Report - yoursafeinvestmentnow.net/btc-profits/lp.php

Report Overview

Submitted URL
yoursafeinvestmentnow.net/btc-profits/lp.php
IP
185.142.238.38
ASN
#174 COGENT-174
Submitted
2022-09-12 20:34:50
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
58

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
yoursafeinvestmentnow.net	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	27 kB	7.1 MB	185.142.238.38
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.6 kB	4.4 kB	95.101.11.115
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.3 kB	2.8 kB	142.250.74.3
vjs.zencdn.net	4968	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	742 B	349 kB	151.101.86.217
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	594 B	127 B	52.41.246.187
use.fontawesome.com	942	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	930 B	81 kB	172.67.169.247
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.6 kB	43 kB	34.120.237.76
fonts.googleapis.com	8877	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	409 B	746 B	142.250.74.10
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	758 B	2.7 kB	143.204.55.36
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	321 B	229 B	34.117.237.239
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	329 B	736 B	93.184.220.29
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	401 B	5.8 kB	143.204.55.25
cdnjs.cloudflare.com	235	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	817 B	23 kB	104.17.24.14
fonts.gstatic.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	487 B	32 kB	142.250.74.163

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-09-12	medium	yoursafeinvestmentnow.net/btc-profits/lp.php	Phishing
2022-09-12	medium	yoursafeinvestmentnow.net/btc-profits/lp.php	Phishing
2022-09-12	medium	yoursafeinvestmentnow.net/btc-profits/js/intgrtn-i18n.js	Phishing
2022-09-12	medium	yoursafeinvestmentnow.net/btc-profits/js/index.js	Phishing
2022-09-12	medium	yoursafeinvestmentnow.net/btc-profits/js/bootstrap.js	Phishing
2022-09-12	medium	yoursafeinvestmentnow.net/btc-profits/img/footer-logo.svg	Phishing
2022-09-12	medium	yoursafeinvestmentnow.net/btc-profits/img/logo.svg	Phishing
2022-09-12	medium	yoursafeinvestmentnow.net/btc-profits/img/triangleLeft.svg	Phishing
2022-09-12	medium	yoursafeinvestmentnow.net/btc-profits/img/triangleRight.svg	Phishing
2022-09-12	medium	yoursafeinvestmentnow.net/intgrtn/api/v1/integration/sdk.css?v=2.63.2	Phishing
2022-09-12	medium	yoursafeinvestmentnow.net/intgrtn/api/v1/projects/agreements.php?type=4	Phishing
2022-09-12	medium	yoursafeinvestmentnow.net/intgrtn/api/v1/projects/details.php?	Phishing
2022-09-12	medium	yoursafeinvestmentnow.net/btc-profits/exit-popup/index.php	Phishing
2022-09-12	medium	yoursafeinvestmentnow.net/btc-profits/i18n/no.json	Phishing
2022-09-12	medium	yoursafeinvestmentnow.net/intgrtn/api/v1/projects/agreements.php?type=4	Phishing
2022-09-12	medium	yoursafeinvestmentnow.net/intgrtn/api/v1/events/add.php	Phishing
2022-09-12	medium	yoursafeinvestmentnow.net/btc-profits/media/no-1.mp4	Phishing
2022-09-12	medium	yoursafeinvestmentnow.net/intgrtn/api/v1/projects/agreements.php?type=4	Phishing
2022-09-12	medium	yoursafeinvestmentnow.net/exit-popup-assets/js/bootstrap.min.js	Phishing
2022-09-12	medium	yoursafeinvestmentnow.net/exit-popup-assets/js/jquery-1.11.3.min.js	Phishing
2022-09-12	medium	yoursafeinvestmentnow.net/exit-popup-assets/js/intgrtn-i18n.js	Phishing
2022-09-12	medium	yoursafeinvestmentnow.net/exit-popup-assets/css/exitpopup-register.css?v=1661949963	Phishing
2022-09-12	medium	yoursafeinvestmentnow.net/btc-profits/media/en-1-t3.mp4	Phishing
2022-09-12	medium	yoursafeinvestmentnow.net/btc-profits/media/no-1.mp4	Phishing
2022-09-12	medium	yoursafeinvestmentnow.net/exit-popup-assets/i18n/translations.json	Phishing
2022-09-12	medium	yoursafeinvestmentnow.net/intgrtn/api/v1/events/add.php	Phishing
2022-09-12	medium	yoursafeinvestmentnow.net/btc-profits/media/en-1-t2.mp4	Phishing
2022-09-12	medium	yoursafeinvestmentnow.net/btc-profits/media/en-1-t1.mp4	Phishing
2022-09-12	medium	yoursafeinvestmentnow.net/btc-profits/media/en-2.mp4	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (14)

	URL	Size	First Seen	Last Seen
	yoursafeinvestmentnow.net/btc-profits/js/build.min.js?v=2	490 kB	2023-03-07	2023-03-07
Pretty URL yoursafeinvestmentnow.net/btc-profits/js/build.min.js?v=2 IP 185.142.238.38 ASN #174 COGENT-174 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 15:19:00 Last Seen2023-03-07 15:24:41 Times Seen1 Hash be425ce5f33e486a9d754fa8c897f288 f12f335d02f9a7f87d8130e00c0b69ab511aa8b9 6ed8d04cc7acfb9af6e1a15e63cacccd15ee4a90cbebf9812d997bfdc106298f Loading...

	yoursafeinvestmentnow.net/btc-profits/js/intgrtn-i18n.js	4.7 kB	2023-03-07	2023-03-07
Pretty URL yoursafeinvestmentnow.net/btc-profits/js/intgrtn-i18n.js IP 185.142.238.38 ASN #174 COGENT-174 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 15:19:00 Last Seen2023-03-07 15:24:41 Times Seen1 Hash 57f496a5f1321ee02de33d801148b84e 9f2e548b4f870ba84054fddebb28dd2c98884201 1b964b21cb4c1f7547930e33af8390ba56231644978f4a765e13d415658c31f9 Loading...

	yoursafeinvestmentnow.net/exit-popup-assets/js/jquery-1.11.3.min.js	96 kB	2023-03-07	2024-04-25
Pretty URL yoursafeinvestmentnow.net/exit-popup-assets/js/jquery-1.11.3.min.js IP 185.142.238.38 ASN #174 COGENT-174 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:25 Last Seen2024-04-25 06:07:25 Times Seen10382 Hash 895323ed2f7258af4fae2c738c8aea49 276c87ff3e1e3155679c318938e74e5c1b76d809 ecb916133a9376911f10bc5c659952eb0031e457f5df367cde560edbfba38fb8 Loading...

	yoursafeinvestmentnow.net/exit-popup-assets/js/intgrtn-i18n.js	1.8 kB	2023-03-07	2024-03-13
Pretty URL yoursafeinvestmentnow.net/exit-popup-assets/js/intgrtn-i18n.js IP 185.142.238.38 ASN #174 COGENT-174 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:07:58 Last Seen2024-03-13 08:17:30 Times Seen44 Hash 41e42526885ec2aaddf680d79699b7e9 616cade76240b142ca1cf3afdad5dfcbe049e9a4 ea8e73a378216cb2847aaa3679aab33094c6daf0de862c8788e454661aef8a2c Loading...

	yoursafeinvestmentnow.net/intgrtn/api/v1/integration/sdk.js?v=220228120	390 kB	2023-03-07	2023-03-07
Pretty URL yoursafeinvestmentnow.net/intgrtn/api/v1/integration/sdk.js?v=220228120 IP 185.142.238.38 ASN #174 COGENT-174 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:07:58 Last Seen2023-03-07 15:24:41 Times Seen1 Hash 9e43807c0ad360c392f55c23eb822134 daeb573ec2b216e2871fc3e5a199263577f73703 06e483126372927e744b57959649ef33564f9294d6142b8aee94dc1e26dd7d02 Loading...

	yoursafeinvestmentnow.net/btc-profits/js/index.js	4.1 kB	2023-03-07	2023-03-07
Pretty URL yoursafeinvestmentnow.net/btc-profits/js/index.js IP 185.142.238.38 ASN #174 COGENT-174 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 15:24:41 Last Seen2023-03-07 15:24:41 Times Seen1 Hash 612fcd19177d19cc6c5302297bd403aa d8eb71fe09526847aaf21885864cf12d90a60a57 993679d869910fd519a3bff20dc5c5b2b824c756fd9671596f10052b989f9394 Loading...

	yoursafeinvestmentnow.net/btc-profits/exit-popup/index.php	1.1 kB	2023-03-07	2023-11-27
Pretty URL yoursafeinvestmentnow.net/btc-profits/exit-popup/index.php IP 185.142.238.38 ASN #174 COGENT-174 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:07:58 Last Seen2023-11-27 22:55:29 Times Seen2 Hash c96d08c821c249176e0ef152823c2fb9 4c5c443113b5754e2d2d64a71933513beef57266 ec0f8913407a563ab43987f4197a6faf54341a681c8011a0f3377d1c337867ee Loading...

	cdnjs.cloudflare.com/ajax/libs/fancybox/3.3.5/jquery.fancybox.min.js	62 kB	2023-03-07	2024-04-25
Pretty URL cdnjs.cloudflare.com/ajax/libs/fancybox/3.3.5/jquery.fancybox.min.js IP 104.17.24.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:11:36 Last Seen2024-04-25 04:18:14 Times Seen4073 Hash b762d7a222031899a8b3d8fa8e6a21cf 5f2927d035f3b5e99a99ca0652584bff8aa49850 4dbe2075e08dfc008a9a1290dc149f6ee360215610cc1944bdb625c0aee3b83c Loading...

	unknown	0 B	2023-03-07	2024-04-25
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-25 15:13:25 Times Seen37064680 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	yoursafeinvestmentnow.net/btc-profits/js/bootstrap.js	59 kB	2023-03-07	2024-04-21
Pretty URL yoursafeinvestmentnow.net/btc-profits/js/bootstrap.js IP 185.142.238.38 ASN #174 COGENT-174 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:33:40 Last Seen2024-04-21 18:29:49 Times Seen1851 Hash 0f9ea8d6bb66dbed6e0966f9da35b7fd 8095a33f75ca53aa5409b8bf00ea30372755092d 306ab8dd287ef041231a510b7e4c027a11e28b20c3408a9185d895c091dc72a4 Loading...

	yoursafeinvestmentnow.net/btc-profits/lp.php	2.0 kB	2023-03-07	2023-03-07
Pretty URL yoursafeinvestmentnow.net/btc-profits/lp.php IP 185.142.238.38 ASN #174 COGENT-174 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 15:19:00 Last Seen2023-03-07 15:24:41 Times Seen1 Hash 826537fb488e6e781e039cc248d3b55f d8036effb1b954c0737cd641f4a95aac29c15784 f7e85216e30d9090c9ec1cf67e445b84c84584d7cfd40a3682a7c2aa8a0767e7 Loading...

	yoursafeinvestmentnow.net/btc-profits/lp.php	92 B	2023-03-07	2024-03-13
Pretty URL yoursafeinvestmentnow.net/btc-profits/lp.php IP 185.142.238.38 ASN #174 COGENT-174 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:07:58 Last Seen2024-03-13 08:17:30 Times Seen22 Hash 40d4751fbffe737a632e7f0284a4d5e2 38c8572c33bd6937b79e0ebb1639fe2291c55f13 ccf01a8129a62abf2f8b0ed8b9a8e3692fae87d189372b056d3b2f0b44bc9768 Loading...

	yoursafeinvestmentnow.net/exit-popup-assets/js/bootstrap.min.js	37 kB	2023-03-07	2024-04-25
Pretty URL yoursafeinvestmentnow.net/exit-popup-assets/js/bootstrap.min.js IP 185.142.238.38 ASN #174 COGENT-174 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:54 Last Seen2024-04-25 12:55:46 Times Seen54595 Hash 5869c96cc8f19086aee625d670d741f9 430a443d74830fe9be26efca431f448c1b3740f9 53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef Loading...

	yoursafeinvestmentnow.net/btc-profits/exit-popup/index.php	3.4 kB	2023-03-07	2024-02-11
Pretty URL yoursafeinvestmentnow.net/btc-profits/exit-popup/index.php IP 185.142.238.38 ASN #174 COGENT-174 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:07:58 Last Seen2024-02-11 08:17:35 Times Seen1 Hash 183270a4b6e8743aeb9539c6020da90e c667feed745dcbeb640d4d6b0f9d1c4f6ade2208 c5605cd55c094a7c8fdec7c3b65c32a7595a8995cebe87f5315e58f42a38ebb5 Loading...

HTTP Transactions (86)

URL IP Response Size

yoursafeinvestmentnow.net/btc-profits/lp.php

185.142.238.38

301 Moved Permanently

162 B

URL HTTP/1.1
yoursafeinvestmentnow.net/btc-profits/lp.php
IP
185.142.238.38:0
ASN
#174 COGENT-174

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
162 B (162 bytes)
Hash
4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /btc-profits/lp.php HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 12 Sep 2022 20:34:39 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://yoursafeinvestmentnow.net/btc-profits/lp.php
Strict-Transport-Security: max-age=63072000

firefox.settings.services.mozilla.com/v1/

143.204.55.36

200 OK

939 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/
IP
143.204.55.36:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
91dd975a7b17b2922dd23c0e49314e40
57a2ece1e3cee7c4ebf927f2ba92f52cac395fe2
09966873bbf317f8910c59544cfde2a6d46e8acd2905797cc7c85c6b4d18ea8a

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Content-Type, Alert, Backoff, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Mon, 12 Sep 2022 20:08:19 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 50584ad285d5f627ddebae74efdd0770.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: V09l3n0cArpGXxsZw0HDG6As4v25LRqWsSP_jonrgDPMqb9lu2Sb4A==
Age: 1580

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
76d5eb597558e3dee0d99719d17e71e0
f3a0f3932fa8059f27dc9422d523b938fa9a7d09
d16de6cc9eb0e1297f53dc1137bb764bf5c21a7727be32ad05afebd1fe9501ed

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D16DE6CC9EB0E1297F53DC1137BB764BF5C21A7727BE32AD05AFEBD1FE9501ED"
Last-Modified: Sat, 10 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2286
Expires: Mon, 12 Sep 2022 21:12:45 GMT
Date: Mon, 12 Sep 2022 20:34:39 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain

143.204.55.25

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP
143.204.55.25:0
ASN
#16509 AMAZON-02

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Mon, 12 Sep 2022 07:17:13 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 71c98156ae29b36a903974f9dd2568f8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 3XyGcq4PPO6NpIO15ZWDzKTVLdwgmxrDfVi6pzE6i77nQe9OdI68Wg==
age: 47847
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Mon, 12 Sep 2022 20:34:39 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e7d6f0dbb357f3eaa632cb0f2ed9dc4e
48d553ad37284a26a82b4c3f670a2248069a9d8e
195d2023e76fe7d802c05b8f8ca57a4df139441db498fb93eecc194f19571392

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "195D2023E76FE7D802C05B8F8CA57A4DF139441DB498FB93EECC194F19571392"
Last-Modified: Sun, 11 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17237
Expires: Tue, 13 Sep 2022 01:21:56 GMT
Date: Mon, 12 Sep 2022 20:34:39 GMT
Connection: keep-alive

yoursafeinvestmentnow.net/btc-profits/lp.php

185.142.238.38

200 OK

4.8 kB

URL HTTP/1.1
yoursafeinvestmentnow.net/btc-profits/lp.php
IP
185.142.238.38:0
ASN
#174 COGENT-174

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (458)
Size
4.8 kB (4836 bytes)
Hash
ec3c07aa75c8e2bfbc30f2d9f35b8404
4e0ba7981b904e1802845ca996f472ed40d914b8
ea904edd700754f3323090c8560a0d70b93283a5dac9b4c6971b088f8d6296ef

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /btc-profits/lp.php HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Sep 2022 20:34:39 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Upstream: sharkolia-***ko
Content-Encoding: gzip
X-Server: microso
PX-X-Request-Id: 3e13aeaa6fa517b83cdd210dc88bef1b

cdnjs.cloudflare.com/ajax/libs/fancybox/3.3.5/jquery.fancybox.min.css

104.17.24.14

200 OK

2.9 kB

URL HTTP/2
cdnjs.cloudflare.com/ajax/libs/fancybox/3.3.5/jquery.fancybox.min.css
IP
104.17.24.14:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (14065), with no line terminators
Size
2.9 kB (2949 bytes)
Hash
c966da480efb64a4e936f34848ec8151
74aeb1bf213889c09bff4ad09b196cfa44ef3705
2131f4f45424dc47454738d9a72b696946a35309916e923ca7df02e171510f5d

HTTP Headers

GET /ajax/libs/fancybox/3.3.5/jquery.fancybox.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Mon, 12 Sep 2022 20:34:39 GMT
content-type: text/css; charset=utf-8
content-length: 2949
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03e58-36f1"
last-modified: Mon, 04 May 2020 16:10:00 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 1729488
expires: Sat, 02 Sep 2023 20:34:39 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=q%2B9htZtk%2BC%2F%2ByI7cJ0tzULHDotBxEvW4VobS8bOSlwK3v7Pcun%2B61mo4GW37izO64yDVGASyj1hf%2FwaWTLyIok%2F%2BSymJvjoL5yS%2BjiHHMv8ZLMGycWe7ztQBbbQrN%2BO2UkBDxcBY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 749b6cd6ebebb521-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/fancybox/3.3.5/jquery.fancybox.min.js

104.17.24.14

200 OK

18 kB

URL HTTP/2
cdnjs.cloudflare.com/ajax/libs/fancybox/3.3.5/jquery.fancybox.min.js
IP
104.17.24.14:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (32006)
Size
18 kB (17617 bytes)
Hash
0eea231e545fffd85122cc39d532de0c
ff9e77142cdde15c6be338563173662335bbf057
df3e0fea673cb3296a0defbca3784102b7a852291c39d159275293f95f703add

HTTP Headers

GET /ajax/libs/fancybox/3.3.5/jquery.fancybox.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Mon, 12 Sep 2022 20:34:39 GMT
content-type: application/javascript; charset=utf-8
content-length: 17617
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03e58-f02e"
last-modified: Mon, 04 May 2020 16:10:00 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 5240879
expires: Sat, 02 Sep 2023 20:34:39 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QL%2B0RE60Jt%2FWdRiG3nw1VlHG3WGj9amGdfwg4179bbYbed1qM9XZlTXMUrl%2F%2FAfYSw1LlIc64retNJhWjBKQNoxpQE0fAGBK%2FAiHVTbR6b8XgfdvbaBKAyKByvMShgY9Z%2BN608ML"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 749b6cd70c26b521-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
6526c70eb74c821b7a95487ad9a4e13d
0b8c610a7755437ab815b845f52cbb27e6c95008
059d15ca6ac7cb1830286ae635731e03b56c01d7d050291dabe2b3f3db866c9a

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 20:34:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

yoursafeinvestmentnow.net/btc-profits/css/register.css

185.142.238.38

200 OK

883 B

URL HTTP/1.1
yoursafeinvestmentnow.net/btc-profits/css/register.css
IP
185.142.238.38:0
ASN
#174 COGENT-174

File type
ASCII text
Size
883 B (883 bytes)
Hash
6b8c109b9be6de559b1199b7fde9f257
a839abbc29dd24dd8c21506e4884b5eb1fddf86d
853e93b5f26b6bbabfac248a04a847b2219344132c5def0a014c6de974cc23b1

HTTP Headers

GET /btc-profits/css/register.css HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/lp.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Sep 2022 20:34:39 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 26 Apr 2022 08:49:58 GMT
ETag: W/"6267b236-b17"
X-Upstream: sharkolia-***ko
PX-Cache-Status: STALE
X-Server: microso
PX-X-Request-Id: 9643c8269bda7fc8514ee4f88a1805d0
Content-Encoding: gzip

yoursafeinvestmentnow.net/btc-profits/css/build.min.css

185.142.238.38

200 OK

2.2 kB

URL HTTP/1.1
yoursafeinvestmentnow.net/btc-profits/css/build.min.css
IP
185.142.238.38:0
ASN
#174 COGENT-174

File type
ASCII text, with very long lines (10691), with no line terminators
Size
2.2 kB (2220 bytes)
Hash
f7eac4177d7dddbd4ec14de3830e6429
6c858f9d37963ccc61394f0362794576c859b294
42f5bebc07e5b01485c6c7f31daf6c8f8a656cc20775901a7c7ce9303ace53e3

HTTP Headers

GET /btc-profits/css/build.min.css HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/lp.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Sep 2022 20:34:39 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 26 Apr 2022 08:49:58 GMT
ETag: W/"6267b236-29c3"
X-Upstream: sharkolia-***ko
PX-Cache-Status: STALE
X-Server: microso
PX-X-Request-Id: 4aff21fcd319c81b7bcbd20b4d9a1b36
Content-Encoding: gzip

yoursafeinvestmentnow.net/btc-profits/css/index.css

185.142.238.38

200 OK

2.1 kB

URL HTTP/1.1
yoursafeinvestmentnow.net/btc-profits/css/index.css
IP
185.142.238.38:0
ASN
#174 COGENT-174

File type
ASCII text
Size
2.1 kB (2095 bytes)
Hash
8404760f33feef05c5cacf4f18150a0a
352767ba44b3f1bc60016cc50d935262c228d011
2df7dfe8df990cbb5b426cc223afae14f1256089a7e61c77eef30f94049d2f7b

HTTP Headers

GET /btc-profits/css/index.css HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/lp.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Sep 2022 20:34:39 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 26 Apr 2022 08:49:58 GMT
ETag: W/"6267b236-22c9"
X-Upstream: sharkolia-***ko
PX-Cache-Status: STALE
X-Server: microso
PX-X-Request-Id: 69a4b74b07cf65577c45f61edec90b40
Content-Encoding: gzip

yoursafeinvestmentnow.net/btc-profits/css/intgrtn.css?v=1663014879

185.142.238.38

200 OK

1.2 kB

URL HTTP/1.1
yoursafeinvestmentnow.net/btc-profits/css/intgrtn.css?v=1663014879
IP
185.142.238.38:0
ASN
#174 COGENT-174

File type
ASCII text, with very long lines (368)
Size
1.2 kB (1196 bytes)
Hash
4bfd54ff715abe1b84739ea3246b3a6b
48d0df35d5adc8123d9815b8056faf23b9cfbdbf
fc24b43fd2e75d20c6b2c0921bc36e21c53798ca33eb3deb0ac44aeff7f73cf4

HTTP Headers

GET /btc-profits/css/intgrtn.css?v=1663014879 HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/lp.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Sep 2022 20:34:39 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 26 Apr 2022 08:49:58 GMT
ETag: W/"6267b236-16d4"
X-Upstream: sharkolia-***ko
PX-Cache-Status: MISS
X-Server: microso
PX-X-Request-Id: b86b6b5f4b0a3d5fd60a637d373cc8a7
Content-Encoding: gzip

vjs.zencdn.net/7.1.0/video-js.css

151.101.86.217

200 OK

10 kB

URL HTTP/2
vjs.zencdn.net/7.1.0/video-js.css
IP
151.101.86.217:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (5636)
Size
10 kB (10082 bytes)
Hash
ced02adc5b258233aa41baf2cea0d759
c234d8e4e5d703d6ef0162ff2f2757f19f2b894d
f299f231079df589e43dbd8daa561c87801397dbdd7c4e664ad08eaf0e274089

HTTP Headers

GET /7.1.0/video-js.css HTTP/1.1
Host: vjs.zencdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
last-modified: Wed, 25 Jul 2018 21:02:43 GMT
etag: "20e19d889dd8fa46e8035262bf8fb3ab"
cache-control: public, max-age=31536000
content-type: text/css; charset=utf-8
content-encoding: gzip
date: Mon, 12 Sep 2022 20:34:39 GMT
x-served-by: cache-bma1655-BMA
x-cache: HIT
x-cache-hits: 11714
vary: Accept-Encoding
access-control-allow-origin: *
timing-allow-origin: *
content-length: 10082
X-Firefox-Spdy: h2

yoursafeinvestmentnow.net/btc-profits/js/intgrtn-i18n.js

185.142.238.38

200 OK

1.2 kB

URL HTTP/1.1
yoursafeinvestmentnow.net/btc-profits/js/intgrtn-i18n.js
IP
185.142.238.38:0
ASN
#174 COGENT-174

File type
ASCII text
Size
1.2 kB (1172 bytes)
Hash
b840fe3bce28ce86a6ae23c4806aff39
e9c3f9265b4bd9c7cf480434cff8ea34cd413030
7160aaf5bd58ebaa2b408f3ec7cc3c07aed67b5ddc1ccb057c635b758e980ee2

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /btc-profits/js/intgrtn-i18n.js HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/lp.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Sep 2022 20:34:39 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 26 Apr 2022 08:49:58 GMT
ETag: W/"6267b236-127b"
X-Upstream: sharkolia-***ko
PX-Cache-Status: STALE
X-Server: microso
PX-X-Request-Id: 752930042773c913106e333374aeea43
Content-Encoding: gzip

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
bff3a3f3f4f889b08163e7d307438790
c430c7c151973fa0e63ddf52e5624e1ce2282161
bce7d12a2343d8e43fbd05522fe82807ed48933a984aa113c284267364981750

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 20:34:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

yoursafeinvestmentnow.net/btc-profits/js/index.js

185.142.238.38

200 OK

845 B

URL HTTP/1.1
yoursafeinvestmentnow.net/btc-profits/js/index.js
IP
185.142.238.38:0
ASN
#174 COGENT-174

File type
ASCII text
Size
845 B (845 bytes)
Hash
2e9c91be1c23812ccd55bf398f5774a9
a113d13696cc73ddad6cc1df94256c74a885cbd6
c2e27dc36d6e9e15042d8b49f8cc675ba97734d0179d30d6856da5f07cd1a13c

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /btc-profits/js/index.js HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/lp.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Sep 2022 20:34:39 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 26 Apr 2022 08:49:58 GMT
ETag: W/"6267b236-fef"
X-Upstream: sharkolia-***ko
PX-Cache-Status: STALE
X-Server: microso
PX-X-Request-Id: 7098dbec593146040c4fe6afa125cd33
Content-Encoding: gzip

vjs.zencdn.net/7.1.0/video.js

151.101.86.217

200 OK

338 kB

URL HTTP/2
vjs.zencdn.net/7.1.0/video.js
IP
151.101.86.217:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (491)
Size
338 kB (338048 bytes)
Hash
801721168a5a2518c8c24dbf05687a10
aa02bd2d882f98fc1c8d015d4b5756703ee2a64e
9a89884883a81d284214b1818e3f3749ad1f9e445e06c1b2c32e9277869f2e78

HTTP Headers

GET /7.1.0/video.js HTTP/1.1
Host: vjs.zencdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
last-modified: Wed, 25 Jul 2018 21:02:43 GMT
etag: "9045e3df1785b61657789608f6afa807"
cache-control: public, max-age=31536000
content-type: application/javascript; charset=utf-8
content-encoding: gzip
date: Mon, 12 Sep 2022 20:34:39 GMT
x-served-by: cache-bma1655-BMA
x-cache: HIT
x-cache-hits: 2
vary: Accept-Encoding
access-control-allow-origin: *
timing-allow-origin: *
content-length: 338048
X-Firefox-Spdy: h2

yoursafeinvestmentnow.net/btc-profits/css/bootstrap.min.css

185.142.238.38

200 OK

21 kB

URL HTTP/1.1
yoursafeinvestmentnow.net/btc-profits/css/bootstrap.min.css
IP
185.142.238.38:0
ASN
#174 COGENT-174

File type
ASCII text, with very long lines (65324)
Size
21 kB (20934 bytes)
Hash
6221a832ce40f4ea7bab0688f34aecf3
d5363ce21c87feda457a07b37b2d295c98f4c08a
225c6102ee2ee3ddf279c8f5ec1c7a6882ac332c9536dcfb3e1f6543d0a69d67

HTTP Headers

GET /btc-profits/css/bootstrap.min.css HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/lp.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Sep 2022 20:34:39 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 26 Apr 2022 08:49:58 GMT
ETag: W/"6267b236-22485"
X-Upstream: sharkolia-***ko
PX-Cache-Status: STALE
X-Server: microso
PX-X-Request-Id: 235de4c5d6b65cc1ddc47a805dbeb752
Content-Encoding: gzip

yoursafeinvestmentnow.net/btc-profits/js/bootstrap.js

185.142.238.38

200 OK

15 kB

URL HTTP/1.1
yoursafeinvestmentnow.net/btc-profits/js/bootstrap.js
IP
185.142.238.38:0
ASN
#174 COGENT-174

File type
ASCII text, with very long lines (59058), with no line terminators
Size
15 kB (15291 bytes)
Hash
cad5ab28caa01e82fb28de68f02f2062
af804710acf3fe18f0497e3ac3cc8f9ca39bf6f6
361ed599c9d999d6f763d9f039eb68c04eff91846a829134d29f5835eeadcc62

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /btc-profits/js/bootstrap.js HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/lp.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Sep 2022 20:34:39 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 26 Apr 2022 08:49:58 GMT
ETag: W/"6267b236-e6b2"
X-Upstream: sharkolia-***ko
PX-Cache-Status: STALE
X-Server: microso
PX-X-Request-Id: 9de255edd08f5cf1e79537ece0b4a76c
Content-Encoding: gzip

yoursafeinvestmentnow.net/btc-profits/js/build.min.js?v=2

185.142.238.38

200 OK

121 kB

URL HTTP/1.1
yoursafeinvestmentnow.net/btc-profits/js/build.min.js?v=2
IP
185.142.238.38:0
ASN
#174 COGENT-174

File type
Unicode text, UTF-8 text, with very long lines (512)
Size
121 kB (121394 bytes)
Hash
5cf16db879e2e9a5d37c8069dd96116b
5dcc1b6d22c55109a36527762e38bd7671458347
6cf432436f2a5b70b40a9bf028c10a980b7a1db0751260c6ad39e15f30551e61

HTTP Headers

GET /btc-profits/js/build.min.js?v=2 HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/lp.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Sep 2022 20:34:39 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 26 Apr 2022 08:49:58 GMT
ETag: W/"6267b236-77ab1"
X-Upstream: sharkolia-***ko
PX-Cache-Status: STALE
X-Server: microso
PX-X-Request-Id: 5f8c86718ab3218224c9ff364fab3e03
Content-Encoding: gzip

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

143.204.55.36

200 OK

329 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
143.204.55.36:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Mon, 12 Sep 2022 19:56:07 GMT
Expires: Mon, 12 Sep 2022 20:36:03 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 a034aae43a19aef875fa395182990970.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: oy4FtkSfOX08SYhS76bhq_RMW2P2xJxGwUitg5Mrxn0wR30nalwdnA==
Age: 2313

yoursafeinvestmentnow.net/btc-profits/img/story-img-es-1.png

185.142.238.38

200 OK

280 kB

URL HTTP/1.1
yoursafeinvestmentnow.net/btc-profits/img/story-img-es-1.png
IP
185.142.238.38:0
ASN
#174 COGENT-174

File type
PNG image data, 391 x 800, 8-bit/color RGBA, non-interlaced\012- data
Size
280 kB (280345 bytes)
Hash
b29dc53a1d936b0d8c172b4ad69b4b20
8bb94fa05b5fffb2c9e50f73641b15f7b6678bf6
83b8ad6b19add5d08f2405c04947c6754853a4bbe46f38508945b6628553ca44

HTTP Headers

GET /btc-profits/img/story-img-es-1.png HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/lp.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Sep 2022 20:34:40 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 26 Apr 2022 08:49:58 GMT
ETag: W/"6267b236-44871"
X-Upstream: sharkolia-***ko
PX-Cache-Status: STALE
X-Server: microso
PX-X-Request-Id: 67d5220ea01fd36e39b5c7ebca8d6bdc
Content-Encoding: gzip

yoursafeinvestmentnow.net/btc-profits/img/story-img-en-1.png

185.142.238.38

200 OK

162 kB

URL HTTP/1.1
yoursafeinvestmentnow.net/btc-profits/img/story-img-en-1.png
IP
185.142.238.38:0
ASN
#174 COGENT-174

File type
PNG image data, 384 x 699, 8-bit/color RGBA, non-interlaced\012- data
Size
162 kB (161533 bytes)
Hash
e9294c55afff2a1f45ce1f58bc07915d
e570dba19be355e5290d86531b9d1ba1fbcf1f3a
bc5e302cb7bee04cf0cf9d9af1f90ab22c8397fd5013530af5a66f2ff8dca7f9

HTTP Headers

GET /btc-profits/img/story-img-en-1.png HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/lp.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Sep 2022 20:34:40 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 26 Apr 2022 08:49:58 GMT
ETag: W/"6267b236-277ee"
X-Upstream: sharkolia-***ko
PX-Cache-Status: STALE
X-Server: microso
PX-X-Request-Id: 4ca762e37f113277d8a62aaa17df9c3b
Content-Encoding: gzip

yoursafeinvestmentnow.net/btc-profits/img/story-img-en-2.png

185.142.238.38

200 OK

193 kB

URL HTTP/1.1
yoursafeinvestmentnow.net/btc-profits/img/story-img-en-2.png
IP
185.142.238.38:0
ASN
#174 COGENT-174

File type
PNG image data, 384 x 597, 8-bit/color RGBA, non-interlaced\012- data
Size
193 kB (192724 bytes)
Hash
79c05705671272c329027de865169307
580c4971bca2e80d005e48802c204df4e507dfc7
883a16106661ec83ba117aa4965e94c6006ee11f157dc529d1b0765c72e90028

HTTP Headers

GET /btc-profits/img/story-img-en-2.png HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/lp.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Sep 2022 20:34:40 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 26 Apr 2022 08:49:58 GMT
ETag: W/"6267b236-2f10c"
X-Upstream: sharkolia-***ko
PX-Cache-Status: STALE
X-Server: microso
PX-X-Request-Id: 748c60ff3a219479fd34073aed636ceb
Content-Encoding: gzip

yoursafeinvestmentnow.net/btc-profits/img/story-img-es-2.png

185.142.238.38

200 OK

207 kB

URL HTTP/1.1
yoursafeinvestmentnow.net/btc-profits/img/story-img-es-2.png
IP
185.142.238.38:0
ASN
#174 COGENT-174

File type
PNG image data, 391 x 709, 8-bit/color RGBA, non-interlaced\012- data
Size
207 kB (206787 bytes)
Hash
88398eed6ba4da1fc27699ab09b790b9
c129525b291f42321bfc2e10faab4aa9df33643e
7b10461db51be4ed974249bc227cfa1b29add83b41fbdb5a7259fd952c62e6dc

HTTP Headers

GET /btc-profits/img/story-img-es-2.png HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/lp.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Sep 2022 20:34:40 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 26 Apr 2022 08:49:58 GMT
ETag: W/"6267b236-32975"
X-Upstream: sharkolia-***ko
PX-Cache-Status: STALE
X-Server: microso
PX-X-Request-Id: 4e716779e6321c0a786d27cd3e74e61b
Content-Encoding: gzip

yoursafeinvestmentnow.net/btc-profits/img/footer-logo.svg

185.142.238.38

200 OK

3.0 kB

URL HTTP/1.1
yoursafeinvestmentnow.net/btc-profits/img/footer-logo.svg
IP
185.142.238.38:0
ASN
#174 COGENT-174

File type
SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (2962), with no line terminators
Size
3.0 kB (2962 bytes)
Hash
3b741137a1149a5c26d48c3c702a2d37
84b1124a5fe14491d674d1f7281f2f95776e5b9f
3a95c8bebec9e3932da29ddaa97a84dce573becc1960d849593d74a35af34db2

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /btc-profits/img/footer-logo.svg HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/lp.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Sep 2022 20:34:40 GMT
Content-Type: image/svg+xml
Content-Length: 2962
Connection: keep-alive
Last-Modified: Tue, 26 Apr 2022 08:49:58 GMT
ETag: "6267b236-b92"
X-Upstream: sharkolia-***ko
PX-Cache-Status: STALE
X-Server: microso
PX-X-Request-Id: 60dbc0db7f3f75a958e6a76029cb37bd
Accept-Ranges: bytes

yoursafeinvestmentnow.net/btc-profits/img/story-img-en-3.png

185.142.238.38

200 OK

346 kB

URL HTTP/1.1
yoursafeinvestmentnow.net/btc-profits/img/story-img-en-3.png
IP
185.142.238.38:0
ASN
#174 COGENT-174

File type
PNG image data, 490 x 780, 8-bit/color RGBA, non-interlaced\012- data
Size
346 kB (345956 bytes)
Hash
49f0a6d2a946de991c5952c2053bd51e
58fe984e25ac511e56a57168aae4c449ff6d092a
bc1b61c018676da29d68306203c6e824eb7521d8678a1da1cbbc7b739b8c5d89

HTTP Headers

GET /btc-profits/img/story-img-en-3.png HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/lp.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Sep 2022 20:34:40 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 26 Apr 2022 08:49:58 GMT
ETag: W/"6267b236-5524b"
X-Upstream: sharkolia-***ko
PX-Cache-Status: STALE
X-Server: microso
PX-X-Request-Id: 04e494ca614f143ad58fa0502099862c
Content-Encoding: gzip

yoursafeinvestmentnow.net/btc-profits/img/story-video-3-thumbnail.png

185.142.238.38

200 OK

1.6 MB

URL HTTP/1.1
yoursafeinvestmentnow.net/btc-profits/img/story-video-3-thumbnail.png
IP
185.142.238.38:0
ASN
#174 COGENT-174

File type
PNG image data, 1681 x 946, 8-bit/color RGB, non-interlaced\012- data
Size
1.6 MB (1591386 bytes)
Hash
a01b698b1e329310ee52fc261e343857
f2e581eb7b7a5ac58c4f3a4ec155b8682dcf93ff
61c52302fde351be7db3e462bb9b73e93c86247c29c239e386f05d47656a9711

HTTP Headers

GET /btc-profits/img/story-video-3-thumbnail.png HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/lp.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Sep 2022 20:34:40 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 26 Apr 2022 08:49:58 GMT
ETag: W/"6267b236-1846b3"
X-Upstream: sharkolia-***ko
PX-Cache-Status: STALE
X-Server: microso
PX-X-Request-Id: 3dffa5ddf85bdc6c3815921eb8188c72
Content-Encoding: gzip

yoursafeinvestmentnow.net/btc-profits/img/story-img-en-4.png

185.142.238.38

200 OK

128 kB

URL HTTP/1.1
yoursafeinvestmentnow.net/btc-profits/img/story-img-en-4.png
IP
185.142.238.38:0
ASN
#174 COGENT-174

File type
PNG image data, 384 x 607, 8-bit/color RGBA, non-interlaced\012- data
Size
128 kB (128355 bytes)
Hash
96570b49f06c36e6b466e0512a81a610
233277c3dc9299954118d6ddf9d5425f20da89ac
f33ff44f1d8ed504e68844d4ae524d8be569f1568c9da40d9badd63d272b1ec0

HTTP Headers

GET /btc-profits/img/story-img-en-4.png HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/lp.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Sep 2022 20:34:40 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 26 Apr 2022 08:49:58 GMT
ETag: W/"6267b236-1f861"
X-Upstream: sharkolia-***ko
PX-Cache-Status: STALE
X-Server: microso
PX-X-Request-Id: 87c16ff4f4e9000808029bd24f118d3f
Content-Encoding: gzip

yoursafeinvestmentnow.net/btc-profits/img/logo.svg

185.142.238.38

200 OK

3.3 kB

URL HTTP/1.1
yoursafeinvestmentnow.net/btc-profits/img/logo.svg
IP
185.142.238.38:0
ASN
#174 COGENT-174

File type
SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (3260), with no line terminators
Size
3.3 kB (3260 bytes)
Hash
42aa52cf63f37e9f4d77399cb7a5f443
19be429f0eb52a8ffc615a464cdf9e6e2efd23d8
0e3c5bcee39345e9d174f82de22153aee045fadfc02ae1a6c3e4e804aad5beb4

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /btc-profits/img/logo.svg HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/lp.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Sep 2022 20:34:40 GMT
Content-Type: image/svg+xml
Content-Length: 3260
Connection: keep-alive
Last-Modified: Tue, 26 Apr 2022 08:49:58 GMT
ETag: "6267b236-cbc"
X-Upstream: sharkolia-***ko
PX-Cache-Status: STALE
X-Server: microso
PX-X-Request-Id: 0ddcc7e0ca902e304b19ef53572724f2
Accept-Ranges: bytes

yoursafeinvestmentnow.net/btc-profits/img/appPhoneMockup.png

185.142.238.38

200 OK

53 kB

URL HTTP/1.1
yoursafeinvestmentnow.net/btc-profits/img/appPhoneMockup.png
IP
185.142.238.38:0
ASN
#174 COGENT-174

File type
PNG image data, 700 x 1165, 8-bit colormap, non-interlaced\012- data
Size
53 kB (52622 bytes)
Hash
91b91e15af04bde32dd38d28609ec214
ba8501a1425cb4e38ad8267a4f76900ee57ad275
ac04d340dba82bc4b602655511bedb7e070c93156d566c3040f2c5e70701ee27

HTTP Headers

GET /btc-profits/img/appPhoneMockup.png HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/lp.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Sep 2022 20:34:40 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 26 Apr 2022 08:49:58 GMT
ETag: W/"6267b236-cdc7"
X-Upstream: sharkolia-***ko
PX-Cache-Status: STALE
X-Server: microso
PX-X-Request-Id: 6cc23d104dd31fa3478541fe4b208493
Content-Encoding: gzip

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
cb674936db4af4be99c3c397eff8c6ae
de79d76bac3fae5799b0ff35ecc19360595dfb06
992b884b64f9f6fdb76a6ba91c48fed329325b95b99d8003b282879a52093c08

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 440
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 20:34:40 GMT
Last-Modified: Mon, 12 Sep 2022 20:27:20 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471

yoursafeinvestmentnow.net/btc-profits/img/bitcoin_bg.jpg

185.142.238.38

200 OK

54 kB

URL HTTP/1.1
yoursafeinvestmentnow.net/btc-profits/img/bitcoin_bg.jpg
IP
185.142.238.38:0
ASN
#174 COGENT-174

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 2000x1200, components 3\012- data
Size
54 kB (53777 bytes)
Hash
2b51c2c653de08bfaf3c6130f1b0fb6d
d4a15fbf511e8c3726a619714bcdc1035d30ca44
3dfcef8c1eca6f783bc83ea17bc9187acf65e2d490308b92488e46f06d3ec289

HTTP Headers

GET /btc-profits/img/bitcoin_bg.jpg HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/css/index.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Sep 2022 20:34:40 GMT
Content-Type: image/jpeg
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 26 Apr 2022 08:49:58 GMT
ETag: W/"6267b236-d74f"
X-Upstream: sharkolia-***ko
PX-Cache-Status: STALE
X-Server: microso
PX-X-Request-Id: 4d857f1be5e340a25fdad917678eae16
Content-Encoding: gzip

yoursafeinvestmentnow.net/btc-profits/img/triangleLeft.svg

185.142.238.38

200 OK

378 B

URL HTTP/1.1
yoursafeinvestmentnow.net/btc-profits/img/triangleLeft.svg
IP
185.142.238.38:0
ASN
#174 COGENT-174

File type
SVG Scalable Vector Graphics image\012- HTML document, ASCII text
Size
378 B (378 bytes)
Hash
c8031b29dfa9ee361318406711a72b24
5d414edfde0d92d57945a9b8de4913ae73f0b58f
86cef2e3af78360735e571123cc97e6a5f7d3bd2e33b35cb60ad89d52822fb7a

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /btc-profits/img/triangleLeft.svg HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/css/index.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Sep 2022 20:34:40 GMT
Content-Type: image/svg+xml
Content-Length: 378
Connection: keep-alive
Last-Modified: Tue, 26 Apr 2022 08:49:58 GMT
ETag: "6267b236-17a"
X-Upstream: sharkolia-***ko
PX-Cache-Status: STALE
X-Server: microso
PX-X-Request-Id: 82827f3430b52b7158a9d160287fdd15
Accept-Ranges: bytes

yoursafeinvestmentnow.net/btc-profits/img/triangleRight.svg

185.142.238.38

200 OK

381 B

URL HTTP/1.1
yoursafeinvestmentnow.net/btc-profits/img/triangleRight.svg
IP
185.142.238.38:0
ASN
#174 COGENT-174

File type
SVG Scalable Vector Graphics image\012- HTML document, ASCII text
Size
381 B (381 bytes)
Hash
8c21bb7cb45252c1f8b7d18fbaac6062
211195bbc285ac309fb61889c8e76f7cb73ecf56
0b3c6a95a092a4db81f776a69c735508ff7def9c63b94427edc5af26748619d1

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /btc-profits/img/triangleRight.svg HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/css/index.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Sep 2022 20:34:40 GMT
Content-Type: image/svg+xml
Content-Length: 381
Connection: keep-alive
Last-Modified: Tue, 26 Apr 2022 08:49:58 GMT
ETag: "6267b236-17d"
X-Upstream: sharkolia-***ko
PX-Cache-Status: STALE
X-Server: microso
PX-X-Request-Id: b0a73e3d6eb6964d502a8c5146b24d9f
Accept-Ranges: bytes

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
bd7b5eb635d48acf1428c326eaa892a1
ba9f6c0db831a88b7d6dbdd98f19e76b4b501258
557466a3b642e90e352898073ff23f6a034c3b233e8aee0f0f69cd6ca83d49f4

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 20:34:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

yoursafeinvestmentnow.net/intgrtn/api/v1/integration/sdk.js?v=220228120

185.142.238.38

200 OK

41 kB

URL HTTP/1.1
yoursafeinvestmentnow.net/intgrtn/api/v1/integration/sdk.js?v=220228120
IP
185.142.238.38:0
ASN
#174 COGENT-174

File type
ASCII text
Size
41 kB (40995 bytes)
Hash
451089c16d3b415cfe423824f4472dce
6c4e8a82adaa4641ac1f263772d34d4b32c0205c
aec6305ea4aad6e25aa4f15b6da4b145caf24f765a406a7c86ced6b70ddae2e5

HTTP Headers

GET /intgrtn/api/v1/integration/sdk.js?v=220228120 HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/lp.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Sep 2022 20:34:40 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 05 Sep 2022 12:28:27 GMT
Vary: Accept-Encoding
ETag: W/"6315eb6b-5f3f4"
Expires: Tue, 12 Sep 2023 14:34:25 GMT
Cache-Control: max-age=31536000
Content-Encoding: gzip
X-Server: microso
PX-X-Request-Id: 289ce3cd1a0b903d27ecf135bd564c79
PX-Cache-Status: HIT

fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2

142.250.74.163

200 OK

31 kB

URL HTTP/2
fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 30928, version 1.0\012- data
Size
31 kB (30928 bytes)
Hash
ac0d2859ea5f8fd6bcb3c305c08ec184
7f6c17e3e592cd8bd346b9cc261d8dd961b8aef7
ae919a7c9f25f0fd97fc18e398ae8e453fcaae487e4a4cb4f896e7fecde4a780

HTTP Headers

GET /s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://yoursafeinvestmentnow.net
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 30928
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 08 Sep 2022 16:40:18 GMT
expires: Fri, 08 Sep 2023 16:40:18 GMT
cache-control: public, max-age=31536000
age: 359662
last-modified: Mon, 11 Jul 2022 18:57:39 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
bd7b5eb635d48acf1428c326eaa892a1
ba9f6c0db831a88b7d6dbdd98f19e76b4b501258
557466a3b642e90e352898073ff23f6a034c3b233e8aee0f0f69cd6ca83d49f4

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 20:34:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

yoursafeinvestmentnow.net/intgrtn/api/v1/integration/sdk.css?v=2.63.2

185.142.238.38

200 OK

8.2 kB

URL HTTP/1.1
yoursafeinvestmentnow.net/intgrtn/api/v1/integration/sdk.css?v=2.63.2
IP
185.142.238.38:0
ASN
#174 COGENT-174

File type
Unicode text, UTF-8 text
Size
8.2 kB (8238 bytes)
Hash
f8d2693bbce48cb3c19117b0d43e9cc4
5a4ed5df84262978776ee5fd1d2418ebde6f08ba
0ec8d1ead3f977cf5f4421c42570d18ac80796c2ccbc6b855af7c68e3470b922

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /intgrtn/api/v1/integration/sdk.css?v=2.63.2 HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/lp.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Sep 2022 20:34:40 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 29 Jul 2022 12:13:41 GMT
Vary: Accept-Encoding
ETag: W/"62e3cef5-1344e"
Expires: Sun, 30 Jul 2023 20:18:42 GMT
Cache-Control: max-age=31536000
Content-Encoding: gzip
X-Server: microso
PX-X-Request-Id: 14bcb195318556a6977916e2f9f9ec52
PX-Cache-Status: HIT

yoursafeinvestmentnow.net/btc-profits/img/story-video-2-thumbnail.png

185.142.238.38

200 OK

1.0 MB

URL HTTP/1.1
yoursafeinvestmentnow.net/btc-profits/img/story-video-2-thumbnail.png
IP
185.142.238.38:0
ASN
#174 COGENT-174

File type
PNG image data, 1680 x 940, 8-bit/color RGB, non-interlaced\012- data
Size
1.0 MB (1048404 bytes)
Hash
03e45743018d045be685db4bf481c890
b2ff6506d06cbb6b1785d6200e721373112d4a00
565985fd4415892facd3c3e487172bf9b63db65a552554f699fb33fe401e42ab

HTTP Headers

GET /btc-profits/img/story-video-2-thumbnail.png HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/lp.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Sep 2022 20:34:40 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 26 Apr 2022 08:49:58 GMT
ETag: W/"6267b236-100018"
X-Upstream: sharkolia-***ko
PX-Cache-Status: STALE
X-Server: microso
PX-X-Request-Id: b3b24b121d27083644c7661ac2c5ea7f
Content-Encoding: gzip

yoursafeinvestmentnow.net/btc-profits/img/story-video-1-thumbnail.png

185.142.238.38

200 OK

971 kB

URL HTTP/1.1
yoursafeinvestmentnow.net/btc-profits/img/story-video-1-thumbnail.png
IP
185.142.238.38:0
ASN
#174 COGENT-174

File type
PNG image data, 1680 x 942, 8-bit/color RGB, non-interlaced\012- data
Size
971 kB (971253 bytes)
Hash
ffddb50c85d82692df9063e91b437af1
5548c3553d060b6600d3ba6fb828291449469483
517d2dea94bc0b4525629164b02e0cea5cbd3c316372ae7e880ea629d95f4ef5

HTTP Headers

GET /btc-profits/img/story-video-1-thumbnail.png HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/lp.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Sep 2022 20:34:40 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 26 Apr 2022 08:49:58 GMT
ETag: W/"6267b236-ed1f8"
X-Upstream: sharkolia-***ko
PX-Cache-Status: STALE
X-Server: microso
PX-X-Request-Id: 923e014452f836b9b40e9bf536ac5c6f
Content-Encoding: gzip

yoursafeinvestmentnow.net/btc-profits/img/video-thumbnail-en-step2.png

185.142.238.38

200 OK

292 kB

URL HTTP/1.1
yoursafeinvestmentnow.net/btc-profits/img/video-thumbnail-en-step2.png
IP
185.142.238.38:0
ASN
#174 COGENT-174

File type
PNG image data, 800 x 504, 8-bit/color RGB, non-interlaced\012- data
Size
292 kB (292338 bytes)
Hash
98ea79bb15f6f5fe966fa6d103dc2f54
edcfc3e73c08cbafa3442e33c80c68832b840aaf
29d852c4fbcf6893725a33163b9793d7ad2bd6c71642a45b765c22fb251c3dc9

HTTP Headers

GET /btc-profits/img/video-thumbnail-en-step2.png HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/lp.php
Cookie: intgrtn_locale=en-US
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Sep 2022 20:34:40 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 26 Apr 2022 08:49:58 GMT
ETag: W/"6267b236-4768b"
X-Upstream: sharkolia-***ko
PX-Cache-Status: STALE
X-Server: microso
PX-X-Request-Id: 5ee23662d827908aca2b4ae98fab7f8f
Content-Encoding: gzip

yoursafeinvestmentnow.net/intgrtn/api/v1/projects/agreements.php?type=4

185.142.238.38

200 OK

1.8 kB

URL HTTP/1.1
yoursafeinvestmentnow.net/intgrtn/api/v1/projects/agreements.php?type=4
IP
185.142.238.38:0
ASN
#174 COGENT-174

File type
JSON data\012- , ASCII text, with very long lines (4220), with no line terminators
Size
1.8 kB (1803 bytes)
Hash
44950e9523cd5180f4db2cb08bb75d0e
cc56c1f92a8b3590de9b685e46a2c826989ae43c
778c77c26ab538f99dfbdc130e880e94b1f13c0898c70500d285ecfd4e1eaa48

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /intgrtn/api/v1/projects/agreements.php?type=4 HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Intgrtn-Referer: https://yoursafeinvestmentnow.net/btc-profits/lp.php
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/lp.php
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Sep 2022 20:34:40 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: accept, origin, content-type, authorization, Cache-Control, X-Requested-With, Intgrtn-Referer
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Encoding: gzip
Vary: Accept-Encoding
X-Server: microso
PX-X-Request-Id: 848a1e3537b38be0daee1ec805b405e0

push.services.mozilla.com/

52.41.246.187

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
52.41.246.187:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: iCkX0BvU5ZKR0yq/ZsDj8A==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: BYCjAZwQaGA5lBZ+QYaVMmneTqM=

use.fontawesome.com/releases/v5.6.3/webfonts/fa-solid-900.woff2

172.67.169.247

200 OK

79 kB

URL HTTP/2
use.fontawesome.com/releases/v5.6.3/webfonts/fa-solid-900.woff2
IP
172.67.169.247:0
ASN
#13335 CLOUDFLARENET

File type
Web Open Font Format (Version 2), TrueType, length 79100, version 1.0\012- data
Size
79 kB (79100 bytes)
Hash
5dc01cfcd5336f696cb85da7ce53fa9b
28a1f2fadc35c5343e0280389fe7955e3d1be607
f419ad7a4477f36ce73c74a23dce784150ca38fa5075a8e06109709cbb716903

HTTP Headers

GET /releases/v5.6.3/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://yoursafeinvestmentnow.net
Connection: keep-alive
Referer: https://use.fontawesome.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Mon, 12 Sep 2022 20:34:40 GMT
content-type: font/woff2
content-length: 79100
x-amz-id-2: VmYcGMOSomu6zwAi8HW3Ny8aQ5OhTim9qj0ZMhJFetGOXejS7aVI97uRmHqAOAx4e2Wn+0MTW8M=
x-amz-request-id: ZXJTPVZAETAPZ9FJ
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Wed, 30 Jun 2021 15:44:54 GMT
etag: "5dc01cfcd5336f696cb85da7ce53fa9b"
cache-control: max-age=31556926
cf-cache-status: HIT
age: 12389
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BPd8euiSzohC0TqOy1%2Fnqg8Qz9USYmicWkaQ6MtCTvfLbguVlVtlWie5ULLC2MiGK3cyWthYBm8c1WnoAaNlCUIBlHeoHcr7C1ods7WjJPvCRP1SvT%2FxNA%2BBcafRqZNUfU7ybtva"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 749b6cdcfa7ab512-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

yoursafeinvestmentnow.net/btc-profits/img/icon.png

185.142.238.38

200 OK

987 B

URL HTTP/1.1
yoursafeinvestmentnow.net/btc-profits/img/icon.png
IP
185.142.238.38:0
ASN
#174 COGENT-174

File type
PNG image data, 32 x 32, 8-bit colormap, non-interlaced\012- data
Size
987 B (987 bytes)
Hash
a060df8ceb03198a36a921f98410f834
693388d9a02762a0ca669f63e6ea7981ac382d2c
d7aa55086796eac88d5aff4e1921eeb18d757373275ccf40e2ece42021c6b018

HTTP Headers

GET /btc-profits/img/icon.png HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/lp.php
Cookie: intgrtn_locale=en-US
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Sep 2022 20:34:40 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 26 Apr 2022 08:49:58 GMT
ETag: W/"6267b236-579"
X-Upstream: sharkolia-***ko
PX-Cache-Status: STALE
X-Server: microso
PX-X-Request-Id: ec3f67294781ccb4d2bdb4e17d9e3e41
Content-Encoding: gzip

yoursafeinvestmentnow.net/intgrtn/api/v1/projects/details.php?

185.142.238.38

200 OK

6.8 kB

URL HTTP/1.1
yoursafeinvestmentnow.net/intgrtn/api/v1/projects/details.php?
IP
185.142.238.38:0
ASN
#174 COGENT-174

File type
JSON data\012- HTML document, ASCII text, with very long lines (45078), with no line terminators
Size
6.8 kB (6828 bytes)
Hash
02f6c9e7cf50cec7bdc5ed9159e30398
beb7dd21d8a176fb70ff986056288c12bdee9cd0
21cdc2d33f10c49ca827103d5b50515cbafde3e09665bad3458447070106ca30

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /intgrtn/api/v1/projects/details.php? HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Intgrtn-Referer: https://yoursafeinvestmentnow.net/btc-profits/lp.php
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/lp.php
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Sep 2022 20:34:40 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: accept, origin, content-type, authorization, Cache-Control, X-Requested-With, Intgrtn-Referer
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Encoding: gzip
Vary: Accept-Encoding
X-Server: microso
PX-X-Request-Id: 7c95acbb87f85ead22e1961bf21c5feb

yoursafeinvestmentnow.net/intgrtn/api/v1/integration/assets/img/flags32.png

185.142.238.38

200 OK

45 kB

URL HTTP/1.1
yoursafeinvestmentnow.net/intgrtn/api/v1/integration/assets/img/flags32.png
IP
185.142.238.38:0
ASN
#174 COGENT-174

File type
PNG image data, 32 x 8352, 8-bit colormap, non-interlaced\012- data
Size
45 kB (45070 bytes)
Hash
62000c9a41e76ec0b0e32059361c12a1
711ba42f1ca771cdb62c7fa7525a402f269972eb
15dbef1df9e79173424fe716ae37e10bec686d179f002aaca1f29dfa5f7c9dba

HTTP Headers

GET /intgrtn/api/v1/integration/assets/img/flags32.png HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/intgrtn/api/v1/integration/sdk.css?v=2.63.2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Sep 2022 20:34:41 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 29 Jul 2022 12:11:49 GMT
Vary: Accept-Encoding
ETag: W/"62e3ce85-afed"
Expires: Tue, 01 Aug 2023 06:44:34 GMT
Cache-Control: max-age=31536000
Content-Encoding: gzip
X-Server: microso
PX-X-Request-Id: 32243ba5a3c05083c21ae5d4de0e1207
PX-Cache-Status: HIT

yoursafeinvestmentnow.net/btc-profits/exit-popup/index.php

185.142.238.38

200 OK

2.5 kB

URL HTTP/1.1
yoursafeinvestmentnow.net/btc-profits/exit-popup/index.php
IP
185.142.238.38:0
ASN
#174 COGENT-174

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text
Size
2.5 kB (2451 bytes)
Hash
53ff107bda255cb6624a004d64169e2a
2337ec1bb557ba7236dffa58448bae6d6e214255
90c793d493d956e6d8ef4d45cab8ad3e43e3aef42c56764a9e402120fca1aa31

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /btc-profits/exit-popup/index.php HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/lp.php
Cookie: intgrtn_locale=en-US
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Sep 2022 20:34:41 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Upstream: sharkolia-***ko
Content-Encoding: gzip
X-Server: microso
PX-X-Request-Id: 15662575a7f113f8b9056733e2c6ef89

yoursafeinvestmentnow.net/btc-profits/i18n/no.json

185.142.238.38

200 OK

9.4 kB

URL HTTP/1.1
yoursafeinvestmentnow.net/btc-profits/i18n/no.json
IP
185.142.238.38:0
ASN
#174 COGENT-174

File type
JSON data\012- , ASCII text, with very long lines (1015)
Size
9.4 kB (9405 bytes)
Hash
bd96adfd0aa98beee89a4dcc2a215322
92b1960159c5d48433ffeda09de98bd3586a8df4
70c426d2e7903fcfe4c027618fb582950cb0add7ff7647f7e2d268bf087b70fd

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /btc-profits/i18n/no.json HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/lp.php
Cookie: intgrtn_locale=en-US; intgrtn_language=no
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Sep 2022 20:34:41 GMT
Content-Type: application/json
Content-Length: 9405
Connection: keep-alive
Last-Modified: Tue, 26 Apr 2022 08:49:58 GMT
ETag: "6267b236-24bd"
X-Upstream: sharkolia-***ko
Accept-Ranges: bytes
X-Server: microso
PX-X-Request-Id: 8a2b567faf8b1693ee50aaaca14b22a4

yoursafeinvestmentnow.net/intgrtn/api/v1/projects/agreements.php?type=4

185.142.238.38

200 OK

1.8 kB

URL HTTP/1.1
yoursafeinvestmentnow.net/intgrtn/api/v1/projects/agreements.php?type=4
IP
185.142.238.38:0
ASN
#174 COGENT-174

File type
JSON data\012- , ASCII text, with very long lines (4221), with no line terminators
Size
1.8 kB (1804 bytes)
Hash
a334894e8be5c1ff24a806e160677fdb
d32816b97b1350d94db90ff43a6137ce997c9709
ab0edecd10f41e2cf72e793f943a0161ea715b42b5010b98680c9e2bdea64439

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /intgrtn/api/v1/projects/agreements.php?type=4 HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Intgrtn-Referer: https://yoursafeinvestmentnow.net/btc-profits/lp.php
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/lp.php
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Sep 2022 20:34:41 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: accept, origin, content-type, authorization, Cache-Control, X-Requested-With, Intgrtn-Referer
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Encoding: gzip
Vary: Accept-Encoding
X-Server: microso
PX-X-Request-Id: 96d2fcb93840a6afe47da3975cce32d2

yoursafeinvestmentnow.net/intgrtn/api/v1/events/add.php

185.142.238.38

200 OK

160 B

URL HTTP/1.1
yoursafeinvestmentnow.net/intgrtn/api/v1/events/add.php
IP
185.142.238.38:0
ASN
#174 COGENT-174

File type
JSON data\012- , ASCII text, with no line terminators
Size
160 B (160 bytes)
Hash
6eba0edfee69e6530503b00b3095b3a9
afec23a40f17e1a7cd053172322b072f5c411bee
98e6fe4b911f039c0398d3dd5de2af6fbb15bdb06ca11a45651258dfe4818fc6

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

POST /intgrtn/api/v1/events/add.php HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Intgrtn-Referer: https://yoursafeinvestmentnow.net/btc-profits/lp.php
Content-Length: 30
Origin: https://yoursafeinvestmentnow.net
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/lp.php
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Sep 2022 20:34:41 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://yoursafeinvestmentnow.net
Access-Control-Allow-Headers: accept, origin, content-type, authorization, Cache-Control, X-Requested-With, Intgrtn-Referer
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Encoding: gzip
Vary: Accept-Encoding
X-Server: microso
PX-X-Request-Id: c56d1eeaa6ec7652d261a9b9df340aab

yoursafeinvestmentnow.net/btc-profits/img/story-img-no-1.png

185.142.238.38

200 OK

0 B

URL HTTP/1.1
yoursafeinvestmentnow.net/btc-profits/img/story-img-no-1.png
IP
185.142.238.38:0
ASN
#174 COGENT-174

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

HEAD /btc-profits/img/story-img-no-1.png HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/lp.php
Cookie: intgrtn_locale=en-US; intgrtn_language=no
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Sep 2022 20:34:41 GMT
Content-Type: image/png
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 26 Apr 2022 08:49:58 GMT
ETag: W/"6267b236-e4fe"
X-Upstream: sharkolia-***ko
PX-Cache-Status: MISS
X-Server: microso
PX-X-Request-Id: 0b94a7095437b02607f451dc1991650a
Content-Encoding: gzip

yoursafeinvestmentnow.net/btc-profits/media/no-1.mp4

185.142.238.38

200 OK

0 B

URL HTTP/1.1
yoursafeinvestmentnow.net/btc-profits/media/no-1.mp4
IP
185.142.238.38:0
ASN
#174 COGENT-174

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

HEAD /btc-profits/media/no-1.mp4 HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/lp.php
Cookie: intgrtn_locale=en-US; intgrtn_language=no
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Sep 2022 20:34:41 GMT
Content-Type: video/mp4
Content-Length: 159213246
Connection: keep-alive
Last-Modified: Tue, 22 Mar 2022 13:53:54 GMT
ETag: "6239d4f2-97d66be"
X-Upstream: sharkolia-***ko
Accept-Ranges: bytes
PX-Cache-Status: MISS
X-Server: microso
PX-X-Request-Id: afb4280a6aecc383f8b44308aa5c5c0e

yoursafeinvestmentnow.net/intgrtn/api/v1/projects/agreements.php?type=4

185.142.238.38

200 OK

1.8 kB

URL HTTP/1.1
yoursafeinvestmentnow.net/intgrtn/api/v1/projects/agreements.php?type=4
IP
185.142.238.38:0
ASN
#174 COGENT-174

File type
JSON data\012- , ASCII text, with very long lines (4219), with no line terminators
Size
1.8 kB (1801 bytes)
Hash
a918c43501c1a1cc4e5fd91258b58547
2f2a18a05c1d5835528422403c2d1ab15b6a4545
2e4d9a5e7fbcccef2802488c9fd0db91f5362af0f0923eef27a95f22a9d7c616

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /intgrtn/api/v1/projects/agreements.php?type=4 HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Intgrtn-Referer: https://yoursafeinvestmentnow.net/btc-profits/lp.php
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/lp.php
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Sep 2022 20:34:41 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: accept, origin, content-type, authorization, Cache-Control, X-Requested-With, Intgrtn-Referer
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Encoding: gzip
Vary: Accept-Encoding
X-Server: microso
PX-X-Request-Id: f727f6276eb51cc70df7b6f51535d17c

yoursafeinvestmentnow.net/exit-popup-assets/js/bootstrap.min.js

185.142.238.38

200 OK

9.8 kB

URL HTTP/1.1
yoursafeinvestmentnow.net/exit-popup-assets/js/bootstrap.min.js
IP
185.142.238.38:0
ASN
#174 COGENT-174

File type
ASCII text, with very long lines (32033)
Size
9.8 kB (9806 bytes)
Hash
4839f961fb7b3bf3ab0dfb42af29d967
625461153983e2349431581c4b33111423f73f5c
45c664c18940715d29c29b5dbf6901493b671d5961eb549ac3721ba21f4a3308

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /exit-popup-assets/js/bootstrap.min.js HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/exit-popup/index.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Sep 2022 20:34:41 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Upgrade: h2,h2c
Last-Modified: Thu, 07 Jan 2021 13:52:15 GMT
PX-Cache-Status: STALE
X-Server: microso
PX-X-Request-Id: f298a88b503b1127bd28b00848681b03
Content-Encoding: gzip

yoursafeinvestmentnow.net/btc-profits/img/story-img-no-4.png

185.142.238.38

200 OK

0 B

URL HTTP/1.1
yoursafeinvestmentnow.net/btc-profits/img/story-img-no-4.png
IP
185.142.238.38:0
ASN
#174 COGENT-174

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

HEAD /btc-profits/img/story-img-no-4.png HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/lp.php
Cookie: intgrtn_locale=en-US; intgrtn_language=no
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Sep 2022 20:34:41 GMT
Content-Type: image/png
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 26 Apr 2022 08:49:58 GMT
ETag: W/"6267b236-d4ee"
X-Upstream: sharkolia-***ko
PX-Cache-Status: MISS
X-Server: microso
PX-X-Request-Id: 1993657b01a1c6a0945b7a023d30b07a
Content-Encoding: gzip

yoursafeinvestmentnow.net/exit-popup-assets/js/jquery-1.11.3.min.js

185.142.238.38

200 OK

33 kB

URL HTTP/1.1
yoursafeinvestmentnow.net/exit-popup-assets/js/jquery-1.11.3.min.js
IP
185.142.238.38:0
ASN
#174 COGENT-174

File type
ASCII text, with very long lines (32038)
Size
33 kB (33261 bytes)
Hash
1c8acbf5f411ace3b76578a1fd1a603e
b1bbee9db24d885c25afd2e5a7720e4f79b6b991
e37464521b5447580a641b775ddb258a76f3bc7a3ca5a34eb452b12908b350a9

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /exit-popup-assets/js/jquery-1.11.3.min.js HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/exit-popup/index.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Sep 2022 20:34:41 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Upgrade: h2,h2c
Last-Modified: Thu, 07 Jan 2021 13:52:15 GMT
PX-Cache-Status: STALE
X-Server: microso
PX-X-Request-Id: 1fb511e3ee4c0aa1e1add69f18017584
Content-Encoding: gzip

yoursafeinvestmentnow.net/exit-popup-assets/css/bootstrap.min.css

185.142.238.38

200 OK

20 kB

URL HTTP/1.1
yoursafeinvestmentnow.net/exit-popup-assets/css/bootstrap.min.css
IP
185.142.238.38:0
ASN
#174 COGENT-174

File type
ASCII text, with very long lines (65371)
Size
20 kB (19586 bytes)
Hash
3482bbf5de7e50cdb4b70fd3231d2cef
d6a6d388db427ccde975a2d91d9ba377179e7a2e
948c851acaf4fa16ab1271caf4e370b09ca9f484f11378ef60a09b79af716a93

HTTP Headers

GET /exit-popup-assets/css/bootstrap.min.css HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/exit-popup/index.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Sep 2022 20:34:41 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Upgrade: h2,h2c
Last-Modified: Thu, 07 Jan 2021 13:52:15 GMT
PX-Cache-Status: HIT
X-Server: microso
PX-X-Request-Id: f893e2b9fbac6c6a266fd36282cf0f4b
Content-Encoding: gzip

yoursafeinvestmentnow.net/exit-popup-assets/js/intgrtn-i18n.js

185.142.238.38

200 OK

435 B

URL HTTP/1.1
yoursafeinvestmentnow.net/exit-popup-assets/js/intgrtn-i18n.js
IP
185.142.238.38:0
ASN
#174 COGENT-174

File type
ASCII text
Size
435 B (435 bytes)
Hash
0ff92fdb5f25603e17ccc2fe5e500154
db65ca7fdc4da8c539b074a08d1a2f51f7522e1d
1e72547d697ebf8a5ffb091c3e5d402903fb6197e7d964bd325c997ce854e53c

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /exit-popup-assets/js/intgrtn-i18n.js HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/exit-popup/index.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Sep 2022 20:34:41 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Upgrade: h2,h2c
Last-Modified: Thu, 07 Jan 2021 13:52:15 GMT
PX-Cache-Status: STALE
X-Server: microso
PX-X-Request-Id: 59bad581439df1349f1884c71bfd6d54
Content-Encoding: gzip

yoursafeinvestmentnow.net/btc-profits/img/story-img-no-2.png

185.142.238.38

200 OK

60 kB

URL HTTP/1.1
yoursafeinvestmentnow.net/btc-profits/img/story-img-no-2.png
IP
185.142.238.38:0
ASN
#174 COGENT-174

File type
PNG image data, 378 x 573, 8-bit colormap, non-interlaced\012- data
Size
60 kB (59975 bytes)
Hash
a28cab43747bc3fc6e8733fe47cb9112
febe7eb3acda78425dafa1c6189dc400b28a3cea
5dd23f76ae7c415d62dbbfb23e36cc7ec3f51517c0bd11fd3a2180db455e48fc

HTTP Headers

GET /btc-profits/img/story-img-no-2.png HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/lp.php
Cookie: intgrtn_locale=en-US; intgrtn_language=no
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Sep 2022 20:34:41 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 26 Apr 2022 08:49:58 GMT
ETag: W/"6267b236-eb32"
X-Upstream: sharkolia-***ko
PX-Cache-Status: MISS
X-Server: microso
PX-X-Request-Id: 98a1a98c6faac3f01a201dfed0cba8ac
Content-Encoding: gzip

yoursafeinvestmentnow.net/exit-popup-assets/css/exitpopup-register.css?v=1661949963

185.142.238.38

200 OK

936 B

URL HTTP/1.1
yoursafeinvestmentnow.net/exit-popup-assets/css/exitpopup-register.css?v=1661949963
IP
185.142.238.38:0
ASN
#174 COGENT-174

File type
ASCII text
Size
936 B (936 bytes)
Hash
23107b5259666c57945707cebe4611a6
dfffd706c05f59a123d16f9636bdd05db8d657a6
2f2185d5a3e167e164e438caec6842ea7d48a38e9bafef95f9abc418d81d5ecc

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /exit-popup-assets/css/exitpopup-register.css?v=1661949963 HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/exit-popup/index.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Sep 2022 20:34:41 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Upgrade: h2,h2c
Last-Modified: Fri, 09 Apr 2021 14:28:02 GMT
PX-Cache-Status: STALE
X-Server: microso
PX-X-Request-Id: 221e1fbbb60352641e5157ec19f4aa30
Content-Encoding: gzip

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
477fd76de0b69553430d504fe527cc06
88fe80a099e610212f27427ae6fd5b4e03b3df16
f27bc8051a23fbe811318b8d49f5d27e3e992962a0e72f5d30a4790fe4f42748

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17035
Expires: Tue, 13 Sep 2022 01:18:36 GMT
Date: Mon, 12 Sep 2022 20:34:41 GMT
Connection: keep-alive

yoursafeinvestmentnow.net/btc-profits/media/en-1-t3.mp4

185.142.238.38

206 Partial Content

156 kB

URL HTTP/1.1
yoursafeinvestmentnow.net/btc-profits/media/en-1-t3.mp4
IP
185.142.238.38:0
ASN
#174 COGENT-174

File type
ISO Media, MP4 v2 [ISO 14496-14]\012- data
Size
156 kB (156296 bytes)
Hash
8ac88fdf059fc62999880e06d10a2dbd
ad5b680aa879ff114f5a0dc1844f97a4b0ac60d2
d38e271134de1a9d8760d98bbe8ccb09236ee736d3bbcd4e7212e5b3230974a9

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /btc-profits/media/en-1-t3.mp4 HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/lp.php
Cookie: intgrtn_locale=en-US; intgrtn_language=no
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 206 Partial Content
Server: nginx
Date: Mon, 12 Sep 2022 20:34:41 GMT
Content-Type: video/mp4
Content-Length: 11683124
Connection: keep-alive
Last-Modified: Tue, 22 Mar 2022 13:50:23 GMT
ETag: "6239d41f-b24534"
X-Upstream: sharkolia-***ko
PX-Cache-Status: STALE
X-Server: microso
PX-X-Request-Id: 41e05a8ed679b63bd97684ded8d41afa
Content-Range: bytes 0-11683123/11683124

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
477fd76de0b69553430d504fe527cc06
88fe80a099e610212f27427ae6fd5b4e03b3df16
f27bc8051a23fbe811318b8d49f5d27e3e992962a0e72f5d30a4790fe4f42748

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17035
Expires: Tue, 13 Sep 2022 01:18:36 GMT
Date: Mon, 12 Sep 2022 20:34:41 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
477fd76de0b69553430d504fe527cc06
88fe80a099e610212f27427ae6fd5b4e03b3df16
f27bc8051a23fbe811318b8d49f5d27e3e992962a0e72f5d30a4790fe4f42748

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17035
Expires: Tue, 13 Sep 2022 01:18:36 GMT
Date: Mon, 12 Sep 2022 20:34:41 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a938fd0-09b1-4550-89f4-e81e9c6a8737.jpeg

34.120.237.76

200 OK

4.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a938fd0-09b1-4550-89f4-e81e9c6a8737.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.2 kB (4162 bytes)
Hash
b674daf3dc6e85ed054ab34d69979b86
47aaf5a3af2c25820d01d613c82b7f1279a298fc
7b9993ef69d4b77c1533ada040c85563b9cf7b1f5d007177c005f6cd7fdba1d3

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a938fd0-09b1-4550-89f4-e81e9c6a8737.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4162
x-amzn-requestid: 9dc27e34-69e1-439d-8974-1297584ef4d0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YSIhuHlWIAMFhOQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631d87a4-410e9ede524aa657609a057a;Sampled=0
x-amzn-remapped-date: Sun, 11 Sep 2022 07:00:52 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: UxATqmWDCTwVqA3ORIXXObWZZj158TSRUoaAr48b08sxdAxBicw5zA==
via: 1.1 6ba2a21321beeef65404429d0a4b6380.cloudfront.net (CloudFront), 1.1 707e733794d52100fde0ab21bf0b1462.cloudfront.net (CloudFront), 1.1 google
date: Mon, 12 Sep 2022 07:27:45 GMT
age: 47216
etag: "47aaf5a3af2c25820d01d613c82b7f1279a298fc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F75931920-737e-40b5-8dd6-d2070639ea2d.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.8 kB (8799 bytes)
Hash
c14088c4ca0d576e087feed41b7f1565
172b23f2ef39b6c3fdebb5441b10a95712206d0a
2699efa811ceac5420f5bd26c35a6f48b51854e29cbce7cbb62efb613db7d6b9

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F75931920-737e-40b5-8dd6-d2070639ea2d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8799
x-amzn-requestid: 1bcdf387-9ad2-449a-861e-3352b1744d23
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YUI-0G6vIAMFgbA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631e552b-42aa46af6315148106c4fdee;Sampled=0
x-amzn-remapped-date: Sun, 11 Sep 2022 21:37:47 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: g2mxKK8L5T4YkeD8JqNUuV_KfsIq8ypRMvxhsyzSZSEIP4gDl4zLVQ==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Sun, 11 Sep 2022 21:41:51 GMT
age: 82370
etag: "172b23f2ef39b6c3fdebb5441b10a95712206d0a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

yoursafeinvestmentnow.net/btc-profits/media/no-1.mp4

185.142.238.38

206 Partial Content

26 kB

URL HTTP/1.1
yoursafeinvestmentnow.net/btc-profits/media/no-1.mp4
IP
185.142.238.38:0
ASN
#174 COGENT-174

File type
ISO Media, MP4 v2 [ISO 14496-14]\012- data
Size
26 kB (25801 bytes)
Hash
110369881aca897e8311beaeabb5f3f9
2729670abf34c6a3fccf82cfbe4cc4086a09f0fc
90999f6f5fe56f154c5fac353d5947ca85b7953fa735f27f3f7c84da18bf9885

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /btc-profits/media/no-1.mp4 HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/lp.php
Cookie: intgrtn_locale=en-US; intgrtn_language=no
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 206 Partial Content
Server: nginx
Date: Mon, 12 Sep 2022 20:34:41 GMT
Content-Type: video/mp4
Content-Length: 159213246
Connection: keep-alive
Last-Modified: Tue, 22 Mar 2022 13:53:54 GMT
ETag: "6239d4f2-97d66be"
X-Upstream: sharkolia-***ko
Content-Range: bytes 0-159213245/159213246
PX-Cache-Status: MISS
X-Server: microso
PX-X-Request-Id: 601d3b8983215196b725d8ca9cdc60d4

34.120.237.76

200 OK

7.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae1f7987-7b92-4cec-85ab-243250e02a06.webp
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.0 kB (6999 bytes)
Hash
b7ccc33ae0c85a906f2c17db281ec790
1904722d70348235d5472c54f888d2b4b991e2aa
f48edc03624f582b05b596694b76bd784f85eb9f2ca5dd025bbea9cc2ff1f096

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae1f7987-7b92-4cec-85ab-243250e02a06.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6999
x-amzn-requestid: 61e3e817-fb62-47c7-b938-2dfc6a134622
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YO1mlG3XIAMFo5w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631c3629-37c2c8982c4ccf891875c59a;Sampled=0
x-amzn-remapped-date: Sat, 10 Sep 2022 07:00:57 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: S2TR552YpZeEbhTSAn4vdXexYpvR4Lrr-LaJmfNd7LnO0L4QM8w-Dg==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 68fadeb91f97256bb67b03bfca74d830.cloudfront.net (CloudFront), 1.1 google
date: Mon, 12 Sep 2022 07:13:41 GMT
age: 48060
etag: "1904722d70348235d5472c54f888d2b4b991e2aa"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fefa6ec5a-4e0b-4c94-b9da-4836fbaa107b.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.5 kB (8485 bytes)
Hash
e407da4d97d497925b1ab523fd416787
166741631fb93d109b18dde6d316b3fa3276aa8f
707460c02438da6114e35e0b6569d42c0f3fb747f8cb51002f4d52bedbcffa61

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fefa6ec5a-4e0b-4c94-b9da-4836fbaa107b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8485
x-amzn-requestid: a56c9282-2786-4ae7-9fc2-0468bcc820a8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YQ1k_FM1oAMFZ2Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631d02ec-753cc4f121c9b77d22bb82b5;Sampled=0
x-amzn-remapped-date: Sat, 10 Sep 2022 21:34:36 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Mfmj40aUc8l5RPk56M-pbqTwhde_HzYcmN5MDrfv-WFPhbpoShWYNw==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 ebe4011a81a36e2bf678f69ce1711330.cloudfront.net (CloudFront), 1.1 google
date: Sun, 11 Sep 2022 22:16:58 GMT
age: 80263
etag: "166741631fb93d109b18dde6d316b3fa3276aa8f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F81f9b0a3-fe8f-4665-9e54-9dfaf5d4876b.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.5 kB (9466 bytes)
Hash
6174529fff57758e958da5432344962f
05ec2076b32398d60ee77fab8c14345bc7dfe647
65284a76355864efa944dff5033575013c6d74a019a7b731e0236603f2f656a7

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F81f9b0a3-fe8f-4665-9e54-9dfaf5d4876b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9466
x-amzn-requestid: ba3f7eac-61c9-4b5f-ae8a-b372906a25ba
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YOTeoHMKoAMFr5Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631bff90-1e70e2c444242a2d46387986;Sampled=0
x-amzn-remapped-date: Sat, 10 Sep 2022 03:08:00 GMT
x-amz-cf-pop: SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: -SwaUjMInlOaGpH6yK1W1a57QCQMgY-l43RdUfKVtZA1zJzMrLzC6g==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 f7283f3fe2c258cf54f8b7d3dd272e0e.cloudfront.net (CloudFront), 1.1 google
date: Mon, 12 Sep 2022 04:04:42 GMT
age: 59399
etag: "05ec2076b32398d60ee77fab8c14345bc7dfe647"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

yoursafeinvestmentnow.net/btc-profits/img/story-img-no-3.png

185.142.238.38

200 OK

61 kB

URL HTTP/1.1
yoursafeinvestmentnow.net/btc-profits/img/story-img-no-3.png
IP
185.142.238.38:0
ASN
#174 COGENT-174

File type
PNG image data, 378 x 553, 8-bit colormap, non-interlaced\012- data
Size
61 kB (60952 bytes)
Hash
8a7299a0bfda15d07020be43660c8bb8
64d0c388012bf907e5e7cbe10481a16099f7f89d
8bd2395fa74b2aa1db57140f1195bee9e931a576ffd8a5838f7691f36fcf65ed

HTTP Headers

GET /btc-profits/img/story-img-no-3.png HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/lp.php
Cookie: intgrtn_locale=en-US; intgrtn_language=no
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Sep 2022 20:34:41 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 26 Apr 2022 08:49:58 GMT
ETag: W/"6267b236-eeff"
X-Upstream: sharkolia-***ko
PX-Cache-Status: MISS
X-Server: microso
PX-X-Request-Id: 4b7f66a15fcee5906cc330b1d1dafe32
Content-Encoding: gzip

yoursafeinvestmentnow.net/btc-profits/img/video-thumbnail-no-step1.png

185.142.238.38

200 OK

1.0 MB

URL HTTP/1.1
yoursafeinvestmentnow.net/btc-profits/img/video-thumbnail-no-step1.png
IP
185.142.238.38:0
ASN
#174 COGENT-174

File type
PNG image data, 1792 x 1010, 8-bit/color RGBA, non-interlaced\012- data
Size
1.0 MB (1002060 bytes)
Hash
f000f158fe7fd3b52a680937ee135975
65a0d763490d5dac2ab8a14ab6810c87ee80b299
df137889bd8a88a7b0454b0f38fac09b946bb9c3169fd9cc236894e82492e8bc

HTTP Headers

GET /btc-profits/img/video-thumbnail-no-step1.png HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/lp.php
Cookie: intgrtn_locale=en-US; intgrtn_language=no
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Sep 2022 20:34:41 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 26 Apr 2022 08:49:58 GMT
ETag: W/"6267b236-f4975"
X-Upstream: sharkolia-***ko
PX-Cache-Status: MISS
X-Server: microso
PX-X-Request-Id: 9b53870fe287b818b9912f6bf83cabfb
Content-Encoding: gzip

yoursafeinvestmentnow.net/btc-profits/img/story-img-no-4.png

185.142.238.38

200 OK

54 kB

URL HTTP/1.1
yoursafeinvestmentnow.net/btc-profits/img/story-img-no-4.png
IP
185.142.238.38:0
ASN
#174 COGENT-174

File type
PNG image data, 378 x 553, 8-bit colormap, non-interlaced\012- data
Size
54 kB (54265 bytes)
Hash
39ea98074ef694e52ef6ad0d372851aa
5e3306c172e2f2847432c0769ef20426ba3fbc3b
f41043ac4735a639005ed101671f51d1ccf3ad6ae439797a19a7adf31f7d4217

HTTP Headers

GET /btc-profits/img/story-img-no-4.png HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/lp.php
Cookie: intgrtn_locale=en-US; intgrtn_language=no
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Sep 2022 20:34:41 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 26 Apr 2022 08:49:58 GMT
ETag: W/"6267b236-d4ee"
X-Upstream: sharkolia-***ko
PX-Cache-Status: MISS
X-Server: microso
PX-X-Request-Id: 1d5e6c71ab973f34a2362a911fc1a1e1
Content-Encoding: gzip

yoursafeinvestmentnow.net/intgrtn/api/v1/projects/details.php?&locale=en-US&language=no

185.142.238.38

200 OK

11 kB

URL HTTP/1.1
yoursafeinvestmentnow.net/intgrtn/api/v1/projects/details.php?&locale=en-US&language=no
IP
185.142.238.38:0
ASN
#174 COGENT-174

File type
JSON data\012- HTML document, ASCII text, with very long lines (54771), with no line terminators
Size
11 kB (10770 bytes)
Hash
7f41f36a273bb03a1d2571f83cb4adf4
f25d8b369026cb49ee6f212c98d9cf8eaf52ffdc
7b4d34f3bb39b51091e0991679beec8506d9a1a6cde8756ce51b492f0950f4a0

HTTP Headers

GET /intgrtn/api/v1/projects/details.php?&locale=en-US&language=no HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Intgrtn-Referer: https://yoursafeinvestmentnow.net/btc-profits/exit-popup/index.php
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/exit-popup/index.php
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Sep 2022 20:34:41 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: accept, origin, content-type, authorization, Cache-Control, X-Requested-With, Intgrtn-Referer
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Encoding: gzip
Vary: Accept-Encoding
X-Server: microso
PX-X-Request-Id: 0ea336c82e3d577e7bc378617a2d9524

yoursafeinvestmentnow.net/exit-popup-assets/i18n/translations.json

185.142.238.38

200 OK

11 kB

URL HTTP/1.1
yoursafeinvestmentnow.net/exit-popup-assets/i18n/translations.json
IP
185.142.238.38:0
ASN
#174 COGENT-174

File type
JSON data\012- , Unicode text, UTF-8 text, with CRLF line terminators
Size
11 kB (10773 bytes)
Hash
139f8213642d61b958a98cbbf0c3d7ed
286ec4140830f6bc344fbfa80eaeffc92cfb3e7a
01951ba26e39f4514074e54a24d710c0e93d0a6321ca03b55c7c19e0e2ff7502

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /exit-popup-assets/i18n/translations.json HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/exit-popup/index.php
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Sep 2022 20:34:41 GMT
Content-Type: application/json
Content-Length: 10773
Connection: keep-alive
Upgrade: h2,h2c
Last-Modified: Mon, 12 Apr 2021 13:25:18 GMT
Accept-Ranges: bytes
X-Server: microso
PX-X-Request-Id: 8dcb8c049b7de30b261fd4d5a7ccc5e8

yoursafeinvestmentnow.net/intgrtn/api/v1/events/add.php

185.142.238.38

200 OK

161 B

URL HTTP/1.1
yoursafeinvestmentnow.net/intgrtn/api/v1/events/add.php
IP
185.142.238.38:0
ASN
#174 COGENT-174

File type
JSON data\012- , ASCII text, with no line terminators
Size
161 B (161 bytes)
Hash
469062c5a44aa6280ec806c633b299cb
9fd9f5fe4ff99b0d385cac6963ef0e80ce66bd3e
ded476ca74163623db99d2a90dc3bfcac5140062b93f13b46d83097d56cfccd6

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

POST /intgrtn/api/v1/events/add.php HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Intgrtn-Referer: https://yoursafeinvestmentnow.net/btc-profits/exit-popup/index.php
Content-Length: 30
Origin: https://yoursafeinvestmentnow.net
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/exit-popup/index.php
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Sep 2022 20:34:42 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://yoursafeinvestmentnow.net
Access-Control-Allow-Headers: accept, origin, content-type, authorization, Cache-Control, X-Requested-With, Intgrtn-Referer
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Encoding: gzip
Vary: Accept-Encoding
X-Server: microso
PX-X-Request-Id: db44f6fd8284dd077c4260ac89416e73

yoursafeinvestmentnow.net/btc-profits/media/en-1-t2.mp4

185.142.238.38

206 Partial Content

0 B

URL HTTP/1.1
yoursafeinvestmentnow.net/btc-profits/media/en-1-t2.mp4
IP
185.142.238.38:0
ASN
#174 COGENT-174

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /btc-profits/media/en-1-t2.mp4 HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/lp.php
Cookie: intgrtn_locale=en-US; intgrtn_language=no
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 206 Partial Content
Server: nginx
Date: Mon, 12 Sep 2022 20:34:41 GMT
Content-Type: video/mp4
Content-Length: 6076830
Connection: keep-alive
Last-Modified: Tue, 22 Mar 2022 13:50:18 GMT
ETag: "6239d41a-5cb99e"
X-Upstream: sharkolia-***ko
PX-Cache-Status: STALE
X-Server: microso
PX-X-Request-Id: 927836eee7588928c574070288f2d6a9
Content-Range: bytes 0-6076829/6076830

use.fontawesome.com/releases/v5.6.3/css/all.css

172.67.169.247

200 OK

0 B

URL HTTP/2
use.fontawesome.com/releases/v5.6.3/css/all.css
IP
172.67.169.247:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /releases/v5.6.3/css/all.css HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://yoursafeinvestmentnow.net
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Mon, 12 Sep 2022 20:34:40 GMT
content-type: text/css
x-amz-id-2: Sixj6p33vt1hBXL+ZnoFcAG5I1/KrioBw2Opv4PVEQeucSZ/qkDddJFn6VUhs0zQcOwg77kkPVg=
x-amz-request-id: ZXJPV8SGWTMAYR33
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Wed, 30 Jun 2021 15:44:33 GMT
etag: W/"dc93d584e41f8417f6b7163320d34329"
cache-control: max-age=31556926
cf-cache-status: HIT
age: 12389
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DYafz71T%2Bhp4o1h9FosW7phV1zaCWO99IjeBVGuJyYCIzvJv0r7gZt39C0IhLVpzI5MdDRNPywIvfDg1PUE2u16%2BqTBA77gzacco%2FW0opeZxpge43miicBNE1BIokXJeEVIXmoQT"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 749b6cdc99e0b512-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

yoursafeinvestmentnow.net/btc-profits/media/en-1-t1.mp4

185.142.238.38

206 Partial Content

0 B

URL HTTP/1.1
yoursafeinvestmentnow.net/btc-profits/media/en-1-t1.mp4
IP
185.142.238.38:0
ASN
#174 COGENT-174

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /btc-profits/media/en-1-t1.mp4 HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/lp.php
Cookie: intgrtn_locale=en-US; intgrtn_language=no
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 206 Partial Content
Server: nginx
Date: Mon, 12 Sep 2022 20:34:41 GMT
Content-Type: video/mp4
Content-Length: 9540163
Connection: keep-alive
Last-Modified: Tue, 22 Mar 2022 13:50:16 GMT
ETag: "6239d418-919243"
X-Upstream: sharkolia-***ko
PX-Cache-Status: STALE
X-Server: microso
PX-X-Request-Id: c6907eaee1bcb1914efdefebaad7cf02
Content-Range: bytes 0-9540162/9540163

fonts.googleapis.com/css?family=Montserrat:300,400,600,700,800

142.250.74.10

200 OK

0 B

URL HTTP/2
fonts.googleapis.com/css?family=Montserrat:300,400,600,700,800
IP
142.250.74.10:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css?family=Montserrat:300,400,600,700,800 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 12 Sep 2022 20:34:39 GMT
date: Mon, 12 Sep 2022 20:34:39 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

yoursafeinvestmentnow.net/btc-profits/media/en-2.mp4

185.142.238.38

206 Partial Content

0 B

URL HTTP/1.1
yoursafeinvestmentnow.net/btc-profits/media/en-2.mp4
IP
185.142.238.38:0
ASN
#174 COGENT-174

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /btc-profits/media/en-2.mp4 HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/lp.php
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 206 Partial Content
Server: nginx
Date: Mon, 12 Sep 2022 20:34:40 GMT
Content-Type: video/mp4
Content-Length: 49974430
Connection: keep-alive
Last-Modified: Tue, 22 Mar 2022 13:50:51 GMT
ETag: "6239d43b-2fa8c9e"
X-Upstream: sharkolia-***ko
PX-Cache-Status: STALE
X-Server: microso
PX-X-Request-Id: 78f809143bdbd9bb9ef1c2bcff91c10b
Content-Range: bytes 0-49974429/49974430

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (14)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations