age=2592000; path=/
cache-control: no-cache, must-revalidate
expires: Sat, 26 Jul 1997 05:00:00 GMT
access-control-allow-origin: *
access-control-allow-headers: X-Requested-With, Content-Type
access-control-max-age: 1728000
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
X-Firefox-Spdy: h2
in.hotjar.com/api/v2/client/sites/2865935/visit-data?sv=6
99.80.161.153200 OK 0 B URL HTTP/2 in.hotjar.com/api/v2/client/sites/2865935/visit-data?sv=6
IP 99.80.161.153:0
POST /api/v2/client/sites/2865935/visit-data?sv=6 HTTP/1.1
Host: in.hotjar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain; charset=UTF-8
Content-Length: 114
Origin: https://monthlysweeps.us
Connection: keep-alive
Referer: https://monthlysweeps.us/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Sep 2022 22:07:09 GMT
content-type: application/json
vary: Accept-Encoding
cache-control: no-cache, no-store
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-max-age: 86400
content-encoding: br
X-Firefox-Spdy: h2
cdn.trustedform.com/trustedform-1.8.27.js
54.230.111.103200 OK 0 B URL HTTP/2 cdn.trustedform.com/trustedform-1.8.27.js
IP 54.230.111.103:0
GET /trustedform-1.8.27.js HTTP/1.1
Host: cdn.trustedform.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://monthlysweeps.us/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
last-modified: Tue, 16 Aug 2022 18:53:06 GMT
x-amz-version-id: 6olc5v40B1RpRJGb5GYISB93fSUp4tqK
server: AmazonS3
content-encoding: gzip
date: Sun, 04 Sep 2022 22:07:05 GMT
etag: W/"2f557edcc84fd346c897a4d565e57ac0"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 6259d2cd8a5947ad41a420527bbed7a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: CW9r6NHAzGw53YrNek9ndIaVmN9sizj9s1wPG7MKnqyvT-1SprR8PA==
age: 13
X-Firefox-Spdy: h2
tmgassets.azureedge.net/amsus/ldsapi/assets/script/standard.min.js?version=20220221n
13.107.213.53200 OK 0 B URL HTTP/2 tmgassets.azureedge.net/amsus/ldsapi/assets/script/standard.min.js?version=20220221n
IP 13.107.213.53:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
GET /amsus/ldsapi/assets/script/standard.min.js?version=20220221n HTTP/1.1
Host: tmgassets.azureedge.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://monthlysweeps.us/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
content-encoding: br
content-md5: YTnb0ehLGLRubF63e3IyDA==
last-modified: Mon, 21 Feb 2022 16:55:53 GMT
etag: 0x8D9F55B05E46BD0
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-cache: TCP_HIT
x-ms-request-id: afc7f349-c01e-0015-0ab7-bf966a000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref-originshield: 0C84TYwAAAAB9MHqruFZiQ5FyAXNvzVWkQU1TMDRFREdFMTkxNQAyODU5YzAzNS0wZjdmLTQ5ZjktOGY0Ny01ZTE1OGJlMzJjNTU=
x-azure-ref: 0iiEVYwAAAABywtlXKxSZR5GXZVnGKWGZU1RPRURHRTE4MTIAMjg1OWMwMzUtMGY3Zi00OWY5LThmNDctNWUxNThiZTMyYzU1
date: Sun, 04 Sep 2022 22:07:05 GMT
X-Firefox-Spdy: h2
ws8.hotjar.com/api/v2/sites/2865935/recordings/content
54.246.176.35200 OK 0 B URL HTTP/2 ws8.hotjar.com/api/v2/sites/2865935/recordings/content
IP 54.246.176.35:0
POST /api/v2/sites/2865935/recordings/content HTTP/1.1
Host: ws8.hotjar.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain; charset=UTF-8
Content-Length: 119290
Origin: https://monthlysweeps.us
Connection: keep-alive
Referer: https://monthlysweeps.us/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Sep 2022 22:07:09 GMT
content-type: application/json
vary: Accept-Encoding
cache-control: no-cache, no-store
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-max-age: 86400
content-encoding: br
X-Firefox-Spdy: h2
stackpath.bootstrapcdn.com/bootstrap/4.1.0/css/bootstrap.min.css
104.18.11.207200 OK 0 B URL HTTP/2 stackpath.bootstrapcdn.com/bootstrap/4.1.0/css/bootstrap.min.css
IP 104.18.11.207:0
GET /bootstrap/4.1.0/css/bootstrap.min.css HTTP/1.1
Host: stackpath.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://monthlysweeps.us/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Sep 2022 22:07:05 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: SE
cdn-edgestorageid: 723, 718, 718
last-modified: Mon, 25 Jan 2021 22:04:04 GMT
cdn-cachedat: 2021-04-23 06:51:23
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cache-control: public, max-age=31919000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-content-type-options: nosniff
cdn-requestid: fb769ef43d6803d303a68c7d7f774d4c
cdn-cache: HIT
cf-cache-status: HIT
age: 10436323
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 745a0938bc190b51-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.trustedform.com/bootstrap.js?provide_referrer=false&field=trusted_form&l=16623292232840.11484924832126298&invert_field_sensitivity=false
54.230.111.103200 OK 0 B URL HTTP/2 cdn.trustedform.com/bootstrap.js?provide_referrer=false&field=trusted_form&l=16623292232840.11484924832126298&invert_field_sensitivity=false
IP 54.230.111.103:0
GET /bootstrap.js?provide_referrer=false&field=trusted_form&l=16623292232840.11484924832126298&invert_field_sensitivity=false HTTP/1.1
Host: cdn.trustedform.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://monthlysweeps.us/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
date: Sun, 04 Sep 2022 22:07:09 GMT
last-modified: Tue, 16 Aug 2022 18:53:06 GMT
x-amz-version-id: 9tpprjSXF1V1i663qaS1L8y.yb5CQ2dA
etag: W/"97d91c9803cec4e7981c0f415c2c1923"
server: AmazonS3
content-encoding: gzip
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 6259d2cd8a5947ad41a420527bbed7a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: _PcgerVIw6dc3vHilvN76ciZMMQ0yE5MNDjX4-pq4Gehu2XdA6Ob3g==
X-Firefox-Spdy: h2