yoursafeinvestmentnow.net/btc-profits/lp.php
185.142.238.38301 Moved Permanently 162 B URL HTTP/1.1 yoursafeinvestmentnow.net/btc-profits/lp.php
IP 185.142.238.38:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
Analyzer Verdict Alert fortinet Phishing
GET /btc-profits/lp.php HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 12 Sep 2022 20:34:39 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://yoursafeinvestmentnow.net/btc-profits/lp.php
Strict-Transport-Security: max-age=63072000
firefox.settings.services.mozilla.com/v1/
143.204.55.36200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.36:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 91dd975a7b17b2922dd23c0e49314e40
57a2ece1e3cee7c4ebf927f2ba92f52cac395fe2
09966873bbf317f8910c59544cfde2a6d46e8acd2905797cc7c85c6b4d18ea8a
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Content-Type, Alert, Backoff, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Mon, 12 Sep 2022 20:08:19 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 50584ad285d5f627ddebae74efdd0770.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: V09l3n0cArpGXxsZw0HDG6As4v25LRqWsSP_jonrgDPMqb9lu2Sb4A==
Age: 1580
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 76d5eb597558e3dee0d99719d17e71e0
f3a0f3932fa8059f27dc9422d523b938fa9a7d09
d16de6cc9eb0e1297f53dc1137bb764bf5c21a7727be32ad05afebd1fe9501ed
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D16DE6CC9EB0E1297F53DC1137BB764BF5C21A7727BE32AD05AFEBD1FE9501ED"
Last-Modified: Sat, 10 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2286
Expires: Mon, 12 Sep 2022 21:12:45 GMT
Date: Mon, 12 Sep 2022 20:34:39 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
143.204.55.25200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP 143.204.55.25:0
File type PEM certificate\012- , ASCII text
Hash 742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Mon, 12 Sep 2022 07:17:13 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 71c98156ae29b36a903974f9dd2568f8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 3XyGcq4PPO6NpIO15ZWDzKTVLdwgmxrDfVi6pzE6i77nQe9OdI68Wg==
age: 47847
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 12 Sep 2022 20:34:39 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash e7d6f0dbb357f3eaa632cb0f2ed9dc4e
48d553ad37284a26a82b4c3f670a2248069a9d8e
195d2023e76fe7d802c05b8f8ca57a4df139441db498fb93eecc194f19571392
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "195D2023E76FE7D802C05B8F8CA57A4DF139441DB498FB93EECC194F19571392"
Last-Modified: Sun, 11 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17237
Expires: Tue, 13 Sep 2022 01:21:56 GMT
Date: Mon, 12 Sep 2022 20:34:39 GMT
Connection: keep-alive
yoursafeinvestmentnow.net/btc-profits/lp.php
185.142.238.38200 OK 4.8 kB URL HTTP/1.1 yoursafeinvestmentnow.net/btc-profits/lp.php
IP 185.142.238.38:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (458)
Hash ec3c07aa75c8e2bfbc30f2d9f35b8404
4e0ba7981b904e1802845ca996f472ed40d914b8
ea904edd700754f3323090c8560a0d70b93283a5dac9b4c6971b088f8d6296ef
Analyzer Verdict Alert fortinet Phishing
GET /btc-profits/lp.php HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Sep 2022 20:34:39 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Upstream: sharkolia-***ko
Content-Encoding: gzip
X-Server: microso
PX-X-Request-Id: 3e13aeaa6fa517b83cdd210dc88bef1b
cdnjs.cloudflare.com/ajax/libs/fancybox/3.3.5/jquery.fancybox.min.css
104.17.24.14200 OK 2.9 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/fancybox/3.3.5/jquery.fancybox.min.css
IP 104.17.24.14:0
File type ASCII text, with very long lines (14065), with no line terminators
Hash c966da480efb64a4e936f34848ec8151
74aeb1bf213889c09bff4ad09b196cfa44ef3705
2131f4f45424dc47454738d9a72b696946a35309916e923ca7df02e171510f5d
GET /ajax/libs/fancybox/3.3.5/jquery.fancybox.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 12 Sep 2022 20:34:39 GMT
content-type: text/css; charset=utf-8
content-length: 2949
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03e58-36f1"
last-modified: Mon, 04 May 2020 16:10:00 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 1729488
expires: Sat, 02 Sep 2023 20:34:39 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=q%2B9htZtk%2BC%2F%2ByI7cJ0tzULHDotBxEvW4VobS8bOSlwK3v7Pcun%2B61mo4GW37izO64yDVGASyj1hf%2FwaWTLyIok%2F%2BSymJvjoL5yS%2BjiHHMv8ZLMGycWe7ztQBbbQrN%2BO2UkBDxcBY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 749b6cd6ebebb521-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/fancybox/3.3.5/jquery.fancybox.min.js
104.17.24.14200 OK 18 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/fancybox/3.3.5/jquery.fancybox.min.js
IP 104.17.24.14:0
File type Unicode text, UTF-8 text, with very long lines (32006)
Hash 0eea231e545fffd85122cc39d532de0c
ff9e77142cdde15c6be338563173662335bbf057
df3e0fea673cb3296a0defbca3784102b7a852291c39d159275293f95f703add
GET /ajax/libs/fancybox/3.3.5/jquery.fancybox.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 12 Sep 2022 20:34:39 GMT
content-type: application/javascript; charset=utf-8
content-length: 17617
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03e58-f02e"
last-modified: Mon, 04 May 2020 16:10:00 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 5240879
expires: Sat, 02 Sep 2023 20:34:39 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QL%2B0RE60Jt%2FWdRiG3nw1VlHG3WGj9amGdfwg4179bbYbed1qM9XZlTXMUrl%2F%2FAfYSw1LlIc64retNJhWjBKQNoxpQE0fAGBK%2FAiHVTbR6b8XgfdvbaBKAyKByvMShgY9Z%2BN608ML"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 749b6cd70c26b521-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 6526c70eb74c821b7a95487ad9a4e13d
0b8c610a7755437ab815b845f52cbb27e6c95008
059d15ca6ac7cb1830286ae635731e03b56c01d7d050291dabe2b3f3db866c9a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 20:34:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
yoursafeinvestmentnow.net/btc-profits/css/register.css
185.142.238.38200 OK 883 B URL HTTP/1.1 yoursafeinvestmentnow.net/btc-profits/css/register.css
IP 185.142.238.38:0
Hash 6b8c109b9be6de559b1199b7fde9f257
a839abbc29dd24dd8c21506e4884b5eb1fddf86d
853e93b5f26b6bbabfac248a04a847b2219344132c5def0a014c6de974cc23b1
GET /btc-profits/css/register.css HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/lp.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Sep 2022 20:34:39 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 26 Apr 2022 08:49:58 GMT
ETag: W/"6267b236-b17"
X-Upstream: sharkolia-***ko
PX-Cache-Status: STALE
X-Server: microso
PX-X-Request-Id: 9643c8269bda7fc8514ee4f88a1805d0
Content-Encoding: gzip
yoursafeinvestmentnow.net/btc-profits/css/build.min.css
185.142.238.38200 OK 2.2 kB URL HTTP/1.1 yoursafeinvestmentnow.net/btc-profits/css/build.min.css
IP 185.142.238.38:0
File type ASCII text, with very long lines (10691), with no line terminators
Hash f7eac4177d7dddbd4ec14de3830e6429
6c858f9d37963ccc61394f0362794576c859b294
42f5bebc07e5b01485c6c7f31daf6c8f8a656cc20775901a7c7ce9303ace53e3
GET /btc-profits/css/build.min.css HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/lp.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Sep 2022 20:34:39 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 26 Apr 2022 08:49:58 GMT
ETag: W/"6267b236-29c3"
X-Upstream: sharkolia-***ko
PX-Cache-Status: STALE
X-Server: microso
PX-X-Request-Id: 4aff21fcd319c81b7bcbd20b4d9a1b36
Content-Encoding: gzip
yoursafeinvestmentnow.net/btc-profits/css/index.css
185.142.238.38200 OK 2.1 kB URL HTTP/1.1 yoursafeinvestmentnow.net/btc-profits/css/index.css
IP 185.142.238.38:0
Hash 8404760f33feef05c5cacf4f18150a0a
352767ba44b3f1bc60016cc50d935262c228d011
2df7dfe8df990cbb5b426cc223afae14f1256089a7e61c77eef30f94049d2f7b
GET /btc-profits/css/index.css HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/lp.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Sep 2022 20:34:39 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 26 Apr 2022 08:49:58 GMT
ETag: W/"6267b236-22c9"
X-Upstream: sharkolia-***ko
PX-Cache-Status: STALE
X-Server: microso
PX-X-Request-Id: 69a4b74b07cf65577c45f61edec90b40
Content-Encoding: gzip
yoursafeinvestmentnow.net/btc-profits/css/intgrtn.css?v=1663014879
185.142.238.38200 OK 1.2 kB URL HTTP/1.1 yoursafeinvestmentnow.net/btc-profits/css/intgrtn.css?v=1663014879
IP 185.142.238.38:0
File type ASCII text, with very long lines (368)
Hash 4bfd54ff715abe1b84739ea3246b3a6b
48d0df35d5adc8123d9815b8056faf23b9cfbdbf
fc24b43fd2e75d20c6b2c0921bc36e21c53798ca33eb3deb0ac44aeff7f73cf4
GET /btc-profits/css/intgrtn.css?v=1663014879 HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/lp.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Sep 2022 20:34:39 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 26 Apr 2022 08:49:58 GMT
ETag: W/"6267b236-16d4"
X-Upstream: sharkolia-***ko
PX-Cache-Status: MISS
X-Server: microso
PX-X-Request-Id: b86b6b5f4b0a3d5fd60a637d373cc8a7
Content-Encoding: gzip
vjs.zencdn.net/7.1.0/video-js.css
151.101.86.217200 OK 10 kB URL HTTP/2 vjs.zencdn.net/7.1.0/video-js.css
IP 151.101.86.217:0
File type ASCII text, with very long lines (5636)
Hash ced02adc5b258233aa41baf2cea0d759
c234d8e4e5d703d6ef0162ff2f2757f19f2b894d
f299f231079df589e43dbd8daa561c87801397dbdd7c4e664ad08eaf0e274089
GET /7.1.0/video-js.css HTTP/1.1
Host: vjs.zencdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Wed, 25 Jul 2018 21:02:43 GMT
etag: "20e19d889dd8fa46e8035262bf8fb3ab"
cache-control: public, max-age=31536000
content-type: text/css; charset=utf-8
content-encoding: gzip
date: Mon, 12 Sep 2022 20:34:39 GMT
x-served-by: cache-bma1655-BMA
x-cache: HIT
x-cache-hits: 11714
vary: Accept-Encoding
access-control-allow-origin: *
timing-allow-origin: *
content-length: 10082
X-Firefox-Spdy: h2
yoursafeinvestmentnow.net/btc-profits/js/intgrtn-i18n.js
185.142.238.38200 OK 1.2 kB URL HTTP/1.1 yoursafeinvestmentnow.net/btc-profits/js/intgrtn-i18n.js
IP 185.142.238.38:0
Hash b840fe3bce28ce86a6ae23c4806aff39
e9c3f9265b4bd9c7cf480434cff8ea34cd413030
7160aaf5bd58ebaa2b408f3ec7cc3c07aed67b5ddc1ccb057c635b758e980ee2
Analyzer Verdict Alert fortinet Phishing
GET /btc-profits/js/intgrtn-i18n.js HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/lp.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Sep 2022 20:34:39 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 26 Apr 2022 08:49:58 GMT
ETag: W/"6267b236-127b"
X-Upstream: sharkolia-***ko
PX-Cache-Status: STALE
X-Server: microso
PX-X-Request-Id: 752930042773c913106e333374aeea43
Content-Encoding: gzip
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash bff3a3f3f4f889b08163e7d307438790
c430c7c151973fa0e63ddf52e5624e1ce2282161
bce7d12a2343d8e43fbd05522fe82807ed48933a984aa113c284267364981750
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 20:34:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
yoursafeinvestmentnow.net/btc-profits/js/index.js
185.142.238.38200 OK 845 B URL HTTP/1.1 yoursafeinvestmentnow.net/btc-profits/js/index.js
IP 185.142.238.38:0
Hash 2e9c91be1c23812ccd55bf398f5774a9
a113d13696cc73ddad6cc1df94256c74a885cbd6
c2e27dc36d6e9e15042d8b49f8cc675ba97734d0179d30d6856da5f07cd1a13c
Analyzer Verdict Alert fortinet Phishing
GET /btc-profits/js/index.js HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/lp.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Sep 2022 20:34:39 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 26 Apr 2022 08:49:58 GMT
ETag: W/"6267b236-fef"
X-Upstream: sharkolia-***ko
PX-Cache-Status: STALE
X-Server: microso
PX-X-Request-Id: 7098dbec593146040c4fe6afa125cd33
Content-Encoding: gzip
vjs.zencdn.net/7.1.0/video.js
151.101.86.217200 OK 338 kB URL HTTP/2 vjs.zencdn.net/7.1.0/video.js
IP 151.101.86.217:0
File type ASCII text, with very long lines (491)
Size 338 kB (338048 bytes)
Hash 801721168a5a2518c8c24dbf05687a10
aa02bd2d882f98fc1c8d015d4b5756703ee2a64e
9a89884883a81d284214b1818e3f3749ad1f9e445e06c1b2c32e9277869f2e78
GET /7.1.0/video.js HTTP/1.1
Host: vjs.zencdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Wed, 25 Jul 2018 21:02:43 GMT
etag: "9045e3df1785b61657789608f6afa807"
cache-control: public, max-age=31536000
content-type: application/javascript; charset=utf-8
content-encoding: gzip
date: Mon, 12 Sep 2022 20:34:39 GMT
x-served-by: cache-bma1655-BMA
x-cache: HIT
x-cache-hits: 2
vary: Accept-Encoding
access-control-allow-origin: *
timing-allow-origin: *
content-length: 338048
X-Firefox-Spdy: h2
yoursafeinvestmentnow.net/btc-profits/css/bootstrap.min.css
185.142.238.38200 OK 21 kB URL HTTP/1.1 yoursafeinvestmentnow.net/btc-profits/css/bootstrap.min.css
IP 185.142.238.38:0
File type ASCII text, with very long lines (65324)
Hash 6221a832ce40f4ea7bab0688f34aecf3
d5363ce21c87feda457a07b37b2d295c98f4c08a
225c6102ee2ee3ddf279c8f5ec1c7a6882ac332c9536dcfb3e1f6543d0a69d67
GET /btc-profits/css/bootstrap.min.css HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/lp.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Sep 2022 20:34:39 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 26 Apr 2022 08:49:58 GMT
ETag: W/"6267b236-22485"
X-Upstream: sharkolia-***ko
PX-Cache-Status: STALE
X-Server: microso
PX-X-Request-Id: 235de4c5d6b65cc1ddc47a805dbeb752
Content-Encoding: gzip
yoursafeinvestmentnow.net/btc-profits/js/bootstrap.js
185.142.238.38200 OK 15 kB URL HTTP/1.1 yoursafeinvestmentnow.net/btc-profits/js/bootstrap.js
IP 185.142.238.38:0
File type ASCII text, with very long lines (59058), with no line terminators
Hash cad5ab28caa01e82fb28de68f02f2062
af804710acf3fe18f0497e3ac3cc8f9ca39bf6f6
361ed599c9d999d6f763d9f039eb68c04eff91846a829134d29f5835eeadcc62
Analyzer Verdict Alert fortinet Phishing
GET /btc-profits/js/bootstrap.js HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/lp.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Sep 2022 20:34:39 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 26 Apr 2022 08:49:58 GMT
ETag: W/"6267b236-e6b2"
X-Upstream: sharkolia-***ko
PX-Cache-Status: STALE
X-Server: microso
PX-X-Request-Id: 9de255edd08f5cf1e79537ece0b4a76c
Content-Encoding: gzip
yoursafeinvestmentnow.net/btc-profits/js/build.min.js?v=2
185.142.238.38200 OK 121 kB URL HTTP/1.1 yoursafeinvestmentnow.net/btc-profits/js/build.min.js?v=2
IP 185.142.238.38:0
File type Unicode text, UTF-8 text, with very long lines (512)
Size 121 kB (121394 bytes)
Hash 5cf16db879e2e9a5d37c8069dd96116b
5dcc1b6d22c55109a36527762e38bd7671458347
6cf432436f2a5b70b40a9bf028c10a980b7a1db0751260c6ad39e15f30551e61
GET /btc-profits/js/build.min.js?v=2 HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/lp.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Sep 2022 20:34:39 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 26 Apr 2022 08:49:58 GMT
ETag: W/"6267b236-77ab1"
X-Upstream: sharkolia-***ko
PX-Cache-Status: STALE
X-Server: microso
PX-X-Request-Id: 5f8c86718ab3218224c9ff364fab3e03
Content-Encoding: gzip
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.36200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.36:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Mon, 12 Sep 2022 19:56:07 GMT
Expires: Mon, 12 Sep 2022 20:36:03 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 a034aae43a19aef875fa395182990970.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: oy4FtkSfOX08SYhS76bhq_RMW2P2xJxGwUitg5Mrxn0wR30nalwdnA==
Age: 2313
yoursafeinvestmentnow.net/btc-profits/img/story-img-es-1.png
185.142.238.38200 OK 280 kB URL HTTP/1.1 yoursafeinvestmentnow.net/btc-profits/img/story-img-es-1.png
IP 185.142.238.38:0
File type PNG image data, 391 x 800, 8-bit/color RGBA, non-interlaced\012- data
Size 280 kB (280345 bytes)
Hash b29dc53a1d936b0d8c172b4ad69b4b20
8bb94fa05b5fffb2c9e50f73641b15f7b6678bf6
83b8ad6b19add5d08f2405c04947c6754853a4bbe46f38508945b6628553ca44
GET /btc-profits/img/story-img-es-1.png HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/lp.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Sep 2022 20:34:40 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 26 Apr 2022 08:49:58 GMT
ETag: W/"6267b236-44871"
X-Upstream: sharkolia-***ko
PX-Cache-Status: STALE
X-Server: microso
PX-X-Request-Id: 67d5220ea01fd36e39b5c7ebca8d6bdc
Content-Encoding: gzip
yoursafeinvestmentnow.net/btc-profits/img/story-img-en-1.png
185.142.238.38200 OK 162 kB URL HTTP/1.1 yoursafeinvestmentnow.net/btc-profits/img/story-img-en-1.png
IP 185.142.238.38:0
File type PNG image data, 384 x 699, 8-bit/color RGBA, non-interlaced\012- data
Size 162 kB (161533 bytes)
Hash e9294c55afff2a1f45ce1f58bc07915d
e570dba19be355e5290d86531b9d1ba1fbcf1f3a
bc5e302cb7bee04cf0cf9d9af1f90ab22c8397fd5013530af5a66f2ff8dca7f9
GET /btc-profits/img/story-img-en-1.png HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/lp.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Sep 2022 20:34:40 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 26 Apr 2022 08:49:58 GMT
ETag: W/"6267b236-277ee"
X-Upstream: sharkolia-***ko
PX-Cache-Status: STALE
X-Server: microso
PX-X-Request-Id: 4ca762e37f113277d8a62aaa17df9c3b
Content-Encoding: gzip
yoursafeinvestmentnow.net/btc-profits/img/story-img-en-2.png
185.142.238.38200 OK 193 kB URL HTTP/1.1 yoursafeinvestmentnow.net/btc-profits/img/story-img-en-2.png
IP 185.142.238.38:0
File type PNG image data, 384 x 597, 8-bit/color RGBA, non-interlaced\012- data
Size 193 kB (192724 bytes)
Hash 79c05705671272c329027de865169307
580c4971bca2e80d005e48802c204df4e507dfc7
883a16106661ec83ba117aa4965e94c6006ee11f157dc529d1b0765c72e90028
GET /btc-profits/img/story-img-en-2.png HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/lp.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Sep 2022 20:34:40 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 26 Apr 2022 08:49:58 GMT
ETag: W/"6267b236-2f10c"
X-Upstream: sharkolia-***ko
PX-Cache-Status: STALE
X-Server: microso
PX-X-Request-Id: 748c60ff3a219479fd34073aed636ceb
Content-Encoding: gzip
yoursafeinvestmentnow.net/btc-profits/img/story-img-es-2.png
185.142.238.38200 OK 207 kB URL HTTP/1.1 yoursafeinvestmentnow.net/btc-profits/img/story-img-es-2.png
IP 185.142.238.38:0
File type PNG image data, 391 x 709, 8-bit/color RGBA, non-interlaced\012- data
Size 207 kB (206787 bytes)
Hash 88398eed6ba4da1fc27699ab09b790b9
c129525b291f42321bfc2e10faab4aa9df33643e
7b10461db51be4ed974249bc227cfa1b29add83b41fbdb5a7259fd952c62e6dc
GET /btc-profits/img/story-img-es-2.png HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/lp.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Sep 2022 20:34:40 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 26 Apr 2022 08:49:58 GMT
ETag: W/"6267b236-32975"
X-Upstream: sharkolia-***ko
PX-Cache-Status: STALE
X-Server: microso
PX-X-Request-Id: 4e716779e6321c0a786d27cd3e74e61b
Content-Encoding: gzip
yoursafeinvestmentnow.net/btc-profits/img/footer-logo.svg
185.142.238.38200 OK 3.0 kB URL HTTP/1.1 yoursafeinvestmentnow.net/btc-profits/img/footer-logo.svg
IP 185.142.238.38:0
File type SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (2962), with no line terminators
Hash 3b741137a1149a5c26d48c3c702a2d37
84b1124a5fe14491d674d1f7281f2f95776e5b9f
3a95c8bebec9e3932da29ddaa97a84dce573becc1960d849593d74a35af34db2
Analyzer Verdict Alert fortinet Phishing
GET /btc-profits/img/footer-logo.svg HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/lp.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Sep 2022 20:34:40 GMT
Content-Type: image/svg+xml
Content-Length: 2962
Connection: keep-alive
Last-Modified: Tue, 26 Apr 2022 08:49:58 GMT
ETag: "6267b236-b92"
X-Upstream: sharkolia-***ko
PX-Cache-Status: STALE
X-Server: microso
PX-X-Request-Id: 60dbc0db7f3f75a958e6a76029cb37bd
Accept-Ranges: bytes
yoursafeinvestmentnow.net/btc-profits/img/story-img-en-3.png
185.142.238.38200 OK 346 kB URL HTTP/1.1 yoursafeinvestmentnow.net/btc-profits/img/story-img-en-3.png
IP 185.142.238.38:0
File type PNG image data, 490 x 780, 8-bit/color RGBA, non-interlaced\012- data
Size 346 kB (345956 bytes)
Hash 49f0a6d2a946de991c5952c2053bd51e
58fe984e25ac511e56a57168aae4c449ff6d092a
bc1b61c018676da29d68306203c6e824eb7521d8678a1da1cbbc7b739b8c5d89
GET /btc-profits/img/story-img-en-3.png HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/lp.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Sep 2022 20:34:40 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 26 Apr 2022 08:49:58 GMT
ETag: W/"6267b236-5524b"
X-Upstream: sharkolia-***ko
PX-Cache-Status: STALE
X-Server: microso
PX-X-Request-Id: 04e494ca614f143ad58fa0502099862c
Content-Encoding: gzip
yoursafeinvestmentnow.net/btc-profits/img/story-video-3-thumbnail.png
185.142.238.38200 OK 1.6 MB URL HTTP/1.1 yoursafeinvestmentnow.net/btc-profits/img/story-video-3-thumbnail.png
IP 185.142.238.38:0
File type PNG image data, 1681 x 946, 8-bit/color RGB, non-interlaced\012- data
Size 1.6 MB (1591386 bytes)
Hash a01b698b1e329310ee52fc261e343857
f2e581eb7b7a5ac58c4f3a4ec155b8682dcf93ff
61c52302fde351be7db3e462bb9b73e93c86247c29c239e386f05d47656a9711
GET /btc-profits/img/story-video-3-thumbnail.png HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/lp.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Sep 2022 20:34:40 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 26 Apr 2022 08:49:58 GMT
ETag: W/"6267b236-1846b3"
X-Upstream: sharkolia-***ko
PX-Cache-Status: STALE
X-Server: microso
PX-X-Request-Id: 3dffa5ddf85bdc6c3815921eb8188c72
Content-Encoding: gzip
yoursafeinvestmentnow.net/btc-profits/img/story-img-en-4.png
185.142.238.38200 OK 128 kB URL HTTP/1.1 yoursafeinvestmentnow.net/btc-profits/img/story-img-en-4.png
IP 185.142.238.38:0
File type PNG image data, 384 x 607, 8-bit/color RGBA, non-interlaced\012- data
Size 128 kB (128355 bytes)
Hash 96570b49f06c36e6b466e0512a81a610
233277c3dc9299954118d6ddf9d5425f20da89ac
f33ff44f1d8ed504e68844d4ae524d8be569f1568c9da40d9badd63d272b1ec0
GET /btc-profits/img/story-img-en-4.png HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/lp.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Sep 2022 20:34:40 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 26 Apr 2022 08:49:58 GMT
ETag: W/"6267b236-1f861"
X-Upstream: sharkolia-***ko
PX-Cache-Status: STALE
X-Server: microso
PX-X-Request-Id: 87c16ff4f4e9000808029bd24f118d3f
Content-Encoding: gzip
yoursafeinvestmentnow.net/btc-profits/img/logo.svg
185.142.238.38200 OK 3.3 kB URL HTTP/1.1 yoursafeinvestmentnow.net/btc-profits/img/logo.svg
IP 185.142.238.38:0
File type SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (3260), with no line terminators
Hash 42aa52cf63f37e9f4d77399cb7a5f443
19be429f0eb52a8ffc615a464cdf9e6e2efd23d8
0e3c5bcee39345e9d174f82de22153aee045fadfc02ae1a6c3e4e804aad5beb4
Analyzer Verdict Alert fortinet Phishing
GET /btc-profits/img/logo.svg HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/lp.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Sep 2022 20:34:40 GMT
Content-Type: image/svg+xml
Content-Length: 3260
Connection: keep-alive
Last-Modified: Tue, 26 Apr 2022 08:49:58 GMT
ETag: "6267b236-cbc"
X-Upstream: sharkolia-***ko
PX-Cache-Status: STALE
X-Server: microso
PX-X-Request-Id: 0ddcc7e0ca902e304b19ef53572724f2
Accept-Ranges: bytes
yoursafeinvestmentnow.net/btc-profits/img/appPhoneMockup.png
185.142.238.38200 OK 53 kB URL HTTP/1.1 yoursafeinvestmentnow.net/btc-profits/img/appPhoneMockup.png
IP 185.142.238.38:0
File type PNG image data, 700 x 1165, 8-bit colormap, non-interlaced\012- data
Hash 91b91e15af04bde32dd38d28609ec214
ba8501a1425cb4e38ad8267a4f76900ee57ad275
ac04d340dba82bc4b602655511bedb7e070c93156d566c3040f2c5e70701ee27
GET /btc-profits/img/appPhoneMockup.png HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/lp.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Sep 2022 20:34:40 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 26 Apr 2022 08:49:58 GMT
ETag: W/"6267b236-cdc7"
X-Upstream: sharkolia-***ko
PX-Cache-Status: STALE
X-Server: microso
PX-X-Request-Id: 6cc23d104dd31fa3478541fe4b208493
Content-Encoding: gzip
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash cb674936db4af4be99c3c397eff8c6ae
de79d76bac3fae5799b0ff35ecc19360595dfb06
992b884b64f9f6fdb76a6ba91c48fed329325b95b99d8003b282879a52093c08
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 440
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 20:34:40 GMT
Last-Modified: Mon, 12 Sep 2022 20:27:20 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471
yoursafeinvestmentnow.net/btc-profits/img/bitcoin_bg.jpg
185.142.238.38200 OK 54 kB URL HTTP/1.1 yoursafeinvestmentnow.net/btc-profits/img/bitcoin_bg.jpg
IP 185.142.238.38:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 2000x1200, components 3\012- data
Hash 2b51c2c653de08bfaf3c6130f1b0fb6d
d4a15fbf511e8c3726a619714bcdc1035d30ca44
3dfcef8c1eca6f783bc83ea17bc9187acf65e2d490308b92488e46f06d3ec289
GET /btc-profits/img/bitcoin_bg.jpg HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/css/index.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Sep 2022 20:34:40 GMT
Content-Type: image/jpeg
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 26 Apr 2022 08:49:58 GMT
ETag: W/"6267b236-d74f"
X-Upstream: sharkolia-***ko
PX-Cache-Status: STALE
X-Server: microso
PX-X-Request-Id: 4d857f1be5e340a25fdad917678eae16
Content-Encoding: gzip
yoursafeinvestmentnow.net/btc-profits/img/triangleLeft.svg
185.142.238.38200 OK 378 B URL HTTP/1.1 yoursafeinvestmentnow.net/btc-profits/img/triangleLeft.svg
IP 185.142.238.38:0
File type SVG Scalable Vector Graphics image\012- HTML document, ASCII text
Hash c8031b29dfa9ee361318406711a72b24
5d414edfde0d92d57945a9b8de4913ae73f0b58f
86cef2e3af78360735e571123cc97e6a5f7d3bd2e33b35cb60ad89d52822fb7a
Analyzer Verdict Alert fortinet Phishing
GET /btc-profits/img/triangleLeft.svg HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/css/index.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Sep 2022 20:34:40 GMT
Content-Type: image/svg+xml
Content-Length: 378
Connection: keep-alive
Last-Modified: Tue, 26 Apr 2022 08:49:58 GMT
ETag: "6267b236-17a"
X-Upstream: sharkolia-***ko
PX-Cache-Status: STALE
X-Server: microso
PX-X-Request-Id: 82827f3430b52b7158a9d160287fdd15
Accept-Ranges: bytes
yoursafeinvestmentnow.net/btc-profits/img/triangleRight.svg
185.142.238.38200 OK 381 B URL HTTP/1.1 yoursafeinvestmentnow.net/btc-profits/img/triangleRight.svg
IP 185.142.238.38:0
File type SVG Scalable Vector Graphics image\012- HTML document, ASCII text
Hash 8c21bb7cb45252c1f8b7d18fbaac6062
211195bbc285ac309fb61889c8e76f7cb73ecf56
0b3c6a95a092a4db81f776a69c735508ff7def9c63b94427edc5af26748619d1
Analyzer Verdict Alert fortinet Phishing
GET /btc-profits/img/triangleRight.svg HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/css/index.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Sep 2022 20:34:40 GMT
Content-Type: image/svg+xml
Content-Length: 381
Connection: keep-alive
Last-Modified: Tue, 26 Apr 2022 08:49:58 GMT
ETag: "6267b236-17d"
X-Upstream: sharkolia-***ko
PX-Cache-Status: STALE
X-Server: microso
PX-X-Request-Id: b0a73e3d6eb6964d502a8c5146b24d9f
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash bd7b5eb635d48acf1428c326eaa892a1
ba9f6c0db831a88b7d6dbdd98f19e76b4b501258
557466a3b642e90e352898073ff23f6a034c3b233e8aee0f0f69cd6ca83d49f4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 20:34:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
yoursafeinvestmentnow.net/intgrtn/api/v1/integration/sdk.js?v=220228120
185.142.238.38200 OK 41 kB URL HTTP/1.1 yoursafeinvestmentnow.net/intgrtn/api/v1/integration/sdk.js?v=220228120
IP 185.142.238.38:0
Hash 451089c16d3b415cfe423824f4472dce
6c4e8a82adaa4641ac1f263772d34d4b32c0205c
aec6305ea4aad6e25aa4f15b6da4b145caf24f765a406a7c86ced6b70ddae2e5
GET /intgrtn/api/v1/integration/sdk.js?v=220228120 HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/lp.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Sep 2022 20:34:40 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 05 Sep 2022 12:28:27 GMT
Vary: Accept-Encoding
ETag: W/"6315eb6b-5f3f4"
Expires: Tue, 12 Sep 2023 14:34:25 GMT
Cache-Control: max-age=31536000
Content-Encoding: gzip
X-Server: microso
PX-X-Request-Id: 289ce3cd1a0b903d27ecf135bd564c79
PX-Cache-Status: HIT
fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
142.250.74.163200 OK 31 kB URL HTTP/2 fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 30928, version 1.0\012- data
Hash ac0d2859ea5f8fd6bcb3c305c08ec184
7f6c17e3e592cd8bd346b9cc261d8dd961b8aef7
ae919a7c9f25f0fd97fc18e398ae8e453fcaae487e4a4cb4f896e7fecde4a780
GET /s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://yoursafeinvestmentnow.net
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 30928
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 08 Sep 2022 16:40:18 GMT
expires: Fri, 08 Sep 2023 16:40:18 GMT
cache-control: public, max-age=31536000
age: 359662
last-modified: Mon, 11 Jul 2022 18:57:39 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash bd7b5eb635d48acf1428c326eaa892a1
ba9f6c0db831a88b7d6dbdd98f19e76b4b501258
557466a3b642e90e352898073ff23f6a034c3b233e8aee0f0f69cd6ca83d49f4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 12 Sep 2022 20:34:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
yoursafeinvestmentnow.net/intgrtn/api/v1/integration/sdk.css?v=2.63.2
185.142.238.38200 OK 8.2 kB URL HTTP/1.1 yoursafeinvestmentnow.net/intgrtn/api/v1/integration/sdk.css?v=2.63.2
IP 185.142.238.38:0
Hash f8d2693bbce48cb3c19117b0d43e9cc4
5a4ed5df84262978776ee5fd1d2418ebde6f08ba
0ec8d1ead3f977cf5f4421c42570d18ac80796c2ccbc6b855af7c68e3470b922
Analyzer Verdict Alert fortinet Phishing
GET /intgrtn/api/v1/integration/sdk.css?v=2.63.2 HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/lp.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Sep 2022 20:34:40 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 29 Jul 2022 12:13:41 GMT
Vary: Accept-Encoding
ETag: W/"62e3cef5-1344e"
Expires: Sun, 30 Jul 2023 20:18:42 GMT
Cache-Control: max-age=31536000
Content-Encoding: gzip
X-Server: microso
PX-X-Request-Id: 14bcb195318556a6977916e2f9f9ec52
PX-Cache-Status: HIT
yoursafeinvestmentnow.net/btc-profits/img/story-video-2-thumbnail.png
185.142.238.38200 OK 1.0 MB URL HTTP/1.1 yoursafeinvestmentnow.net/btc-profits/img/story-video-2-thumbnail.png
IP 185.142.238.38:0
File type PNG image data, 1680 x 940, 8-bit/color RGB, non-interlaced\012- data
Size 1.0 MB (1048404 bytes)
Hash 03e45743018d045be685db4bf481c890
b2ff6506d06cbb6b1785d6200e721373112d4a00
565985fd4415892facd3c3e487172bf9b63db65a552554f699fb33fe401e42ab
GET /btc-profits/img/story-video-2-thumbnail.png HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/lp.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Sep 2022 20:34:40 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 26 Apr 2022 08:49:58 GMT
ETag: W/"6267b236-100018"
X-Upstream: sharkolia-***ko
PX-Cache-Status: STALE
X-Server: microso
PX-X-Request-Id: b3b24b121d27083644c7661ac2c5ea7f
Content-Encoding: gzip
yoursafeinvestmentnow.net/btc-profits/img/story-video-1-thumbnail.png
185.142.238.38200 OK 971 kB URL HTTP/1.1 yoursafeinvestmentnow.net/btc-profits/img/story-video-1-thumbnail.png
IP 185.142.238.38:0
File type PNG image data, 1680 x 942, 8-bit/color RGB, non-interlaced\012- data
Size 971 kB (971253 bytes)
Hash ffddb50c85d82692df9063e91b437af1
5548c3553d060b6600d3ba6fb828291449469483
517d2dea94bc0b4525629164b02e0cea5cbd3c316372ae7e880ea629d95f4ef5
GET /btc-profits/img/story-video-1-thumbnail.png HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/lp.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Sep 2022 20:34:40 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 26 Apr 2022 08:49:58 GMT
ETag: W/"6267b236-ed1f8"
X-Upstream: sharkolia-***ko
PX-Cache-Status: STALE
X-Server: microso
PX-X-Request-Id: 923e014452f836b9b40e9bf536ac5c6f
Content-Encoding: gzip
yoursafeinvestmentnow.net/btc-profits/img/video-thumbnail-en-step2.png
185.142.238.38200 OK 292 kB URL HTTP/1.1 yoursafeinvestmentnow.net/btc-profits/img/video-thumbnail-en-step2.png
IP 185.142.238.38:0
File type PNG image data, 800 x 504, 8-bit/color RGB, non-interlaced\012- data
Size 292 kB (292338 bytes)
Hash 98ea79bb15f6f5fe966fa6d103dc2f54
edcfc3e73c08cbafa3442e33c80c68832b840aaf
29d852c4fbcf6893725a33163b9793d7ad2bd6c71642a45b765c22fb251c3dc9
GET /btc-profits/img/video-thumbnail-en-step2.png HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/lp.php
Cookie: intgrtn_locale=en-US
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Sep 2022 20:34:40 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 26 Apr 2022 08:49:58 GMT
ETag: W/"6267b236-4768b"
X-Upstream: sharkolia-***ko
PX-Cache-Status: STALE
X-Server: microso
PX-X-Request-Id: 5ee23662d827908aca2b4ae98fab7f8f
Content-Encoding: gzip
yoursafeinvestmentnow.net/intgrtn/api/v1/projects/agreements.php?type=4
185.142.238.38200 OK 1.8 kB URL HTTP/1.1 yoursafeinvestmentnow.net/intgrtn/api/v1/projects/agreements.php?type=4
IP 185.142.238.38:0
File type JSON data\012- , ASCII text, with very long lines (4220), with no line terminators
Hash 44950e9523cd5180f4db2cb08bb75d0e
cc56c1f92a8b3590de9b685e46a2c826989ae43c
778c77c26ab538f99dfbdc130e880e94b1f13c0898c70500d285ecfd4e1eaa48
Analyzer Verdict Alert fortinet Phishing
GET /intgrtn/api/v1/projects/agreements.php?type=4 HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Intgrtn-Referer: https://yoursafeinvestmentnow.net/btc-profits/lp.php
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/lp.php
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Sep 2022 20:34:40 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: accept, origin, content-type, authorization, Cache-Control, X-Requested-With, Intgrtn-Referer
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Encoding: gzip
Vary: Accept-Encoding
X-Server: microso
PX-X-Request-Id: 848a1e3537b38be0daee1ec805b405e0
push.services.mozilla.com/
52.41.246.187101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.41.246.187:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: iCkX0BvU5ZKR0yq/ZsDj8A==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: BYCjAZwQaGA5lBZ+QYaVMmneTqM=
use.fontawesome.com/releases/v5.6.3/webfonts/fa-solid-900.woff2
172.67.169.247200 OK 79 kB URL HTTP/2 use.fontawesome.com/releases/v5.6.3/webfonts/fa-solid-900.woff2
IP 172.67.169.247:0
File type Web Open Font Format (Version 2), TrueType, length 79100, version 1.0\012- data
Hash 5dc01cfcd5336f696cb85da7ce53fa9b
28a1f2fadc35c5343e0280389fe7955e3d1be607
f419ad7a4477f36ce73c74a23dce784150ca38fa5075a8e06109709cbb716903
GET /releases/v5.6.3/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://yoursafeinvestmentnow.net
Connection: keep-alive
Referer: https://use.fontawesome.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 12 Sep 2022 20:34:40 GMT
content-type: font/woff2
content-length: 79100
x-amz-id-2: VmYcGMOSomu6zwAi8HW3Ny8aQ5OhTim9qj0ZMhJFetGOXejS7aVI97uRmHqAOAx4e2Wn+0MTW8M=
x-amz-request-id: ZXJTPVZAETAPZ9FJ
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Wed, 30 Jun 2021 15:44:54 GMT
etag: "5dc01cfcd5336f696cb85da7ce53fa9b"
cache-control: max-age=31556926
cf-cache-status: HIT
age: 12389
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BPd8euiSzohC0TqOy1%2Fnqg8Qz9USYmicWkaQ6MtCTvfLbguVlVtlWie5ULLC2MiGK3cyWthYBm8c1WnoAaNlCUIBlHeoHcr7C1ods7WjJPvCRP1SvT%2FxNA%2BBcafRqZNUfU7ybtva"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 749b6cdcfa7ab512-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
yoursafeinvestmentnow.net/btc-profits/img/icon.png
185.142.238.38200 OK 987 B URL HTTP/1.1 yoursafeinvestmentnow.net/btc-profits/img/icon.png
IP 185.142.238.38:0
File type PNG image data, 32 x 32, 8-bit colormap, non-interlaced\012- data
Hash a060df8ceb03198a36a921f98410f834
693388d9a02762a0ca669f63e6ea7981ac382d2c
d7aa55086796eac88d5aff4e1921eeb18d757373275ccf40e2ece42021c6b018
GET /btc-profits/img/icon.png HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/lp.php
Cookie: intgrtn_locale=en-US
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Sep 2022 20:34:40 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 26 Apr 2022 08:49:58 GMT
ETag: W/"6267b236-579"
X-Upstream: sharkolia-***ko
PX-Cache-Status: STALE
X-Server: microso
PX-X-Request-Id: ec3f67294781ccb4d2bdb4e17d9e3e41
Content-Encoding: gzip
yoursafeinvestmentnow.net/intgrtn/api/v1/projects/details.php?
185.142.238.38200 OK 6.8 kB URL HTTP/1.1 yoursafeinvestmentnow.net/intgrtn/api/v1/projects/details.php?
IP 185.142.238.38:0
File type JSON data\012- HTML document, ASCII text, with very long lines (45078), with no line terminators
Hash 02f6c9e7cf50cec7bdc5ed9159e30398
beb7dd21d8a176fb70ff986056288c12bdee9cd0
21cdc2d33f10c49ca827103d5b50515cbafde3e09665bad3458447070106ca30
Analyzer Verdict Alert fortinet Phishing
GET /intgrtn/api/v1/projects/details.php? HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Intgrtn-Referer: https://yoursafeinvestmentnow.net/btc-profits/lp.php
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/lp.php
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Sep 2022 20:34:40 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: accept, origin, content-type, authorization, Cache-Control, X-Requested-With, Intgrtn-Referer
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Encoding: gzip
Vary: Accept-Encoding
X-Server: microso
PX-X-Request-Id: 7c95acbb87f85ead22e1961bf21c5feb
yoursafeinvestmentnow.net/intgrtn/api/v1/integration/assets/img/flags32.png
185.142.238.38200 OK 45 kB URL HTTP/1.1 yoursafeinvestmentnow.net/intgrtn/api/v1/integration/assets/img/flags32.png
IP 185.142.238.38:0
File type PNG image data, 32 x 8352, 8-bit colormap, non-interlaced\012- data
Hash 62000c9a41e76ec0b0e32059361c12a1
711ba42f1ca771cdb62c7fa7525a402f269972eb
15dbef1df9e79173424fe716ae37e10bec686d179f002aaca1f29dfa5f7c9dba
GET /intgrtn/api/v1/integration/assets/img/flags32.png HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/intgrtn/api/v1/integration/sdk.css?v=2.63.2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Sep 2022 20:34:41 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 29 Jul 2022 12:11:49 GMT
Vary: Accept-Encoding
ETag: W/"62e3ce85-afed"
Expires: Tue, 01 Aug 2023 06:44:34 GMT
Cache-Control: max-age=31536000
Content-Encoding: gzip
X-Server: microso
PX-X-Request-Id: 32243ba5a3c05083c21ae5d4de0e1207
PX-Cache-Status: HIT
yoursafeinvestmentnow.net/btc-profits/exit-popup/index.php
185.142.238.38200 OK 2.5 kB URL HTTP/1.1 yoursafeinvestmentnow.net/btc-profits/exit-popup/index.php
IP 185.142.238.38:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text
Hash 53ff107bda255cb6624a004d64169e2a
2337ec1bb557ba7236dffa58448bae6d6e214255
90c793d493d956e6d8ef4d45cab8ad3e43e3aef42c56764a9e402120fca1aa31
Analyzer Verdict Alert fortinet Phishing
GET /btc-profits/exit-popup/index.php HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/lp.php
Cookie: intgrtn_locale=en-US
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Sep 2022 20:34:41 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Upstream: sharkolia-***ko
Content-Encoding: gzip
X-Server: microso
PX-X-Request-Id: 15662575a7f113f8b9056733e2c6ef89
yoursafeinvestmentnow.net/btc-profits/i18n/no.json
185.142.238.38200 OK 9.4 kB URL HTTP/1.1 yoursafeinvestmentnow.net/btc-profits/i18n/no.json
IP 185.142.238.38:0
File type JSON data\012- , ASCII text, with very long lines (1015)
Hash bd96adfd0aa98beee89a4dcc2a215322
92b1960159c5d48433ffeda09de98bd3586a8df4
70c426d2e7903fcfe4c027618fb582950cb0add7ff7647f7e2d268bf087b70fd
Analyzer Verdict Alert fortinet Phishing
GET /btc-profits/i18n/no.json HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/lp.php
Cookie: intgrtn_locale=en-US; intgrtn_language=no
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Sep 2022 20:34:41 GMT
Content-Type: application/json
Content-Length: 9405
Connection: keep-alive
Last-Modified: Tue, 26 Apr 2022 08:49:58 GMT
ETag: "6267b236-24bd"
X-Upstream: sharkolia-***ko
Accept-Ranges: bytes
X-Server: microso
PX-X-Request-Id: 8a2b567faf8b1693ee50aaaca14b22a4
yoursafeinvestmentnow.net/intgrtn/api/v1/projects/agreements.php?type=4
185.142.238.38200 OK 1.8 kB URL HTTP/1.1 yoursafeinvestmentnow.net/intgrtn/api/v1/projects/agreements.php?type=4
IP 185.142.238.38:0
File type JSON data\012- , ASCII text, with very long lines (4221), with no line terminators
Hash a334894e8be5c1ff24a806e160677fdb
d32816b97b1350d94db90ff43a6137ce997c9709
ab0edecd10f41e2cf72e793f943a0161ea715b42b5010b98680c9e2bdea64439
Analyzer Verdict Alert fortinet Phishing
GET /intgrtn/api/v1/projects/agreements.php?type=4 HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Intgrtn-Referer: https://yoursafeinvestmentnow.net/btc-profits/lp.php
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/lp.php
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Sep 2022 20:34:41 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: accept, origin, content-type, authorization, Cache-Control, X-Requested-With, Intgrtn-Referer
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Encoding: gzip
Vary: Accept-Encoding
X-Server: microso
PX-X-Request-Id: 96d2fcb93840a6afe47da3975cce32d2
yoursafeinvestmentnow.net/intgrtn/api/v1/events/add.php
185.142.238.38200 OK 160 B URL HTTP/1.1 yoursafeinvestmentnow.net/intgrtn/api/v1/events/add.php
IP 185.142.238.38:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 6eba0edfee69e6530503b00b3095b3a9
afec23a40f17e1a7cd053172322b072f5c411bee
98e6fe4b911f039c0398d3dd5de2af6fbb15bdb06ca11a45651258dfe4818fc6
Analyzer Verdict Alert fortinet Phishing
POST /intgrtn/api/v1/events/add.php HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Intgrtn-Referer: https://yoursafeinvestmentnow.net/btc-profits/lp.php
Content-Length: 30
Origin: https://yoursafeinvestmentnow.net
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/lp.php
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Sep 2022 20:34:41 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://yoursafeinvestmentnow.net
Access-Control-Allow-Headers: accept, origin, content-type, authorization, Cache-Control, X-Requested-With, Intgrtn-Referer
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Encoding: gzip
Vary: Accept-Encoding
X-Server: microso
PX-X-Request-Id: c56d1eeaa6ec7652d261a9b9df340aab
yoursafeinvestmentnow.net/btc-profits/img/story-img-no-1.png
185.142.238.38200 OK 0 B URL HTTP/1.1 yoursafeinvestmentnow.net/btc-profits/img/story-img-no-1.png
IP 185.142.238.38:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
HEAD /btc-profits/img/story-img-no-1.png HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/lp.php
Cookie: intgrtn_locale=en-US; intgrtn_language=no
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Sep 2022 20:34:41 GMT
Content-Type: image/png
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 26 Apr 2022 08:49:58 GMT
ETag: W/"6267b236-e4fe"
X-Upstream: sharkolia-***ko
PX-Cache-Status: MISS
X-Server: microso
PX-X-Request-Id: 0b94a7095437b02607f451dc1991650a
Content-Encoding: gzip
yoursafeinvestmentnow.net/btc-profits/media/no-1.mp4
185.142.238.38200 OK 0 B URL HTTP/1.1 yoursafeinvestmentnow.net/btc-profits/media/no-1.mp4
IP 185.142.238.38:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
HEAD /btc-profits/media/no-1.mp4 HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/lp.php
Cookie: intgrtn_locale=en-US; intgrtn_language=no
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Sep 2022 20:34:41 GMT
Content-Type: video/mp4
Content-Length: 159213246
Connection: keep-alive
Last-Modified: Tue, 22 Mar 2022 13:53:54 GMT
ETag: "6239d4f2-97d66be"
X-Upstream: sharkolia-***ko
Accept-Ranges: bytes
PX-Cache-Status: MISS
X-Server: microso
PX-X-Request-Id: afb4280a6aecc383f8b44308aa5c5c0e
yoursafeinvestmentnow.net/intgrtn/api/v1/projects/agreements.php?type=4
185.142.238.38200 OK 1.8 kB URL HTTP/1.1 yoursafeinvestmentnow.net/intgrtn/api/v1/projects/agreements.php?type=4
IP 185.142.238.38:0
File type JSON data\012- , ASCII text, with very long lines (4219), with no line terminators
Hash a918c43501c1a1cc4e5fd91258b58547
2f2a18a05c1d5835528422403c2d1ab15b6a4545
2e4d9a5e7fbcccef2802488c9fd0db91f5362af0f0923eef27a95f22a9d7c616
Analyzer Verdict Alert fortinet Phishing
GET /intgrtn/api/v1/projects/agreements.php?type=4 HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Intgrtn-Referer: https://yoursafeinvestmentnow.net/btc-profits/lp.php
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/lp.php
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Sep 2022 20:34:41 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: accept, origin, content-type, authorization, Cache-Control, X-Requested-With, Intgrtn-Referer
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Encoding: gzip
Vary: Accept-Encoding
X-Server: microso
PX-X-Request-Id: f727f6276eb51cc70df7b6f51535d17c
yoursafeinvestmentnow.net/exit-popup-assets/js/bootstrap.min.js
185.142.238.38200 OK 9.8 kB URL HTTP/1.1 yoursafeinvestmentnow.net/exit-popup-assets/js/bootstrap.min.js
IP 185.142.238.38:0
File type ASCII text, with very long lines (32033)
Hash 4839f961fb7b3bf3ab0dfb42af29d967
625461153983e2349431581c4b33111423f73f5c
45c664c18940715d29c29b5dbf6901493b671d5961eb549ac3721ba21f4a3308
Analyzer Verdict Alert fortinet Phishing
GET /exit-popup-assets/js/bootstrap.min.js HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/exit-popup/index.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Sep 2022 20:34:41 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Upgrade: h2,h2c
Last-Modified: Thu, 07 Jan 2021 13:52:15 GMT
PX-Cache-Status: STALE
X-Server: microso
PX-X-Request-Id: f298a88b503b1127bd28b00848681b03
Content-Encoding: gzip
yoursafeinvestmentnow.net/btc-profits/img/story-img-no-4.png
185.142.238.38200 OK 0 B URL HTTP/1.1 yoursafeinvestmentnow.net/btc-profits/img/story-img-no-4.png
IP 185.142.238.38:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
HEAD /btc-profits/img/story-img-no-4.png HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/lp.php
Cookie: intgrtn_locale=en-US; intgrtn_language=no
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Sep 2022 20:34:41 GMT
Content-Type: image/png
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 26 Apr 2022 08:49:58 GMT
ETag: W/"6267b236-d4ee"
X-Upstream: sharkolia-***ko
PX-Cache-Status: MISS
X-Server: microso
PX-X-Request-Id: 1993657b01a1c6a0945b7a023d30b07a
Content-Encoding: gzip
yoursafeinvestmentnow.net/exit-popup-assets/js/jquery-1.11.3.min.js
185.142.238.38200 OK 33 kB URL HTTP/1.1 yoursafeinvestmentnow.net/exit-popup-assets/js/jquery-1.11.3.min.js
IP 185.142.238.38:0
File type ASCII text, with very long lines (32038)
Hash 1c8acbf5f411ace3b76578a1fd1a603e
b1bbee9db24d885c25afd2e5a7720e4f79b6b991
e37464521b5447580a641b775ddb258a76f3bc7a3ca5a34eb452b12908b350a9
Analyzer Verdict Alert fortinet Phishing
GET /exit-popup-assets/js/jquery-1.11.3.min.js HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/exit-popup/index.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Sep 2022 20:34:41 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Upgrade: h2,h2c
Last-Modified: Thu, 07 Jan 2021 13:52:15 GMT
PX-Cache-Status: STALE
X-Server: microso
PX-X-Request-Id: 1fb511e3ee4c0aa1e1add69f18017584
Content-Encoding: gzip
yoursafeinvestmentnow.net/exit-popup-assets/css/bootstrap.min.css
185.142.238.38200 OK 20 kB URL HTTP/1.1 yoursafeinvestmentnow.net/exit-popup-assets/css/bootstrap.min.css
IP 185.142.238.38:0
File type ASCII text, with very long lines (65371)
Hash 3482bbf5de7e50cdb4b70fd3231d2cef
d6a6d388db427ccde975a2d91d9ba377179e7a2e
948c851acaf4fa16ab1271caf4e370b09ca9f484f11378ef60a09b79af716a93
GET /exit-popup-assets/css/bootstrap.min.css HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/exit-popup/index.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Sep 2022 20:34:41 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Upgrade: h2,h2c
Last-Modified: Thu, 07 Jan 2021 13:52:15 GMT
PX-Cache-Status: HIT
X-Server: microso
PX-X-Request-Id: f893e2b9fbac6c6a266fd36282cf0f4b
Content-Encoding: gzip
yoursafeinvestmentnow.net/exit-popup-assets/js/intgrtn-i18n.js
185.142.238.38200 OK 435 B URL HTTP/1.1 yoursafeinvestmentnow.net/exit-popup-assets/js/intgrtn-i18n.js
IP 185.142.238.38:0
Hash 0ff92fdb5f25603e17ccc2fe5e500154
db65ca7fdc4da8c539b074a08d1a2f51f7522e1d
1e72547d697ebf8a5ffb091c3e5d402903fb6197e7d964bd325c997ce854e53c
Analyzer Verdict Alert fortinet Phishing
GET /exit-popup-assets/js/intgrtn-i18n.js HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/exit-popup/index.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Sep 2022 20:34:41 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Upgrade: h2,h2c
Last-Modified: Thu, 07 Jan 2021 13:52:15 GMT
PX-Cache-Status: STALE
X-Server: microso
PX-X-Request-Id: 59bad581439df1349f1884c71bfd6d54
Content-Encoding: gzip
yoursafeinvestmentnow.net/btc-profits/img/story-img-no-2.png
185.142.238.38200 OK 60 kB URL HTTP/1.1 yoursafeinvestmentnow.net/btc-profits/img/story-img-no-2.png
IP 185.142.238.38:0
File type PNG image data, 378 x 573, 8-bit colormap, non-interlaced\012- data
Hash a28cab43747bc3fc6e8733fe47cb9112
febe7eb3acda78425dafa1c6189dc400b28a3cea
5dd23f76ae7c415d62dbbfb23e36cc7ec3f51517c0bd11fd3a2180db455e48fc
GET /btc-profits/img/story-img-no-2.png HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/lp.php
Cookie: intgrtn_locale=en-US; intgrtn_language=no
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Sep 2022 20:34:41 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 26 Apr 2022 08:49:58 GMT
ETag: W/"6267b236-eb32"
X-Upstream: sharkolia-***ko
PX-Cache-Status: MISS
X-Server: microso
PX-X-Request-Id: 98a1a98c6faac3f01a201dfed0cba8ac
Content-Encoding: gzip
yoursafeinvestmentnow.net/exit-popup-assets/css/exitpopup-register.css?v=1661949963
185.142.238.38200 OK 936 B URL HTTP/1.1 yoursafeinvestmentnow.net/exit-popup-assets/css/exitpopup-register.css?v=1661949963
IP 185.142.238.38:0
Hash 23107b5259666c57945707cebe4611a6
dfffd706c05f59a123d16f9636bdd05db8d657a6
2f2185d5a3e167e164e438caec6842ea7d48a38e9bafef95f9abc418d81d5ecc
Analyzer Verdict Alert fortinet Phishing
GET /exit-popup-assets/css/exitpopup-register.css?v=1661949963 HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/exit-popup/index.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Sep 2022 20:34:41 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Upgrade: h2,h2c
Last-Modified: Fri, 09 Apr 2021 14:28:02 GMT
PX-Cache-Status: STALE
X-Server: microso
PX-X-Request-Id: 221e1fbbb60352641e5157ec19f4aa30
Content-Encoding: gzip
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 477fd76de0b69553430d504fe527cc06
88fe80a099e610212f27427ae6fd5b4e03b3df16
f27bc8051a23fbe811318b8d49f5d27e3e992962a0e72f5d30a4790fe4f42748
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17035
Expires: Tue, 13 Sep 2022 01:18:36 GMT
Date: Mon, 12 Sep 2022 20:34:41 GMT
Connection: keep-alive
yoursafeinvestmentnow.net/btc-profits/media/en-1-t3.mp4
185.142.238.38206 Partial Content 156 kB URL HTTP/1.1 yoursafeinvestmentnow.net/btc-profits/media/en-1-t3.mp4
IP 185.142.238.38:0
File type ISO Media, MP4 v2 [ISO 14496-14]\012- data
Size 156 kB (156296 bytes)
Hash 8ac88fdf059fc62999880e06d10a2dbd
ad5b680aa879ff114f5a0dc1844f97a4b0ac60d2
d38e271134de1a9d8760d98bbe8ccb09236ee736d3bbcd4e7212e5b3230974a9
Analyzer Verdict Alert fortinet Phishing
GET /btc-profits/media/en-1-t3.mp4 HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/lp.php
Cookie: intgrtn_locale=en-US; intgrtn_language=no
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 206 Partial Content
Server: nginx
Date: Mon, 12 Sep 2022 20:34:41 GMT
Content-Type: video/mp4
Content-Length: 11683124
Connection: keep-alive
Last-Modified: Tue, 22 Mar 2022 13:50:23 GMT
ETag: "6239d41f-b24534"
X-Upstream: sharkolia-***ko
PX-Cache-Status: STALE
X-Server: microso
PX-X-Request-Id: 41e05a8ed679b63bd97684ded8d41afa
Content-Range: bytes 0-11683123/11683124
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 477fd76de0b69553430d504fe527cc06
88fe80a099e610212f27427ae6fd5b4e03b3df16
f27bc8051a23fbe811318b8d49f5d27e3e992962a0e72f5d30a4790fe4f42748
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17035
Expires: Tue, 13 Sep 2022 01:18:36 GMT
Date: Mon, 12 Sep 2022 20:34:41 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 477fd76de0b69553430d504fe527cc06
88fe80a099e610212f27427ae6fd5b4e03b3df16
f27bc8051a23fbe811318b8d49f5d27e3e992962a0e72f5d30a4790fe4f42748
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17035
Expires: Tue, 13 Sep 2022 01:18:36 GMT
Date: Mon, 12 Sep 2022 20:34:41 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a938fd0-09b1-4550-89f4-e81e9c6a8737.jpeg
34.120.237.76200 OK 4.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a938fd0-09b1-4550-89f4-e81e9c6a8737.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b674daf3dc6e85ed054ab34d69979b86
47aaf5a3af2c25820d01d613c82b7f1279a298fc
7b9993ef69d4b77c1533ada040c85563b9cf7b1f5d007177c005f6cd7fdba1d3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a938fd0-09b1-4550-89f4-e81e9c6a8737.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4162
x-amzn-requestid: 9dc27e34-69e1-439d-8974-1297584ef4d0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YSIhuHlWIAMFhOQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631d87a4-410e9ede524aa657609a057a;Sampled=0
x-amzn-remapped-date: Sun, 11 Sep 2022 07:00:52 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: UxATqmWDCTwVqA3ORIXXObWZZj158TSRUoaAr48b08sxdAxBicw5zA==
via: 1.1 6ba2a21321beeef65404429d0a4b6380.cloudfront.net (CloudFront), 1.1 707e733794d52100fde0ab21bf0b1462.cloudfront.net (CloudFront), 1.1 google
date: Mon, 12 Sep 2022 07:27:45 GMT
age: 47216
etag: "47aaf5a3af2c25820d01d613c82b7f1279a298fc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F75931920-737e-40b5-8dd6-d2070639ea2d.jpeg
34.120.237.76200 OK 8.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F75931920-737e-40b5-8dd6-d2070639ea2d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c14088c4ca0d576e087feed41b7f1565
172b23f2ef39b6c3fdebb5441b10a95712206d0a
2699efa811ceac5420f5bd26c35a6f48b51854e29cbce7cbb62efb613db7d6b9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F75931920-737e-40b5-8dd6-d2070639ea2d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8799
x-amzn-requestid: 1bcdf387-9ad2-449a-861e-3352b1744d23
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YUI-0G6vIAMFgbA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631e552b-42aa46af6315148106c4fdee;Sampled=0
x-amzn-remapped-date: Sun, 11 Sep 2022 21:37:47 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: g2mxKK8L5T4YkeD8JqNUuV_KfsIq8ypRMvxhsyzSZSEIP4gDl4zLVQ==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Sun, 11 Sep 2022 21:41:51 GMT
age: 82370
etag: "172b23f2ef39b6c3fdebb5441b10a95712206d0a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
yoursafeinvestmentnow.net/btc-profits/media/no-1.mp4
185.142.238.38206 Partial Content 26 kB URL HTTP/1.1 yoursafeinvestmentnow.net/btc-profits/media/no-1.mp4
IP 185.142.238.38:0
File type ISO Media, MP4 v2 [ISO 14496-14]\012- data
Hash 110369881aca897e8311beaeabb5f3f9
2729670abf34c6a3fccf82cfbe4cc4086a09f0fc
90999f6f5fe56f154c5fac353d5947ca85b7953fa735f27f3f7c84da18bf9885
Analyzer Verdict Alert fortinet Phishing
GET /btc-profits/media/no-1.mp4 HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/lp.php
Cookie: intgrtn_locale=en-US; intgrtn_language=no
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 206 Partial Content
Server: nginx
Date: Mon, 12 Sep 2022 20:34:41 GMT
Content-Type: video/mp4
Content-Length: 159213246
Connection: keep-alive
Last-Modified: Tue, 22 Mar 2022 13:53:54 GMT
ETag: "6239d4f2-97d66be"
X-Upstream: sharkolia-***ko
Content-Range: bytes 0-159213245/159213246
PX-Cache-Status: MISS
X-Server: microso
PX-X-Request-Id: 601d3b8983215196b725d8ca9cdc60d4
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae1f7987-7b92-4cec-85ab-243250e02a06.webp
34.120.237.76200 OK 7.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae1f7987-7b92-4cec-85ab-243250e02a06.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b7ccc33ae0c85a906f2c17db281ec790
1904722d70348235d5472c54f888d2b4b991e2aa
f48edc03624f582b05b596694b76bd784f85eb9f2ca5dd025bbea9cc2ff1f096
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae1f7987-7b92-4cec-85ab-243250e02a06.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6999
x-amzn-requestid: 61e3e817-fb62-47c7-b938-2dfc6a134622
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YO1mlG3XIAMFo5w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631c3629-37c2c8982c4ccf891875c59a;Sampled=0
x-amzn-remapped-date: Sat, 10 Sep 2022 07:00:57 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: S2TR552YpZeEbhTSAn4vdXexYpvR4Lrr-LaJmfNd7LnO0L4QM8w-Dg==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 68fadeb91f97256bb67b03bfca74d830.cloudfront.net (CloudFront), 1.1 google
date: Mon, 12 Sep 2022 07:13:41 GMT
age: 48060
etag: "1904722d70348235d5472c54f888d2b4b991e2aa"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fefa6ec5a-4e0b-4c94-b9da-4836fbaa107b.jpeg
34.120.237.76200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fefa6ec5a-4e0b-4c94-b9da-4836fbaa107b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e407da4d97d497925b1ab523fd416787
166741631fb93d109b18dde6d316b3fa3276aa8f
707460c02438da6114e35e0b6569d42c0f3fb747f8cb51002f4d52bedbcffa61
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fefa6ec5a-4e0b-4c94-b9da-4836fbaa107b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8485
x-amzn-requestid: a56c9282-2786-4ae7-9fc2-0468bcc820a8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YQ1k_FM1oAMFZ2Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631d02ec-753cc4f121c9b77d22bb82b5;Sampled=0
x-amzn-remapped-date: Sat, 10 Sep 2022 21:34:36 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Mfmj40aUc8l5RPk56M-pbqTwhde_HzYcmN5MDrfv-WFPhbpoShWYNw==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 ebe4011a81a36e2bf678f69ce1711330.cloudfront.net (CloudFront), 1.1 google
date: Sun, 11 Sep 2022 22:16:58 GMT
age: 80263
etag: "166741631fb93d109b18dde6d316b3fa3276aa8f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F81f9b0a3-fe8f-4665-9e54-9dfaf5d4876b.jpeg
34.120.237.76200 OK 9.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F81f9b0a3-fe8f-4665-9e54-9dfaf5d4876b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6174529fff57758e958da5432344962f
05ec2076b32398d60ee77fab8c14345bc7dfe647
65284a76355864efa944dff5033575013c6d74a019a7b731e0236603f2f656a7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F81f9b0a3-fe8f-4665-9e54-9dfaf5d4876b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9466
x-amzn-requestid: ba3f7eac-61c9-4b5f-ae8a-b372906a25ba
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YOTeoHMKoAMFr5Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631bff90-1e70e2c444242a2d46387986;Sampled=0
x-amzn-remapped-date: Sat, 10 Sep 2022 03:08:00 GMT
x-amz-cf-pop: SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: -SwaUjMInlOaGpH6yK1W1a57QCQMgY-l43RdUfKVtZA1zJzMrLzC6g==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 f7283f3fe2c258cf54f8b7d3dd272e0e.cloudfront.net (CloudFront), 1.1 google
date: Mon, 12 Sep 2022 04:04:42 GMT
age: 59399
etag: "05ec2076b32398d60ee77fab8c14345bc7dfe647"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
yoursafeinvestmentnow.net/btc-profits/img/story-img-no-3.png
185.142.238.38200 OK 61 kB URL HTTP/1.1 yoursafeinvestmentnow.net/btc-profits/img/story-img-no-3.png
IP 185.142.238.38:0
File type PNG image data, 378 x 553, 8-bit colormap, non-interlaced\012- data
Hash 8a7299a0bfda15d07020be43660c8bb8
64d0c388012bf907e5e7cbe10481a16099f7f89d
8bd2395fa74b2aa1db57140f1195bee9e931a576ffd8a5838f7691f36fcf65ed
GET /btc-profits/img/story-img-no-3.png HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/lp.php
Cookie: intgrtn_locale=en-US; intgrtn_language=no
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Sep 2022 20:34:41 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 26 Apr 2022 08:49:58 GMT
ETag: W/"6267b236-eeff"
X-Upstream: sharkolia-***ko
PX-Cache-Status: MISS
X-Server: microso
PX-X-Request-Id: 4b7f66a15fcee5906cc330b1d1dafe32
Content-Encoding: gzip
yoursafeinvestmentnow.net/btc-profits/img/video-thumbnail-no-step1.png
185.142.238.38200 OK 1.0 MB URL HTTP/1.1 yoursafeinvestmentnow.net/btc-profits/img/video-thumbnail-no-step1.png
IP 185.142.238.38:0
File type PNG image data, 1792 x 1010, 8-bit/color RGBA, non-interlaced\012- data
Size 1.0 MB (1002060 bytes)
Hash f000f158fe7fd3b52a680937ee135975
65a0d763490d5dac2ab8a14ab6810c87ee80b299
df137889bd8a88a7b0454b0f38fac09b946bb9c3169fd9cc236894e82492e8bc
GET /btc-profits/img/video-thumbnail-no-step1.png HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/lp.php
Cookie: intgrtn_locale=en-US; intgrtn_language=no
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Sep 2022 20:34:41 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 26 Apr 2022 08:49:58 GMT
ETag: W/"6267b236-f4975"
X-Upstream: sharkolia-***ko
PX-Cache-Status: MISS
X-Server: microso
PX-X-Request-Id: 9b53870fe287b818b9912f6bf83cabfb
Content-Encoding: gzip
yoursafeinvestmentnow.net/btc-profits/img/story-img-no-4.png
185.142.238.38200 OK 54 kB URL HTTP/1.1 yoursafeinvestmentnow.net/btc-profits/img/story-img-no-4.png
IP 185.142.238.38:0
File type PNG image data, 378 x 553, 8-bit colormap, non-interlaced\012- data
Hash 39ea98074ef694e52ef6ad0d372851aa
5e3306c172e2f2847432c0769ef20426ba3fbc3b
f41043ac4735a639005ed101671f51d1ccf3ad6ae439797a19a7adf31f7d4217
GET /btc-profits/img/story-img-no-4.png HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/lp.php
Cookie: intgrtn_locale=en-US; intgrtn_language=no
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Sep 2022 20:34:41 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Tue, 26 Apr 2022 08:49:58 GMT
ETag: W/"6267b236-d4ee"
X-Upstream: sharkolia-***ko
PX-Cache-Status: MISS
X-Server: microso
PX-X-Request-Id: 1d5e6c71ab973f34a2362a911fc1a1e1
Content-Encoding: gzip
yoursafeinvestmentnow.net/intgrtn/api/v1/projects/details.php?&locale=en-US&language=no
185.142.238.38200 OK 11 kB URL HTTP/1.1 yoursafeinvestmentnow.net/intgrtn/api/v1/projects/details.php?&locale=en-US&language=no
IP 185.142.238.38:0
File type JSON data\012- HTML document, ASCII text, with very long lines (54771), with no line terminators
Hash 7f41f36a273bb03a1d2571f83cb4adf4
f25d8b369026cb49ee6f212c98d9cf8eaf52ffdc
7b4d34f3bb39b51091e0991679beec8506d9a1a6cde8756ce51b492f0950f4a0
GET /intgrtn/api/v1/projects/details.php?&locale=en-US&language=no HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Intgrtn-Referer: https://yoursafeinvestmentnow.net/btc-profits/exit-popup/index.php
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/exit-popup/index.php
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Sep 2022 20:34:41 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: accept, origin, content-type, authorization, Cache-Control, X-Requested-With, Intgrtn-Referer
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Encoding: gzip
Vary: Accept-Encoding
X-Server: microso
PX-X-Request-Id: 0ea336c82e3d577e7bc378617a2d9524
yoursafeinvestmentnow.net/exit-popup-assets/i18n/translations.json
185.142.238.38200 OK 11 kB URL HTTP/1.1 yoursafeinvestmentnow.net/exit-popup-assets/i18n/translations.json
IP 185.142.238.38:0
File type JSON data\012- , Unicode text, UTF-8 text, with CRLF line terminators
Hash 139f8213642d61b958a98cbbf0c3d7ed
286ec4140830f6bc344fbfa80eaeffc92cfb3e7a
01951ba26e39f4514074e54a24d710c0e93d0a6321ca03b55c7c19e0e2ff7502
Analyzer Verdict Alert fortinet Phishing
GET /exit-popup-assets/i18n/translations.json HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/exit-popup/index.php
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Sep 2022 20:34:41 GMT
Content-Type: application/json
Content-Length: 10773
Connection: keep-alive
Upgrade: h2,h2c
Last-Modified: Mon, 12 Apr 2021 13:25:18 GMT
Accept-Ranges: bytes
X-Server: microso
PX-X-Request-Id: 8dcb8c049b7de30b261fd4d5a7ccc5e8
yoursafeinvestmentnow.net/intgrtn/api/v1/events/add.php
185.142.238.38200 OK 161 B URL HTTP/1.1 yoursafeinvestmentnow.net/intgrtn/api/v1/events/add.php
IP 185.142.238.38:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 469062c5a44aa6280ec806c633b299cb
9fd9f5fe4ff99b0d385cac6963ef0e80ce66bd3e
ded476ca74163623db99d2a90dc3bfcac5140062b93f13b46d83097d56cfccd6
Analyzer Verdict Alert fortinet Phishing
POST /intgrtn/api/v1/events/add.php HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Intgrtn-Referer: https://yoursafeinvestmentnow.net/btc-profits/exit-popup/index.php
Content-Length: 30
Origin: https://yoursafeinvestmentnow.net
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/exit-popup/index.php
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 12 Sep 2022 20:34:42 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://yoursafeinvestmentnow.net
Access-Control-Allow-Headers: accept, origin, content-type, authorization, Cache-Control, X-Requested-With, Intgrtn-Referer
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Encoding: gzip
Vary: Accept-Encoding
X-Server: microso
PX-X-Request-Id: db44f6fd8284dd077c4260ac89416e73
yoursafeinvestmentnow.net/btc-profits/media/en-1-t2.mp4
185.142.238.38206 Partial Content 0 B URL HTTP/1.1 yoursafeinvestmentnow.net/btc-profits/media/en-1-t2.mp4
IP 185.142.238.38:0
Analyzer Verdict Alert fortinet Phishing
GET /btc-profits/media/en-1-t2.mp4 HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/lp.php
Cookie: intgrtn_locale=en-US; intgrtn_language=no
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 206 Partial Content
Server: nginx
Date: Mon, 12 Sep 2022 20:34:41 GMT
Content-Type: video/mp4
Content-Length: 6076830
Connection: keep-alive
Last-Modified: Tue, 22 Mar 2022 13:50:18 GMT
ETag: "6239d41a-5cb99e"
X-Upstream: sharkolia-***ko
PX-Cache-Status: STALE
X-Server: microso
PX-X-Request-Id: 927836eee7588928c574070288f2d6a9
Content-Range: bytes 0-6076829/6076830
use.fontawesome.com/releases/v5.6.3/css/all.css
172.67.169.247200 OK 0 B URL HTTP/2 use.fontawesome.com/releases/v5.6.3/css/all.css
IP 172.67.169.247:0
GET /releases/v5.6.3/css/all.css HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://yoursafeinvestmentnow.net
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 12 Sep 2022 20:34:40 GMT
content-type: text/css
x-amz-id-2: Sixj6p33vt1hBXL+ZnoFcAG5I1/KrioBw2Opv4PVEQeucSZ/qkDddJFn6VUhs0zQcOwg77kkPVg=
x-amz-request-id: ZXJPV8SGWTMAYR33
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Wed, 30 Jun 2021 15:44:33 GMT
etag: W/"dc93d584e41f8417f6b7163320d34329"
cache-control: max-age=31556926
cf-cache-status: HIT
age: 12389
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DYafz71T%2Bhp4o1h9FosW7phV1zaCWO99IjeBVGuJyYCIzvJv0r7gZt39C0IhLVpzI5MdDRNPywIvfDg1PUE2u16%2BqTBA77gzacco%2FW0opeZxpge43miicBNE1BIokXJeEVIXmoQT"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 749b6cdc99e0b512-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
yoursafeinvestmentnow.net/btc-profits/media/en-1-t1.mp4
185.142.238.38206 Partial Content 0 B URL HTTP/1.1 yoursafeinvestmentnow.net/btc-profits/media/en-1-t1.mp4
IP 185.142.238.38:0
Analyzer Verdict Alert fortinet Phishing
GET /btc-profits/media/en-1-t1.mp4 HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/lp.php
Cookie: intgrtn_locale=en-US; intgrtn_language=no
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 206 Partial Content
Server: nginx
Date: Mon, 12 Sep 2022 20:34:41 GMT
Content-Type: video/mp4
Content-Length: 9540163
Connection: keep-alive
Last-Modified: Tue, 22 Mar 2022 13:50:16 GMT
ETag: "6239d418-919243"
X-Upstream: sharkolia-***ko
PX-Cache-Status: STALE
X-Server: microso
PX-X-Request-Id: c6907eaee1bcb1914efdefebaad7cf02
Content-Range: bytes 0-9540162/9540163
fonts.googleapis.com/css?family=Montserrat:300,400,600,700,800
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Montserrat:300,400,600,700,800
IP 142.250.74.10:0
GET /css?family=Montserrat:300,400,600,700,800 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 12 Sep 2022 20:34:39 GMT
date: Mon, 12 Sep 2022 20:34:39 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
yoursafeinvestmentnow.net/btc-profits/media/en-2.mp4
185.142.238.38206 Partial Content 0 B URL HTTP/1.1 yoursafeinvestmentnow.net/btc-profits/media/en-2.mp4
IP 185.142.238.38:0
Analyzer Verdict Alert fortinet Phishing
GET /btc-profits/media/en-2.mp4 HTTP/1.1
Host: yoursafeinvestmentnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://yoursafeinvestmentnow.net/btc-profits/lp.php
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 206 Partial Content
Server: nginx
Date: Mon, 12 Sep 2022 20:34:40 GMT
Content-Type: video/mp4
Content-Length: 49974430
Connection: keep-alive
Last-Modified: Tue, 22 Mar 2022 13:50:51 GMT
ETag: "6239d43b-2fa8c9e"
X-Upstream: sharkolia-***ko
PX-Cache-Status: STALE
X-Server: microso
PX-X-Request-Id: 78f809143bdbd9bb9ef1c2bcff91c10b
Content-Range: bytes 0-49974429/49974430