urlscan.io logo urlscan.io
SecurityTrails logo

monthlysweeps.us Open in urlscan Pro
2606:4700:3036::681b:9151  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://thekorsbag.info/
Effective URL: https://monthlysweeps.us/go/to/3b1113/key/7c9dc394a01d23c336c384394b7048b1/aid/16884/s1/100596/?em=
Submission: On May 08 via manual from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 16 IPs in 5 countries across 17 domains to perform 30 HTTP transactions. The main IP is 2606:4700:3036::681b:9151, located in United States and belongs to CLOUDFLARENET, US. The main domain is monthlysweeps.us.
TLS certificate: Issued by CloudFlare Inc ECC CA-2 on January 31st 2020. Valid for: 8 months.
This is the only time monthlysweeps.us was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 162.255.119.180 22612 (NAMECHEAP...)
1 1 18.195.30.247 16509 (AMAZON-02)
1 1 52.7.49.177 14618 (AMAZON-AES)
1 1 2606:4700:303... 13335 (CLOUDFLAR...)
8 2606:4700:303... 13335 (CLOUDFLAR...)
2 2001:4de0:ac1... 20446 (HIGHWINDS3)
2 2606:4700:303... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2001:4de0:ac1... 20446 (HIGHWINDS3)
2 2606:4700::68... 13335 (CLOUDFLAR...)
2 2606:4700::68... 13335 (CLOUDFLAR...)
2 2a00:1450:400... 15169 (GOOGLE)
1 2.16.186.80 20940 (AKAMAI-ASN1)
3 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2600:1901:0:8... 15169 (GOOGLE)
1 3.213.29.89 14618 (AMAZON-AES)
1 2 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 52.216.94.125 16509 (AMAZON-02)
30 16
1    162.255.119.180 (Los Angeles, United States)

ASN22612 (NAMECHEAP-NET, US)
thekorsbag.info
1    18.195.30.247 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-195-30-247.eu-central-1.compute.amazonaws.com
deprooms-immusteam.icu
1    52.7.49.177 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-7-49-177.compute-1.amazonaws.com
megatrackings.com
1    2606:4700:3032::681c:1054 (United States)

ASN13335 (CLOUDFLARENET, US)
amclicks.com
8    2606:4700:3036::681b:9151 (United States)

ASN13335 (CLOUDFLARENET, US)
monthlysweeps.us
2    2001:4de0:ac19::1:b:1b (Netherlands)

ASN20446 (HIGHWINDS3, US)
stackpath.bootstrapcdn.com
2    2606:4700:3035::6812:39a9 (United States)

ASN13335 (CLOUDFLARENET, US)
www.rewardingpromos.com
1    2a00:1450:4001:814::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    2001:4de0:ac19::1:b:3a (Netherlands)

ASN20446 (HIGHWINDS3, US)
code.jquery.com
2    2606:4700::6810:84e5 (United States)

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
2    2606:4700::6810:5614 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.jsdelivr.net
2    2a00:1450:4001:818::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
1    2.16.186.80 (Ascension Island)

ASN20940 (AKAMAI-ASN1, EU)
PTR: a2-16-186-80.deploy.static.akamaitechnologies.com
ads.pro-market.net
3    2a00:1450:4001:825::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
1    2a00:1450:4001:81e::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.gstatic.com
1    2600:1901:0:8eee:: (United States)

ASN15169 (GOOGLE, US)
pbid.pro-market.net
1    3.213.29.89 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-213-29-89.compute-1.amazonaws.com
b7zuvcmijd.execute-api.us-east-1.amazonaws.com
2    2a00:1450:4001:809::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    2a00:1450:400c:c08::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
1    52.216.94.125 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-1.amazonaws.com
s3.amazonaws.com
Domain Requested by
8 monthlysweeps.us monthlysweeps.us
3 fonts.gstatic.com monthlysweeps.us
2 www.google-analytics.com 1 redirects monthlysweeps.us
2 www.google.com monthlysweeps.us
www.gstatic.com
2 cdn.jsdelivr.net monthlysweeps.us
2 cdnjs.cloudflare.com monthlysweeps.us
2 www.rewardingpromos.com monthlysweeps.us
2 stackpath.bootstrapcdn.com monthlysweeps.us
1 s3.amazonaws.com monthlysweeps.us
1 stats.g.doubleclick.net monthlysweeps.us
1 b7zuvcmijd.execute-api.us-east-1.amazonaws.com monthlysweeps.us
1 pbid.pro-market.net ads.pro-market.net
1 www.gstatic.com www.google.com
1 ads.pro-market.net monthlysweeps.us
1 code.jquery.com monthlysweeps.us
1 fonts.googleapis.com monthlysweeps.us
1 amclicks.com 1 redirects
1 megatrackings.com 1 redirects
1 deprooms-immusteam.icu 1 redirects
1 thekorsbag.info 1 redirects
30 20

This site contains no links.

Subject Issuer Validity Valid
sni.cloudflaressl.com
CloudFlare Inc ECC CA-2		 2020-01-31 -
2020-10-09		 8 months crt.sh
*.bootstrapcdn.com
Sectigo RSA Domain Validation Secure Server CA		 2019-09-14 -
2020-10-13		 a year crt.sh
upload.video.google.com
GTS CA 1O1		 2020-04-15 -
2020-07-08		 3 months crt.sh
jquery.org
COMODO RSA Domain Validation Secure Server CA		 2018-10-17 -
2020-10-16		 2 years crt.sh
cloudflare.com
CloudFlare Inc ECC CA-2		 2020-01-07 -
2020-10-09		 9 months crt.sh
www.google.com
GTS CA 1O1		 2020-04-15 -
2020-07-08		 3 months crt.sh
ads.pro-market.net
Let's Encrypt Authority X3		 2020-03-26 -
2020-06-24		 3 months crt.sh
*.gstatic.com
GTS CA 1O1		 2020-04-15 -
2020-07-08		 3 months crt.sh
*.pro-market.net
Gandi Standard SSL CA 2		 2018-08-20 -
2020-08-20		 2 years crt.sh
*.execute-api.us-east-1.amazonaws.com
Amazon		 2019-09-17 -
2020-10-17		 a year crt.sh
*.google-analytics.com
GTS CA 1O1		 2020-04-15 -
2020-07-08		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1O1		 2020-04-15 -
2020-07-08		 3 months crt.sh
s3.amazonaws.com
DigiCert Baltimore CA-2 G2		 2019-11-09 -
2020-12-02		 a year crt.sh

This page contains 3 frames:

Primary Page: https://monthlysweeps.us/go/to/3b1113/key/7c9dc394a01d23c336c384394b7048b1/aid/16884/s1/100596/?em=
Frame ID: 1AA333C9825734524450AABACB6CF660
Requests: 28 HTTP requests in this frame

Frame: https://pbid.pro-market.net/engine?site=141028;size=1x1;e=0;dt=0;category=i1kh9%3A%20%20vgmtitpkdexx1%20ts%20of%20ao%20bkt014%20b6f%20qki5b3ac1sidlblv26dbzwk9njgs38c9%202zd%209f074%200s%20i0jdiy%20%20fu%20-%20u6swgvn%20lferi6;kw=nq39re4%20tgqs%20%20gm8sx;rnd=(1588958251294)
Frame ID: 0FA1D9EE1E84C18A1A0E7006A799C69B
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdnFqEUAAAAAFM5s_aRoZZO_zDhqoVv6uCdscQi&co=aHR0cHM6Ly9tb250aGx5c3dlZXBzLnVzOjQ0Mw..&hl=en&v=-wV2EAWEOTlEtZh4vNQtn3H1&size=invisible&cb=34eraham3s6s
Frame ID: 2A496ECE04C1FF93563C87F19BE1F82A
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://thekorsbag.info/ HTTP 302
    https://deprooms-immusteam.icu/e5abba7f-b7bd-4995-bd06-5ca3c078a368 HTTP 302
    https://megatrackings.com/?a=100596&c=108736&s2=w022pnr22rg1ohtuhlgcj40m HTTP 302
    https://amclicks.com/clk.php?c=6388&p=16884&s1=100596&s2=74814479&s3= HTTP 302
    https://monthlysweeps.us/go/to/3b1113/key/7c9dc394a01d23c336c384394b7048b1/aid/16884/s1/100596/?em= Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i
Overall confidence: 100%
Detected patterns
  • headers server /^cloudflare$/i
Overall confidence: 100%
Detected patterns
  • html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

Page Statistics

30
Requests

100 %
HTTPS

70 %
IPv6

17
Domains

20
Subdomains

16
IPs

5
Countries

610 kB
Transfer

1357 kB
Size

6
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://thekorsbag.info/ HTTP 302
    https://deprooms-immusteam.icu/e5abba7f-b7bd-4995-bd06-5ca3c078a368 HTTP 302
    https://megatrackings.com/?a=100596&c=108736&s2=w022pnr22rg1ohtuhlgcj40m HTTP 302
    https://amclicks.com/clk.php?c=6388&p=16884&s1=100596&s2=74814479&s3= HTTP 302
    https://monthlysweeps.us/go/to/3b1113/key/7c9dc394a01d23c336c384394b7048b1/aid/16884/s1/100596/?em= Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 27
  • https://www.google-analytics.com/r/collect?v=1&_v=j82&a=1001196546&t=pageview&_s=1&dl=https%3A%2F%2Fmonthlysweeps.us%2Fgo%2Fto%2F3b1113%2Fkey%2F7c9dc394a01d23c336c384394b7048b1%2Faid%2F16884%2Fs1%2F100596%2F%3Fem%3D&ul=en-us&de=UTF-8&dt=Michael%20Kors%C2%AE%20Purse&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=IEBAAEAB~&jid=598545505&gjid=1164415418&cid=440950798.1588958251&tid=UA-39232759-1&_gid=547964341.1588958251&_r=1&z=2132600465 HTTP 302
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-39232759-1&cid=440950798.1588958251&jid=598545505&_gid=547964341.1588958251&gjid=1164415418&_v=j82&z=2132600465

30 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
monthlysweeps.us/go/to/3b1113/key/7c9dc394a01d23c336c384394b7048b1/aid/16884/s1/100596/
Redirect Chain
  • http://thekorsbag.info/
  • https://deprooms-immusteam.icu/e5abba7f-b7bd-4995-bd06-5ca3c078a368
  • https://megatrackings.com/?a=100596&c=108736&s2=w022pnr22rg1ohtuhlgcj40m
  • https://amclicks.com/clk.php?c=6388&p=16884&s1=100596&s2=74814479&s3=
  • https://monthlysweeps.us/go/to/3b1113/key/7c9dc394a01d23c336c384394b7048b1/aid/16884/s1/100596/?em=
28 KB
10 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://monthlysweeps.us/go/to/3b1113/key/7c9dc394a01d23c336c384394b7048b1/aid/16884/s1/100596/?em=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::681b:9151 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a054c74e226636367c73942dd195c9bfb24d14071111f801af38a66bfdab48ad

Request headers

:method
GET
:authority
monthlysweeps.us
:scheme
https
:path
/go/to/3b1113/key/7c9dc394a01d23c336c384394b7048b1/aid/16884/s1/100596/?em=
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status
200
date
Fri, 08 May 2020 17:17:31 GMT
content-type
text/html
set-cookie
__cfduid=d874e2ca7ef83e9af17317d647d1c44541588958250; expires=Sun, 07-Jun-20 17:17:30 GMT; path=/; domain=.monthlysweeps.us; HttpOnly; SameSite=Lax rpsession=BGZVZApkVz9VKw4mVjUCNwkwUTpSIwEmVTRXIgB1DmBXPwBpXlRUOwRjUnsJaQcmVWoJYVM4Az0AKwYyB2cBYlIzB2MFN1NjA2UMPVZgWmsEZVVoCjJXPFVhDmZWbQI%2BCTZRMFJkAWZVaFc3ADMObVdkAGFeaFRiBDNSewlpByZVagljUzoDPQArBj4HJAEKUjcHZQVnUyYDYQx4VnBafgQ8VS0Ka1c0VWUOb1YtAjQJNVEwUi8BZFVlV2cAKA47V2EAPl4lVGMEPlJsCXAHblUjCWhTOwM3ADMGdQchASZSMwdzBVxTNQNjDG5WbVooBCVVZQoiVz9VYQ5nVj8CPAkiUU1SbgEvVThXPQBqDmhXfwAyXiVUYgQnUnEJHwc0VTMJO1NkA3MAZgYkBzwBblJ2B0gFbVMgA2EMZ1YjWhEEZlU9CnFXSlUDDnVWVwImCTFRMFJeAWRVZVcOADMOIFdwAEZee1QiBGtSPAkFBzBVMgkZU2MDcwAmBmIHZwFiUngHMgU1U3QDLAxAVktaCARKVRIKfVclVTwOPFZkAmMJIFFHUmQBNlU6Vz4ALw4pVxMAb155VD0EalI8CX0HYlVkCXxTOgMpADoGYAdmAWxSeAcwBTVTbQMkDFhWYlo6BGZVLAo4VypVZQ5mVjgCKAkzUSJSOgEmVWtXYAA1DjNXcgBrXmpUIQRzUgYJMwc2VSQJO1N8A24AfQYuB3YBblI%2FBzsFMlNhAzwMM1Y6WmkEP1VsCmRXNVVrDiZWNQI%2FCTpRIlJ0ASZVNFcjAFkObVcxAHNealRwBDxSKgloB2VVaglwUygDPAB0; expires=Fri, 08-May-2020 19:17:30 GMT; path=/ rpsession=AWNVZAtkVDxWKFpyA2BRZFduBW4BcAcgB2YDdl0oUD4CalY%2FBA4GaQRjACldPVNyBjlaMlM4Az1SeQQwUTEGZVc2BmIAMlVlVDICMwI0W2oBYFVoCzNUP1ZiWjIDOFFtV2gFZAE3B2AHOgNjXW5QMwIxVjcEMgYwBDMAKV09U3IGOVowUzoDPVJ5BDxRcgYNVzIGZABiVSBUNgJ2AiRbfwE5VS0LalQ3VmZaOwN4UWdXawVkAXwHYgc3AzNddVBlAjRWaAR%2FBjEEPgA%2BXSRTOgZwWjtTOwM3UmEEd1F3BiFXNgZyAFlVM1Q0AmACOVspASBVZQsjVDxWYlozA2pRb1d8BRkBPQcpB2oDaV03UDYCKlZkBH8GMAQnACNdS1NgBmBaaFNkA3NSNAQmUWoGaVdzBkkAaFUmVDYCaQJ3WxABY1U9C3BUSVYAWiEDAlF1V28FZAENB2IHNwNaXW5QfgIlVhAEIQZwBGsAbl1RU2QGYVpKU2MDc1J0BGBRMQZlV30GMwAwVXJUewJOAh9bCQFPVRILfFQmVj9aaAMxUTBXfgUTATcHMAdoA2pdclB3AkZWOQQjBm8EagBuXSlTNgY3Wi9TOgMpUmgEYlEwBmtXfQYxADBVa1RzAlYCNls7AWNVLAs5VClWZloyA21Re1dtBXYBaQcgBzkDNF1oUG0CJ1Y9BDAGcwRzAFRdZ1NiBndaaFN8A25SLwQsUSAGaVc6BjoAN1VnVGsCPQJuW2gBOlVsC2VUNlZoWnw%3D; expires=Fri, 08-May-2020 19:17:31 GMT; path=/ rpsession=DW8HNg9gWjIHeV11AGMEMQgxB2xWJwMkBmcCdwJ3AmwBaQxlBw0Ea1E2AypdPVBxAj0LY1kyDDIIIwczUjIDYABhVTEHNVVlB2EHNgI0V2YNbAc6DzdaMQczXTUAOwQ4CDcHZlZgA2QGOwJiAjECYQEyDG0HMQQyUWYDKl09UHECPQthWTAMMggjBz9ScQMIAGVVNwdlVSAHZQdzAiRXcw01B38Pblo5BzddPAB7BDIINAdmVisDZgY2AjICKgI3ATcMMgd8BDNRawM9XSRQOQJ0C2pZMQw4CDsHdFJ0AyQAYVUhB15VMwdnB2UCOVclDSwHNw8nWjIHM100AGkEOggjBxtWagMtBmsCaAJoAmQBKQw%2BB3wEMlFyAyBdS1BjAmQLOVluDHwIbgclUmkDbAAkVRoHb1UmB2UHbAJ3VxwNbwdvD3RaRwdRXSYAAQQgCDAHZlZaA2YGNgJbAjECLAEmDEoHIgRyUT4DbV1RUGcCZQsbWWkMfAguB2NSMgNgACpVYAc3VXIHKAdLAh9XBQ1DB0APeFooB25dbwAyBGUIIQcRVmADNAZpAmsCLQIlAUUMYwcgBG1RPwNtXSlQNQIzC35ZMAwmCDIHYVIzA24AKlViBzdVawcgB1MCNlc3DW8Hfg89WicHN101AG4ELggyB3RWPgMkBjgCNQI3Aj8BJAxnBzMEcVEmA1ddZ1BhAnMLOVl2DGEIdQcvUiMDbABtVWkHMFVnBzgHOAJuV2QNNgc%2BD2FaOAc5XXs%3D; expires=Fri, 08-May-2020 19:17:31 GMT; path=/ rpsession=AGJVZF0yVT1UKlx0BWYANQY%2FUTpdLAEmVDUAdVYjUD4AaFA5VlxUO1UyBy4JaQcmUW4LYwBrAD4JIlFlUDBRMgFgA2ddbw4%2BBGINPAA2VmcAYVVoXWVVPlRgXDQFPgA8BjlRMF1rAWZUaQBgVmVQMwAzUDFWYFRiVWIHLglpByZRbgthAGkAPgkiUWlQc1FaAWQDYV0%2FDnsEZg15ACZWcgA4VS1dPFU2VGRcPQV%2BADYGOlEwXSABZFRkADBWflBlADZQblYtVGNVbwc5CXAHblEnC2oAaAA0CTpRIlB2UXYBYAN3XQQOaARkDW8AO1YkACFVZV11VT1UYFw1BWwAPgYtUU1dYQEvVDkAalY8UDYAKFBiVi1UYlV2ByQJHwc0UTcLOQA3AHAJb1FzUGtRPgElA0xdNQ59BGYNZgB1Vh0AYlU9XSZVSFQCXCcFBAAkBj5RMF1RAWRUZABZVmVQfgAnUBZWc1QiVToHaQkFBzBRNgsbADAAcAkvUTVQMFEyASsDNl1tDikEKw1BAB1WBABOVRJdKlUnVD1cbgU3AGEGL1FHXWsBNlQ7AGlWeVB3AERQP1ZxVD1VOwdpCX0HYlFgC34AaQAqCTNRN1AxUTwBKwM0XW0OMAQjDVkANFY2AGJVLF1vVShUZFw0BWsAKgY8USJdNQEmVGoAN1ZjUG0AJVA7VmJUIVUiB1MJMwc2USALOQAvAG0JdFF5UCFRPgFsAz9dag48BDsNMgBsVmUAO1VsXTNVN1RqXHo%3D; expires=Fri, 08-May-2020 19:17:31 GMT; path=/ rpsession=DG5VZF4xWzNWKAggUjECN1BpUDsAcQcgA2IJfAF0VzlTO1Y%2FXlQDbFUyVn8LawYnV2hdNVU%2BVWtQewA0VzdQMwdmVTFUZgAwB2EDMgUzVGUMbVVoXmZbMFZiCGBSaQI%2BUG9QMQA2B2ADPglpATJXNFNgVjdeaAM1VWJWfwtrBidXaF03VTxVa1B7ADhXdFBbB2JVN1Q2AHUHZQN3BSNUcAw0VS1eP1s4VmYIaVIpAjRQbFAxAH0HYgMzCTkBKVdiU2VWaF4lAzRVb1ZoC3IGb1chXTxVPVVhUGMAc1dxUHcHZlUhVA0AZgdnA2EFPlQmDC1VZV52WzNWYghhUjsCPFB7UEwAPAcpA24JYwFrVzFTe1ZkXiUDNVV2VnULHQY1VzFdb1ViVSVQNgAiV2xQPwcjVRpUPABzB2UDaAVwVB8MblU9XiVbRlYACHNSUwImUGhQMQAMB2IDMwlQATJXeVN0VhBeewN1VTpWOAsHBjFXMF1NVWVVJVB2AGRXN1AzBy1VYFRkACcHKANPBRhUBgxCVRJeKVspVj8IOlJgAmNQeVBGADYHMANsCWABLldwUxdWOV55A2pVO1Y4C38GY1dmXShVPFV%2FUGoAZlc2UD0HLVViVGQAPgcgA1cFMVQ0DG5VLF5sWyZWZghgUjwCKFBqUCMAaAcgAz0JPgE0V2pTdlY9XmoDdlUiVgILMQY3VyZdb1V6VThQLQAoVyZQPwdqVWlUYwAyBzgDPAVpVGcMN1VsXjBbOVZoCC4%3D; expires=Fri, 08-May-2020 19:17:31 GMT; path=/
vary
Accept-Encoding
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
5904d5abdeae2fa5-FRA
content-encoding
br
cf-request-id
0296e3df6900002fa507a85200000001

Redirect headers

status
302
date
Fri, 08 May 2020 17:17:30 GMT
content-type
text/html
set-cookie
__cfduid=d5b5b357e2025b6ed2db5c259e28b0fb31588958250; expires=Sun, 07-Jun-20 17:17:30 GMT; path=/; domain=.amclicks.com; HttpOnly; SameSite=Lax amc=7c9dc394a01d23c336c384394b7048b1; expires=Sat, 09-May-2020 17:19:10 GMT; path=/; domain=.amclicks.com
location
https://monthlysweeps.us/go/to/3b1113/key/7c9dc394a01d23c336c384394b7048b1/aid/16884/s1/100596/?em=
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
5904d5a808469736-FRA
cf-request-id
0296e3dd0000009736131de200000001
bootstrap.min.css
stackpath.bootstrapcdn.com/bootstrap/4.1.0/css/ 		137 KB
21 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://stackpath.bootstrapcdn.com/bootstrap/4.1.0/css/bootstrap.min.css
Requested by
Host: monthlysweeps.us
URL: https://monthlysweeps.us/go/to/3b1113/key/7c9dc394a01d23c336c384394b7048b1/aid/16884/s1/100596/?em=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4de0:ac19::1:b:1b , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
/
Resource Hash
34959e43e6ecf368807a84f92ad9aa6e2dcd5f0c5c1e57da55e8f3248d9d9255
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://monthlysweeps.us/go/to/3b1113/key/7c9dc394a01d23c336c384394b7048b1/aid/16884/s1/100596/?em=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 17:17:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 12 Dec 2018 18:34:10 GMT
status
200
etag
"1544639650"
vary
Accept-Encoding
x-cache
HIT
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
timing-allow-origin
*
content-length
21024
datepicker.css
monthlysweeps.us/css/ 		3 KB
838 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://monthlysweeps.us/css/datepicker.css
Requested by
Host: monthlysweeps.us
URL: https://monthlysweeps.us/go/to/3b1113/key/7c9dc394a01d23c336c384394b7048b1/aid/16884/s1/100596/?em=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::681b:9151 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2f21641b37bedebc84cc798eca1b80d9649cb4c23a1831659cd77c3660f873ae

Request headers

Referer
https://monthlysweeps.us/go/to/3b1113/key/7c9dc394a01d23c336c384394b7048b1/aid/16884/s1/100596/?em=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 17:17:31 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Tue, 13 Jun 2017 19:35:36 GMT
server
cloudflare
age
5
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
max-age=14400
cf-ray
5904d5adac392fa5-FRA
cf-request-id
0296e3e08d00002fa507a9b200000001
loading_icon_1.css
www.rewardingpromos.com/css/ 		3 KB
569 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.rewardingpromos.com/css/loading_icon_1.css
Requested by
Host: monthlysweeps.us
URL: https://monthlysweeps.us/go/to/3b1113/key/7c9dc394a01d23c336c384394b7048b1/aid/16884/s1/100596/?em=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::6812:39a9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
091a6575c7efe80624d5054b93b61cd16e00398e10c495511c1af7dc063e882a

Request headers

Referer
https://monthlysweeps.us/go/to/3b1113/key/7c9dc394a01d23c336c384394b7048b1/aid/16884/s1/100596/?em=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 17:17:31 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Tue, 03 Oct 2017 18:53:48 GMT
server
cloudflare
age
5360
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
max-age=14400
cf-ray
5904d5ade86bdfa5-FRA
cf-request-id
0296e3e0ad0000dfa5f8ad2200000001
css
fonts.googleapis.com/ 		6 KB
795 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Lato:400,700|Oswald:400,600,700
Requested by
Host: monthlysweeps.us
URL: https://monthlysweeps.us/go/to/3b1113/key/7c9dc394a01d23c336c384394b7048b1/aid/16884/s1/100596/?em=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:814::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
21d604157f25fbbb2b4053003401957d7a83bcce5cd509efbc583b6fbf005a2b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://monthlysweeps.us/go/to/3b1113/key/7c9dc394a01d23c336c384394b7048b1/aid/16884/s1/100596/?em=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Fri, 08 May 2020 17:17:31 GMT
server
ESF
date
Fri, 08 May 2020 17:17:31 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 08 May 2020 17:17:31 GMT
sweeps.css
www.rewardingpromos.com/css/ 		6 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.rewardingpromos.com/css/sweeps.css
Requested by
Host: monthlysweeps.us
URL: https://monthlysweeps.us/go/to/3b1113/key/7c9dc394a01d23c336c384394b7048b1/aid/16884/s1/100596/?em=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::6812:39a9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
eeddfa6ba9a322bb355e1e82b84fef33fcb608779f309963309934546a7258b8

Request headers

Referer
https://monthlysweeps.us/go/to/3b1113/key/7c9dc394a01d23c336c384394b7048b1/aid/16884/s1/100596/?em=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 17:17:31 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Thu, 28 Mar 2019 17:59:17 GMT
server
cloudflare
age
5
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
max-age=14400
cf-ray
5904d5ade86edfa5-FRA
cf-request-id
0296e3e0ad0000dfa5f8ad3200000001
ms_logo_dark.svg
monthlysweeps.us/img/sweepstakes/ 		7 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://monthlysweeps.us/img/sweepstakes/ms_logo_dark.svg
Requested by
Host: monthlysweeps.us
URL: https://monthlysweeps.us/go/to/3b1113/key/7c9dc394a01d23c336c384394b7048b1/aid/16884/s1/100596/?em=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::681b:9151 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5e705a3399b6e9ce9af74d4259ec2b3d400de7f2d7364833dbb66bd7de6c122e

Request headers

Referer
https://monthlysweeps.us/go/to/3b1113/key/7c9dc394a01d23c336c384394b7048b1/aid/16884/s1/100596/?em=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 17:17:31 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 07 Feb 2018 20:47:07 GMT
server
cloudflare
age
5
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/svg+xml
status
200
cache-control
max-age=14400
cf-ray
5904d5adbc4c2fa5-FRA
cf-request-id
0296e3e09100002fa507a9f200000001
1047_welcome.png
monthlysweeps.us/img/campaign/ 		97 KB
98 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://monthlysweeps.us/img/campaign/1047_welcome.png
Requested by
Host: monthlysweeps.us
URL: https://monthlysweeps.us/go/to/3b1113/key/7c9dc394a01d23c336c384394b7048b1/aid/16884/s1/100596/?em=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::681b:9151 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c628c1b8b21bd6fcf57ce92c446d0c6e23bdc3468a6af8ef6be65ce3a6267e33

Request headers

Referer
https://monthlysweeps.us/go/to/3b1113/key/7c9dc394a01d23c336c384394b7048b1/aid/16884/s1/100596/?em=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 17:17:31 GMT
cf-cache-status
HIT
last-modified
Thu, 10 Aug 2017 17:17:04 GMT
server
cloudflare
age
5
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
status
200
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
5904d5adbc4f2fa5-FRA
content-length
99629
cf-request-id
0296e3e09100002fa507aa0200000001
one.png
monthlysweeps.us/img/sweepstakes250/ 		801 B
912 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://monthlysweeps.us/img/sweepstakes250/one.png
Requested by
Host: monthlysweeps.us
URL: https://monthlysweeps.us/go/to/3b1113/key/7c9dc394a01d23c336c384394b7048b1/aid/16884/s1/100596/?em=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::681b:9151 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
afbc2f9fe529022b98f966b254c8d3173a40998fdd01ee3739df99a8a3169a0b

Request headers

Referer
https://monthlysweeps.us/go/to/3b1113/key/7c9dc394a01d23c336c384394b7048b1/aid/16884/s1/100596/?em=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 17:17:31 GMT
cf-cache-status
HIT
last-modified
Thu, 01 Dec 2016 21:16:31 GMT
server
cloudflare
age
5359
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
status
200
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
5904d5adbc502fa5-FRA
content-length
801
cf-request-id
0296e3e09100002fa507aa1200000001
two.png
monthlysweeps.us/img/sweepstakes250/ 		915 B
1023 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://monthlysweeps.us/img/sweepstakes250/two.png
Requested by
Host: monthlysweeps.us
URL: https://monthlysweeps.us/go/to/3b1113/key/7c9dc394a01d23c336c384394b7048b1/aid/16884/s1/100596/?em=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::681b:9151 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6c21621aeb7ad165ee758074b65bbf2fa35498a74320a940c52a3208375ef26d

Request headers

Referer
https://monthlysweeps.us/go/to/3b1113/key/7c9dc394a01d23c336c384394b7048b1/aid/16884/s1/100596/?em=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 17:17:31 GMT
cf-cache-status
HIT
last-modified
Thu, 01 Dec 2016 21:16:30 GMT
server
cloudflare
age
5359
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
status
200
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
5904d5adbc552fa5-FRA
content-length
915
cf-request-id
0296e3e09100002fa507aa2200000001
jquery-3.3.1.min.js
code.jquery.com/ 		85 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com/jquery-3.3.1.min.js
Requested by
Host: monthlysweeps.us
URL: https://monthlysweeps.us/go/to/3b1113/key/7c9dc394a01d23c336c384394b7048b1/aid/16884/s1/100596/?em=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:4de0:ac19::1:b:3a , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
nginx /
Resource Hash
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

Request headers

Referer
https://monthlysweeps.us/go/to/3b1113/key/7c9dc394a01d23c336c384394b7048b1/aid/16884/s1/100596/?em=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 08 May 2020 17:17:31 GMT
Content-Encoding
gzip
Last-Modified
Sat, 20 Jan 2018 17:26:44 GMT
Server
nginx
ETag
W/"5a637bd4-1538f"
Vary
Accept-Encoding
X-HW
1588958251.dop160.fr8.t,1588958251.cds059.fr8.shn,1588958251.cds059.fr8.c
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000, public
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
30288
popper.min.js
cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.0/umd/ 		20 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.0/umd/popper.min.js
Requested by
Host: monthlysweeps.us
URL: https://monthlysweeps.us/go/to/3b1113/key/7c9dc394a01d23c336c384394b7048b1/aid/16884/s1/100596/?em=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:84e5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
02835066969199e9924f1332f7172a5d7e552f023a20c3d8ba03bb6c51ce5be5
Security Headers
Name Value
Strict-Transport-Security max-age=15780000; includeSubDomains

Request headers

Referer
https://monthlysweeps.us/go/to/3b1113/key/7c9dc394a01d23c336c384394b7048b1/aid/16884/s1/100596/?em=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 17:17:31 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
age
16452475
status
200
alt-svc
h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
cf-request-id
0296e3e0a20000c2958519f200000001
served-in-seconds
0.001
timing-allow-origin
*
last-modified
Thu, 17 May 2018 09:25:14 GMT
server
cloudflare
etag
W/"5afd4a7a-500f"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000; includeSubDomains
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
cf-ray
5904d5add9a4c295-FRA
expires
Wed, 28 Apr 2021 17:17:31 GMT
bootstrap.min.js
stackpath.bootstrapcdn.com/bootstrap/4.1.0/js/ 		49 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://stackpath.bootstrapcdn.com/bootstrap/4.1.0/js/bootstrap.min.js
Requested by
Host: monthlysweeps.us
URL: https://monthlysweeps.us/go/to/3b1113/key/7c9dc394a01d23c336c384394b7048b1/aid/16884/s1/100596/?em=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4de0:ac19::1:b:1b , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
/
Resource Hash
0bca10549df770ab6790046799e5a9e920c286453ebbb2afb0d3055339245339
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://monthlysweeps.us/go/to/3b1113/key/7c9dc394a01d23c336c384394b7048b1/aid/16884/s1/100596/?em=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 17:17:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 12 Dec 2018 18:33:53 GMT
status
200
etag
"1544639633"
vary
Accept-Encoding
x-cache
HIT
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
timing-allow-origin
*
content-length
14038
jquery.validate.min.js
cdn.jsdelivr.net/jquery.validation/1.15.0/ 		22 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/jquery.validation/1.15.0/jquery.validate.min.js
Requested by
Host: monthlysweeps.us
URL: https://monthlysweeps.us/go/to/3b1113/key/7c9dc394a01d23c336c384394b7048b1/aid/16884/s1/100596/?em=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5614 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aa1d80cdf0990e97a21069ab16c048ef90a35df1165b87d19accabd7c4edc860
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://monthlysweeps.us/go/to/3b1113/key/7c9dc394a01d23c336c384394b7048b1/aid/16884/s1/100596/?em=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 17:17:31 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
6755193
x-cache
HIT, HIT
status
200
strict-transport-security
max-age=31536000; includeSubDomains; preload
cf-request-id
0296e3e091000005dccd9d1200000001
x-served-by
cache-ams21021-AMS, cache-hhn1522-HHN
timing-allow-origin
*
server
cloudflare
etag
W/"58a0-xaL/AT+jV8HSplcbXY5ljmcAgOo"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
cf-ray
5904d5adb98d05dc-FRA
additional-methods.min.js
cdn.jsdelivr.net/jquery.validation/1.15.0/ 		17 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/jquery.validation/1.15.0/additional-methods.min.js
Requested by
Host: monthlysweeps.us
URL: https://monthlysweeps.us/go/to/3b1113/key/7c9dc394a01d23c336c384394b7048b1/aid/16884/s1/100596/?em=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5614 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
219324a6611109fcb8c440e9e38af1802240ee8f1453d557353cc20cdaaead6e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://monthlysweeps.us/go/to/3b1113/key/7c9dc394a01d23c336c384394b7048b1/aid/16884/s1/100596/?em=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 17:17:31 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
16452451
x-cache
HIT, HIT
status
200
strict-transport-security
max-age=31536000; includeSubDomains; preload
cf-request-id
0296e3e091000005dccd9d2200000001
x-served-by
cache-ams21038-AMS, cache-fra19129-FRA
timing-allow-origin
*
server
cloudflare
etag
W/"4547-g4rGbD7KxrYTawSb3Q4U8vAilSw"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
cf-ray
5904d5adb98f05dc-FRA
bootstrap-formhelpers.min.js
cdnjs.cloudflare.com/ajax/libs/bootstrap-formhelpers/2.3.0/js/ 		284 KB
70 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/bootstrap-formhelpers/2.3.0/js/bootstrap-formhelpers.min.js
Requested by
Host: monthlysweeps.us
URL: https://monthlysweeps.us/go/to/3b1113/key/7c9dc394a01d23c336c384394b7048b1/aid/16884/s1/100596/?em=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:84e5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1fb32ef65d7b57f33a43580329dbf6ee37beb5b4b64272a6a0d705ca9abf3484
Security Headers
Name Value
Strict-Transport-Security max-age=15780000; includeSubDomains

Request headers

Referer
https://monthlysweeps.us/go/to/3b1113/key/7c9dc394a01d23c336c384394b7048b1/aid/16884/s1/100596/?em=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 17:17:31 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
age
16450070
status
200
alt-svc
h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
cf-request-id
0296e3e0a20000c295851a0200000001
served-in-seconds
0.003
timing-allow-origin
*
last-modified
Thu, 17 May 2018 09:16:18 GMT
server
cloudflare
etag
W/"5afd4862-46f6d"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000; includeSubDomains
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
cf-ray
5904d5add9a6c295-FRA
expires
Wed, 28 Apr 2021 17:17:31 GMT
api.js
www.google.com/recaptcha/ 		708 B
572 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api.js?render=6LdnFqEUAAAAAFM5s_aRoZZO_zDhqoVv6uCdscQi
Requested by
Host: monthlysweeps.us
URL: https://monthlysweeps.us/go/to/3b1113/key/7c9dc394a01d23c336c384394b7048b1/aid/16884/s1/100596/?em=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:818::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
6b3264b67d7833cc0d04dd7d6a9fa13b8086e786a7f44230ecae7510bfea79fc
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://monthlysweeps.us/go/to/3b1113/key/7c9dc394a01d23c336c384394b7048b1/aid/16884/s1/100596/?em=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 17:17:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
status
200
cache-control
private, max-age=300
content-security-policy
frame-ancestors 'self'
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
477
x-xss-protection
1; mode=block
expires
Fri, 08 May 2020 17:17:31 GMT
datepicker.js
monthlysweeps.us/js/ 		17 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://monthlysweeps.us/js/datepicker.js
Requested by
Host: monthlysweeps.us
URL: https://monthlysweeps.us/go/to/3b1113/key/7c9dc394a01d23c336c384394b7048b1/aid/16884/s1/100596/?em=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::681b:9151 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6d41c10e9bae08259ba5b58757e8dbf6713dfa033fee3330ae37e85660c85726

Request headers

Referer
https://monthlysweeps.us/go/to/3b1113/key/7c9dc394a01d23c336c384394b7048b1/aid/16884/s1/100596/?em=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 17:17:31 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Tue, 13 Jun 2017 19:35:52 GMT
server
cloudflare
age
5360
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=14400
cf-ray
5904d5adbc482fa5-FRA
cf-request-id
0296e3e09100002fa507a9e200000001
site-141028.js
ads.pro-market.net/ads/scripts/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ads.pro-market.net/ads/scripts/site-141028.js
Requested by
Host: monthlysweeps.us
URL: https://monthlysweeps.us/go/to/3b1113/key/7c9dc394a01d23c336c384394b7048b1/aid/16884/s1/100596/?em=
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2.16.186.80 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
a2-16-186-80.deploy.static.akamaitechnologies.com
Software
nginx/1.0.15 /
Resource Hash
07f9667f25cfdb29c4bd56f3fc9d9f2fdc095ef87f0563b4f0bfc0dc66530b9a

Request headers

Referer
https://monthlysweeps.us/go/to/3b1113/key/7c9dc394a01d23c336c384394b7048b1/aid/16884/s1/100596/?em=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 08 May 2020 17:17:31 GMT
Content-Encoding
gzip
Last-Modified
Tue, 23 Jul 2019 13:39:45 GMT
Server
nginx/1.0.15
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
max-age=86400
Connection
keep-alive
Content-Length
1101
1047_bg.jpg
monthlysweeps.us/img/campaign/ 		127 KB
128 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://monthlysweeps.us/img/campaign/1047_bg.jpg
Requested by
Host: monthlysweeps.us
URL: https://monthlysweeps.us/go/to/3b1113/key/7c9dc394a01d23c336c384394b7048b1/aid/16884/s1/100596/?em=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::681b:9151 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
618d9e03c988132c3007fe6d14c5478a49d67c18c128d69d6eca18f10336b056

Request headers

Referer
https://monthlysweeps.us/go/to/3b1113/key/7c9dc394a01d23c336c384394b7048b1/aid/16884/s1/100596/?em=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 17:17:31 GMT
cf-cache-status
HIT
last-modified
Thu, 10 Aug 2017 17:17:02 GMT
server
cloudflare
age
2
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
status
200
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
5904d5ae0d5a2fa5-FRA
content-length
130427
cf-request-id
0296e3e0c800002fa507aac200000001
S6uyw4BMUTPHjx4wXiWtFCc.woff2
fonts.gstatic.com/s/lato/v16/ 		14 KB
14 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/lato/v16/S6uyw4BMUTPHjx4wXiWtFCc.woff2
Requested by
Host: monthlysweeps.us
URL: https://monthlysweeps.us/go/to/3b1113/key/7c9dc394a01d23c336c384394b7048b1/aid/16884/s1/100596/?em=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
036d841b132c14046e26d8f2da1bc634c6ad34885ed1295660694a91c98933a6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=Lato:400,700|Oswald:400,600,700
Origin
https://monthlysweeps.us

Response headers

date
Thu, 23 Apr 2020 17:39:17 GMT
x-content-type-options
nosniff
last-modified
Tue, 23 Jul 2019 03:45:55 GMT
server
sffe
age
1294694
status
200
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
14044
x-xss-protection
0
expires
Fri, 23 Apr 2021 17:39:17 GMT
TK3iWkUHHAIjg752GT8Gl-1PKw.woff2
fonts.gstatic.com/s/oswald/v31/ 		25 KB
25 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/oswald/v31/TK3iWkUHHAIjg752GT8Gl-1PKw.woff2
Requested by
Host: monthlysweeps.us
URL: https://monthlysweeps.us/go/to/3b1113/key/7c9dc394a01d23c336c384394b7048b1/aid/16884/s1/100596/?em=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e747521bc9729c30f06bda6471e77ad26ce0e05b104743e93fe14c8ef3b559a7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=Lato:400,700|Oswald:400,600,700
Origin
https://monthlysweeps.us

Response headers

date
Thu, 23 Apr 2020 17:39:05 GMT
x-content-type-options
nosniff
last-modified
Tue, 03 Mar 2020 00:19:42 GMT
server
sffe
age
1294706
status
200
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
25376
x-xss-protection
0
expires
Fri, 23 Apr 2021 17:39:05 GMT
S6u9w4BMUTPHh6UVSwiPGQ3q5d0.woff2
fonts.gstatic.com/s/lato/v16/ 		14 KB
14 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/lato/v16/S6u9w4BMUTPHh6UVSwiPGQ3q5d0.woff2
Requested by
Host: monthlysweeps.us
URL: https://monthlysweeps.us/go/to/3b1113/key/7c9dc394a01d23c336c384394b7048b1/aid/16884/s1/100596/?em=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9baad10e85c5be8d5697086479983b6b477197103bf8f0f11817b1bdfb9a7451
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=Lato:400,700|Oswald:400,600,700
Origin
https://monthlysweeps.us

Response headers

date
Wed, 06 May 2020 03:55:38 GMT
x-content-type-options
nosniff
last-modified
Tue, 23 Jul 2019 03:45:54 GMT
server
sffe
age
220913
status
200
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
14176
x-xss-protection
0
expires
Thu, 06 May 2021 03:55:38 GMT
recaptcha__en.js
www.gstatic.com/recaptcha/releases/-wV2EAWEOTlEtZh4vNQtn3H1/ 		298 KB
120 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/-wV2EAWEOTlEtZh4vNQtn3H1/recaptcha__en.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?render=6LdnFqEUAAAAAFM5s_aRoZZO_zDhqoVv6uCdscQi
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
10de7d69af358751d5f0146c012cf400cb2940c6dbdb7d624061e60914c48666
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://monthlysweeps.us/go/to/3b1113/key/7c9dc394a01d23c336c384394b7048b1/aid/16884/s1/100596/?em=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 04 May 2020 19:16:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 04 May 2020 04:09:11 GMT
server
sffe
age
338490
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=31536000
accept-ranges
bytes
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
123152
x-xss-protection
0
expires
Tue, 04 May 2021 19:16:01 GMT
engine
pbid.pro-market.net/ Frame 0FA1 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://pbid.pro-market.net/engine?site=141028;size=1x1;e=0;dt=0;category=i1kh9%3A%20%20vgmtitpkdexx1%20ts%20of%20ao%20bkt014%20b6f%20qki5b3ac1sidlblv26dbzwk9njgs38c9%202zd%209f074%200s%20i0jdiy%20%20fu%20-%20u6swgvn%20lferi6;kw=nq39re4%20tgqs%20%20gm8sx;rnd=(1588958251294)
Requested by
Host: ads.pro-market.net
URL: https://ads.pro-market.net/ads/scripts/site-141028.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:1901:0:8eee:: , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Apache-Coyote/1.1 /
Resource Hash

Request headers

:method
GET
:authority
pbid.pro-market.net
:scheme
https
:path
/engine?site=141028;size=1x1;e=0;dt=0;category=i1kh9%3A%20%20vgmtitpkdexx1%20ts%20of%20ao%20bkt014%20b6f%20qki5b3ac1sidlblv26dbzwk9njgs38c9%202zd%209f074%200s%20i0jdiy%20%20fu%20-%20u6swgvn%20lferi6;kw=nq39re4%20tgqs%20%20gm8sx;rnd=(1588958251294)
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://monthlysweeps.us/go/to/3b1113/key/7c9dc394a01d23c336c384394b7048b1/aid/16884/s1/100596/?em=
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://monthlysweeps.us/go/to/3b1113/key/7c9dc394a01d23c336c384394b7048b1/aid/16884/s1/100596/?em=

Response headers

status
200
server
Apache-Coyote/1.1
p3p
CP="NOI DSP COR NID CURa ADMo TAIa PSAo PSDo OUR SAMo BUS UNI PUR COM NAV INT DEM CNT STA PRE LOC"
anserver
gapp-eu-5.c.datonics-gcp-01.internal
set-cookie
anProfile="0+1+4=51+1d=2+1e=hetzner online ag+1f=1+1g=1+1j=1+1m=1+1o=5wyt+1u=91710+rs=s+rt=2A0104F8019254140000000000000002+rv=(2)+s0=(3k)+s2=(qa0w17)"; Domain=.pro-market.net; Max-Age=15552000; Path=/; Secure; SameSite=None;
pragma
no-cache
cache-control
no-cache, no-store, must-revalidate
expires
Mon, 1 Jan 1990 0:0:0 GMT
access-control-allow-origin
*
content-type
text/html
content-encoding
gzip
vary
Accept-Encoding
date
Fri, 08 May 2020 17:17:30 GMT
via
1.1 google
alt-svc
clear
GetPushScript
b7zuvcmijd.execute-api.us-east-1.amazonaws.com/prod/ 		2 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://b7zuvcmijd.execute-api.us-east-1.amazonaws.com/prod/GetPushScript?key=2Xa3N8H4tIMDq5DaLOjgimHq4HG8UhWO&domain=monthlysweeps.us
Requested by
Host: monthlysweeps.us
URL: https://monthlysweeps.us/go/to/3b1113/key/7c9dc394a01d23c336c384394b7048b1/aid/16884/s1/100596/?em=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.213.29.89 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-213-29-89.compute-1.amazonaws.com
Software
/
Resource Hash
90732a8c2078a3a4937aca66d545df8f07b1b388791f02cd2e3893417f0fe862

Request headers

Referer
https://monthlysweeps.us/go/to/3b1113/key/7c9dc394a01d23c336c384394b7048b1/aid/16884/s1/100596/?em=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 08 May 2020 17:17:31 GMT
x-amzn-requestid
f7e081e6-5a80-4efc-8bd1-3d1bbd009f3b
status
200
content-type
application/json
access-control-allow-origin
*
x-amzn-trace-id
Root=1-5eb5942b-29dee9ee649c7bc6465804ce;Sampled=0
x-amz-apigw-id
MOQW0G0RoAMFasg=
content-length
2182
analytics.js
www.google-analytics.com/ 		45 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: monthlysweeps.us
URL: https://monthlysweeps.us/go/to/3b1113/key/7c9dc394a01d23c336c384394b7048b1/aid/16884/s1/100596/?em=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
2f1fd973e6c48489ae07c467e3278635b856c698d1f502e06af3ab555937deac
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://monthlysweeps.us/go/to/3b1113/key/7c9dc394a01d23c336c384394b7048b1/aid/16884/s1/100596/?em=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 30 Apr 2020 21:54:13 GMT
server
Golfe2
age
2336
date
Fri, 08 May 2020 16:38:35 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18433
expires
Fri, 08 May 2020 18:38:35 GMT
anchor
www.google.com/recaptcha/api2/ Frame 2A49 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdnFqEUAAAAAFM5s_aRoZZO_zDhqoVv6uCdscQi&co=aHR0cHM6Ly9tb250aGx5c3dlZXBzLnVzOjQ0Mw..&hl=en&v=-wV2EAWEOTlEtZh4vNQtn3H1&size=invisible&cb=34eraham3s6s
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/-wV2EAWEOTlEtZh4vNQtn3H1/recaptcha__en.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:818::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-5uC80/poOejehmTy4kYzog' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
www.google.com
:scheme
https
:path
/recaptcha/api2/anchor?ar=1&k=6LdnFqEUAAAAAFM5s_aRoZZO_zDhqoVv6uCdscQi&co=aHR0cHM6Ly9tb250aGx5c3dlZXBzLnVzOjQ0Mw..&hl=en&v=-wV2EAWEOTlEtZh4vNQtn3H1&size=invisible&cb=34eraham3s6s
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://monthlysweeps.us/go/to/3b1113/key/7c9dc394a01d23c336c384394b7048b1/aid/16884/s1/100596/?em=
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://monthlysweeps.us/go/to/3b1113/key/7c9dc394a01d23c336c384394b7048b1/aid/16884/s1/100596/?em=

Response headers

status
200
content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
expires
Mon, 01 Jan 1990 00:00:00 GMT
date
Fri, 08 May 2020 17:17:31 GMT
content-security-policy
script-src 'report-sample' 'nonce-5uC80/poOejehmTy4kYzog' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
9308
server
GSE
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
collect
stats.g.doubleclick.net/r/
Redirect Chain
  • https://www.google-analytics.com/r/collect?v=1&_v=j82&a=1001196546&t=pageview&_s=1&dl=https%3A%2F%2Fmonthlysweeps.us%2Fgo%2Fto%2F3b1113%2Fkey%2F7c9dc394a01d23c336c384394b7048b1%2Faid%2F16884%2Fs1%2...
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-39232759-1&cid=440950798.1588958251&jid=598545505&_gid=547964341.1588958251&gjid=1164415418&_v=j82&z=2132600465
35 B
102 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-39232759-1&cid=440950798.1588958251&jid=598545505&_gid=547964341.1588958251&gjid=1164415418&_v=j82&z=2132600465
Requested by
Host: monthlysweeps.us
URL: https://monthlysweeps.us/go/to/3b1113/key/7c9dc394a01d23c336c384394b7048b1/aid/16884/s1/100596/?em=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c08::9d Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://monthlysweeps.us/go/to/3b1113/key/7c9dc394a01d23c336c384394b7048b1/aid/16884/s1/100596/?em=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Fri, 08 May 2020 17:17:31 GMT
status
200
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Fri, 08 May 2020 17:17:31 GMT
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
status
302
location
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-39232759-1&cid=440950798.1588958251&jid=598545505&_gid=547964341.1588958251&gjid=1164415418&_v=j82&z=2132600465
content-type
text/html; charset=UTF-8
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
417
expires
Fri, 01 Jan 1990 00:00:00 GMT
trackpush.min.js
s3.amazonaws.com/trackpush/ 		45 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s3.amazonaws.com/trackpush/trackpush.min.js
Requested by
Host: monthlysweeps.us
URL: https://monthlysweeps.us/go/to/3b1113/key/7c9dc394a01d23c336c384394b7048b1/aid/16884/s1/100596/?em=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.216.94.125 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-1.amazonaws.com
Software
AmazonS3 /
Resource Hash
fe1a1b5efd64f3415f3ce7a838f73c70cc23c70416f5a41951d21164473483c0

Request headers

Referer
https://monthlysweeps.us/go/to/3b1113/key/7c9dc394a01d23c336c384394b7048b1/aid/16884/s1/100596/?em=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 08 May 2020 17:17:32 GMT
Content-Encoding
gzip
Last-Modified
Fri, 01 May 2020 21:49:20 GMT
Server
AmazonS3
x-amz-request-id
D2F390B1164C1BFC
ETag
"4088bf34da3248b606697ab0f1712efd"
Content-Type
text/javascript
Cache-Control
max-age=86400
Accept-Ranges
bytes
Content-Length
12713
x-amz-id-2
Qrxov9Wj6oakIgsRuyqL6mpen5dUKy/WwVj+pdZu2fIdXCHyqqVPHKWEMHriC7b3DQd0QlXuX4U=

Verdicts & Comments Add Verdict or Comment

166 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate function| $ function| jQuery function| Popper object| bootstrap object| BFHCountriesList object| BFHCurrenciesList object| BFHMonthsList object| BFHDaysList number| BFHDayOfWeekStart object| BFHFontsList object| BFHFontSizesList object| BFHGoogleFontsList object| BFHLanguagesList object| BFHPhoneFormatList object| BFHStatesList string| BFHTimePickerDelimiter object| BFHTimePickerModes object| BFHTimezonesList object| ___grecaptcha_cfg object| grecaptcha boolean| __google_recaptcha_client string| pop string| url number| subid string| mobile_exists number| campaign_id string| cap_result function| is_valid_email_address function| resize function| onSubmit function| captcha number| dt function| encode function| removeRedandentCharsAndSpaces function| anMain function| _webpushLoaded string| GoogleAnalyticsObject function| ga object| recaptcha object| closure_lm_312351 object| google_tag_data object| gaplugins object| gaGlobal object| gaData object| _at undefined| _aimtellPushToken boolean| _aimtellRanScript undefined| _aimtellSubscriberID undefined| _aimtellRefreshResult string| _aimtellAPI boolean| _aimtellSWInitiated boolean| _aimtellNewSubscriberID number| _aimtellVersion object| _aimtellDebugQueue number| _aimtellDebugQueueActive boolean| _aimtellPrompted number| _aimtellCacheBuster string| _aimtellUserDefinedWorker object| _aimtellWebsiteConfiguration object| _aimtellFunnelPixel undefined| trackData undefined| _aimtellTrackData object| _aimtellPageLoadAttributes undefined| _aimtellDebug undefined| aimtellDebugBox function| _aimtellDeferred function| _aimtellGetUrlVars function| _aimtellGetDeviceType function| _aimtellGetPageDetails function| _aimtellLoadBeacon function| _aimtellCrossDomainSubscriberID function| _aimtellGetReferrer function| _aimtellGetLanguage function| _aimtellAbandonedFunnel function| _aimtellAbandonPage function| _aimtellGetResolution function| _aimtellGetBrowserInfo function| _aimtellGetSystemInfo function| _aimtellDebugger function| _aimtellDebugQueueProcess function| _aimtellLogDebug function| _aimtellInitialize function| _aimtellEnablePageDelayPrompt function| _aimtellEnableScrollDelayPrompt function| _aimtellEnableSecondsDelayPrompt function| _aimtellGetSiteConfig function| _aimtellGetPercentageScrolled function| _aimtellLoadPrompt function| _aimtellPromptApprove function| _aimtellPromptDeny function| _aimtellPromptCancel function| _aimtellGetSubscriberID function| _aimtellIsNewData function| _aimtellTrack function| _aimtellAppendManifestHeader function| _aimtellGetManifestLocation function| _aimtellGetWebsiteConfiguration function| _aimtellGetGCMID function| _aimtellLogError function| _aimtellGetSubscriberIDFromToken function| _aimtellGetSubscriberAttributes function| _aimtellGenerateID function| _aimtellGetCookie function| _aimtellSetCookie function| _aimtellDeleteCookie function| _aimtellHashString function| _aimtellTrackAttributes function| _aimtellForcePrompt function| _aimtellPrompt function| _aimtellAlias function| _aimtellTrackEvent function| _aimtellAbandonedCart function| _aimtellTc undefined| webURL undefined| logid undefined| subscriber_uid function| _aimtellGetPushToken function| _aimtellSupportsPush function| _aimtellCheckHTTPS function| _aimtellListener function| _webpushCheckPermissions function| _webpushSupportsPush function| _webpushPrompt function| _webpushRunNative function| _webpushGetSubscriberIDFromToken function| _webpushTrackAttributes function| _webpushGetToken function| _webpushTrackEvent function| _webpushGetSubscriberID function| _aimtellCheckPermissions function| _aimtellRunNative function| _aimtellSafariRun function| _aimtellDelWidgetNotification function| _aimtellDelAllWidgetNotification function| _aimtellCheckNotificationRemaining function| _aimtellClickedNotification function| _aimtellShowNotificationCenter function| _aimtellHideNotificationCenter function| _aimtellAppendNotification function| _aimtellShowNoNotifications function| _aimtellShowNotSubscribed function| _aimtellLaunchNotificationCenter function| _aimtellGetWidgetNotifications function| _aimtellFillNotifications function| _aimtellWidgetPermissionGrantedCallback function| _aimtellPermissionDeniedCallbacks function| _aimtellPermissionIgnoredCallbacks function| _aimtellWebhook function| _aimtellPermissionGrantedCallbacks function| _aimtellSubscribe function| _aimtellUrlBase64ToUint8Array function| _aimtellExtractSubscriptionId function| _aimtellSendSubscriptionToServer function| _aimtellAmplifySubscriberWorkerData function| _aimtellRegisterWorker function| _aimtellValidateWorker function| _aimtellSendWorkerMessage function| _aimtellLoadIntegrations function| _aimtellLoad function| _aimtellProcessQueue function| _aimtellCheckConflictWorker function| _aimtellForceRefreshSW function| _aimtellPermissionGranted function| _aimtellReady

6 Cookies

Domain/Path Name / Value
.pro-market.net/ Name: anProfile
Value: "0+1+4=51+1d=2+1e=hetzner online ag+1f=1+1g=1+1j=1+1m=1+1o=5wyt+1u=91710+rs=s+rt=2A0104F8019254140000000000000002+rv=(2)+s0=(3k)+s2=(qa0w17)"
.monthlysweeps.us/ Name: _gat
Value: 1
.monthlysweeps.us/ Name: _gid
Value: GA1.2.547964341.1588958251
.monthlysweeps.us/ Name: _ga
Value: GA1.2.440950798.1588958251
monthlysweeps.us/ Name: rpsession
Value: DG5VZF4xWzNWKAggUjECN1BpUDsAcQcgA2IJfAF0VzlTO1Y%2FXlQDbFUyVn8LawYnV2hdNVU%2BVWtQewA0VzdQMwdmVTFUZgAwB2EDMgUzVGUMbVVoXmZbMFZiCGBSaQI%2BUG9QMQA2B2ADPglpATJXNFNgVjdeaAM1VWJWfwtrBidXaF03VTxVa1B7ADhXdFBbB2JVN1Q2AHUHZQN3BSNUcAw0VS1eP1s4VmYIaVIpAjRQbFAxAH0HYgMzCTkBKVdiU2VWaF4lAzRVb1ZoC3IGb1chXTxVPVVhUGMAc1dxUHcHZlUhVA0AZgdnA2EFPlQmDC1VZV52WzNWYghhUjsCPFB7UEwAPAcpA24JYwFrVzFTe1ZkXiUDNVV2VnULHQY1VzFdb1ViVSVQNgAiV2xQPwcjVRpUPABzB2UDaAVwVB8MblU9XiVbRlYACHNSUwImUGhQMQAMB2IDMwlQATJXeVN0VhBeewN1VTpWOAsHBjFXMF1NVWVVJVB2AGRXN1AzBy1VYFRkACcHKANPBRhUBgxCVRJeKVspVj8IOlJgAmNQeVBGADYHMANsCWABLldwUxdWOV55A2pVO1Y4C38GY1dmXShVPFV%2FUGoAZlc2UD0HLVViVGQAPgcgA1cFMVQ0DG5VLF5sWyZWZghgUjwCKFBqUCMAaAcgAz0JPgE0V2pTdlY9XmoDdlUiVgILMQY3VyZdb1V6VThQLQAoVyZQPwdqVWlUYwAyBzgDPAVpVGcMN1VsXjBbOVZoCC4%3D
.monthlysweeps.us/ Name: __cfduid
Value: d874e2ca7ef83e9af17317d647d1c44541588958250

1 Console Messages

Source Level URL
Text
console-api error URL: https://s3.amazonaws.com/trackpush/trackpush.min.js(Line 1)
Message:
[aimtell] Browser does not support push

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ads.pro-market.net
amclicks.com
b7zuvcmijd.execute-api.us-east-1.amazonaws.com
cdn.jsdelivr.net
cdnjs.cloudflare.com
code.jquery.com
deprooms-immusteam.icu
fonts.googleapis.com
fonts.gstatic.com
megatrackings.com
monthlysweeps.us
pbid.pro-market.net
s3.amazonaws.com
stackpath.bootstrapcdn.com
stats.g.doubleclick.net
thekorsbag.info
www.google-analytics.com
www.google.com
www.gstatic.com
www.rewardingpromos.com
162.255.119.180
18.195.30.247
2.16.186.80
2001:4de0:ac19::1:b:1b
2001:4de0:ac19::1:b:3a
2600:1901:0:8eee::
2606:4700:3032::681c:1054
2606:4700:3035::6812:39a9
2606:4700:3036::681b:9151
2606:4700::6810:5614
2606:4700::6810:84e5
2a00:1450:4001:809::200e
2a00:1450:4001:814::200a
2a00:1450:4001:818::2004
2a00:1450:4001:81e::2003
2a00:1450:4001:825::2003
2a00:1450:400c:c08::9d
3.213.29.89
52.216.94.125
52.7.49.177
02835066969199e9924f1332f7172a5d7e552f023a20c3d8ba03bb6c51ce5be5
036d841b132c14046e26d8f2da1bc634c6ad34885ed1295660694a91c98933a6
07f9667f25cfdb29c4bd56f3fc9d9f2fdc095ef87f0563b4f0bfc0dc66530b9a
091a6575c7efe80624d5054b93b61cd16e00398e10c495511c1af7dc063e882a
0bca10549df770ab6790046799e5a9e920c286453ebbb2afb0d3055339245339
10de7d69af358751d5f0146c012cf400cb2940c6dbdb7d624061e60914c48666
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
1fb32ef65d7b57f33a43580329dbf6ee37beb5b4b64272a6a0d705ca9abf3484
219324a6611109fcb8c440e9e38af1802240ee8f1453d557353cc20cdaaead6e
21d604157f25fbbb2b4053003401957d7a83bcce5cd509efbc583b6fbf005a2b
2f1fd973e6c48489ae07c467e3278635b856c698d1f502e06af3ab555937deac
2f21641b37bedebc84cc798eca1b80d9649cb4c23a1831659cd77c3660f873ae
34959e43e6ecf368807a84f92ad9aa6e2dcd5f0c5c1e57da55e8f3248d9d9255
5e705a3399b6e9ce9af74d4259ec2b3d400de7f2d7364833dbb66bd7de6c122e
618d9e03c988132c3007fe6d14c5478a49d67c18c128d69d6eca18f10336b056
6b3264b67d7833cc0d04dd7d6a9fa13b8086e786a7f44230ecae7510bfea79fc
6c21621aeb7ad165ee758074b65bbf2fa35498a74320a940c52a3208375ef26d
6d41c10e9bae08259ba5b58757e8dbf6713dfa033fee3330ae37e85660c85726
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
90732a8c2078a3a4937aca66d545df8f07b1b388791f02cd2e3893417f0fe862
9baad10e85c5be8d5697086479983b6b477197103bf8f0f11817b1bdfb9a7451
a054c74e226636367c73942dd195c9bfb24d14071111f801af38a66bfdab48ad
aa1d80cdf0990e97a21069ab16c048ef90a35df1165b87d19accabd7c4edc860
afbc2f9fe529022b98f966b254c8d3173a40998fdd01ee3739df99a8a3169a0b
c628c1b8b21bd6fcf57ce92c446d0c6e23bdc3468a6af8ef6be65ce3a6267e33
e747521bc9729c30f06bda6471e77ad26ce0e05b104743e93fe14c8ef3b559a7
eeddfa6ba9a322bb355e1e82b84fef33fcb608779f309963309934546a7258b8
fe1a1b5efd64f3415f3ce7a838f73c70cc23c70416f5a41951d21164473483c0