Overview

URLguttersunlimited.com/
IP 72.52.179.174 (United States)
ASN#32244 LIQUIDWEB
UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Report completed2022-11-26 11:48:15 UTC
StatusLoading report..
IDS alerts0
Blocklist alert1
urlquery alerts No alerts detected
Tags None

Domain Summary (17)

Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
ayxvy.voluumtrk3.com (1) 0 2022-08-24 08:32:33 UTC 2022-11-26 11:48:06 UTC 35.156.91.109 Domain (voluumtrk3.com) ranked at: 185763
firefox.settings.services.mozilla.com (2) 867 2020-06-04 20:08:41 UTC 2022-11-26 05:33:20 UTC 34.102.187.140
content-signature-2.cdn.mozilla.net (1) 1152 No data No data 34.160.144.191
push.services.mozilla.com (1) 2140 2014-10-24 08:27:06 UTC 2020-05-03 10:09:39 UTC 52.89.217.163
gaut-hil.com (3) 342928 2020-07-09 20:17:47 UTC 2022-11-26 05:47:57 UTC 3.208.247.235
fonts.gstatic.com (1) 0 2014-09-09 00:40:21 UTC 2022-11-26 10:10:14 UTC 216.58.207.195 Domain (gstatic.com) ranked at: 540
r3.o.lencr.org (8) 344 No data No data 23.36.77.32
ocsp.sca1b.amazontrust.com (2) 1015 2017-03-03 15:20:51 UTC 2019-03-27 04:05:54 UTC 54.230.245.110
fonts.googleapis.com (1) 8877 2013-06-10 20:14:26 UTC 2022-11-26 07:22:52 UTC 142.250.74.10
img-getpocket.cdn.mozilla.net (4) 1631 2018-06-21 23:36:00 UTC 2020-02-19 04:43:25 UTC 34.120.237.76
thetakebestbonus.life (24) 0 2022-11-10 04:25:02 UTC 2022-11-26 11:48:06 UTC 194.87.208.61 Unknown ranking
ocsp.pki.goog (3) 175 2018-07-01 06:43:07 UTC 2020-05-02 20:58:16 UTC 142.250.74.35
confdatabase.com (1) 0 2021-07-04 17:08:53 UTC 2022-11-26 09:52:55 UTC 5.8.45.62 Unknown ranking
www.gstatic.com (2) 0 2016-07-26 09:37:06 UTC 2022-11-26 09:57:59 UTC 142.250.74.163 Domain (gstatic.com) ranked at: 540
ocsp.digicert.com (2) 86 2012-05-21 07:02:23 UTC 2020-05-02 20:58:10 UTC 93.184.220.29
contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-11-26 05:33:16 UTC 34.117.237.239
guttersunlimited.com (2) 0 2015-02-28 23:07:21 UTC 2019-02-19 05:36:15 UTC 72.52.179.174 Unknown ranking

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro
 No alerts detected

Blocklists

OpenPhish
 No alerts detected

PhishTank
 No alerts detected

Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-11-26 2 guttersunlimited.com/ Malware

mnemonic secure dns
 No alerts detected

Quad9 DNS
 No alerts detected


Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 72.52.179.174
Date UQ / IDS / BL URL IP
2023-02-04 05:15:43 +0000 0 - 0 - 7 qrfmmrsrwm.jiu-jitsu.art/ 72.52.179.174
2023-02-04 04:03:22 +0000 0 - 4 - 5 clcb.flu.cc/ml/vrs/slybro2/lok/panel/PvqDq929 (...) 72.52.179.174
2023-02-04 03:51:54 +0000 0 - 2 - 4 bello.flu.cc/ml/vrs/sly5/pny/panel/admin.php 72.52.179.174
2023-02-03 12:20:41 +0000 0 - 0 - 1 q5.hp1001.com/list/4-4223 72.52.179.174
2023-02-03 09:26:04 +0000 0 - 0 - 2 t63lf.hp1001.com/show/8_0584.html 72.52.179.174


Last 5 reports on ASN: LIQUIDWEB
Date UQ / IDS / BL URL IP
2023-02-05 00:09:44 +0000 0 - 1 - 0 fetchbeta.gunbound.ph/fetch/fetch.dll?400&400 69.16.231.59
2023-02-04 23:54:07 +0000 0 - 0 - 33 maria.susypro.com/ 50.28.1.43
2023-02-04 23:52:28 +0000 0 - 0 - 1 tbettertrk.com/?shelltrx.com/?a=1050&c=49705& (...) 67.225.191.58
2023-02-04 23:52:16 +0000 0 - 0 - 1 tbettertrk.com/?shelltrx.com/?a=1050&c=49705& (...) 67.225.191.58
2023-02-04 20:14:07 +0000 0 - 2 - 2 hotbloggerslab.usa.cc/build/wp-content/upload (...) 69.16.231.57


Last 1 reports on domain: guttersunlimited.com
Date UQ / IDS / BL URL IP
2022-11-26 11:48:15 +0000 0 - 0 - 1 guttersunlimited.com/ 72.52.179.174


No other reports with similar screenshot

JavaScript

Executed Scripts (22)

Executed Evals (0)

Executed Writes (0)


HTTP Transactions (59)


Request Response
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "164D11173045B569CAFB32E300E4C1EC6D6AB177FD34D0414CC40C541268779F"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2638
Expires: Sat, 26 Nov 2022 12:32:02 GMT
Date: Sat, 26 Nov 2022 11:48:04 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 1495
Cache-Control: max-age=169679
Date: Sat, 26 Nov 2022 11:48:04 GMT
Etag: "6381eaec-1d7"
Expires: Mon, 28 Nov 2022 10:56:03 GMT
Last-Modified: Sat, 26 Nov 2022 10:31:08 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Length, Alert, Backoff, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 26 Nov 2022 11:19:13 GMT
cache-control: public,max-age=3600
age: 1731
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    4d7e4eed097b9c4e5d509419f1cfc85a
Sha1:   290bb3d428a7c6330e2e3d73a952b16f820896c8
Sha256: 0dc9ca0f57af15adcd416035e92794711434e3d53a1feff21d8481d6d500986c
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "C9951A909F354174F0075A01C01C3C3AA6960983040E328BFBBBEA81AEB405C2"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5302
Expires: Sat, 26 Nov 2022 13:16:26 GMT
Date: Sat, 26 Nov 2022 11:48:04 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: tRhCbmowvKz1+J1G3YAegasG+TmATYgjMRRCfXXZpf7/tN41RMx4iwlUyBWM+b2610U2HJ/u180=
x-amz-request-id: 5TNSCRS0AE8HQDRY
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 26 Nov 2022 11:41:11 GMT
age: 413
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    9ebddc2b260d081ebbefee47c037cb28
Sha1:   492bad62a7ca6a74738921ef5ae6f0be5edebf39
Sha256: 74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Sat, 26 Nov 2022 11:48:04 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Backoff, Pragma, Alert, Content-Type, ETag, Retry-After, Last-Modified, Content-Length, Cache-Control, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 26 Nov 2022 11:11:12 GMT
cache-control: public,max-age=3600
age: 2212
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 4136
Cache-Control: max-age=167262
Date: Sat, 26 Nov 2022 11:48:05 GMT
Etag: "6381d72b-1d7"
Expires: Mon, 28 Nov 2022 10:15:47 GMT
Last-Modified: Sat, 26 Nov 2022 09:06:51 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: hhGivoR4ndBnK+RXohUIsA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

search
                                         52.89.217.163
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: dEj2leNpZ2zknTQb1rnIU8oIzpA=

                                        
                                            GET / HTTP/1.1 
Host: guttersunlimited.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         72.52.179.174
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Date: Sat, 26 Nov 2022 11:48:04 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9
X-Powered-By: PHP/5.4.16
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (620)
Size:   2236
Md5:    62952ac1a9a1934d0c44561ee726b64f
Sha1:   f959f2032fa97156f4cacdfe1810924b609b87fc
Sha256: 220bdcb7d17c10566e74ce8849cc3cd4fb00171ea04182c6f938763f382c941e

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /page/bouncy.php?&bpae=GbhGtKcGvUxz97vv%2FSo0RFQiPTa8ejG7YcE0Bklko3rZpORhAJ2JTV6SYPhqHF9aLgXSas8STlZwICj%2B863nP2887GIsYJKI3VfZBWF44kjqWy2ZIiJzFNlhlTsGOyD8Qi51FqAKKsAvAfeuprc31qH%2BmPHvSMcPB25v7eHr3MMOwx81VJ6sejl7AMTjfkszuHRBdYRsEd3LlGwpMSFQrAv1ngUpMEHcbgzq0FDK4k14oVjl07nXeJeF4Wc5EGiun9WLDzFIwl2%2BiYuB77sEiBgRhLJzgezjbX1yYE7t7rKOu5Zp5jrxSeRpDVPxbuUYqgQPLNK0mR0f1M9H4ArySXeROXBi6bfi1gOvi9nw0RdjtoXJBhzJu4X65lSSi%2F3IRTGWv6UBiFx%2FrlCPicd5F95dTSJF2fXSXtlRIJ0M66GhBY8TgAEBH%2BcNKtPx9c0pSa2TbCb9NqT3WftPpaSc8GvOADBF0KCw97LCajZ3RDVFOraZXPUDVJVr0P2ZOErSwMT1&redirectType=js&inIframe=false&inPopUp=false HTTP/1.1 
Host: guttersunlimited.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://guttersunlimited.com/
Upgrade-Insecure-Requests: 1

search
                                         72.52.179.174
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Date: Sat, 26 Nov 2022 11:48:05 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9
X-Powered-By: PHP/5.4.16
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text
Size:   982
Md5:    4fc702ade620018f547500e4ffca3dff
Sha1:   f904a01223addf1bbfaf7da20d3d9d4ccc672496
Sha256: 861a2a1313ffd9407722ec63b33855aa8b75004b6767ddd978c2712e0d7ac8fc
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         54.230.245.110
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=88925
Date: Sat, 26 Nov 2022 11:48:06 GMT
Etag: "6380a348-1d7"
Expires: Sun, 27 Nov 2022 12:30:11 GMT
Last-Modified: Fri, 25 Nov 2022 11:13:12 GMT
Server: ECS (bsa/EB21)
X-Cache: Miss from cloudfront
Via: 1.1 60929bddfcfe8b3a510a9502ad6d8742.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: o6K6gvjpxZBzj8ejqBq-ndCPuvicLrhValQqKnS-PnlqZOjwHrVuhQ==
Age: 4619

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4681
Expires: Sat, 26 Nov 2022 13:06:07 GMT
Date: Sat, 26 Nov 2022 11:48:06 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4681
Expires: Sat, 26 Nov 2022 13:06:07 GMT
Date: Sat, 26 Nov 2022 11:48:06 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4681
Expires: Sat, 26 Nov 2022 13:06:07 GMT
Date: Sat, 26 Nov 2022 11:48:06 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4681
Expires: Sat, 26 Nov 2022 13:06:07 GMT
Date: Sat, 26 Nov 2022 11:48:06 GMT
Connection: keep-alive

                                        
                                            GET /zcredirect?visitid=2fea9e62-6d80-11ed-b594-1251e1cda939&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false HTTP/1.1 
Host: gaut-hil.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gaut-hil.com/zcvisitor/2fea9e62-6d80-11ed-b594-1251e1cda939/c48f16c0-a519-11ec-9226-0a76dcc61f13?campaignid=58a93170-2381-11ed-8e1b-0a918cbcbb97
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         3.208.247.235
HTTP/2 200 OK
content-type: text/html;charset=UTF-8
                                        
date: Sat, 26 Nov 2022 11:48:06 GMT
cache-control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-webkit-csp: default-src 'self'; script-src 'self' 'unsafe-inline'
access-control-allow-origin: *
access-control-allow-methods: GET,POST,OPTIONS
access-control-allow-headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
redirected: JS
server: QOmeMSPK
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   5021
Md5:    d7c2eba7da7e49dd81b5a0edd3656868
Sha1:   a4249d2c96a4c1cb1df53799f727d2340487b111
Sha256: 191b88b956046004485a51554f8d45c44d9f89540c422397f812b058726fdc39
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F34ec689c-96b7-450b-b77e-e0ecb4d89c3c.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 9049
x-amzn-requestid: 6cbd9639-c29d-4ff4-8091-3168f64f4c78
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cLVVGHzKoAMFSuA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638135ba-100ea4235fdf1df8491041c8;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 21:38:02 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: OJZkZ18TlSgdBWsmSroQPIcYIvBFvz5-7hu9_GravTcz6zqxKXHZrg==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 21:43:36 GMT
age: 50670
etag: "3d32bff85cb7ec118c4496d0c3802829fdc9af3b"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9049
Md5:    c8dc4b8a7e9f7f4f84f0da568b43392b
Sha1:   3d32bff85cb7ec118c4496d0c3802829fdc9af3b
Sha256: 4b0ffde427085c796a7a5823604b29a4af43dbb93e99ec41f34feb37f52ac7d9
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc537c2d0-d011-4ed0-a5d4-5f5d2190c49b.webp HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 4366
x-amzn-requestid: ce25f5ab-0c92-431e-ae4e-618829594a74
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cLVNZFjHoAMFXLg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63813588-6a3a8dff70e717011e3a0606;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 21:37:12 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 75AMMfa7oq0Y51YPEC_FEDOoNVc9cgfjg9bOSOXwikONPdhW7OG3uQ==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 4f3feb5c4393987d42d1971d404d7cea.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 21:48:10 GMT
age: 50396
etag: "8665e5f3026f2c2b9505eb139c478f4d359851c3"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   4366
Md5:    abd79421a3c44a8df11ad2cc50083309
Sha1:   8665e5f3026f2c2b9505eb139c478f4d359851c3
Sha256: 3a66b00498fa1322730705b1c4502614b5a520ac3f884f494d65e27a5bb62c3f
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf04cc9f-ee4b-42fd-914f-cd86b9dc30eb.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 3502
x-amzn-requestid: ca3f2610-e03c-48a7-abb3-fbbab76f63d2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cCvYUHO5IAMFqDA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637dc5ce-7e36137711dc4668278c1c94;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 07:03:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: QS3ZKYetcm87GNwSr34eRPF2d4r8ppwf3fT19aV-u84f7ObX4bU8wQ==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 07:13:26 GMT
age: 16480
etag: "61f9bed607e81606be78285596acdc5e0e4f4994"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   3502
Md5:    a783df85f30f9c555f9df6b99f61744d
Sha1:   61f9bed607e81606be78285596acdc5e0e4f4994
Sha256: 19db42201d0fa059f680d890ede6683c04e893e6308a2256d0203f826a7f34de
                                        
                                            GET /zcvisitor/2fea9e62-6d80-11ed-b594-1251e1cda939/c48f16c0-a519-11ec-9226-0a76dcc61f13?campaignid=58a93170-2381-11ed-8e1b-0a918cbcbb97 HTTP/1.1 
Host: gaut-hil.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://guttersunlimited.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

search
                                         3.208.247.235
HTTP/2 200 OK
content-type: text/html;charset=UTF-8
                                        
date: Sat, 26 Nov 2022 11:48:06 GMT
cache-control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-webkit-csp: default-src 'self'; script-src 'self' 'unsafe-inline'
access-control-allow-origin: *
access-control-allow-methods: GET,POST,OPTIONS
access-control-allow-headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
server: xDYLqknZ
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   10885
Md5:    45aacc74a0a7922f322e86fe4c8d66ce
Sha1:   d1c37b0f80ac82c1faf7ba18c07207600b159fe2
Sha256: b03537b886b3ebfb80688ce1ab0efd610d22ef01ab234912ecd9c03e9db4e4f1
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffc791f23-9e0d-4ffd-991b-9c697774e053.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 14128
x-amzn-requestid: ac7d027c-55fe-479d-a5ca-baa09eabebea
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cLUgEEXSIAMFzmA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63813466-061f1c9c36d007347d0c1302;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 21:32:22 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: QSNpiUlg-IP41ezykW8i6qiDO9pXaopLa5Wnc_UtWP5AR5jJNbHywQ==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 22:02:02 GMT
age: 49564
etag: "ab196fcf5ef72cd13d1f8f370039258b963834ba"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   14128
Md5:    e0174b63e0e8e8184799bedd77c7ca5f
Sha1:   ab196fcf5ef72cd13d1f8f370039258b963834ba
Sha256: ffb99678ae74f059a66aaf5097b1c4b659519012f137b40a644ded7a3c524623
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: gaut-hil.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gaut-hil.com/zcredirect?visitid=2fea9e62-6d80-11ed-b594-1251e1cda939&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         3.208.247.235
HTTP/2 404 Not Found
content-type: text/html;charset=utf-8
                                        
date: Sat, 26 Nov 2022 11:48:06 GMT
content-length: 653
cache-control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-webkit-csp: default-src 'self'; script-src 'self' 'unsafe-inline'
content-language: en
server: bhxoNhSG
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (649), with no line terminators
Size:   653
Md5:    ba2732b1b2fa2626ffaa15f62f9e7d66
Sha1:   203d4e7fbb1d80449d6e4e1f3ae7a9bf8625debe
Sha256: 879861cb72fe9fbb476dab246021c4c83b4066327de2529e05ec54d3afb0a1c8
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         54.230.245.110
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=125344
Date: Sat, 26 Nov 2022 11:48:06 GMT
Etag: "63814396-1d7"
Expires: Sun, 27 Nov 2022 22:37:10 GMT
Last-Modified: Fri, 25 Nov 2022 22:37:10 GMT
Server: nginx
X-Cache: Miss from cloudfront
Via: 1.1 60929bddfcfe8b3a510a9502ad6d8742.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: DB3dS949iy76AMS1BQms6VgndAk6Vo9H82CYwdgqPq3MEF_lGcGUdw==

                                        
                                            GET /zp-redirect?target=https%3A%2F%2Fthetakebestbonus.life%2F%3Fu%3Dxunwwwr%26o%3Db0hp0zn%26cid%3Dw9k68vumpk8u8bok2j8m351i&caid=c3ff4655-a271-48ad-90d6-849e63bfb180&zpid=2fea9e62-6d80-11ed-b594-1251e1cda939&cid=w9k68vumpk8u8bok2j8m351i&rt=R HTTP/1.1 
Host: ayxvy.voluumtrk3.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gaut-hil.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

search
                                         35.156.91.109
HTTP/2 302 Found
                                        
date: Sat, 26 Nov 2022 11:48:06 GMT
content-length: 0
location: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9k68vumpk8u8bok2j8m351i
cache-control: no-store, no-cache, pre-check=0, post-check=0
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
set-cookie: voluum-cid-v4=%7B%22cid%22%3A%22w9k68vumpk8u8bok2j8m351i%22%2C%22caid%22%3A%22c3ff4655-a271-48ad-90d6-849e63bfb180%22%7D; Max-Age=31536000; Expires=Sun, 26-Nov-2023 11:48:06 GMT; Domain=ayxvy.voluumtrk3.com; Path=/; Secure; HttpOnly;SameSite=None
server: nginx
X-Firefox-Spdy: h2

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "10DC197B7FACE579CDEE803F0F7D21F05D252E608EA5B029ED7C64482D20CDFB"
Last-Modified: Sat, 26 Nov 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18241
Expires: Sat, 26 Nov 2022 16:52:08 GMT
Date: Sat, 26 Nov 2022 11:48:07 GMT
Connection: keep-alive

                                        
                                            GET /?u=xunwwwr&o=b0hp0zn&cid=w9k68vumpk8u8bok2j8m351i HTTP/1.1 
Host: thetakebestbonus.life
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gaut-hil.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

search
                                         194.87.208.61
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Server: nginx
Date: Sat, 26 Nov 2022 11:48:07 GMT
Content-Length: 10238
Connection: keep-alive
set-cookie: sid=t2~lkp4cukonsub12jtiayns5rv; path=/
cache-control: private, no-transform


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (531), with CRLF, LF line terminators
Size:   10238
Md5:    449dc2544ff7c65b812ef567b20a6d8a
Sha1:   c5b9719349dc9b800c09605e99686087dc219c6e
Sha256: 15c10c8438a4dce52fd099cbd604563924bdd120e28661955d56ab041e8081b7
                                        
                                            GET /media/gambling/en/slots/1.css HTTP/1.1 
Host: thetakebestbonus.life
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9k68vumpk8u8bok2j8m351i
Cookie: sid=t2~lkp4cukonsub12jtiayns5rv
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         194.87.208.61
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Server: nginx
Date: Sat, 26 Nov 2022 11:48:07 GMT
Content-Length: 6256
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "b656c0486bf95fd37ee4a009f141278a"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172B1EADFA9D5DD4
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Sun, 26 Nov 2023 11:48:07 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII text, with very long lines (6256), with no line terminators
Size:   6256
Md5:    b656c0486bf95fd37ee4a009f141278a
Sha1:   d8f1d5378ea9c9898ba44ba5050ddec6b3b0f32c
Sha256: 828198fdc48d7e5d04252b756694a5393cd457724cb09c47b20913ac3d9ca896
                                        
                                            GET /media/gambling/en/slots/style1.css HTTP/1.1 
Host: thetakebestbonus.life
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9k68vumpk8u8bok2j8m351i
Cookie: sid=t2~lkp4cukonsub12jtiayns5rv
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         194.87.208.61
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Server: nginx
Date: Sat, 26 Nov 2022 11:48:07 GMT
Content-Length: 12064
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "9e8e1b97fb35ea366e6fee346ab90803"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172B1FD430D5AE8D
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Sun, 26 Nov 2023 11:48:07 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII text, with very long lines (12064), with no line terminators
Size:   12064
Md5:    9e8e1b97fb35ea366e6fee346ab90803
Sha1:   68e1efa4406e30e6deaeeb638f0b23313f507ffa
Sha256: a21b63c52a75717cc9d2ebc9cbd98a3df24bb5c01a4dc55ac6e41533e67c3316
                                        
                                            GET /cookie/js.cookie9.js HTTP/1.1 
Host: thetakebestbonus.life
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9k68vumpk8u8bok2j8m351i
Cookie: sid=t2~lkp4cukonsub12jtiayns5rv
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         194.87.208.61
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Sat, 26 Nov 2022 11:48:07 GMT
Content-Length: 4395
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "16e07bf02a8e81d2cd5679dc45cc318c"
Last-Modified: Wed, 31 Aug 2022 09:31:17 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172B1FC192584C1E
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Sun, 26 Nov 2023 11:48:07 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII text, with very long lines (1709)
Size:   4395
Md5:    16e07bf02a8e81d2cd5679dc45cc318c
Sha1:   7c205205935a3a56a8976b2ac648502b43103b5f
Sha256: 96e91577f6be403fc263780e07e6b7839373588026f793d2b4edd77dcbba871e
                                        
                                            GET /media/gambling/backbutton_gmb.js HTTP/1.1 
Host: thetakebestbonus.life
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9k68vumpk8u8bok2j8m351i
Cookie: sid=t2~lkp4cukonsub12jtiayns5rv
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         194.87.208.61
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Sat, 26 Nov 2022 11:48:07 GMT
Content-Length: 3923
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "42a42a2180debd55caba94527379964c"
Last-Modified: Wed, 31 Aug 2022 09:34:51 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172B1FC192A2CDD0
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Sun, 26 Nov 2023 11:48:07 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   3923
Md5:    42a42a2180debd55caba94527379964c
Sha1:   562c1754c94ce49326b0381805ee14d175487778
Sha256: 52afe26d88ec86edf4a46d872db86007597b8ff5f6d9e79e47c9e6b899d0b781
                                        
                                            GET /media/gambling/icon.js HTTP/1.1 
Host: thetakebestbonus.life
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9k68vumpk8u8bok2j8m351i
Cookie: sid=t2~lkp4cukonsub12jtiayns5rv
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         194.87.208.61
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Sat, 26 Nov 2022 11:48:07 GMT
Content-Length: 1580
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "2b25502a979c3b240fc77e52689e4c29"
Last-Modified: Wed, 31 Aug 2022 09:34:54 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172B1FC181BE1D20
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Sun, 26 Nov 2023 11:48:07 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   1580
Md5:    2b25502a979c3b240fc77e52689e4c29
Sha1:   790d306577b490abe99d88fb55bce2e815689843
Sha256: 328a90c5503266ebe4dda1e9c84558e62016811f112a159aecb36fc489563577
                                        
                                            GET /media/gambling/sound.js HTTP/1.1 
Host: thetakebestbonus.life
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9k68vumpk8u8bok2j8m351i
Cookie: sid=t2~lkp4cukonsub12jtiayns5rv
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         194.87.208.61
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Sat, 26 Nov 2022 11:48:07 GMT
Content-Length: 1083
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "3787b349cb8b744b6917fe43f96b1ccd"
Last-Modified: Wed, 31 Aug 2022 09:34:56 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172B1FC1829BD07B
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Sun, 26 Nov 2023 11:48:07 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   1083
Md5:    3787b349cb8b744b6917fe43f96b1ccd
Sha1:   ab26d82699a166f520a51f722bc6262ef1d5421f
Sha256: 8e4cbdda4f0a209714e470984de7250f946c3afd35ded05302ef431be048e918
                                        
                                            GET /util/utils-gmb.js HTTP/1.1 
Host: thetakebestbonus.life
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9k68vumpk8u8bok2j8m351i
Cookie: sid=t2~lkp4cukonsub12jtiayns5rv
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         194.87.208.61
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Sat, 26 Nov 2022 11:48:07 GMT
Content-Length: 4651
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "570df3f849036a1a4a75ca2a28047d36"
Last-Modified: Wed, 31 Aug 2022 09:38:20 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172B1FC1830A196A
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Sun, 26 Nov 2023 11:48:07 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII text, with very long lines (641), with CRLF line terminators
Size:   4651
Md5:    570df3f849036a1a4a75ca2a28047d36
Sha1:   f69147076e3912116a9765a2ed34afe3cae67978
Sha256: 221e1a80f62592306f7a357aa9ee1a43b32a10314f340b64604ca9d351cf33c4
                                        
                                            GET /media/gambling/en/slots/ProgressiveJackpotTicker.min.js HTTP/1.1 
Host: thetakebestbonus.life
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9k68vumpk8u8bok2j8m351i
Cookie: sid=t2~lkp4cukonsub12jtiayns5rv
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         194.87.208.61
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Sat, 26 Nov 2022 11:48:07 GMT
Content-Length: 4485
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "6a744bb584cab227b95c35c80a195cc3"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172B1FD44EBFEE76
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Sun, 26 Nov 2023 11:48:07 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes


--- Additional Info ---
Magic:  Unicode text, UTF-8 (with BOM) text, with very long lines (367), with CRLF line terminators
Size:   4485
Md5:    6a744bb584cab227b95c35c80a195cc3
Sha1:   4713e0d9b9a3fbc0e3f91973bd42b6f53b84863b
Sha256: 306f65d55609489da8a821f322fc186f8532c3b99e3d2543137a99c15296fcad
                                        
                                            GET /media/gambling/confetti.js HTTP/1.1 
Host: thetakebestbonus.life
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9k68vumpk8u8bok2j8m351i
Cookie: sid=t2~lkp4cukonsub12jtiayns5rv
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         194.87.208.61
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Sat, 26 Nov 2022 11:48:07 GMT
Content-Length: 3533
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "116c9460f5e882a7fcf4e837f7efc72a"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172B1FC192A3355F
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Sun, 26 Nov 2023 11:48:07 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII text, with very long lines (3533), with no line terminators
Size:   3533
Md5:    116c9460f5e882a7fcf4e837f7efc72a
Sha1:   13a88e74735d05985e5d07e8cbff716329f5d81c
Sha256: 651141c8290087af54c66793aa063ee5697661fb914925f56bd09390a2895ce4
                                        
                                            GET /media/mainstream/js1.js HTTP/1.1 
Host: thetakebestbonus.life
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9k68vumpk8u8bok2j8m351i
Cookie: sid=t2~lkp4cukonsub12jtiayns5rv
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         194.87.208.61
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Sat, 26 Nov 2022 11:48:07 GMT
Content-Length: 0
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "d41d8cd98f00b204e9800998ecf8427e"
Last-Modified: Wed, 31 Aug 2022 09:36:23 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172B1FD475507010
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Sun, 26 Nov 2023 11:48:07 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.35
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 26 Nov 2022 11:48:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /media/gambling/en/slots/overlay.png HTTP/1.1 
Host: thetakebestbonus.life
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9k68vumpk8u8bok2j8m351i
Cookie: sid=t2~lkp4cukonsub12jtiayns5rv
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         194.87.208.61
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: nginx
Date: Sat, 26 Nov 2022 11:48:07 GMT
Content-Length: 7028
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "6962c3265c90a29899d439a690d4cb9d"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172B1FD475F2D2D2
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Sun, 26 Nov 2023 11:48:07 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes


--- Additional Info ---
Magic:  PNG image data, 300 x 325, 8-bit colormap, non-interlaced\012- data
Size:   7028
Md5:    6962c3265c90a29899d439a690d4cb9d
Sha1:   f2deb87030b77ebd20ca9df3f09ee183725879af
Sha256: bb49a67a9e8ad4147e22deee3c4e5071f00be0d62251e4c57702dc14c23208af
                                        
                                            GET /media/gambling/en/slots/loader.gif HTTP/1.1 
Host: thetakebestbonus.life
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9k68vumpk8u8bok2j8m351i
Cookie: sid=t2~lkp4cukonsub12jtiayns5rv
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         194.87.208.61
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx
Date: Sat, 26 Nov 2022 11:48:07 GMT
Content-Length: 2892
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "35de537ece3bfee3ab3f7af4c19e2151"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172B1FD4815E73C5
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Sun, 26 Nov 2023 11:48:07 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes


--- Additional Info ---
Magic:  GIF image data, version 89a, 128 x 15\012- data
Size:   2892
Md5:    35de537ece3bfee3ab3f7af4c19e2151
Sha1:   9139201df5d36e1b2b9a8a6566683c95a49e0006
Sha256: 2a020670608060e8f05776815edaa0696f1dd553545ee49946e24be7741433f5
                                        
                                            GET /css?family=Roboto+Condensed HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.10
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 26 Nov 2022 11:48:07 GMT
date: Sat, 26 Nov 2022 11:48:07 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   1006
Md5:    3cf18fab33f673ef45dc131794dd3ffe
Sha1:   379cdeb41739da1bf112413094d0996aa96245c5
Sha256: 9ae6ca80531ca11bc5eb447bd73fda3e427d9975885ffc1d5dd501ba459d9dec
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.35
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 26 Nov 2022 11:48:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /util/pgamble.js?v=8 HTTP/1.1 
Host: thetakebestbonus.life
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9k68vumpk8u8bok2j8m351i
Cookie: sid=t2~lkp4cukonsub12jtiayns5rv
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         194.87.208.61
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Sat, 26 Nov 2022 11:48:07 GMT
Content-Length: 4237
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "c43bdd4ef0fd292dca304ff4c8f56058"
Last-Modified: Wed, 31 Aug 2022 09:38:18 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172B1FC1BDFD0645
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Sun, 26 Nov 2023 11:48:07 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII text, with very long lines (4237), with no line terminators
Size:   4237
Md5:    c43bdd4ef0fd292dca304ff4c8f56058
Sha1:   62ddd2026ea77bc7e7bc0c479ecd1b645a5f3b95
Sha256: 270f557d605568785502706a54f3c43811958ffae143753a6515aa2c8d95ae2a
                                        
                                            GET /media/gambling/en/slots/1.png HTTP/1.1 
Host: thetakebestbonus.life
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/media/gambling/en/slots/style1.css
Cookie: sid=t2~lkp4cukonsub12jtiayns5rv
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         194.87.208.61
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: nginx
Date: Sat, 26 Nov 2022 11:48:07 GMT
Content-Length: 13280
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "dea1959e9b62e2359fd3e3517b6c182d"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172B1FD47AB58B09
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Sun, 26 Nov 2023 11:48:07 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes


--- Additional Info ---
Magic:  PNG image data, 500 x 150, 8-bit colormap, non-interlaced\012- data
Size:   13280
Md5:    dea1959e9b62e2359fd3e3517b6c182d
Sha1:   1d27644380fb754715dbed8c5b20a2c6b3bb80b6
Sha256: c04f3ccc7d29702cafa9fd88b3ac2d72449af001b04637b9433654892888890a
                                        
                                            GET /s/robotocondensed/v25/ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://thetakebestbonus.life
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         216.58.207.195
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15700
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Nov 2022 18:51:51 GMT
expires: Thu, 23 Nov 2023 18:51:51 GMT
cache-control: public, max-age=31536000
age: 233776
last-modified: Tue, 19 Apr 2022 18:51:55 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 15700, version 1.0\012- data
Size:   15700
Md5:    3d7f7413fca69bff4d231ebdc50aaab0
Sha1:   cb18e7943b6a8a0e3672d7242197c19a226b92e8
Sha256: 6b4fac99c39b9ee2693d87a2508d0c7d4b4859072966616bd1f6e18c5b2f9d36
                                        
                                            GET /media/gambling/en/slots/no1.png HTTP/1.1 
Host: thetakebestbonus.life
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9k68vumpk8u8bok2j8m351i
Cookie: sid=t2~lkp4cukonsub12jtiayns5rv
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         194.87.208.61
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: nginx
Date: Sat, 26 Nov 2022 11:48:07 GMT
Content-Length: 2546
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "1003378b78a3e8f2e568df844d251a01"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172B2003D29903C0
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Sun, 26 Nov 2023 11:48:07 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes


--- Additional Info ---
Magic:  PNG image data, 385 x 58, 8-bit colormap, non-interlaced\012- data
Size:   2546
Md5:    1003378b78a3e8f2e568df844d251a01
Sha1:   d6cbd612c2913ea373aeb196adcba7b1295dac1b
Sha256: a605a29baa527329719d2a6ce0664203b8d271a4c928a730040f553ffb06f38e
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.35
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 26 Nov 2022 11:48:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /media/gambling/en/slots/overlay2.png HTTP/1.1 
Host: thetakebestbonus.life
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9k68vumpk8u8bok2j8m351i
Cookie: sid=t2~lkp4cukonsub12jtiayns5rv
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         194.87.208.61
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: nginx
Date: Sat, 26 Nov 2022 11:48:07 GMT
Content-Length: 6630
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "493c0713401f9c3d4a5605e07d5c10f5"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172B1FD47627BBC8
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Sun, 26 Nov 2023 11:48:07 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes


--- Additional Info ---
Magic:  PNG image data, 300 x 325, 8-bit colormap, non-interlaced\012- data
Size:   6630
Md5:    493c0713401f9c3d4a5605e07d5c10f5
Sha1:   fe518a62420af1d47eb2bae34e1c1c34b07f18ab
Sha256: 3cd598f64dc588f99ecb244818423a1a5878f8d8652ef4a5e8011f55e2774f60
                                        
                                            GET /media/gambling/en/slots/no2.png HTTP/1.1 
Host: thetakebestbonus.life
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9k68vumpk8u8bok2j8m351i
Cookie: sid=t2~lkp4cukonsub12jtiayns5rv
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         194.87.208.61
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: nginx
Date: Sat, 26 Nov 2022 11:48:07 GMT
Content-Length: 35487
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "e98c2ff5f5da7f9af37f2a70b066a766"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172B2003D2C5B4B0
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Sun, 26 Nov 2023 11:48:07 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes


--- Additional Info ---
Magic:  PNG image data, 639 x 479, 8-bit colormap, non-interlaced\012- data
Size:   35487
Md5:    e98c2ff5f5da7f9af37f2a70b066a766
Sha1:   11e29c200094f477f68a2c55167d9cbd03590222
Sha256: a9da42a045c663d7314163518b54d73c87c3d5652fd310367a8cf42f8bebfbaf
                                        
                                            GET /media/gambling/en/slots/no3.png HTTP/1.1 
Host: thetakebestbonus.life
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9k68vumpk8u8bok2j8m351i
Cookie: sid=t2~lkp4cukonsub12jtiayns5rv
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         194.87.208.61
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: nginx
Date: Sat, 26 Nov 2022 11:48:07 GMT
Content-Length: 37489
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "b0bca69833a02b70db694d8947c9120d"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172B2003D2D09537
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Sun, 26 Nov 2023 11:48:07 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes


--- Additional Info ---
Magic:  PNG image data, 639 x 479, 8-bit colormap, non-interlaced\012- data
Size:   37489
Md5:    b0bca69833a02b70db694d8947c9120d
Sha1:   50da2910a8dca7a53dce99d0b65f1255f6f72764
Sha256: 193bb9071f34f9b4dd45c9dc09b440e9b4857e3f4e55d814d0499fe3818f2167
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "BAED5F0D5C9B8786FD453BD2D0D26C45884D1B4252106EA63B6769E05B6D7886"
Last-Modified: Sat, 26 Nov 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7913
Expires: Sat, 26 Nov 2022 14:00:00 GMT
Date: Sat, 26 Nov 2022 11:48:07 GMT
Connection: keep-alive

                                        
                                            GET /media/gambling/en/slots/777.png HTTP/1.1 
Host: thetakebestbonus.life
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9k68vumpk8u8bok2j8m351i
Cookie: sid=t2~lkp4cukonsub12jtiayns5rv
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         194.87.208.61
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: nginx
Date: Sat, 26 Nov 2022 11:48:07 GMT
Content-Length: 111473
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "3908e67ff1fe15bd1136160b8bb831e1"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172B1FD47632F372
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Sun, 26 Nov 2023 11:48:07 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes


--- Additional Info ---
Magic:  PNG image data, 142 x 7733, 8-bit colormap, non-interlaced\012- data
Size:   111473
Md5:    3908e67ff1fe15bd1136160b8bb831e1
Sha1:   77e9675b157b311ba86db0a60c2bd3187dfd8550
Sha256: add9628c07e4ab33ababaa283f67b73dc445e4524f64c8e2afb4bdf841270828
                                        
                                            GET /pc.js?u=3w8p605 HTTP/1.1 
Host: confdatabase.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         5.8.45.62
HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
                                        
Server: nginx
Date: Sat, 26 Nov 2022 11:48:07 GMT
Content-Length: 315
Connection: keep-alive
Cache-Control: private
X-AspNetMvc-Version: 5.2
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET


--- Additional Info ---
Magic:  ASCII text, with very long lines (315), with no line terminators
Size:   315
Md5:    e19da520f9feb2c13e897560f9309801
Sha1:   c0f5f1ca8d870920ba49c4afbcf8f45db0f238dc
Sha256: 6cab2d2817a7968578ca675369a4cbc126f898e75163fc59ba36f899b659831c
                                        
                                            GET /media/gambling/en/slots/jquery-1.11.3.min.js HTTP/1.1 
Host: thetakebestbonus.life
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9k68vumpk8u8bok2j8m351i
Cookie: sid=t2~lkp4cukonsub12jtiayns5rv
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         194.87.208.61
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Sat, 26 Nov 2022 11:48:07 GMT
Content-Length: 95957
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "895323ed2f7258af4fae2c738c8aea49"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172B1FD446693775
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Sun, 26 Nov 2023 11:48:07 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII text, with very long lines (32038)
Size:   95957
Md5:    895323ed2f7258af4fae2c738c8aea49
Sha1:   276c87ff3e1e3155679c318938e74e5c1b76d809
Sha256: ecb916133a9376911f10bc5c659952eb0031e457f5df367cde560edbfba38fb8
                                        
                                            GET /firebasejs/8.3.0/firebase-app.js HTTP/1.1 
Host: www.gstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.163
HTTP/2 200 OK
content-type: text/javascript; charset=UTF-8
                                        
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 6476
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Nov 2022 16:02:24 GMT
expires: Thu, 23 Nov 2023 16:02:24 GMT
cache-control: public, max-age=31536000
age: 243944
last-modified: Thu, 11 Mar 2021 00:35:57 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (19825)
Size:   6476
Md5:    43c3734b2cfb13661f56759743cac41a
Sha1:   7be79c16a57f27caf3c119d7a25b4ea8e032daa0
Sha256: 02ba33c71689d40237b8cd12efe7dc992f15a0b472438a005fff6d93c26a4b8c
                                        
                                            GET /firebasejs/8.3.0/firebase-messaging.js HTTP/1.1 
Host: www.gstatic.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         142.250.74.163
HTTP/2 200 OK
content-type: text/javascript; charset=UTF-8
                                        
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 10873
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 25 Nov 2022 23:39:09 GMT
expires: Sat, 25 Nov 2023 23:39:09 GMT
cache-control: public, max-age=31536000
age: 43739
last-modified: Thu, 11 Mar 2021 00:36:01 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (40756)
Size:   10873
Md5:    cb176a70b7e6817ee2c03f8f102aca88
Sha1:   f549f85d108247f0abcd8a984330aff1e4fc3868
Sha256: 26b51278fa6616027124cd03f434539968540bc4baf4e6779cea64e2c6f2c199
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: thetakebestbonus.life
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9k68vumpk8u8bok2j8m351i
Cookie: sid=t2~lkp4cukonsub12jtiayns5rv
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         194.87.208.61
HTTP/1.1 204 No Content
                                        
Server: nginx
Date: Sat, 26 Nov 2022 11:48:08 GMT
Connection: keep-alive
Cache-Control: no-transform

                                        
                                            GET /media/mainstream/alert.mp3 HTTP/1.1 
Host: thetakebestbonus.life
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9k68vumpk8u8bok2j8m351i
Cookie: sid=t2~lkp4cukonsub12jtiayns5rv
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

search
                                         194.87.208.61
HTTP/1.1 200 OK
Content-Type: audio/mpeg
                                        
Server: nginx
Date: Sat, 26 Nov 2022 11:48:08 GMT
Content-Length: 8802
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "6d2d3da2ea28ace816fa4a138829dc18"
Last-Modified: Wed, 31 Aug 2022 09:35:09 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172B1EAE830CFB9A
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Sun, 26 Nov 2023 11:48:08 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes


--- Additional Info ---
Magic:  Audio file with ID3 version 2.3.0, contains: MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, Monaural\012- data
Size:   8802
Md5:    6d2d3da2ea28ace816fa4a138829dc18
Sha1:   606e0ec3d7fb05c69f16233cfe1ff0a0ee760505
Sha256: d79bc81189750262716692ade6cc4d6fb6c4fbc4aa01c2b9d0aa67e5788821fc
                                        
                                            GET /media/mainstream/alert.mp3 HTTP/1.1 
Host: thetakebestbonus.life
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9k68vumpk8u8bok2j8m351i
Cookie: sid=t2~lkp4cukonsub12jtiayns5rv
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

search
                                         194.87.208.61
HTTP/1.1 200 OK
Content-Type: audio/mpeg
                                        
Server: nginx
Date: Sat, 26 Nov 2022 11:48:08 GMT
Content-Length: 8802
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "6d2d3da2ea28ace816fa4a138829dc18"
Last-Modified: Wed, 31 Aug 2022 09:35:09 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172B1EAE830CFB9A
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Sun, 26 Nov 2023 11:48:08 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes


--- Additional Info ---
Magic:  Audio file with ID3 version 2.3.0, contains: MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, Monaural\012- data
Size:   8802
Md5:    6d2d3da2ea28ace816fa4a138829dc18
Sha1:   606e0ec3d7fb05c69f16233cfe1ff0a0ee760505
Sha256: d79bc81189750262716692ade6cc4d6fb6c4fbc4aa01c2b9d0aa67e5788821fc