r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash cdbad2434b7d127a4fc769807a9dc3e7
fa98cd9fc2309ab4423f33f683d17bdb17d76713
560cbbb751ab2884024da3b93fba6bc45c6434797dba72a98c05e7fc2bb94bc1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "560CBBB751AB2884024DA3B93FBA6BC45C6434797DBA72A98C05E7FC2BB94BC1"
Last-Modified: Sat, 26 Nov 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3096
Expires: Sun, 27 Nov 2022 16:41:04 GMT
Date: Sun, 27 Nov 2022 15:49:28 GMT
Connection: keep-alive
ocsp.digicert.com/
200 OK 471 B IP
Hash 64b2a23eab6e5ae8c010ec7242be930c
0673e4385ba01a5a245711bab96cafc34f765793
64751d193f7af72431e9689581faffcae1a30ff50ea425697b2b80ff61c87909
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5493
Cache-Control: max-age=159198
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 15:49:28 GMT
Etag: "63833c71-1d7"
Expires: Tue, 29 Nov 2022 12:02:46 GMT
Last-Modified: Sun, 27 Nov 2022 10:31:13 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471
bitcoinmonthlyreturn.com/
301 Moved Permanently 241 B URL HTTP/1.1 bitcoinmonthlyreturn.com/
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 3095124896e5259d86f10f95f44ac318
77d3ac41502ab5ba373cf76c3c46556250bdc098
6cd6e4d3a325025191ea29dad682080b912136e7c8ac180dd329d887fe9d340e
Analyzer Verdict Alert fortinet Phishing
GET / HTTP/1.1
Host: bitcoinmonthlyreturn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Sun, 27 Nov 2022 15:49:28 GMT
Server: nginx/1.21.6
Content-Type: text/html; charset=iso-8859-1
Content-Length: 241
Location: https://bitcoinmonthlyreturn.com/
X-Server-Cache: true
X-Proxy-Cache: EXPIRED
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 567df7db606cf5d0871aa5bc9311b6da
4263faac7cbab2fcaf6661911dcad5091c06be17
e9650e1fdc46fc8678708ddcc37ab369c7a6d50489a004be896f20c7a3a644b0
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Alert, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 27 Nov 2022 15:17:40 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 1908
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 3b56944f0e5716fd4fad2ec18994d4be
61cafa4de31ba960d1145ec37272f6f6b6944e0c
4fd46b0b6a2ea24f5ce175985a3933c04b4c01bd3e32bee2e50a61a65eef7af4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4FD46B0B6A2EA24F5CE175985A3933C04B4C01BD3E32BEE2E50A61A65EEF7AF4"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2950
Expires: Sun, 27 Nov 2022 16:38:38 GMT
Date: Sun, 27 Nov 2022 15:49:28 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: SC+8wZj1lsOuxamTKT2UwZWmRjnCrdASgo2yXE/154Ct6/FCd7HvLsY1U9Q3vxYXfWDKJf/AiUQ=
x-amz-request-id: KHB3CEDS6T6QK3S1
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 27 Nov 2022 15:41:41 GMT
age: 467
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 15:49:28 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 9475bb2503f29ac8dd73896c54b5cbb1
51231994bda21884be87441716029ccd1662efbc
f7e03348de54c95d93598aa0c0b14ac50b8d10ff450a07358c504d2d84d9e842
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F7E03348DE54C95D93598AA0C0B14AC50B8D10FF450A07358C504D2D84D9E842"
Last-Modified: Sat, 26 Nov 2022 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21519
Expires: Sun, 27 Nov 2022 21:48:07 GMT
Date: Sun, 27 Nov 2022 15:49:28 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Alert, Cache-Control, ETag, Pragma, Expires, Backoff, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 27 Nov 2022 15:08:54 GMT
cache-control: public,max-age=3600
age: 2434
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash a6fee11dfe1b88cd768a0ca3e2bd0c89
59cec9a44a4a92467678afe65f347f68641a2174
50870c499aae4d5dfd6df25a36cd04b6d185b66ef0590e46933984bf52e2483f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2674
Cache-Control: max-age=151317
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 15:49:29 GMT
Etag: "638328ac-1d7"
Expires: Tue, 29 Nov 2022 09:51:26 GMT
Last-Modified: Sun, 27 Nov 2022 09:06:52 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
200 OK 280 B IP
Hash ebed87c2caeb00f3daca76b91f1d5856
0b524def376f7bf90143e8c002fbbdc776d4b457
9d50a898f0edaf6c38ef9827dcfc72de00b8afd71fde693644c3e7424f6efaa4
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4387
Cache-Control: max-age=107325
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 15:49:29 GMT
Etag: "63827623-118"
Expires: Mon, 28 Nov 2022 21:38:14 GMT
Last-Modified: Sat, 26 Nov 2022 20:25:07 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 280
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 0ee1d1a60ec1770ec3e880a25c257f5d
015b05feff63bdcf8fae4d1a8c0c83c923a2ca67
b6845619444a37f322c044933a44cf3fd283a18a54d03bad4f76a2ed8c2cbaf6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 15:49:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 5af61422c4eaa1b995ec63e463abda26
db75634681ed688840773ce828c169ac9da7d131
506791493bb08d458008ad072ac34a26c2170c1e775b83f55f20cd8af97aa895
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 15:49:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
200 OK 279 B IP
Hash 263fd6d40218c2b0a2945fa12db8b4e5
db616a4c91fea68c1badef3644d17c033a467dd1
9a5d043d20760ae47a125e8585da97dcaf49405321e810c12e93336f55c95a97
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3027
Cache-Control: max-age=162469
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 15:49:29 GMT
Etag: "638352db-117"
Expires: Tue, 29 Nov 2022 12:57:18 GMT
Last-Modified: Sun, 27 Nov 2022 12:06:51 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 279
cdnjs.cloudflare.com/ajax/libs/magnific-popup.js/1.1.0/magnific-popup.min.css
200 OK 1.3 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/magnific-popup.js/1.1.0/magnific-popup.min.css
IP
File type ASCII text, with very long lines (5259), with no line terminators
Hash 61a2bf49c274907cb7c423ee7e577a2f
8e84fdaed011407912d3566446a79bf373481764
28b184ed88d2def77e206fb8e8987308d3520ae8662e6fc70049f25f697b5f14
GET /ajax/libs/magnific-popup.js/1.1.0/magnific-popup.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bitcoinmonthlyreturn.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 27 Nov 2022 15:49:29 GMT
content-type: text/css; charset=utf-8
content-length: 1283
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ed4-148b"
last-modified: Mon, 04 May 2020 16:12:04 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1463978
expires: Fri, 17 Nov 2023 15:49:29 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tk8xaofMwrvY73GdrcTr8YnoPmruxuWvIUdJj3%2F%2FthGR0vsp58xZ17yieNP3L2aCUNW6WEUltnQsZDUVirmN0kEGO4T4YSQomg0q%2BWH7T%2B1Ollm185CwKM%2BmhXYt8pkdJmigtDwI"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 770c0399e8c4fac4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/jquery-easing/1.4.1/jquery.easing.min.js
200 OK 747 B URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/jquery-easing/1.4.1/jquery.easing.min.js
IP
File type ASCII text, with very long lines (2532), with no line terminators
Hash 69438616d726a860ad4e3f87a7de6210
2af04ff3978c0e322c236516503169168a160a21
661f5dd5559ae4f915e00c0f9911250552fc5ccf9f007f55c72fb5a92d5deaa4
GET /ajax/libs/jquery-easing/1.4.1/jquery.easing.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bitcoinmonthlyreturn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 15:49:29 GMT
content-type: application/javascript; charset=utf-8
content-length: 747
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec1-9e4"
last-modified: Mon, 04 May 2020 16:11:45 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 297263
expires: Fri, 17 Nov 2023 15:49:29 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EcnkDAbyr0r09O8B6t%2BEuYWUJKZmUkVqpwuyxXLQjU%2FI7vW4%2F2qzceh0OQbRbx3BCZxCuXN9CU3G5%2BrNVfl7TWmhsptr1EyHr%2FnT62wgQRzGX7iGGunkW9ysT0J15wqsOA13zFHh"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 770c039a18e7fac4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/magnific-popup.js/1.1.0/jquery.magnific-popup.min.js
200 OK 6.5 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/magnific-popup.js/1.1.0/jquery.magnific-popup.min.js
IP
File type ASCII text, with very long lines (20087)
Hash 6cfa1ffc4889c0035506daea0275c825
2dcc44c7670dd51b8e8c7c12088d24cdffa64237
02abade26ab9e805db1edf9ccd3067e49eeff131adf44fdfd6c3aae8ca3c1581
GET /ajax/libs/magnific-popup.js/1.1.0/jquery.magnific-popup.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bitcoinmonthlyreturn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 15:49:29 GMT
content-type: application/javascript; charset=utf-8
content-length: 6546
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ed4-4ef8"
last-modified: Mon, 04 May 2020 16:12:04 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 8276190
expires: Fri, 17 Nov 2023 15:49:29 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gqlcC%2Bd889xwz4Ug7T3Wusa9PX0BAn%2FkVX4IbH9vzxLpC7jTkfh%2BMfrCSBeeJNeOazg9z73Wp%2BQHClNoftKJvfaAmCEVM%2FxCW5hZ3EUQMO0cUlC9c4UXkZX9LoyNkp7WbucvAPKt"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 770c039a18e8fac4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=UA-178402187-1
200 OK 44 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-178402187-1
IP
File type ASCII text, with very long lines (1921)
Hash ab4fcc0c13cc2ab4c3a7fcce87d0ae9a
6ad00b48f71bf3fcef9ea33942ac40c153aeb482
b60d88d2ba96c7fc20c91b2dee39d47c32785f8ee70578097221b4658cd47175
GET /gtag/js?id=UA-178402187-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bitcoinmonthlyreturn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 27 Nov 2022 15:49:29 GMT
expires: Sun, 27 Nov 2022 15:49:29 GMT
cache-control: private, max-age=900
last-modified: Sun, 27 Nov 2022 15:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43680
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: X2Ovll7m0CZNrQ1opULfzw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: hk5jJ+1zyKEaN+GCb2ojDGwOyh4=
ocsp.digicert.com/
200 OK 280 B IP
Hash ebed87c2caeb00f3daca76b91f1d5856
0b524def376f7bf90143e8c002fbbdc776d4b457
9d50a898f0edaf6c38ef9827dcfc72de00b8afd71fde693644c3e7424f6efaa4
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4387
Cache-Control: max-age=107325
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 15:49:29 GMT
Etag: "63827623-118"
Expires: Mon, 28 Nov 2022 21:38:14 GMT
Last-Modified: Sat, 26 Nov 2022 20:25:07 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 280
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 5af61422c4eaa1b995ec63e463abda26
db75634681ed688840773ce828c169ac9da7d131
506791493bb08d458008ad072ac34a26c2170c1e775b83f55f20cd8af97aa895
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 15:49:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 0ee1d1a60ec1770ec3e880a25c257f5d
015b05feff63bdcf8fae4d1a8c0c83c923a2ca67
b6845619444a37f322c044933a44cf3fd283a18a54d03bad4f76a2ed8c2cbaf6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 15:49:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
200 OK 279 B IP
Hash 263fd6d40218c2b0a2945fa12db8b4e5
db616a4c91fea68c1badef3644d17c033a467dd1
9a5d043d20760ae47a125e8585da97dcaf49405321e810c12e93336f55c95a97
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3027
Cache-Control: max-age=162469
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 15:49:29 GMT
Etag: "638352db-117"
Expires: Tue, 29 Nov 2022 12:57:18 GMT
Last-Modified: Sun, 27 Nov 2022 12:06:51 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 279
bitcoinmonthlyreturn.com/images/Bitcoin%20Monthly%20Return-word%20only.png
200 OK 59 kB URL HTTP/2 bitcoinmonthlyreturn.com/images/Bitcoin%20Monthly%20Return-word%20only.png
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 1767 x 334, 16-bit/color RGBA, non-interlaced\012- data
Hash 4c1c224e1b99813828da0492a8c913cc
b5ef456410b8233e7d6c3913bbf16533b955de1e
6bbe09cb2aeb042158fb1b2dcf5560100950557d2588a158990cee61dcfe3862
GET /images/Bitcoin%20Monthly%20Return-word%20only.png HTTP/1.1
Host: bitcoinmonthlyreturn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bitcoinmonthlyreturn.com/
Cookie: XSRF-TOKEN=eyJpdiI6Ik0rd05ibUdPd2gyeldydEpZdXU4UXc9PSIsInZhbHVlIjoiNTNDRjdBanVvelh0UnFoWWFDZk5xbXQzYklxamd0N2VsVzNxTFpualE0MmVaU0kxNlU1QnM5bG1sTlJ4WDFjdDhjVFdQUmdJcDltcStXTVR6dnFIbnk3Y1FRaC9oQm1Ielo2d3RkMS8zZmd6ejZqRTlsKzB3aHRQRDQxMTFKQVUiLCJtYWMiOiI4NDM4YWYzOTU0ZTg5MTlmMmI4OWE5NzBmMzg2ZjcyNjVjZmM2YmZmMTBmM2RlMjJlYmUzOTRlODVkYTJhMmE2In0%3D; monthly_return_session=eyJpdiI6Ik1aK2RaRFNCdmZlb1FENk9XNUtiK0E9PSIsInZhbHVlIjoiay9lRHRKODUyOHZKTGNiSEo2YmNOZXE4ZmRnNlJkdHdpc3ZMN1Eva0VRSHBDbGZxZFFycjhNeVJXYjRBZXVndURiL1lXTkIzUDNYRjBlUndyNHEwVGMySTlCdDZtaE5ZRGJYVFJ3aGljUWp1Y0dQcXdiUVJ4Z0c3L3BvUjA4eUsiLCJtYWMiOiI5YTM2ZDYzNzZmNGUzNWIwMjdkNGZlYTQ2NzljNzI5NzRkOGY1N2IwNjA1NWQzMzYzYTk1NzFiNDYyMzAwNDMwIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 24 Oct 2020 00:31:02 GMT
accept-ranges: bytes
content-length: 58695
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-type: image/png
date: Sun, 27 Nov 2022 15:49:29 GMT
server: Apache
X-Firefox-Spdy: h2
bitcoinmonthlyreturn.com/js/gtag.js?v=1
200 OK 258 B URL HTTP/2 bitcoinmonthlyreturn.com/js/gtag.js?v=1
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash a0130aa281272aa00d7d5ba53daea094
2615ab01764a514d8d718f74f6f2d652fd9f372f
82ef4688b71cc9a2807892ca94f969129d28ae42291433a663fa1fc520323bc1
GET /js/gtag.js?v=1 HTTP/1.1
Host: bitcoinmonthlyreturn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bitcoinmonthlyreturn.com/
Cookie: XSRF-TOKEN=eyJpdiI6Ik0rd05ibUdPd2gyeldydEpZdXU4UXc9PSIsInZhbHVlIjoiNTNDRjdBanVvelh0UnFoWWFDZk5xbXQzYklxamd0N2VsVzNxTFpualE0MmVaU0kxNlU1QnM5bG1sTlJ4WDFjdDhjVFdQUmdJcDltcStXTVR6dnFIbnk3Y1FRaC9oQm1Ielo2d3RkMS8zZmd6ejZqRTlsKzB3aHRQRDQxMTFKQVUiLCJtYWMiOiI4NDM4YWYzOTU0ZTg5MTlmMmI4OWE5NzBmMzg2ZjcyNjVjZmM2YmZmMTBmM2RlMjJlYmUzOTRlODVkYTJhMmE2In0%3D; monthly_return_session=eyJpdiI6Ik1aK2RaRFNCdmZlb1FENk9XNUtiK0E9PSIsInZhbHVlIjoiay9lRHRKODUyOHZKTGNiSEo2YmNOZXE4ZmRnNlJkdHdpc3ZMN1Eva0VRSHBDbGZxZFFycjhNeVJXYjRBZXVndURiL1lXTkIzUDNYRjBlUndyNHEwVGMySTlCdDZtaE5ZRGJYVFJ3aGljUWp1Y0dQcXdiUVJ4Z0c3L3BvUjA4eUsiLCJtYWMiOiI5YTM2ZDYzNzZmNGUzNWIwMjdkNGZlYTQ2NzljNzI5NzRkOGY1N2IwNjA1NWQzMzYzYTk1NzFiNDYyMzAwNDMwIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 24 Oct 2020 17:26:44 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 258
content-type: application/javascript
date: Sun, 27 Nov 2022 15:49:29 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash e9895464b828d538dc654c678c82b181
af5791cd48761cb3f3f979b481c23e1508692823
c93a71d276aa3f386bef66ed2b4d69e041cccc9a4df5024b14d54ce2569948f0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 15:49:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/nunito/v25/XRXI3I6Li01BKofiOc5wtlZ2di8HDLshdTQ3jw.woff2
200 OK 14 kB URL HTTP/2 fonts.gstatic.com/s/nunito/v25/XRXI3I6Li01BKofiOc5wtlZ2di8HDLshdTQ3jw.woff2
IP
File type Web Open Font Format (Version 2), TrueType, length 14060, version 1.0\012- data
Hash aacf0f4f8b5d693087b4d8ac6c86d2ae
ad06f3ffd0db6034eb0a12f98aa8aa4dead430fb
5e2f97ea0fb92d5e3ae31eeef403b9c34363c8fb2a387e13cf381fa97f3e8cf7
GET /s/nunito/v25/XRXI3I6Li01BKofiOc5wtlZ2di8HDLshdTQ3jw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://bitcoinmonthlyreturn.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 14060
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Nov 2022 08:32:24 GMT
expires: Thu, 23 Nov 2023 08:32:24 GMT
cache-control: public, max-age=31536000
age: 371825
last-modified: Mon, 18 Jul 2022 19:44:57 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
bitcoinmonthlyreturn.com/storage/images/btc.png
200 OK 151 kB URL HTTP/2 bitcoinmonthlyreturn.com/storage/images/btc.png
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 1915 x 1643, 16-bit/color RGBA, non-interlaced DIY-Thermocam raw data\012- (Lepton 2.x), scale -9543-5888, spot sensor temperature 0.000000, unit celsius, color scheme 0, calibration: offset 0.000000, slope 5497558138880.000000\012- data
Size 151 kB (150924 bytes)
Hash fe01876cc704f19a224865e793115def
664354ba5a90f53ecc477bee4327aed414f58ffd
671ca1aab399949dc8e840250020cd9771ad45f1466ddc9e3e926d719a16987a
GET /storage/images/btc.png HTTP/1.1
Host: bitcoinmonthlyreturn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bitcoinmonthlyreturn.com/
Cookie: XSRF-TOKEN=eyJpdiI6Ik0rd05ibUdPd2gyeldydEpZdXU4UXc9PSIsInZhbHVlIjoiNTNDRjdBanVvelh0UnFoWWFDZk5xbXQzYklxamd0N2VsVzNxTFpualE0MmVaU0kxNlU1QnM5bG1sTlJ4WDFjdDhjVFdQUmdJcDltcStXTVR6dnFIbnk3Y1FRaC9oQm1Ielo2d3RkMS8zZmd6ejZqRTlsKzB3aHRQRDQxMTFKQVUiLCJtYWMiOiI4NDM4YWYzOTU0ZTg5MTlmMmI4OWE5NzBmMzg2ZjcyNjVjZmM2YmZmMTBmM2RlMjJlYmUzOTRlODVkYTJhMmE2In0%3D; monthly_return_session=eyJpdiI6Ik1aK2RaRFNCdmZlb1FENk9XNUtiK0E9PSIsInZhbHVlIjoiay9lRHRKODUyOHZKTGNiSEo2YmNOZXE4ZmRnNlJkdHdpc3ZMN1Eva0VRSHBDbGZxZFFycjhNeVJXYjRBZXVndURiL1lXTkIzUDNYRjBlUndyNHEwVGMySTlCdDZtaE5ZRGJYVFJ3aGljUWp1Y0dQcXdiUVJ4Z0c3L3BvUjA4eUsiLCJtYWMiOiI5YTM2ZDYzNzZmNGUzNWIwMjdkNGZlYTQ2NzljNzI5NzRkOGY1N2IwNjA1NWQzMzYzYTk1NzFiNDYyMzAwNDMwIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Fri, 23 Oct 2020 16:31:50 GMT
accept-ranges: bytes
content-length: 150924
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-type: image/png
date: Sun, 27 Nov 2022 15:49:29 GMT
server: Apache
X-Firefox-Spdy: h2
bitcoinmonthlyreturn.com/js/all.js?v=2
200 OK 2.0 kB URL HTTP/2 bitcoinmonthlyreturn.com/js/all.js?v=2
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document, ASCII text, with CRLF, LF line terminators
Hash 091f97f5805e13102ecf594e7216c2a6
24d80bbaa7c08d1d8f824f3382238cabe73fa744
3797ecfabccb9efd9c4b1e48501c5bf1ce9619cbfbea4fcf0260483a4cd8f60b
Analyzer Verdict Alert fortinet Phishing
GET /js/all.js?v=2 HTTP/1.1
Host: bitcoinmonthlyreturn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bitcoinmonthlyreturn.com/
Cookie: XSRF-TOKEN=eyJpdiI6Ik0rd05ibUdPd2gyeldydEpZdXU4UXc9PSIsInZhbHVlIjoiNTNDRjdBanVvelh0UnFoWWFDZk5xbXQzYklxamd0N2VsVzNxTFpualE0MmVaU0kxNlU1QnM5bG1sTlJ4WDFjdDhjVFdQUmdJcDltcStXTVR6dnFIbnk3Y1FRaC9oQm1Ielo2d3RkMS8zZmd6ejZqRTlsKzB3aHRQRDQxMTFKQVUiLCJtYWMiOiI4NDM4YWYzOTU0ZTg5MTlmMmI4OWE5NzBmMzg2ZjcyNjVjZmM2YmZmMTBmM2RlMjJlYmUzOTRlODVkYTJhMmE2In0%3D; monthly_return_session=eyJpdiI6Ik1aK2RaRFNCdmZlb1FENk9XNUtiK0E9PSIsInZhbHVlIjoiay9lRHRKODUyOHZKTGNiSEo2YmNOZXE4ZmRnNlJkdHdpc3ZMN1Eva0VRSHBDbGZxZFFycjhNeVJXYjRBZXVndURiL1lXTkIzUDNYRjBlUndyNHEwVGMySTlCdDZtaE5ZRGJYVFJ3aGljUWp1Y0dQcXdiUVJ4Z0c3L3BvUjA4eUsiLCJtYWMiOiI5YTM2ZDYzNzZmNGUzNWIwMjdkNGZlYTQ2NzljNzI5NzRkOGY1N2IwNjA1NWQzMzYzYTk1NzFiNDYyMzAwNDMwIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 24 Oct 2020 06:27:10 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 2041
content-type: application/javascript
date: Sun, 27 Nov 2022 15:49:29 GMT
server: Apache
X-Firefox-Spdy: h2
bitcoinmonthlyreturn.com/
200 OK 30 kB URL HTTP/2 bitcoinmonthlyreturn.com/
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 3c1f22569a4839771a74474f41aec809
aab5037360db620d998f0704063b4acf6bdedccf
284a9b3745b8de5e80b3e84e7df19d6f0253df260e3eeceb1bff31c6364420db
Analyzer Verdict Alert fortinet Phishing
GET / HTTP/1.1
Host: bitcoinmonthlyreturn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Sun, 27 Nov 2022 15:49:28 GMT
server: Apache
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-server-cache: true
x-proxy-cache: MISS
set-cookie: XSRF-TOKEN=eyJpdiI6Ik0rd05ibUdPd2gyeldydEpZdXU4UXc9PSIsInZhbHVlIjoiNTNDRjdBanVvelh0UnFoWWFDZk5xbXQzYklxamd0N2VsVzNxTFpualE0MmVaU0kxNlU1QnM5bG1sTlJ4WDFjdDhjVFdQUmdJcDltcStXTVR6dnFIbnk3Y1FRaC9oQm1Ielo2d3RkMS8zZmd6ejZqRTlsKzB3aHRQRDQxMTFKQVUiLCJtYWMiOiI4NDM4YWYzOTU0ZTg5MTlmMmI4OWE5NzBmMzg2ZjcyNjVjZmM2YmZmMTBmM2RlMjJlYmUzOTRlODVkYTJhMmE2In0%3D; expires=Sun, 27-Nov-2022 17:49:28 GMT; Max-Age=7200; path=/; samesite=lax
monthly_return_session=eyJpdiI6Ik1aK2RaRFNCdmZlb1FENk9XNUtiK0E9PSIsInZhbHVlIjoiay9lRHRKODUyOHZKTGNiSEo2YmNOZXE4ZmRnNlJkdHdpc3ZMN1Eva0VRSHBDbGZxZFFycjhNeVJXYjRBZXVndURiL1lXTkIzUDNYRjBlUndyNHEwVGMySTlCdDZtaE5ZRGJYVFJ3aGljUWp1Y0dQcXdiUVJ4Z0c3L3BvUjA4eUsiLCJtYWMiOiI5YTM2ZDYzNzZmNGUzNWIwMjdkNGZlYTQ2NzljNzI5NzRkOGY1N2IwNjA1NWQzMzYzYTk1NzFiNDYyMzAwNDMwIn0%3D; expires=Sun, 27-Nov-2022 17:49:28 GMT; Max-Age=7200; path=/; httponly; samesite=lax
X-Firefox-Spdy: h2
bitcoinmonthlyreturn.com/js/handler/tpsServer.js?v=12
200 OK 4.5 kB URL HTTP/2 bitcoinmonthlyreturn.com/js/handler/tpsServer.js?v=12
IP
ASN #46606 UNIFIEDLAYER-AS-1
Hash cdf9e73f9110fa10e0a3ef8db90f6a3c
2f66c44b4100cc7cdf393ac13634fd61f4051386
f06f8225f7620ddc5675be7681beac0c0bdff2e75641ac762c080531fb2f158b
Analyzer Verdict Alert fortinet Phishing
GET /js/handler/tpsServer.js?v=12 HTTP/1.1
Host: bitcoinmonthlyreturn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bitcoinmonthlyreturn.com/
Cookie: XSRF-TOKEN=eyJpdiI6Ik0rd05ibUdPd2gyeldydEpZdXU4UXc9PSIsInZhbHVlIjoiNTNDRjdBanVvelh0UnFoWWFDZk5xbXQzYklxamd0N2VsVzNxTFpualE0MmVaU0kxNlU1QnM5bG1sTlJ4WDFjdDhjVFdQUmdJcDltcStXTVR6dnFIbnk3Y1FRaC9oQm1Ielo2d3RkMS8zZmd6ejZqRTlsKzB3aHRQRDQxMTFKQVUiLCJtYWMiOiI4NDM4YWYzOTU0ZTg5MTlmMmI4OWE5NzBmMzg2ZjcyNjVjZmM2YmZmMTBmM2RlMjJlYmUzOTRlODVkYTJhMmE2In0%3D; monthly_return_session=eyJpdiI6Ik1aK2RaRFNCdmZlb1FENk9XNUtiK0E9PSIsInZhbHVlIjoiay9lRHRKODUyOHZKTGNiSEo2YmNOZXE4ZmRnNlJkdHdpc3ZMN1Eva0VRSHBDbGZxZFFycjhNeVJXYjRBZXVndURiL1lXTkIzUDNYRjBlUndyNHEwVGMySTlCdDZtaE5ZRGJYVFJ3aGljUWp1Y0dQcXdiUVJ4Z0c3L3BvUjA4eUsiLCJtYWMiOiI5YTM2ZDYzNzZmNGUzNWIwMjdkNGZlYTQ2NzljNzI5NzRkOGY1N2IwNjA1NWQzMzYzYTk1NzFiNDYyMzAwNDMwIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 10 Aug 2022 16:04:57 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 4481
content-type: application/javascript
date: Sun, 27 Nov 2022 15:49:29 GMT
server: Apache
X-Firefox-Spdy: h2
use.fontawesome.com/releases/v5.13.0/js/all.js
200 OK 425 kB URL HTTP/2 use.fontawesome.com/releases/v5.13.0/js/all.js
IP
File type ASCII text, with very long lines (65350)
Size 425 kB (424648 bytes)
Hash e1d0394749c894efffb556df605a438c
75c96689d7715ec18cadaeecbb4d7619188d7be0
7743c6c1d274273db50aa57b0ec75763b0fb5afd75800fe6d2881b5e253e62c6
GET /releases/v5.13.0/js/all.js HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bitcoinmonthlyreturn.com
Connection: keep-alive
Referer: https://bitcoinmonthlyreturn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 27 Nov 2022 15:49:29 GMT
content-type: application/javascript
x-amz-id-2: WFKjiz29xHWW276R3xKUVOXcWuJo1JOQkdJwgEczu/PDj7mOV/q74+pMIGC86hYjS71Aoxb3alo=
x-amz-request-id: GYPHBH1AGKS2G7NV
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Wed, 30 Jun 2021 15:38:38 GMT
etag: W/"1011064a70f679eaaef8d6988d6cc493"
cache-control: max-age=31556926
cf-cache-status: HIT
age: 606561
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HEpQLacSLyerA0dMTRiomW5qPmWFtZPmVBUMgz9roH4ASWjB5eBkAym71dkUo5rlOdUknWRYfXkFW6a%2Fy4Co63ziz%2Fdo1KXWeEJ46kJfIgVgT1ckGcDou9VPzjfDHi7hUl7Q7c2N"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 770c039a1bcf777a-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 280 B IP
Hash 275f0035de997821992b512cf1c41d0a
cd24fff9ab00012c1c23622ab1f86aaaf02da8c9
1a8dd40698e960be61c4284c14c9d7a30dc3fe89bbbbf60618e741688f9f0f4a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6260
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 15:49:30 GMT
Last-Modified: Sun, 27 Nov 2022 14:05:10 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 280
inklinkor.com/tag.min.js
200 OK 25 kB IP
File type ASCII text, with very long lines (65536), with no line terminators
Hash b50dde3038bad7b526a3df4391293bd8
a80cdb66bf79072e44223133627e317e932d43d4
8cae0cae3ebbff63eb9df7d7b74e2b1fb715db1e0092f224d779e42cb93395a3
GET /tag.min.js HTTP/1.1
Host: inklinkor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bitcoinmonthlyreturn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 27 Nov 2022 15:49:30 GMT
content-type: text/javascript; charset=utf-8
x-trace-id: 8d90c3fb5cacf0776af2433e223b7b94
cache-control: max-age=86400
last-modified: Wed, 23 Nov 2022 10:04:39 GMT
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
expires: Mon, 28 Nov 2022 15:39:27 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 603
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rguipibEx9NgvyoNt1u4pOTAeNCHqiQVlavSxiOAsJhlSgckJwV19GpVEGM%2FHuqChzP0lVh6JDazidFtu9QKkE9ks3GbDaaXnhXfly6X4Bsod9i5Sx5hziIatld%2FPBuC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 770c039edf6fb515-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bitcoinmonthlyreturn.com/images/bitcoin_monthly_return.png
200 OK 86 kB URL HTTP/2 bitcoinmonthlyreturn.com/images/bitcoin_monthly_return.png
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 1920 x 495, 16-bit/color RGBA, non-interlaced\012- data
Hash 33413b5205fa4a4fef65721f98dc64d9
ae8b91133054b81f724328888dc0dfc83b368120
1780f1e8a33fd0c3d962b6df2ceff6e53911b0490b376ea7a42e1c5cf2afae6f
GET /images/bitcoin_monthly_return.png HTTP/1.1
Host: bitcoinmonthlyreturn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bitcoinmonthlyreturn.com/
Cookie: XSRF-TOKEN=eyJpdiI6Ik0rd05ibUdPd2gyeldydEpZdXU4UXc9PSIsInZhbHVlIjoiNTNDRjdBanVvelh0UnFoWWFDZk5xbXQzYklxamd0N2VsVzNxTFpualE0MmVaU0kxNlU1QnM5bG1sTlJ4WDFjdDhjVFdQUmdJcDltcStXTVR6dnFIbnk3Y1FRaC9oQm1Ielo2d3RkMS8zZmd6ejZqRTlsKzB3aHRQRDQxMTFKQVUiLCJtYWMiOiI4NDM4YWYzOTU0ZTg5MTlmMmI4OWE5NzBmMzg2ZjcyNjVjZmM2YmZmMTBmM2RlMjJlYmUzOTRlODVkYTJhMmE2In0%3D; monthly_return_session=eyJpdiI6Ik1aK2RaRFNCdmZlb1FENk9XNUtiK0E9PSIsInZhbHVlIjoiay9lRHRKODUyOHZKTGNiSEo2YmNOZXE4ZmRnNlJkdHdpc3ZMN1Eva0VRSHBDbGZxZFFycjhNeVJXYjRBZXVndURiL1lXTkIzUDNYRjBlUndyNHEwVGMySTlCdDZtaE5ZRGJYVFJ3aGljUWp1Y0dQcXdiUVJ4Z0c3L3BvUjA4eUsiLCJtYWMiOiI5YTM2ZDYzNzZmNGUzNWIwMjdkNGZlYTQ2NzljNzI5NzRkOGY1N2IwNjA1NWQzMzYzYTk1NzFiNDYyMzAwNDMwIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 24 Oct 2020 00:20:28 GMT
accept-ranges: bytes
content-length: 85849
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-type: image/png
date: Sun, 27 Nov 2022 15:49:29 GMT
server: Apache
X-Firefox-Spdy: h2
bitcoinmonthlyreturn.com/images/whales_trap_banner3.png?v=1
200 OK 347 kB URL HTTP/2 bitcoinmonthlyreturn.com/images/whales_trap_banner3.png?v=1
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type PNG image data, 1450 x 669, 8-bit/color RGB, non-interlaced\012- data
Size 347 kB (346747 bytes)
Hash 5e670c98b43c79815b40442d49984791
d7ddcd96d9ac66d478489b25403febeaa4696517
994d31490d2096a0614fd214d84943b0857e8f6fea12e0d92995dfefd45a194b
Analyzer Verdict Alert fortinet Phishing
GET /images/whales_trap_banner3.png?v=1 HTTP/1.1
Host: bitcoinmonthlyreturn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bitcoinmonthlyreturn.com/
Cookie: XSRF-TOKEN=eyJpdiI6Ik0rd05ibUdPd2gyeldydEpZdXU4UXc9PSIsInZhbHVlIjoiNTNDRjdBanVvelh0UnFoWWFDZk5xbXQzYklxamd0N2VsVzNxTFpualE0MmVaU0kxNlU1QnM5bG1sTlJ4WDFjdDhjVFdQUmdJcDltcStXTVR6dnFIbnk3Y1FRaC9oQm1Ielo2d3RkMS8zZmd6ejZqRTlsKzB3aHRQRDQxMTFKQVUiLCJtYWMiOiI4NDM4YWYzOTU0ZTg5MTlmMmI4OWE5NzBmMzg2ZjcyNjVjZmM2YmZmMTBmM2RlMjJlYmUzOTRlODVkYTJhMmE2In0%3D; monthly_return_session=eyJpdiI6Ik1aK2RaRFNCdmZlb1FENk9XNUtiK0E9PSIsInZhbHVlIjoiay9lRHRKODUyOHZKTGNiSEo2YmNOZXE4ZmRnNlJkdHdpc3ZMN1Eva0VRSHBDbGZxZFFycjhNeVJXYjRBZXVndURiL1lXTkIzUDNYRjBlUndyNHEwVGMySTlCdDZtaE5ZRGJYVFJ3aGljUWp1Y0dQcXdiUVJ4Z0c3L3BvUjA4eUsiLCJtYWMiOiI5YTM2ZDYzNzZmNGUzNWIwMjdkNGZlYTQ2NzljNzI5NzRkOGY1N2IwNjA1NWQzMzYzYTk1NzFiNDYyMzAwNDMwIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Wed, 23 Dec 2020 19:05:59 GMT
accept-ranges: bytes
content-length: 346747
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-type: image/png
date: Sun, 27 Nov 2022 15:49:29 GMT
server: Apache
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash c6bd82985c4427ff7e474c5c7c71e73c
f9cc525520b0d571cd3f143806c8a5f1ee0166fc
cb027063ba1c1ffa08eef4faee1640fcd8ae3890c10d4295fb06c2c8b408de94
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CB027063BA1C1FFA08EEF4FAEE1640FCD8AE3890C10D4295FB06C2C8B408DE94"
Last-Modified: Sat, 26 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11572
Expires: Sun, 27 Nov 2022 19:02:22 GMT
Date: Sun, 27 Nov 2022 15:49:30 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 43dca8ebcf06bd09eb16b5516072ec48
84fe572e189c13383dc0a805a90c07de69c48ee6
be524e069364f1231ff9f6f8a5ca6ae8aa4353ba95fa7913c30c13ed008ab8fd
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BE524E069364F1231FF9F6F8A5CA6AE8AA4353BA95FA7913C30C13ED008AB8FD"
Last-Modified: Sat, 26 Nov 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11896
Expires: Sun, 27 Nov 2022 19:07:46 GMT
Date: Sun, 27 Nov 2022 15:49:30 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash aebda342a81ad83f60d2523f54ccda67
e590d9326e4a283e0929a8ffccb13cc4308af0e6
bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18463
Expires: Sun, 27 Nov 2022 20:57:13 GMT
Date: Sun, 27 Nov 2022 15:49:30 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash aebda342a81ad83f60d2523f54ccda67
e590d9326e4a283e0929a8ffccb13cc4308af0e6
bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18463
Expires: Sun, 27 Nov 2022 20:57:13 GMT
Date: Sun, 27 Nov 2022 15:49:30 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash aebda342a81ad83f60d2523f54ccda67
e590d9326e4a283e0929a8ffccb13cc4308af0e6
bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18463
Expires: Sun, 27 Nov 2022 20:57:13 GMT
Date: Sun, 27 Nov 2022 15:49:30 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash aebda342a81ad83f60d2523f54ccda67
e590d9326e4a283e0929a8ffccb13cc4308af0e6
bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18463
Expires: Sun, 27 Nov 2022 20:57:13 GMT
Date: Sun, 27 Nov 2022 15:49:30 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash aebda342a81ad83f60d2523f54ccda67
e590d9326e4a283e0929a8ffccb13cc4308af0e6
bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18463
Expires: Sun, 27 Nov 2022 20:57:13 GMT
Date: Sun, 27 Nov 2022 15:49:30 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg
200 OK 4.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash cc0a257323f882caff067adb86d906e4
cedf2f21be7cd366bd46055b62b5513db3011dfc
c16a9296d5e840a468fef7fb2764b9f7d4b3131d7ade2ce4999de1eead5469e0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4803
x-amzn-requestid: 80f7f1c8-0316-4181-83ac-2787b1ae825f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cOo4iFHoIAMF2-g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63828836-2c0a081b07e0785b4350c10c;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 21:42:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: AVwDLlKoy5pc9NNuR_OakMB0ONGAoO-k2AKwV--b2sjiaqYSKAWlZg==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 21:42:14 GMT
etag: "cedf2f21be7cd366bd46055b62b5513db3011dfc"
content-type: image/jpeg
age: 65236
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fba57ea10-c30b-4188-bb72-b589f3564094.jpeg
200 OK 8.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fba57ea10-c30b-4188-bb72-b589f3564094.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 741ddfb19764ac9a77509e7e87cfbfb2
308c08784ce4a0757cbd112807555b83e17a1d56
e9271a76da94d8b655860c3b00d111396c5d3a227fd2f19e0ef400fd5e84d87e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fba57ea10-c30b-4188-bb72-b589f3564094.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8817
x-amzn-requestid: 33d3ca17-7878-4897-a634-5f626a64e820
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cJ40OEOqIAMFaOg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6380a1b4-040288d571fc10b96d893fa4;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 11:06:28 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: f_U8KSYET6kaKAPbEV7sHW0tO6JGijsqUvghniwzFCRd2YGQjVlFoA==
via: 1.1 f313d3df80c4dab8f5399614116801cc.cloudfront.net (CloudFront), 1.1 7022a5bbf9872d4a09d63e6cdb457dfe.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 10:16:35 GMT
age: 19975
etag: "308c08784ce4a0757cbd112807555b83e17a1d56"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff0b2959f-9d1d-41c7-a7c1-b9f52a7766ac.jpeg
200 OK 7.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff0b2959f-9d1d-41c7-a7c1-b9f52a7766ac.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 76c00eceed956377d7469ef58b0815cb
97a135335f5b1b042adeb385718f8808cb78528b
81fb72ab752b2eb39ab6ee015055304490b3b6c3259968703fd07c2a2eed1e61
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff0b2959f-9d1d-41c7-a7c1-b9f52a7766ac.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7380
x-amzn-requestid: 18589644-299c-4a39-9376-db1bd1472009
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cOo4iEegIAMFeuQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63828836-23990acc0fdc599a75a534e3;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 21:42:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: RqsZxAtbOkWBGbXJ3sZHxcS-ZvWOw7Yg2Qd4zj0QLhrp3wAXC8w6jA==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 21:42:14 GMT
etag: "97a135335f5b1b042adeb385718f8808cb78528b"
content-type: image/jpeg
age: 65236
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
bedrapiona.com/5/5308373/?oo=1&js_build=iclick-v1.454.0
200 OK 1.4 kB URL HTTP/2 bedrapiona.com/5/5308373/?oo=1&js_build=iclick-v1.454.0
IP
Hash 1a1ec151f52afa545b5f003f0221270e
0b2d5bd887c85d2dd04a4b32105a28d7bab48933
925bfe60c376efa1b4d6a60d1cdc85bb2c0f3ecce5f58d616cb52aaaf832adeb
GET /5/5308373/?oo=1&js_build=iclick-v1.454.0 HTTP/1.1
Host: bedrapiona.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bitcoinmonthlyreturn.com
Connection: keep-alive
Referer: https://bitcoinmonthlyreturn.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 15:49:30 GMT
content-type: application/json
x-trace-id: c34b6bb309c63c2cedf078b76669db15
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
access-control-allow-origin: https://bitcoinmonthlyreturn.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=af81a9dece074fa19593052f768f9e9e; expires=Mon, 27 Nov 2023 15:49:30 GMT; path=/; secure; SameSite=None
oaidts=1669564170; expires=Mon, 27 Nov 2023 15:49:30 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa57bc6cf-beaa-443b-9756-cf26e4fe3767.jpeg
200 OK 7.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa57bc6cf-beaa-443b-9756-cf26e4fe3767.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2212cf75f99dc67fd45db47f7101d754
4b4a8c8e8aeccfff25d2748720dcef8fed287126
7b2d2e302faba8f273b51031fa48b444cb7839733b90e8c9d077ca63637320d8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa57bc6cf-beaa-443b-9756-cf26e4fe3767.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6954
x-amzn-requestid: 94a02687-72f2-4796-a7ea-d3f28b412566
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b1jHpGBVIAMFsSg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63787efd-22666b18283ae59b1348bf47;Sampled=0
x-amzn-remapped-date: Sat, 19 Nov 2022 07:00:13 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: feZayJeKq9jWHQ-rjutNr6buIjLVeIdY0A_ZeGo6NKgoQ6BBT3XQaw==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 0906d4887f6625f4a4467d8d4fd268d2.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 22:22:57 GMT
age: 62793
etag: "4b4a8c8e8aeccfff25d2748720dcef8fed287126"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F34752db1-0be8-4784-9fa0-41e828e40e06.jpeg
200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F34752db1-0be8-4784-9fa0-41e828e40e06.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1db6041a0bdb2319ae85afcc30caaeec
3b0ec6a7188dadf986f72fda8110296d9abd6f35
05f1f9b7834e7268dc34e3233434217f58cb68ee43a403cd08d0bb0ab4f37815
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F34752db1-0be8-4784-9fa0-41e828e40e06.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13049
x-amzn-requestid: 2755f206-af23-4597-b4b9-7dae5001d6be
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cBsvpHDJoAMFhFQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637d5b30-600008f573bd7e0024585eb1;Sampled=0
x-amzn-remapped-date: Tue, 22 Nov 2022 23:28:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: y0ofyT6UcPjB8mfRR1VMjHSTW64Qb_EQ0rrjsOdbby1CG-xMIFJMPw==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 21:49:19 GMT
age: 64811
etag: "3b0ec6a7188dadf986f72fda8110296d9abd6f35"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
platform.twitter.com/widgets.js
200 OK 29 kB URL HTTP/1.1 platform.twitter.com/widgets.js
IP
File type Unicode text, UTF-8 text, with very long lines (33915)
Hash 7899fffaf0046efb7f9be2495d9dc928
d4c60d88e8deea577a50f9d20e1b6b3a20cba2cf
07d50450f22df0588cc1b67f5a124cb91d99a032a229586eb7dc490cce9f7f30
GET /widgets.js HTTP/1.1
Host: platform.twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bitcoinmonthlyreturn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 3000
Age: 987
Cache-Control: public, max-age=1800
Content-Type: application/javascript; charset=utf-8
Date: Sun, 27 Nov 2022 15:49:31 GMT
Etag: "6633f9603c759c40d9b200995454f17c+gzip"
Last-Modified: Wed, 02 Nov 2022 19:43:37 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (ska/F707)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ,edge;dur=1
Vary: Accept-Encoding
x-amzn-internal-status: 304
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 29221
www.google-analytics.com/analytics.js
200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bitcoinmonthlyreturn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Sun, 27 Nov 2022 14:41:08 GMT
expires: Sun, 27 Nov 2022 16:41:08 GMT
cache-control: public, max-age=7200
age: 4103
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 770555aa8a0a52c611bafb289ca8a650
62504cadc49747f328e3c31ad3aa7a740043072c
6317c8530220392b1339be640b8c1181c468ff8e3f3d1d5692b39cb32404216f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 15:49:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
bitcoinmonthlyreturn.com/favicon.ico?v=4
200 OK 203 kB URL HTTP/2 bitcoinmonthlyreturn.com/favicon.ico?v=4
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type MS Windows icon resource - 10 icons, 16x16, 32 bits/pixel, 24x24, 32 bits/pixel\012- data
Size 203 kB (202558 bytes)
Hash b05a1b5418efdea60f595c3acacb6fcb
0d1f28dff270538df220d0dce8f7951f55cb2884
10e9a9e22e7fe81984aef9f90e33913383ca1cc76beaf648e52e7cbee327c67d
Analyzer Verdict Alert fortinet Phishing
GET /favicon.ico?v=4 HTTP/1.1
Host: bitcoinmonthlyreturn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bitcoinmonthlyreturn.com/
Cookie: XSRF-TOKEN=eyJpdiI6Ik0rd05ibUdPd2gyeldydEpZdXU4UXc9PSIsInZhbHVlIjoiNTNDRjdBanVvelh0UnFoWWFDZk5xbXQzYklxamd0N2VsVzNxTFpualE0MmVaU0kxNlU1QnM5bG1sTlJ4WDFjdDhjVFdQUmdJcDltcStXTVR6dnFIbnk3Y1FRaC9oQm1Ielo2d3RkMS8zZmd6ejZqRTlsKzB3aHRQRDQxMTFKQVUiLCJtYWMiOiI4NDM4YWYzOTU0ZTg5MTlmMmI4OWE5NzBmMzg2ZjcyNjVjZmM2YmZmMTBmM2RlMjJlYmUzOTRlODVkYTJhMmE2In0%3D; monthly_return_session=eyJpdiI6Ik1aK2RaRFNCdmZlb1FENk9XNUtiK0E9PSIsInZhbHVlIjoiay9lRHRKODUyOHZKTGNiSEo2YmNOZXE4ZmRnNlJkdHdpc3ZMN1Eva0VRSHBDbGZxZFFycjhNeVJXYjRBZXVndURiL1lXTkIzUDNYRjBlUndyNHEwVGMySTlCdDZtaE5ZRGJYVFJ3aGljUWp1Y0dQcXdiUVJ4Z0c3L3BvUjA4eUsiLCJtYWMiOiI5YTM2ZDYzNzZmNGUzNWIwMjdkNGZlYTQ2NzljNzI5NzRkOGY1N2IwNjA1NWQzMzYzYTk1NzFiNDYyMzAwNDMwIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 15:49:31 GMT
server: Apache
content-type: image/x-icon
content-length: 202558
last-modified: Thu, 01 Sep 2022 05:55:15 GMT
accept-ranges: bytes
cache-control: max-age=604800
expires: Sun, 04 Dec 2022 15:49:31 GMT
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-server-cache: false
X-Firefox-Spdy: h2
pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-3748834823236410
200 OK 49 kB URL HTTP/2 pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-3748834823236410
IP
File type ASCII text, with very long lines (4885)
Hash 5d6e425bd5f96306d78e892997a29145
501184fbe18192ef521081abc187210247a2c191
b779e61dca35799584dcbd6b9e8448675cd3f505fd9d17bfb88cc94c8f9a14e0
GET /pagead/js/adsbygoogle.js?client=ca-pub-3748834823236410 HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bitcoinmonthlyreturn.com
Connection: keep-alive
Referer: https://bitcoinmonthlyreturn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sun, 27 Nov 2022 15:49:31 GMT
expires: Sun, 27 Nov 2022 15:49:31 GMT
cache-control: private, max-age=3600
content-type: text/javascript; charset=UTF-8
etag: 16158154818233502064
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 49148
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 770555aa8a0a52c611bafb289ca8a650
62504cadc49747f328e3c31ad3aa7a740043072c
6317c8530220392b1339be640b8c1181c468ff8e3f3d1d5692b39cb32404216f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 15:49:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
my.rtmark.net/gid.js?userId=i1mi165834lt365856039o3i1gvtn395
200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?userId=i1mi165834lt365856039o3i1gvtn395
IP
File type JSON data\012- , ASCII text
Hash e1b3bff80072477909f7e8ddf5d2e984
6e711a695898652398bc3140434dd707d8fd96c2
7b95d566c5fe793c38d0472f587b656af0b8a6f9828dbe6e01de0215b802652b
GET /gid.js?userId=i1mi165834lt365856039o3i1gvtn395 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bitcoinmonthlyreturn.com
Connection: keep-alive
Referer: https://bitcoinmonthlyreturn.com/
Cookie: ID=af81a9dece074fa19593052f768f9e9e
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 15:49:31 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://bitcoinmonthlyreturn.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=af81a9dece074fa19593052f768f9e9e; expires=Mon, 27 Nov 2023 15:49:31 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
platform.twitter.com/widgets/widget_iframe.644279d1635fd969e87af94a98bd232b.html?origin=https%3A%2F%2Fbitcoinmonthlyreturn.com
200 OK 105 kB URL HTTP/1.1 platform.twitter.com/widgets/widget_iframe.644279d1635fd969e87af94a98bd232b.html?origin=https%3A%2F%2Fbitcoinmonthlyreturn.com
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (56168)
Size 105 kB (105445 bytes)
Hash 2b4968b185495eddda0d85b2351ebb71
c665785ca0f4039f8c71d94631cd50a879d866b5
eb8af089d8082a58a6e90fedc23007f17a9e89ddbc6a29b6e535e4847ba94160
GET /widgets/widget_iframe.644279d1635fd969e87af94a98bd232b.html?origin=https%3A%2F%2Fbitcoinmonthlyreturn.com HTTP/1.1
Host: platform.twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bitcoinmonthlyreturn.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 2136518
Cache-Control: public, max-age=315360000
Content-Type: text/html; charset=utf-8
Date: Sun, 27 Nov 2022 15:49:31 GMT
Etag: "50d73c0b4a4c7e4697b9c6ac6f1ecd75+gzip"
Last-Modified: Wed, 02 Nov 2022 19:36:59 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (ska/F71D)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=,edge;dur=1
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 105445
googleads.g.doubleclick.net/pagead/html/r20221110/r20190131/zrt_lookup.html
200 OK 4.2 kB URL HTTP/2 googleads.g.doubleclick.net/pagead/html/r20221110/r20190131/zrt_lookup.html
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2579)
Hash 2fb3574102373e2e076cfa2ff90cdf25
d06c985183def975546d6e47ab6369c11dcf7195
e61cbc207f7fc2f429deceff11e7a339a3d9a9574da6d035054eba02ee381345
GET /pagead/html/r20221110/r20190131/zrt_lookup.html HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bitcoinmonthlyreturn.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 4242
x-xss-protection: 0
date: Sun, 27 Nov 2022 10:25:42 GMT
expires: Sun, 11 Dec 2022 10:25:42 GMT
cache-control: public, max-age=1209600
age: 19429
etag: 10353107486223812946
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
my.rtmark.net/gid.js?userId=i1mi165834lt365856039o3i1gvtn395
200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?userId=i1mi165834lt365856039o3i1gvtn395
IP
File type JSON data\012- , ASCII text
Hash e1b3bff80072477909f7e8ddf5d2e984
6e711a695898652398bc3140434dd707d8fd96c2
7b95d566c5fe793c38d0472f587b656af0b8a6f9828dbe6e01de0215b802652b
GET /gid.js?userId=i1mi165834lt365856039o3i1gvtn395 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bitcoinmonthlyreturn.com
Connection: keep-alive
Referer: https://bitcoinmonthlyreturn.com/
Cookie: ID=af81a9dece074fa19593052f768f9e9e
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 15:49:31 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://bitcoinmonthlyreturn.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=af81a9dece074fa19593052f768f9e9e; expires=Mon, 27 Nov 2023 15:49:31 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 314 B IP
Hash 6e7a9737056c0944fb160616617816b7
ef02228d621f14f18ad967641ece868a680625bf
2522de4f2972e4feabfb37dce08f6d6bc684d927ff2cac3a5ad4c1945241d3e3
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5408
Cache-Control: max-age=139623
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 15:49:31 GMT
Etag: "6382f052-13a"
Expires: Tue, 29 Nov 2022 06:36:34 GMT
Last-Modified: Sun, 27 Nov 2022 05:06:26 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 314
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-151892505-1&cid=2082625415.1669564171&jid=244751162&gjid=1526143044&_gid=1543175364.1669564171&_u=YEBAAUAAAAAAACAAI~&z=1755605916
200 OK 4 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-151892505-1&cid=2082625415.1669564171&jid=244751162&gjid=1526143044&_gid=1543175364.1669564171&_u=YEBAAUAAAAAAACAAI~&z=1755605916
IP
File type ASCII text, with no line terminators
Hash 48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-151892505-1&cid=2082625415.1669564171&jid=244751162&gjid=1526143044&_gid=1543175364.1669564171&_u=YEBAAUAAAAAAACAAI~&z=1755605916 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://bitcoinmonthlyreturn.com
Connection: keep-alive
Referer: https://bitcoinmonthlyreturn.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://bitcoinmonthlyreturn.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sun, 27 Nov 2022 15:49:31 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash d3c9b092aee5820bdab6595daad65d61
89e983faeedf25b3e15696f9bf6dbf76feb07868
58d24c4dde4a578c2c0191a19a5a42bdcb5be03b21a1907f60c8deaee78b7331
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 15:49:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 9f6cc8d3fe9092a6d3901e873a87fd87
2e0aac117a4cc57596efb3d6f6624c269f94b031
e73982e62b92abac3d15b161f4525448cc2bc8b9bacefdcbfc6f87b74ec372e4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 15:49:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.googleapis.com/css?family=Nunito
200 OK 533 B URL HTTP/2 fonts.googleapis.com/css?family=Nunito
IP
Hash d52df4c1d879290378e4a36e587e85e8
b110077cd249b4a3b116885818ffdc73e8c0b435
2e721dd97bd64fff1ca3a15f9ef351a2ee72bdea19f1121cfea85ea2d8e69baf
GET /css?family=Nunito HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bitcoinmonthlyreturn.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 27 Nov 2022 15:49:29 GMT
date: Sun, 27 Nov 2022 15:49:29 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-151892505-1&cid=2082625415.1669564171&jid=244751162&_u=YEBAAUAAAAAAACAAI~&z=1860225213
200 OK 42 B URL HTTP/2 www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-151892505-1&cid=2082625415.1669564171&jid=244751162&_u=YEBAAUAAAAAAACAAI~&z=1860225213
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-151892505-1&cid=2082625415.1669564171&jid=244751162&_u=YEBAAUAAAAAAACAAI~&z=1860225213 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bitcoinmonthlyreturn.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 27 Nov 2022 15:49:31 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
syndication.twitter.com/settings?session_id=967bb802722ef11c663df305217e9baaca7145f3
200 OK 374 B URL HTTP/2 syndication.twitter.com/settings?session_id=967bb802722ef11c663df305217e9baaca7145f3
IP
File type JSON data\012- , ASCII text, with very long lines (913), with no line terminators
Hash 925c2a7587f39436ea29513221652474
695b7f2f3d99f407bcdfd0b372db0e28193cc60c
62e36e14e5c219119cb51c3cdf43a2005512a1bd6ebf2d68d0c610a2e6e3ef0f
GET /settings?session_id=967bb802722ef11c663df305217e9baaca7145f3 HTTP/1.1
Host: syndication.twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://platform.twitter.com/
Origin: https://platform.twitter.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Sun, 27 Nov 2022 15:49:31 GMT
perf: 7626143928
vary: Origin
server: tsa_o
content-type: application/json; charset=utf-8
cache-control: must-revalidate, max-age=600
last-modified: Sun, 27 Nov 2022 15:49:31 GMT
content-length: 374
content-encoding: gzip
x-transaction-id: b1220f512ff002b2
strict-transport-security: max-age=631138519
access-control-allow-origin: https://platform.twitter.com
access-control-allow-credentials: true
x-response-time: 112
x-connection-hash: 0afcc83a1cf3bc03ddc24a4d21a68c173cde0e0a9fb7f55b78ac9645a5873182
X-Firefox-Spdy: h2
platform.twitter.com/js/horizon_timeline.5b32f06df3f1186af2ebf11024b09726.js
200 OK 3.0 kB URL HTTP/1.1 platform.twitter.com/js/horizon_timeline.5b32f06df3f1186af2ebf11024b09726.js
IP
File type Unicode text, UTF-8 text, with very long lines (8274), with no line terminators
Hash 9dcf6c8cba8fe3e8cb99b94ee63af2d5
ec132eb470954fdf2ff629d8344942b47ce4a5d1
2783e866faf68e4f6bc1775136ac1fa7b05d4adc7522f350763eb09a0e91b80d
GET /js/horizon_timeline.5b32f06df3f1186af2ebf11024b09726.js HTTP/1.1
Host: platform.twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bitcoinmonthlyreturn.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 2136518
Cache-Control: public, max-age=315360000
Content-Type: application/javascript; charset=utf-8
Date: Sun, 27 Nov 2022 15:49:31 GMT
Etag: "be517337a860b30e72096680d8dde0eb+gzip"
Last-Modified: Wed, 02 Nov 2022 19:36:52 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (ska/F71C)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ,edge;dur=1
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 2977
ocsp.pki.goog/gts1c3
200 OK 471 B IP
Hash d3c9b092aee5820bdab6595daad65d61
89e983faeedf25b3e15696f9bf6dbf76feb07868
58d24c4dde4a578c2c0191a19a5a42bdcb5be03b21a1907f60c8deaee78b7331
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 15:49:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash 88e42375d2172305f819b892225cf877
674324641f82700172e72fe259ee2241361e2ea1
6dce3754a67df878b536c368657a492a1f908d408fe7fe5ba43c5d24c44434b3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 15:49:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
syndication.twitter.com/i/jot/embeds?l=%7B%22experiment_key%22%3A%22tfw_horizon_timeline_12034%22%2C%22bucket%22%3A%22treatment%22%2C%22version%22%3Anull%2C%22data%22%3A%7B%7D%2C%22context%22%3A%22rufous-eol%22%2C%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1669564171651%2C%22dnt%22%3Afalse%2C%22client_version%22%3A%22a3525f077c700%3A1667415560940%22%2C%22format_version%22%3A1%2C%22widget_origin%22%3A%22%22%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22ddg%22%2C%22section%22%3A%22tfw_horizon_timeline_12034%22%2C%22action%22%3A%22experiment%22%7D%7D&session_id=967bb802722ef11c663df305217e9baaca7145f3
200 OK 43 B URL HTTP/2 syndication.twitter.com/i/jot/embeds?l=%7B%22experiment_key%22%3A%22tfw_horizon_timeline_12034%22%2C%22bucket%22%3A%22treatment%22%2C%22version%22%3Anull%2C%22data%22%3A%7B%7D%2C%22context%22%3A%22rufous-eol%22%2C%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1669564171651%2C%22dnt%22%3Afalse%2C%22client_version%22%3A%22a3525f077c700%3A1667415560940%22%2C%22format_version%22%3A1%2C%22widget_origin%22%3A%22%22%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22ddg%22%2C%22section%22%3A%22tfw_horizon_timeline_12034%22%2C%22action%22%3A%22experiment%22%7D%7D&session_id=967bb802722ef11c663df305217e9baaca7145f3
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash 377d257f2d2e294916143c069141c1c5
b7cae69682cf31dd670b65088db8395acda6ed3e
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
GET /i/jot/embeds?l=%7B%22experiment_key%22%3A%22tfw_horizon_timeline_12034%22%2C%22bucket%22%3A%22treatment%22%2C%22version%22%3Anull%2C%22data%22%3A%7B%7D%2C%22context%22%3A%22rufous-eol%22%2C%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1669564171651%2C%22dnt%22%3Afalse%2C%22client_version%22%3A%22a3525f077c700%3A1667415560940%22%2C%22format_version%22%3A1%2C%22widget_origin%22%3A%22%22%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22ddg%22%2C%22section%22%3A%22tfw_horizon_timeline_12034%22%2C%22action%22%3A%22experiment%22%7D%7D&session_id=967bb802722ef11c663df305217e9baaca7145f3 HTTP/1.1
Host: syndication.twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bitcoinmonthlyreturn.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 15:49:31 GMT
perf: 7626143928
vary: Origin
server: tsa_o
content-type: image/gif
cache-control: must-revalidate, max-age=600
last-modified: Sun, 27 Nov 2022 15:49:32 GMT
content-length: 43
x-transaction-id: 6e4f0c209644c46e
strict-transport-security: max-age=631138519
x-response-time: 115
x-connection-hash: 0afcc83a1cf3bc03ddc24a4d21a68c173cde0e0a9fb7f55b78ac9645a5873182
X-Firefox-Spdy: h2
syndication.twitter.com/srv/timeline-profile/screen-name/BitcoinMonthlyR?dnt=false&embedId=twitter-widget-0&features=eyJ0ZndfdGltZWxpbmVfbGlzdCI6eyJidWNrZXQiOlsibGlua3RyLmVlIiwidHIuZWUiLCJ0ZXJyYS5jb20uYnIiLCJ3d3cubGlua3RyLmVlIiwid3d3LnRyLmVlIiwid3d3LnRlcnJhLmNvbS5iciJdLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdGltZWxpbmVfMTIwMzQiOnsiYnVja2V0IjoidHJlYXRtZW50IiwidmVyc2lvbiI6bnVsbH0sInRmd190d2VldF9lZGl0X2JhY2tlbmQiOnsiYnVja2V0Ijoib24iLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3JlZnNyY19zZXNzaW9uIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19jaGluX3BpbGxzXzE0NzQxIjp7ImJ1Y2tldCI6ImNvbG9yX2ljb25zIiwidmVyc2lvbiI6bnVsbH0sInRmd190d2VldF9yZXN1bHRfbWlncmF0aW9uXzEzOTc5Ijp7ImJ1Y2tldCI6InR3ZWV0X3Jlc3VsdCIsInZlcnNpb24iOm51bGx9LCJ0Zndfc2Vuc2l0aXZlX21lZGlhX2ludGVyc3RpdGlhbF8xMzk2MyI6eyJidWNrZXQiOiJpbnRlcnN0aXRpYWwiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2V4cGVyaW1lbnRzX2Nvb2tpZV9leHBpcmF0aW9uIjp7ImJ1Y2tldCI6MTIwOTYwMCwidmVyc2lvbiI6bnVsbH0sInRmd19kdXBsaWNhdGVfc2NyaWJlc190b19zZXR0aW5ncyI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfdmlkZW9faGxzX2R5bmFtaWNfbWFuaWZlc3RzXzE1MDgyIjp7ImJ1Y2tldCI6InRydWVfYml0cmF0ZSIsInZlcnNpb24iOm51bGx9LCJ0Zndfc2hvd19ibHVlX3ZlcmlmaWVkX2JhZGdlIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd190d2VldF9lZGl0X2Zyb250ZW5kIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideBorder=false&hideFooter=false&hideHeader=false&hideScrollBar=false&lang=en&maxHeight=280px&origin=https%3A%2F%2Fbitcoinmonthlyreturn.com%2F&sessionId=967bb802722ef11c663df305217e9baaca7145f3&showHeader=true&showReplies=false&theme=dark&transparent=false&widgetsVersion=a3525f077c700%3A1667415560940
200 OK 12 kB URL HTTP/2 syndication.twitter.com/srv/timeline-profile/screen-name/BitcoinMonthlyR?dnt=false&embedId=twitter-widget-0&features=eyJ0ZndfdGltZWxpbmVfbGlzdCI6eyJidWNrZXQiOlsibGlua3RyLmVlIiwidHIuZWUiLCJ0ZXJyYS5jb20uYnIiLCJ3d3cubGlua3RyLmVlIiwid3d3LnRyLmVlIiwid3d3LnRlcnJhLmNvbS5iciJdLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdGltZWxpbmVfMTIwMzQiOnsiYnVja2V0IjoidHJlYXRtZW50IiwidmVyc2lvbiI6bnVsbH0sInRmd190d2VldF9lZGl0X2JhY2tlbmQiOnsiYnVja2V0Ijoib24iLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3JlZnNyY19zZXNzaW9uIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19jaGluX3BpbGxzXzE0NzQxIjp7ImJ1Y2tldCI6ImNvbG9yX2ljb25zIiwidmVyc2lvbiI6bnVsbH0sInRmd190d2VldF9yZXN1bHRfbWlncmF0aW9uXzEzOTc5Ijp7ImJ1Y2tldCI6InR3ZWV0X3Jlc3VsdCIsInZlcnNpb24iOm51bGx9LCJ0Zndfc2Vuc2l0aXZlX21lZGlhX2ludGVyc3RpdGlhbF8xMzk2MyI6eyJidWNrZXQiOiJpbnRlcnN0aXRpYWwiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2V4cGVyaW1lbnRzX2Nvb2tpZV9leHBpcmF0aW9uIjp7ImJ1Y2tldCI6MTIwOTYwMCwidmVyc2lvbiI6bnVsbH0sInRmd19kdXBsaWNhdGVfc2NyaWJlc190b19zZXR0aW5ncyI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfdmlkZW9faGxzX2R5bmFtaWNfbWFuaWZlc3RzXzE1MDgyIjp7ImJ1Y2tldCI6InRydWVfYml0cmF0ZSIsInZlcnNpb24iOm51bGx9LCJ0Zndfc2hvd19ibHVlX3ZlcmlmaWVkX2JhZGdlIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd190d2VldF9lZGl0X2Zyb250ZW5kIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideBorder=false&hideFooter=false&hideHeader=false&hideScrollBar=false&lang=en&maxHeight=280px&origin=https%3A%2F%2Fbitcoinmonthlyreturn.com%2F&sessionId=967bb802722ef11c663df305217e9baaca7145f3&showHeader=true&showReplies=false&theme=dark&transparent=false&widgetsVersion=a3525f077c700%3A1667415560940
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (65344), with no line terminators
Hash 22e05956dbe5b7279ba154d96715ff55
2a1f797a0cc0a9fb59ee61464cb2a15b3427c47b
e055dab798852eb0af260a772dac85646a14efb27ec3fe80fcb322294e115a7d
GET /srv/timeline-profile/screen-name/BitcoinMonthlyR?dnt=false&embedId=twitter-widget-0&features=eyJ0ZndfdGltZWxpbmVfbGlzdCI6eyJidWNrZXQiOlsibGlua3RyLmVlIiwidHIuZWUiLCJ0ZXJyYS5jb20uYnIiLCJ3d3cubGlua3RyLmVlIiwid3d3LnRyLmVlIiwid3d3LnRlcnJhLmNvbS5iciJdLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdGltZWxpbmVfMTIwMzQiOnsiYnVja2V0IjoidHJlYXRtZW50IiwidmVyc2lvbiI6bnVsbH0sInRmd190d2VldF9lZGl0X2JhY2tlbmQiOnsiYnVja2V0Ijoib24iLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3JlZnNyY19zZXNzaW9uIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd19jaGluX3BpbGxzXzE0NzQxIjp7ImJ1Y2tldCI6ImNvbG9yX2ljb25zIiwidmVyc2lvbiI6bnVsbH0sInRmd190d2VldF9yZXN1bHRfbWlncmF0aW9uXzEzOTc5Ijp7ImJ1Y2tldCI6InR3ZWV0X3Jlc3VsdCIsInZlcnNpb24iOm51bGx9LCJ0Zndfc2Vuc2l0aXZlX21lZGlhX2ludGVyc3RpdGlhbF8xMzk2MyI6eyJidWNrZXQiOiJpbnRlcnN0aXRpYWwiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2V4cGVyaW1lbnRzX2Nvb2tpZV9leHBpcmF0aW9uIjp7ImJ1Y2tldCI6MTIwOTYwMCwidmVyc2lvbiI6bnVsbH0sInRmd19kdXBsaWNhdGVfc2NyaWJlc190b19zZXR0aW5ncyI6eyJidWNrZXQiOiJvbiIsInZlcnNpb24iOm51bGx9LCJ0ZndfdmlkZW9faGxzX2R5bmFtaWNfbWFuaWZlc3RzXzE1MDgyIjp7ImJ1Y2tldCI6InRydWVfYml0cmF0ZSIsInZlcnNpb24iOm51bGx9LCJ0Zndfc2hvd19ibHVlX3ZlcmlmaWVkX2JhZGdlIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH0sInRmd190d2VldF9lZGl0X2Zyb250ZW5kIjp7ImJ1Y2tldCI6Im9uIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideBorder=false&hideFooter=false&hideHeader=false&hideScrollBar=false&lang=en&maxHeight=280px&origin=https%3A%2F%2Fbitcoinmonthlyreturn.com%2F&sessionId=967bb802722ef11c663df305217e9baaca7145f3&showHeader=true&showReplies=false&theme=dark&transparent=false&widgetsVersion=a3525f077c700%3A1667415560940 HTTP/1.1
Host: syndication.twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bitcoinmonthlyreturn.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 27 Nov 2022 15:49:32 GMT
etag: "1e9a2-94hHubl//yzfFFesn1UhmF6VVro"
perf: 7626143928
server: tsa_o
content-type: text/html; charset=utf-8
cache-control: must-revalidate, max-age=60
x-transaction-id: eef921fe6fce91fa
x-xss-protection: 0
strict-transport-security: max-age=631138519
content-encoding: gzip
content-length: 12535
x-response-time: 729
x-connection-hash: 0afcc83a1cf3bc03ddc24a4d21a68c173cde0e0a9fb7f55b78ac9645a5873182
X-Firefox-Spdy: h2
platform.twitter.com/_next/static/chunks/runtime-a148fbcbc5efcd91d3a7.js
200 OK 2.1 kB URL HTTP/1.1 platform.twitter.com/_next/static/chunks/runtime-a148fbcbc5efcd91d3a7.js
IP
File type ASCII text, with very long lines (3835), with no line terminators
Hash a7a94df486e306b619ab921142d234e2
1386bcf32860c146b6b7d912b92a540662cc7361
f4de548de8d166e7872adeefa8e8345f952b9001b40ca56622cd40033a34bf22
GET /_next/static/chunks/runtime-a148fbcbc5efcd91d3a7.js HTTP/1.1
Host: platform.twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://syndication.twitter.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 2059245
Cache-Control: public, max-age=315360000
Content-Type: application/javascript; charset=utf-8
Date: Sun, 27 Nov 2022 15:49:32 GMT
Etag: "581beb14123ea389fe5c0fe24167fe0a+gzip"
Last-Modified: Thu, 03 Nov 2022 19:46:26 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (ska/F71B)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=,edge;dur=1
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 2097
platform.twitter.com/_next/static/chunks/modules.c7def0268c66f6a548ed.js
200 OK 96 kB URL HTTP/1.1 platform.twitter.com/_next/static/chunks/modules.c7def0268c66f6a548ed.js
IP
File type ASCII text, with very long lines (65536), with no line terminators
Hash 12bea7ea22b3c50f7f37f5e605e78430
5e7542f91bcaab2eb202fc8b19f53f1d009bc199
67cf3d50c902dfdf90bcf12de4d3f32d23d2547e9e90566a9a41f95db671fad9
GET /_next/static/chunks/modules.c7def0268c66f6a548ed.js HTTP/1.1
Host: platform.twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://syndication.twitter.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 2136518
Cache-Control: public, max-age=315360000
Content-Type: application/javascript; charset=utf-8
Date: Sun, 27 Nov 2022 15:49:32 GMT
Etag: "51acddf0dbfab928b183f36c1ee67619+gzip"
Last-Modified: Wed, 28 Sep 2022 17:24:15 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (ska/F70E)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ,edge;dur=1
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 95749
platform.twitter.com/_next/static/chunks/pages/_app-446fb4a338b215deec8c.js
200 OK 668 B URL HTTP/1.1 platform.twitter.com/_next/static/chunks/pages/_app-446fb4a338b215deec8c.js
IP
File type ASCII text, with very long lines (1338), with no line terminators
Hash 79fd032d8d5d9fa6b966e0a2b0e5a3e1
092828885b8721858c80381d92622760aa6b2188
d08463c097b4b77e9db4acb6fdf01a44f3b80db66cd368c76185a363c9bf0863
GET /_next/static/chunks/pages/_app-446fb4a338b215deec8c.js HTTP/1.1
Host: platform.twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://syndication.twitter.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 2136519
Cache-Control: public, max-age=315360000
Content-Type: application/javascript; charset=utf-8
Date: Sun, 27 Nov 2022 15:49:32 GMT
Etag: "be3e428d416daa9027cecf70b5f26bf9+gzip"
Last-Modified: Wed, 28 Sep 2022 17:24:13 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (ska/F71D)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=,edge;dur=1
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 668
platform.twitter.com/_next/static/chunks/main-e9db78f5e7b3d83edd5e.js
200 OK 90 B URL HTTP/1.1 platform.twitter.com/_next/static/chunks/main-e9db78f5e7b3d83edd5e.js
IP
File type ASCII text, with no line terminators
Hash 8e33207e7b788da9abde5b6d33da0b00
23e48f1b412b3a0a406639f297fb6f4c4740efe8
80534a6e1ec41d37acec8be383f8d1112dbbeea31dd51ead47463095c13bff3a
GET /_next/static/chunks/main-e9db78f5e7b3d83edd5e.js HTTP/1.1
Host: platform.twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://syndication.twitter.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 2136519
Cache-Control: public, max-age=315360000
Content-Type: application/javascript; charset=utf-8
Date: Sun, 27 Nov 2022 15:49:32 GMT
Etag: "8e33207e7b788da9abde5b6d33da0b00"
Last-Modified: Wed, 28 Sep 2022 17:24:13 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (ska/F71A)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=,edge;dur=1
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 90
platform.twitter.com/_next/static/chunks/pages/timeline-profile/screen-name/%5BscreenName%5D-c8b4c96951cf24f547b4.js
200 OK 1.3 kB URL HTTP/1.1 platform.twitter.com/_next/static/chunks/pages/timeline-profile/screen-name/%5BscreenName%5D-c8b4c96951cf24f547b4.js
IP
File type ASCII text, with very long lines (13043), with no line terminators
Hash 9a40466b77e5f5f4a525cf508afee546
410eb7a6ee4ee31950b33844fd21efcc8850e3e0
aae2810ee062cd3d5a1d770d2f1b287c84d5ae6276c90914ab21c9cce6686538
GET /_next/static/chunks/pages/timeline-profile/screen-name/%5BscreenName%5D-c8b4c96951cf24f547b4.js HTTP/1.1
Host: platform.twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://syndication.twitter.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 2136518
Cache-Control: public, max-age=315360000
Content-Type: application/javascript; charset=utf-8
Date: Sun, 27 Nov 2022 15:49:32 GMT
Etag: "1efc61e416c7f4f293501e877fbec836+gzip"
Last-Modified: Wed, 28 Sep 2022 17:24:13 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (ska/F714)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=,edge;dur=1
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 1285
platform.twitter.com/_next/static/octaUlqc-A_Am4qAPnvU1/_buildManifest.js
200 OK 414 B URL HTTP/1.1 platform.twitter.com/_next/static/octaUlqc-A_Am4qAPnvU1/_buildManifest.js
IP
File type ASCII text, with very long lines (1208), with no line terminators
Hash 19e50b016c2418a8b7178a219a9fe03d
68c691a19558f28e9111b35f0c0f182addd31e3f
ff39afa732cf28797d8c7d8170b9e4dcc5ab8bcbd688b44be3dc0d82a5b3bbe4
GET /_next/static/octaUlqc-A_Am4qAPnvU1/_buildManifest.js HTTP/1.1
Host: platform.twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://syndication.twitter.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 2059245
Cache-Control: public, max-age=315360000
Content-Type: application/javascript; charset=utf-8
Date: Sun, 27 Nov 2022 15:49:32 GMT
Etag: "12a5a08767706f15b6b316996cd057c1+gzip"
Last-Modified: Thu, 03 Nov 2022 19:46:26 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (ska/F70D)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=,edge;dur=1
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 414
platform.twitter.com/_next/static/octaUlqc-A_Am4qAPnvU1/_ssgManifest.js
200 OK 76 B URL HTTP/1.1 platform.twitter.com/_next/static/octaUlqc-A_Am4qAPnvU1/_ssgManifest.js
IP
File type ASCII text, with no line terminators
Hash abee47769bf307639ace4945f9cfd4ff
c0a0dc51ee8a2852baf5ff30c33b1478ff302585
653f3e53e89b4f8548ff86c19e92bb3c6b84b6be7485a320b1e00893ed877479
GET /_next/static/octaUlqc-A_Am4qAPnvU1/_ssgManifest.js HTTP/1.1
Host: platform.twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://syndication.twitter.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 2059244
Cache-Control: public, max-age=315360000
Content-Type: application/javascript; charset=utf-8
Date: Sun, 27 Nov 2022 15:49:32 GMT
Etag: "abee47769bf307639ace4945f9cfd4ff"
Last-Modified: Thu, 03 Nov 2022 19:46:26 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (ska/F716)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=,edge;dur=1
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 76
platform.twitter.com/_next/static/chunks/13.65c62863b5d1aec3d279.js
200 OK 12 kB URL HTTP/1.1 platform.twitter.com/_next/static/chunks/13.65c62863b5d1aec3d279.js
IP
File type ASCII text, with very long lines (38097), with no line terminators
Hash 6f1f49e728d9b878cfa056a239c32cb1
43e501c9bcafe56b859f414521ae48e8d81ce658
39392ba895d16fed8dda86e09ab0ae9f443895fda3036f50384308e59b5e98bc
GET /_next/static/chunks/13.65c62863b5d1aec3d279.js HTTP/1.1
Host: platform.twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://syndication.twitter.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 2059244
Cache-Control: public, max-age=315360000
Content-Type: application/javascript; charset=utf-8
Date: Sun, 27 Nov 2022 15:49:32 GMT
Etag: "03a11df781dcaecf36e41e0b44708344+gzip"
Last-Modified: Thu, 03 Nov 2022 19:46:26 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (ska/F71C)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ,edge;dur=1
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 12015
platform.twitter.com/_next/static/chunks/2.691622e4391d1973cb65.js
200 OK 7.7 kB URL HTTP/1.1 platform.twitter.com/_next/static/chunks/2.691622e4391d1973cb65.js
IP
File type ASCII text, with very long lines (23122), with no line terminators
Hash 47db702890e40ec11a744a885b6724b9
8ad88841d05dc05ce69ee8d430728214dd82e981
c8f11861cf29a4bc87a1f04f8add61885cc2627e6fd35a0ad12c48acddbaecb6
GET /_next/static/chunks/2.691622e4391d1973cb65.js HTTP/1.1
Host: platform.twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://syndication.twitter.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 2136519
Cache-Control: public, max-age=315360000
Content-Type: application/javascript; charset=utf-8
Date: Sun, 27 Nov 2022 15:49:32 GMT
Etag: "942b5b928a24465d1906b4716131d896+gzip"
Last-Modified: Wed, 28 Sep 2022 17:24:13 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (ska/F712)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=,edge;dur=1
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 7674
platform.twitter.com/_next/static/chunks/4.87a72bcd1cc186518122.js
200 OK 1.3 kB URL HTTP/1.1 platform.twitter.com/_next/static/chunks/4.87a72bcd1cc186518122.js
IP
File type ASCII text, with very long lines (2558), with no line terminators
Hash 385597e7610afe03d76680534f29c35d
12280b5eef389f1e5a45b2b6ff7b21d1ca0b2f8f
ba66755ab4b673c2c028ddc2540308742f6287ae47243b6424df833c4ccd1be3
GET /_next/static/chunks/4.87a72bcd1cc186518122.js HTTP/1.1
Host: platform.twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://syndication.twitter.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 2059243
Cache-Control: public, max-age=315360000
Content-Type: application/javascript; charset=utf-8
Date: Sun, 27 Nov 2022 15:49:32 GMT
Etag: "ff2a4a029f711ed6f7dcb3f1f834609a+gzip"
Last-Modified: Thu, 03 Nov 2022 19:46:26 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (ska/F717)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=,edge;dur=1
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 1276
platform.twitter.com/_next/static/chunks/0.ad6e60829dfc07776f5e.js
200 OK 187 kB URL HTTP/1.1 platform.twitter.com/_next/static/chunks/0.ad6e60829dfc07776f5e.js
IP
File type ASCII text, with very long lines (65536), with no line terminators
Size 187 kB (187307 bytes)
Hash 0c9586da0105e26c179e1576b6ee4d4f
a6d8cd227714e168c5bde33c28114aa2a08bdd8c
03ece567f7bdc643d0f3cd1d64b35a2e09bf711667df1439b3a2a8a8cff308db
GET /_next/static/chunks/0.ad6e60829dfc07776f5e.js HTTP/1.1
Host: platform.twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://syndication.twitter.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 2059244
Cache-Control: public, max-age=315360000
Content-Type: application/javascript; charset=utf-8
Date: Sun, 27 Nov 2022 15:49:32 GMT
Etag: "f8a649284ac45133fc2c0b92defbd7b3+gzip"
Last-Modified: Thu, 03 Nov 2022 19:46:28 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (ska/F711)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=,edge;dur=1
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 187307
platform.twitter.com/_next/static/chunks/ondemand.Dropdown.8bc7f6ae41bfb038b2b2.js
200 OK 2.6 kB URL HTTP/1.1 platform.twitter.com/_next/static/chunks/ondemand.Dropdown.8bc7f6ae41bfb038b2b2.js
IP
File type ASCII text, with very long lines (6721), with no line terminators
Hash 49f5b55936cdab12275a31750ba532c6
e7319555785aae707edd8fe90066a8c047cf0e8d
e1e93c439ee51eb31aa6adcc7cc267331b66b6d5d16c3ce0463b167e947edbcd
GET /_next/static/chunks/ondemand.Dropdown.8bc7f6ae41bfb038b2b2.js HTTP/1.1
Host: platform.twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://syndication.twitter.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 2059244
Cache-Control: public, max-age=315360000
Content-Type: application/javascript; charset=utf-8
Date: Sun, 27 Nov 2022 15:49:33 GMT
Etag: "24b6ad17fef6a1d54596d62f11e5a2c6+gzip"
Last-Modified: Thu, 03 Nov 2022 19:46:26 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (ska/F705)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=,edge;dur=1
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 2624
abs-0.twimg.com/emoji/v2/svg/1f525.svg
200 OK 496 B URL HTTP/2 abs-0.twimg.com/emoji/v2/svg/1f525.svg
IP
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (822), with no line terminators
Hash 86a4b822aec109c562b67b24501b77f0
814cf2cce4cfe9892fbb43fcac8a66cd60811c36
42e702e299a6769e24e6a50b1bed3d44bc6303691a5385bff20f84983ff2c0b2
GET /emoji/v2/svg/1f525.svg HTTP/1.1
Host: abs-0.twimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://syndication.twitter.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
etag: "ZwaaE+AGNFzijsxYHy7RYg=="
expires: Fri, 10 Jun 2022 07:03:53 GMT
content-type: image/svg+xml
last-modified: Wed, 21 Feb 2018 22:31:06 GMT
content-encoding: gzip
timing-allow-origin: https://twitter.com, https://mobile.twitter.com
strict-transport-security: max-age=631138519
access-control-allow-origin: *
x-content-type-options: nosniff
accept-ranges: bytes
date: Sun, 27 Nov 2022 15:49:33 GMT
x-served-by: cache-fty21382-FTY, cache-bma1639-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
x-tw-cdn: FT
server-timing: x-cache;desc=HIT, x-tw-cdn;desc=FT
content-length: 496
X-Firefox-Spdy: h2
abs-0.twimg.com/emoji/v2/svg/1f319.svg
200 OK 343 B URL HTTP/2 abs-0.twimg.com/emoji/v2/svg/1f319.svg
IP
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (622), with no line terminators
Hash 889ad110c9d228e27d55778ae421d3c7
0283d062abe0af5d5929d31592ff5fd2caab5644
777a15b3691166223d748376f24d83949156fe7d2fe7b1ce772f01f10fee051d
GET /emoji/v2/svg/1f319.svg HTTP/1.1
Host: abs-0.twimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://syndication.twitter.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
etag: "5ZCKhkSwQD2f+Ej2Ti/8uw=="
expires: Thu, 16 Mar 2023 07:40:10 GMT
content-type: image/svg+xml
last-modified: Fri, 10 Aug 2018 17:43:50 GMT
content-encoding: gzip
timing-allow-origin: https://twitter.com, https://mobile.twitter.com
strict-transport-security: max-age=631138519
access-control-allow-origin: *
x-content-type-options: nosniff
accept-ranges: bytes
date: Sun, 27 Nov 2022 15:49:33 GMT
x-served-by: cache-fty21341-FTY, cache-bma1639-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
x-tw-cdn: FT
server-timing: x-cache;desc=HIT, x-tw-cdn;desc=FT
content-length: 343
X-Firefox-Spdy: h2
abs-0.twimg.com/emoji/v2/svg/1f680.svg
200 OK 402 B URL HTTP/2 abs-0.twimg.com/emoji/v2/svg/1f680.svg
IP
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (677), with no line terminators
Hash d7a6448104583ae123bcf4cb4c962376
a215b9b5b6227ff26114347d44ee05d4da7cf501
47ce886b7a8e9270cf99cd44aaceb9ebed3d2c98e21b23731d8f1e5f23410104
GET /emoji/v2/svg/1f680.svg HTTP/1.1
Host: abs-0.twimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://syndication.twitter.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
etag: "dI/w57Lx8ireythGPeJZRQ=="
expires: Fri, 09 Dec 2022 09:11:03 GMT
content-type: image/svg+xml
last-modified: Wed, 21 Feb 2018 22:31:11 GMT
content-encoding: gzip
timing-allow-origin: https://twitter.com, https://mobile.twitter.com
strict-transport-security: max-age=631138519
access-control-allow-origin: *
x-content-type-options: nosniff
accept-ranges: bytes
date: Sun, 27 Nov 2022 15:49:33 GMT
x-served-by: cache-fty21322-FTY, cache-bma1639-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
x-tw-cdn: FT
server-timing: x-cache;desc=HIT, x-tw-cdn;desc=FT
content-length: 402
X-Firefox-Spdy: h2
abs-0.twimg.com/emoji/v2/svg/1f469-200d-1f4bb.svg
200 OK 1.2 kB URL HTTP/2 abs-0.twimg.com/emoji/v2/svg/1f469-200d-1f4bb.svg
IP
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (2830), with no line terminators
Hash bcd144c8ea558757cbb7a48b2bad3e9f
609a4a808c3e5774f3d0333de5baa38b17276fb0
5d714fb99b26c9bacdb1215b2be4818c4db08785695b7693077681a11c3d624f
GET /emoji/v2/svg/1f469-200d-1f4bb.svg HTTP/1.1
Host: abs-0.twimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://syndication.twitter.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "bMJrKpnAEcLv6n2/Y40sLA=="
expires: Wed, 20 Sep 2023 05:43:30 GMT
content-type: image/svg+xml
last-modified: Wed, 21 Feb 2018 22:31:00 GMT
content-encoding: gzip
timing-allow-origin: https://twitter.com, https://mobile.twitter.com
strict-transport-security: max-age=631138519
access-control-allow-origin: *
x-content-type-options: nosniff
accept-ranges: bytes
date: Sun, 27 Nov 2022 15:49:33 GMT
x-served-by: cache-fty21367-FTY, cache-bma1639-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
x-tw-cdn: FT
server-timing: x-cache;desc=HIT, x-tw-cdn;desc=FT
content-length: 1177
X-Firefox-Spdy: h2
abs-0.twimg.com/emoji/v2/svg/1f468-200d-1f4bb.svg
200 OK 971 B URL HTTP/2 abs-0.twimg.com/emoji/v2/svg/1f468-200d-1f4bb.svg
IP
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (2314), with no line terminators
Hash f7b9ee6b348e17c67638370e2e73d212
b1012940d7560c4388add2d574af8b17735b2542
96449221722028a3cd32fba54aefbd6aef5d524486df091187bb07dc618243d6
GET /emoji/v2/svg/1f468-200d-1f4bb.svg HTTP/1.1
Host: abs-0.twimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://syndication.twitter.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
etag: "AB7mgfoT85tEdevxOaesZA=="
expires: Wed, 23 Aug 2023 08:52:25 GMT
content-type: image/svg+xml
last-modified: Wed, 21 Feb 2018 22:30:58 GMT
content-encoding: gzip
timing-allow-origin: https://twitter.com, https://mobile.twitter.com
strict-transport-security: max-age=631138519
access-control-allow-origin: *
x-content-type-options: nosniff
accept-ranges: bytes
date: Sun, 27 Nov 2022 15:49:33 GMT
x-served-by: cache-fty21342-FTY, cache-bma1639-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
x-tw-cdn: FT
server-timing: x-cache;desc=HIT, x-tw-cdn;desc=FT
content-length: 971
X-Firefox-Spdy: h2
abs-0.twimg.com/emoji/v2/svg/2728.svg
200 OK 508 B URL HTTP/2 abs-0.twimg.com/emoji/v2/svg/2728.svg
IP
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1052), with no line terminators
Hash e96e946a645421ed7c388aef591f5ae5
1c04b4e5069c5b272bb9761f5a523d3a80362b89
656311abe6553cf0e632864eb6f9f2d19cf9f0c2c70ba6af7d2be0c1951b63a5
GET /emoji/v2/svg/2728.svg HTTP/1.1
Host: abs-0.twimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://syndication.twitter.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
content-encoding: gzip
content-type: image/svg+xml
etag: "6CCjBscyuQUVmJ2tqZlalw=="
expires: Fri, 10 Jun 2022 07:55:48 GMT
last-modified: Wed, 21 Feb 2018 22:32:28 GMT
perf: 6
strict-transport-security: max-age=631138519
timing-allow-origin: https://twitter.com, https://mobile.twitter.com
x-transaction-id: 0035bfb500065131
x-content-type-options: nosniff
accept-ranges: bytes
date: Sun, 27 Nov 2022 15:49:33 GMT
x-served-by: cache-fty21364-FTY, cache-bma1639-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
x-tw-cdn: FT
server-timing: x-cache;desc=HIT, x-tw-cdn;desc=FT
content-length: 508
X-Firefox-Spdy: h2
abs-0.twimg.com/emoji/v2/svg/1f389.svg
200 OK 1.4 kB URL HTTP/2 abs-0.twimg.com/emoji/v2/svg/1f389.svg
IP
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (3153), with no line terminators
Hash 9150b1a80e9092976df4c598f67b009a
a06b31c8b56d9bc80123c9a0062e1e9aeeb48e7f
46a5652add1705de2a358f144d4b94d064b55f5027ed121d6fb8f19029646264
GET /emoji/v2/svg/1f389.svg HTTP/1.1
Host: abs-0.twimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://syndication.twitter.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
content-encoding: gzip
content-type: image/svg+xml
etag: "sFKkvvV8Gqc818/1vE+2HQ=="
expires: Wed, 15 Jun 2022 08:08:00 GMT
last-modified: Wed, 21 Feb 2018 22:30:50 GMT
strict-transport-security: max-age=631138519
timing-allow-origin: https://twitter.com, https://mobile.twitter.com
x-content-type-options: nosniff
accept-ranges: bytes
date: Sun, 27 Nov 2022 15:49:33 GMT
x-served-by: cache-fty21329-FTY, cache-bma1639-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
x-tw-cdn: FT
server-timing: x-cache;desc=HIT, x-tw-cdn;desc=FT
content-length: 1369
X-Firefox-Spdy: h2
platform.twitter.com/_next/static/chunks/vendors~ondemand.LottieWeb.84a69543ec64b75cae2a.js
200 OK 42 kB URL HTTP/1.1 platform.twitter.com/_next/static/chunks/vendors~ondemand.LottieWeb.84a69543ec64b75cae2a.js
IP
File type ASCII text, with very long lines (65536), with no line terminators
Hash 7d62fb224e618094ce4d3e0e5052d16e
867b72ca2f006158db3c520eb3a2532d63746b92
f5d821fa38dc57edfe84c505b14245d8d03a8553c55383ea3aabb688c1a1d21a
GET /_next/static/chunks/vendors~ondemand.LottieWeb.84a69543ec64b75cae2a.js HTTP/1.1
Host: platform.twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://syndication.twitter.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 2136521
Cache-Control: public, max-age=315360000
Content-Type: application/javascript; charset=utf-8
Date: Sun, 27 Nov 2022 15:49:34 GMT
Etag: "72929dff5e574c1b877555fd36c7683a+gzip"
Last-Modified: Wed, 28 Sep 2022 17:24:15 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (ska/F711)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=,edge;dur=1
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 41941
abs.twimg.com/sticky/animations/like.4.json
200 OK 1.9 kB URL HTTP/2 abs.twimg.com/sticky/animations/like.4.json
IP
File type ASCII text, with very long lines (24291)
Hash c5203df5bd1440c2fdf4b44f0eb3116a
6b928e79e59b281eb5b9f5c2ad608f81078b5869
0b638ce107a37db0734fcd82af97d1dd575c246d737949c5414aa1dc549540e3
GET /sticky/animations/like.4.json HTTP/1.1
Host: abs.twimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://syndication.twitter.com/
Origin: https://syndication.twitter.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: gzip
accept-ranges: bytes
access-control-allow-origin: *
age: 3279495
content-type: application/json
date: Sun, 27 Nov 2022 15:49:34 GMT
etag: "YKYmOkwIx9KztN7bQT7x8g=="
expires: Mon, 27 Nov 2023 15:49:34 GMT
last-modified: Thu, 20 Oct 2022 16:50:56 GMT
perf: 7626143928
server: ECAcc (ska/F695)
strict-transport-security: max-age=631138519
surrogate-key: twitter-assets
timing-allow-origin: https://twitter.com, https://mobile.twitter.com
vary: Accept-Encoding
x-cache: HIT
x-connection-hash: 00620de26479f72103b0d6f4ca0873a782dd4164b4c1379a9b6b21190ad4a58b
x-content-type-options: nosniff
x-response-time: 10
x-ton-expected-size: 24292
x-transaction-id: 80afab27525733bc
content-length: 1897
X-Firefox-Spdy: h2
platform.twitter.com/_next/static/chunks/1.f4b5d6e5e8dcb4c6aa7f.js
200 OK 43 B URL HTTP/1.1 platform.twitter.com/_next/static/chunks/1.f4b5d6e5e8dcb4c6aa7f.js
IP
Hash 377d257f2d2e294916143c069141c1c5
b7cae69682cf31dd670b65088db8395acda6ed3e
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
GET /_next/static/chunks/1.f4b5d6e5e8dcb4c6aa7f.js HTTP/1.1
Host: platform.twitter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://syndication.twitter.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 2059244
Cache-Control: public, max-age=315360000
Content-Type: application/javascript; charset=utf-8
Date: Sun, 27 Nov 2022 15:49:32 GMT
Etag: "5a0c374fae04eeb3b101385087754b18+gzip"
Last-Modified: Thu, 03 Nov 2022 19:46:26 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (ska/F708)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=,edge;dur=1
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 299281
pbs.twimg.com/profile_images/1319931651204448257/3wppbNe4_normal.jpg
200 OK 1.9 kB URL HTTP/2 pbs.twimg.com/profile_images/1319931651204448257/3wppbNe4_normal.jpg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 48x48, components 3\012- data
Hash d2b100c7c83711939da497693eacf284
40e319fc6dc01d847db135f0343ff621c5bea199
d7cd42f5ea5d7aa6810da8d7e4d7cb9aa687d5313c6ec451dff1f09bea26e30c
GET /profile_images/1319931651204448257/3wppbNe4_normal.jpg HTTP/1.1
Host: pbs.twimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://syndication.twitter.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: Content-Length
age: 320833
cache-control: max-age=604800, must-revalidate
content-type: image/jpeg
date: Sun, 27 Nov 2022 15:49:35 GMT
last-modified: Sat, 24 Oct 2020 09:18:03 GMT
perf: 7626143928
server: ECS (ska/F704)
server-timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ,edge;dur=2
strict-transport-security: max-age=631138519
surrogate-key: profile_images profile_images/bucket/9 profile_images/1319931651204448257
timing-allow-origin: https://twitter.com, https://mobile.twitter.com
x-cache: HIT
x-connection-hash: 18f19a229833aa4a6aba55cb8437c16142debcd0c883127b2ef31da438255659
x-content-type-options: nosniff
x-response-time: 112
x-transaction-id: 39b6b1a039bf4fa7
x-tw-cdn: VZ, VZ
content-length: 1883
X-Firefox-Spdy: h2
pbs.twimg.com/media/Fbkxc2TVEAEfzGh?format=png&name=360x360
200 OK 120 kB URL HTTP/2 pbs.twimg.com/media/Fbkxc2TVEAEfzGh?format=png&name=360x360
IP
File type PNG image data, 360 x 360, 8-bit/color RGB, non-interlaced\012- data
Size 120 kB (119609 bytes)
Hash 09075685297dcd0af42272283d33ab3e
e8c6839cbec50914b50da598cec3fc2c6b82c5b6
78e968468aac751ecbe05fad7eaf8e3fbce30f2010d4a48b5cd47f255db16a0f
GET /media/Fbkxc2TVEAEfzGh?format=png&name=360x360 HTTP/1.1
Host: pbs.twimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://syndication.twitter.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: Content-Length
age: 172261
cache-control: max-age=604800, must-revalidate
content-type: image/png
date: Sun, 27 Nov 2022 15:49:36 GMT
last-modified: Thu, 01 Sep 2022 13:50:10 GMT
perf: 7626143928
server: ECS (ska/F70A)
server-timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ,edge;dur=27
strict-transport-security: max-age=631138519
surrogate-key: media media/bucket/0 media/1565336717170642945
timing-allow-origin: https://twitter.com, https://mobile.twitter.com
x-cache: HIT
x-connection-hash: ea3e910cd606e001b937a229a77fc4be73978590caed1a27fb6ad957533d473e
x-content-type-options: nosniff
x-response-time: 116
x-transaction-id: 6368ccc615a932db
x-tw-cdn: VZ, VZ, VZ
content-length: 119609
X-Firefox-Spdy: h2
pbs.twimg.com/media/FZzX68EX0AE5r4e?format=jpg&name=small
200 OK 62 kB URL HTTP/2 pbs.twimg.com/media/FZzX68EX0AE5r4e?format=jpg&name=small
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 360x680, components 3\012- data
Hash 203f19faae7818700ffa9f5900999987
b3ed70b37d284df74e0912eed16190a1f95bb2af
08695bc28a917cb1ebebfd2d64e5ca83931194ef01ebd8b8defdc0ed44142a44
GET /media/FZzX68EX0AE5r4e?format=jpg&name=small HTTP/1.1
Host: pbs.twimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://syndication.twitter.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: Content-Length
age: 320834
cache-control: max-age=604800, must-revalidate
content-type: image/jpeg
date: Sun, 27 Nov 2022 15:49:36 GMT
last-modified: Wed, 10 Aug 2022 13:21:32 GMT
perf: 7626143928
server: ECS (ska/F719)
server-timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ,edge;dur=1
strict-transport-security: max-age=631138519
surrogate-key: media media/bucket/1 media/1557356978720198657
timing-allow-origin: https://twitter.com, https://mobile.twitter.com
x-cache: HIT
x-connection-hash: 9f87c3a7740c2a3f9ecada6e5619ef1bf9ce1ee6188125ab94d19f7b3bbea7e6
x-content-type-options: nosniff
x-response-time: 109
x-transaction-id: eb47757398333859
x-tw-cdn: VZ, VZ, VZ
content-length: 61653
X-Firefox-Spdy: h2
pbs.twimg.com/media/FZoaT26X0AAWh2w?format=jpg&name=small
200 OK 56 kB URL HTTP/2 pbs.twimg.com/media/FZoaT26X0AAWh2w?format=jpg&name=small
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 362x680, components 3\012- data
Hash 64a4c1339097ae4f4db7f6f6ada4e8ce
72dad1fed6c0d59ebbadd7fb7ffa26b676ceae42
fcfe0c69943d820e3319941cb9839ec018e2d1ba87cb07deaeec7b5d75c696b5
GET /media/FZoaT26X0AAWh2w?format=jpg&name=small HTTP/1.1
Host: pbs.twimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://syndication.twitter.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: Content-Length
age: 501171
cache-control: max-age=604800, must-revalidate
content-type: image/jpeg
date: Sun, 27 Nov 2022 15:49:36 GMT
last-modified: Mon, 08 Aug 2022 10:16:09 GMT
perf: 7626143928
server: ECS (ska/F710)
server-timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ,edge;dur=1
strict-transport-security: max-age=631138519
surrogate-key: media media/bucket/7 media/1556585549670109184
timing-allow-origin: https://twitter.com, https://mobile.twitter.com
x-cache: HIT
x-connection-hash: 1fc76a55b223304f6796e8307db3bd3cff953b239b61957030d1760e3ddbed29
x-content-type-options: nosniff
x-response-time: 115
x-transaction-id: 139faee0fceaf4d8
x-tw-cdn: VZ, VZ, VZ
content-length: 55621
X-Firefox-Spdy: h2
bitcoinmonthlyreturn.com/js/app.js?v=2
200 OK 0 B URL HTTP/2 bitcoinmonthlyreturn.com/js/app.js?v=2
IP
ASN #46606 UNIFIEDLAYER-AS-1
Analyzer Verdict Alert fortinet Phishing
GET /js/app.js?v=2 HTTP/1.1
Host: bitcoinmonthlyreturn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bitcoinmonthlyreturn.com/
Cookie: XSRF-TOKEN=eyJpdiI6Ik0rd05ibUdPd2gyeldydEpZdXU4UXc9PSIsInZhbHVlIjoiNTNDRjdBanVvelh0UnFoWWFDZk5xbXQzYklxamd0N2VsVzNxTFpualE0MmVaU0kxNlU1QnM5bG1sTlJ4WDFjdDhjVFdQUmdJcDltcStXTVR6dnFIbnk3Y1FRaC9oQm1Ielo2d3RkMS8zZmd6ejZqRTlsKzB3aHRQRDQxMTFKQVUiLCJtYWMiOiI4NDM4YWYzOTU0ZTg5MTlmMmI4OWE5NzBmMzg2ZjcyNjVjZmM2YmZmMTBmM2RlMjJlYmUzOTRlODVkYTJhMmE2In0%3D; monthly_return_session=eyJpdiI6Ik1aK2RaRFNCdmZlb1FENk9XNUtiK0E9PSIsInZhbHVlIjoiay9lRHRKODUyOHZKTGNiSEo2YmNOZXE4ZmRnNlJkdHdpc3ZMN1Eva0VRSHBDbGZxZFFycjhNeVJXYjRBZXVndURiL1lXTkIzUDNYRjBlUndyNHEwVGMySTlCdDZtaE5ZRGJYVFJ3aGljUWp1Y0dQcXdiUVJ4Z0c3L3BvUjA4eUsiLCJtYWMiOiI5YTM2ZDYzNzZmNGUzNWIwMjdkNGZlYTQ2NzljNzI5NzRkOGY1N2IwNjA1NWQzMzYzYTk1NzFiNDYyMzAwNDMwIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 24 Oct 2020 06:27:10 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-type: application/javascript
date: Sun, 27 Nov 2022 15:49:29 GMT
server: Apache
X-Firefox-Spdy: h2
bitcoinmonthlyreturn.com/js/utilities/jquery-3.4.1.slim.min.js
200 OK 0 B URL HTTP/2 bitcoinmonthlyreturn.com/js/utilities/jquery-3.4.1.slim.min.js
IP
ASN #46606 UNIFIEDLAYER-AS-1
Analyzer Verdict Alert fortinet Phishing
GET /js/utilities/jquery-3.4.1.slim.min.js HTTP/1.1
Host: bitcoinmonthlyreturn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bitcoinmonthlyreturn.com/
Cookie: XSRF-TOKEN=eyJpdiI6Ik0rd05ibUdPd2gyeldydEpZdXU4UXc9PSIsInZhbHVlIjoiNTNDRjdBanVvelh0UnFoWWFDZk5xbXQzYklxamd0N2VsVzNxTFpualE0MmVaU0kxNlU1QnM5bG1sTlJ4WDFjdDhjVFdQUmdJcDltcStXTVR6dnFIbnk3Y1FRaC9oQm1Ielo2d3RkMS8zZmd6ejZqRTlsKzB3aHRQRDQxMTFKQVUiLCJtYWMiOiI4NDM4YWYzOTU0ZTg5MTlmMmI4OWE5NzBmMzg2ZjcyNjVjZmM2YmZmMTBmM2RlMjJlYmUzOTRlODVkYTJhMmE2In0%3D; monthly_return_session=eyJpdiI6Ik1aK2RaRFNCdmZlb1FENk9XNUtiK0E9PSIsInZhbHVlIjoiay9lRHRKODUyOHZKTGNiSEo2YmNOZXE4ZmRnNlJkdHdpc3ZMN1Eva0VRSHBDbGZxZFFycjhNeVJXYjRBZXVndURiL1lXTkIzUDNYRjBlUndyNHEwVGMySTlCdDZtaE5ZRGJYVFJ3aGljUWp1Y0dQcXdiUVJ4Z0c3L3BvUjA4eUsiLCJtYWMiOiI5YTM2ZDYzNzZmNGUzNWIwMjdkNGZlYTQ2NzljNzI5NzRkOGY1N2IwNjA1NWQzMzYzYTk1NzFiNDYyMzAwNDMwIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Mon, 13 Apr 2020 18:30:18 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-type: application/javascript
date: Sun, 27 Nov 2022 15:49:29 GMT
server: Apache
X-Firefox-Spdy: h2
bitcoinmonthlyreturn.com/css/app.css?v=2
200 OK 0 B URL HTTP/2 bitcoinmonthlyreturn.com/css/app.css?v=2
IP
ASN #46606 UNIFIEDLAYER-AS-1
Analyzer Verdict Alert fortinet Phishing
GET /css/app.css?v=2 HTTP/1.1
Host: bitcoinmonthlyreturn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bitcoinmonthlyreturn.com/
Cookie: XSRF-TOKEN=eyJpdiI6Ik0rd05ibUdPd2gyeldydEpZdXU4UXc9PSIsInZhbHVlIjoiNTNDRjdBanVvelh0UnFoWWFDZk5xbXQzYklxamd0N2VsVzNxTFpualE0MmVaU0kxNlU1QnM5bG1sTlJ4WDFjdDhjVFdQUmdJcDltcStXTVR6dnFIbnk3Y1FRaC9oQm1Ielo2d3RkMS8zZmd6ejZqRTlsKzB3aHRQRDQxMTFKQVUiLCJtYWMiOiI4NDM4YWYzOTU0ZTg5MTlmMmI4OWE5NzBmMzg2ZjcyNjVjZmM2YmZmMTBmM2RlMjJlYmUzOTRlODVkYTJhMmE2In0%3D; monthly_return_session=eyJpdiI6Ik1aK2RaRFNCdmZlb1FENk9XNUtiK0E9PSIsInZhbHVlIjoiay9lRHRKODUyOHZKTGNiSEo2YmNOZXE4ZmRnNlJkdHdpc3ZMN1Eva0VRSHBDbGZxZFFycjhNeVJXYjRBZXVndURiL1lXTkIzUDNYRjBlUndyNHEwVGMySTlCdDZtaE5ZRGJYVFJ3aGljUWp1Y0dQcXdiUVJ4Z0c3L3BvUjA4eUsiLCJtYWMiOiI5YTM2ZDYzNzZmNGUzNWIwMjdkNGZlYTQ2NzljNzI5NzRkOGY1N2IwNjA1NWQzMzYzYTk1NzFiNDYyMzAwNDMwIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sun, 31 Jul 2022 11:27:10 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-type: text/css
date: Sun, 27 Nov 2022 15:49:29 GMT
server: Apache
X-Firefox-Spdy: h2
bitcoinmonthlyreturn.com/css/all.css?v=8
200 OK 0 B URL HTTP/2 bitcoinmonthlyreturn.com/css/all.css?v=8
IP
ASN #46606 UNIFIEDLAYER-AS-1
Analyzer Verdict Alert fortinet Phishing
GET /css/all.css?v=8 HTTP/1.1
Host: bitcoinmonthlyreturn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bitcoinmonthlyreturn.com/
Cookie: XSRF-TOKEN=eyJpdiI6Ik0rd05ibUdPd2gyeldydEpZdXU4UXc9PSIsInZhbHVlIjoiNTNDRjdBanVvelh0UnFoWWFDZk5xbXQzYklxamd0N2VsVzNxTFpualE0MmVaU0kxNlU1QnM5bG1sTlJ4WDFjdDhjVFdQUmdJcDltcStXTVR6dnFIbnk3Y1FRaC9oQm1Ielo2d3RkMS8zZmd6ejZqRTlsKzB3aHRQRDQxMTFKQVUiLCJtYWMiOiI4NDM4YWYzOTU0ZTg5MTlmMmI4OWE5NzBmMzg2ZjcyNjVjZmM2YmZmMTBmM2RlMjJlYmUzOTRlODVkYTJhMmE2In0%3D; monthly_return_session=eyJpdiI6Ik1aK2RaRFNCdmZlb1FENk9XNUtiK0E9PSIsInZhbHVlIjoiay9lRHRKODUyOHZKTGNiSEo2YmNOZXE4ZmRnNlJkdHdpc3ZMN1Eva0VRSHBDbGZxZFFycjhNeVJXYjRBZXVndURiL1lXTkIzUDNYRjBlUndyNHEwVGMySTlCdDZtaE5ZRGJYVFJ3aGljUWp1Y0dQcXdiUVJ4Z0c3L3BvUjA4eUsiLCJtYWMiOiI5YTM2ZDYzNzZmNGUzNWIwMjdkNGZlYTQ2NzljNzI5NzRkOGY1N2IwNjA1NWQzMzYzYTk1NzFiNDYyMzAwNDMwIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sun, 31 Jul 2022 12:03:43 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-type: text/css
date: Sun, 27 Nov 2022 15:49:29 GMT
server: Apache
X-Firefox-Spdy: h2
bitcoinmonthlyreturn.com/js/utilities/bootstrap/bootstrap.bundle.min.js
200 OK 0 B URL HTTP/2 bitcoinmonthlyreturn.com/js/utilities/bootstrap/bootstrap.bundle.min.js
IP
ASN #46606 UNIFIEDLAYER-AS-1
Analyzer Verdict Alert fortinet Phishing
GET /js/utilities/bootstrap/bootstrap.bundle.min.js HTTP/1.1
Host: bitcoinmonthlyreturn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bitcoinmonthlyreturn.com/
Cookie: XSRF-TOKEN=eyJpdiI6Ik0rd05ibUdPd2gyeldydEpZdXU4UXc9PSIsInZhbHVlIjoiNTNDRjdBanVvelh0UnFoWWFDZk5xbXQzYklxamd0N2VsVzNxTFpualE0MmVaU0kxNlU1QnM5bG1sTlJ4WDFjdDhjVFdQUmdJcDltcStXTVR6dnFIbnk3Y1FRaC9oQm1Ielo2d3RkMS8zZmd6ejZqRTlsKzB3aHRQRDQxMTFKQVUiLCJtYWMiOiI4NDM4YWYzOTU0ZTg5MTlmMmI4OWE5NzBmMzg2ZjcyNjVjZmM2YmZmMTBmM2RlMjJlYmUzOTRlODVkYTJhMmE2In0%3D; monthly_return_session=eyJpdiI6Ik1aK2RaRFNCdmZlb1FENk9XNUtiK0E9PSIsInZhbHVlIjoiay9lRHRKODUyOHZKTGNiSEo2YmNOZXE4ZmRnNlJkdHdpc3ZMN1Eva0VRSHBDbGZxZFFycjhNeVJXYjRBZXVndURiL1lXTkIzUDNYRjBlUndyNHEwVGMySTlCdDZtaE5ZRGJYVFJ3aGljUWp1Y0dQcXdiUVJ4Z0c3L3BvUjA4eUsiLCJtYWMiOiI5YTM2ZDYzNzZmNGUzNWIwMjdkNGZlYTQ2NzljNzI5NzRkOGY1N2IwNjA1NWQzMzYzYTk1NzFiNDYyMzAwNDMwIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
last-modified: Sat, 24 Oct 2020 06:27:10 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-type: application/javascript
date: Sun, 27 Nov 2022 15:49:29 GMT
server: Apache
X-Firefox-Spdy: h2
69.195.124.167
139.45.195.8
23.36.76.226
104.17.25.14