r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a9f1d4d98705c281fed3b60343463200
db6f8aa98d2eda4e5473b116a222c3055568bb78
164d11173045b569cafb32e300e4c1ec6d6ab177fd34d0414cc40c541268779f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "164D11173045B569CAFB32E300E4C1EC6D6AB177FD34D0414CC40C541268779F"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2638
Expires: Sat, 26 Nov 2022 12:32:02 GMT
Date: Sat, 26 Nov 2022 11:48:04 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 15b59d5e62caedb4bec3ba6724906c1e
960f801e608a56fdd11449f4face29f62cad2b21
8c72a45737c2eeddf328b0ed3236f3243551d904e94ec9dd7254972ebfb9229e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1495
Cache-Control: max-age=169679
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 11:48:04 GMT
Etag: "6381eaec-1d7"
Expires: Mon, 28 Nov 2022 10:56:03 GMT
Last-Modified: Sat, 26 Nov 2022 10:31:08 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 471
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 4d7e4eed097b9c4e5d509419f1cfc85a
290bb3d428a7c6330e2e3d73a952b16f820896c8
0dc9ca0f57af15adcd416035e92794711434e3d53a1feff21d8481d6d500986c
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Length, Alert, Backoff, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 26 Nov 2022 11:19:13 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 1731
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 260e9998c20d831b66f1029c8f47aac9
716d630f647c54dc69a7f9c63a6cac294b3df7f7
c9951a909f354174f0075a01c01c3c3aa6960983040e328bfbbbea81aeb405c2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C9951A909F354174F0075A01C01C3C3AA6960983040E328BFBBBEA81AEB405C2"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5302
Expires: Sat, 26 Nov 2022 13:16:26 GMT
Date: Sat, 26 Nov 2022 11:48:04 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: tRhCbmowvKz1+J1G3YAegasG+TmATYgjMRRCfXXZpf7/tN41RMx4iwlUyBWM+b2610U2HJ/u180=
x-amz-request-id: 5TNSCRS0AE8HQDRY
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 26 Nov 2022 11:41:11 GMT
age: 413
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 26 Nov 2022 11:48:04 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Pragma, Alert, Content-Type, ETag, Retry-After, Last-Modified, Content-Length, Cache-Control, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 26 Nov 2022 11:11:12 GMT
cache-control: public,max-age=3600
age: 2212
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash d3df71aab146eefc49acb608796aab63
8401892995193919376dfcd798b09c8261579454
a616c1e54e896576601e6107c1814adbebf35364d8ed807cdd89ac36b8200c88
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4136
Cache-Control: max-age=167262
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 11:48:05 GMT
Etag: "6381d72b-1d7"
Expires: Mon, 28 Nov 2022 10:15:47 GMT
Last-Modified: Sat, 26 Nov 2022 09:06:51 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
52.89.217.163101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.89.217.163:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: hhGivoR4ndBnK+RXohUIsA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: dEj2leNpZ2zknTQb1rnIU8oIzpA=
guttersunlimited.com/
72.52.179.174200 OK 2.2 kB IP 72.52.179.174:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (620)
Hash 62952ac1a9a1934d0c44561ee726b64f
f959f2032fa97156f4cacdfe1810924b609b87fc
220bdcb7d17c10566e74ce8849cc3cd4fb00171ea04182c6f938763f382c941e
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: guttersunlimited.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 11:48:04 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9
X-Powered-By: PHP/5.4.16
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
guttersunlimited.com/page/bouncy.php?&bpae=GbhGtKcGvUxz97vv%2FSo0RFQiPTa8ejG7YcE0Bklko3rZpORhAJ2JTV6SYPhqHF9aLgXSas8STlZwICj%2B863nP2887GIsYJKI3VfZBWF44kjqWy2ZIiJzFNlhlTsGOyD8Qi51FqAKKsAvAfeuprc31qH%2BmPHvSMcPB25v7eHr3MMOwx81VJ6sejl7AMTjfkszuHRBdYRsEd3LlGwpMSFQrAv1ngUpMEHcbgzq0FDK4k14oVjl07nXeJeF4Wc5EGiun9WLDzFIwl2%2BiYuB77sEiBgRhLJzgezjbX1yYE7t7rKOu5Zp5jrxSeRpDVPxbuUYqgQPLNK0mR0f1M9H4ArySXeROXBi6bfi1gOvi9nw0RdjtoXJBhzJu4X65lSSi%2F3IRTGWv6UBiFx%2FrlCPicd5F95dTSJF2fXSXtlRIJ0M66GhBY8TgAEBH%2BcNKtPx9c0pSa2TbCb9NqT3WftPpaSc8GvOADBF0KCw97LCajZ3RDVFOraZXPUDVJVr0P2ZOErSwMT1&redirectType=js&inIframe=false&inPopUp=false
72.52.179.174200 OK 982 B URL HTTP/1.1 guttersunlimited.com/page/bouncy.php?&bpae=GbhGtKcGvUxz97vv%2FSo0RFQiPTa8ejG7YcE0Bklko3rZpORhAJ2JTV6SYPhqHF9aLgXSas8STlZwICj%2B863nP2887GIsYJKI3VfZBWF44kjqWy2ZIiJzFNlhlTsGOyD8Qi51FqAKKsAvAfeuprc31qH%2BmPHvSMcPB25v7eHr3MMOwx81VJ6sejl7AMTjfkszuHRBdYRsEd3LlGwpMSFQrAv1ngUpMEHcbgzq0FDK4k14oVjl07nXeJeF4Wc5EGiun9WLDzFIwl2%2BiYuB77sEiBgRhLJzgezjbX1yYE7t7rKOu5Zp5jrxSeRpDVPxbuUYqgQPLNK0mR0f1M9H4ArySXeROXBi6bfi1gOvi9nw0RdjtoXJBhzJu4X65lSSi%2F3IRTGWv6UBiFx%2FrlCPicd5F95dTSJF2fXSXtlRIJ0M66GhBY8TgAEBH%2BcNKtPx9c0pSa2TbCb9NqT3WftPpaSc8GvOADBF0KCw97LCajZ3RDVFOraZXPUDVJVr0P2ZOErSwMT1&redirectType=js&inIframe=false&inPopUp=false
IP 72.52.179.174:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 4fc702ade620018f547500e4ffca3dff
f904a01223addf1bbfaf7da20d3d9d4ccc672496
861a2a1313ffd9407722ec63b33855aa8b75004b6767ddd978c2712e0d7ac8fc
GET /page/bouncy.php?&bpae=GbhGtKcGvUxz97vv%2FSo0RFQiPTa8ejG7YcE0Bklko3rZpORhAJ2JTV6SYPhqHF9aLgXSas8STlZwICj%2B863nP2887GIsYJKI3VfZBWF44kjqWy2ZIiJzFNlhlTsGOyD8Qi51FqAKKsAvAfeuprc31qH%2BmPHvSMcPB25v7eHr3MMOwx81VJ6sejl7AMTjfkszuHRBdYRsEd3LlGwpMSFQrAv1ngUpMEHcbgzq0FDK4k14oVjl07nXeJeF4Wc5EGiun9WLDzFIwl2%2BiYuB77sEiBgRhLJzgezjbX1yYE7t7rKOu5Zp5jrxSeRpDVPxbuUYqgQPLNK0mR0f1M9H4ArySXeROXBi6bfi1gOvi9nw0RdjtoXJBhzJu4X65lSSi%2F3IRTGWv6UBiFx%2FrlCPicd5F95dTSJF2fXSXtlRIJ0M66GhBY8TgAEBH%2BcNKtPx9c0pSa2TbCb9NqT3WftPpaSc8GvOADBF0KCw97LCajZ3RDVFOraZXPUDVJVr0P2ZOErSwMT1&redirectType=js&inIframe=false&inPopUp=false HTTP/1.1
Host: guttersunlimited.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://guttersunlimited.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 11:48:05 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9
X-Powered-By: PHP/5.4.16
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
ocsp.sca1b.amazontrust.com/
54.230.245.110200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.110:0
Hash d68a2b62f97ce70df4f6d7af069054b1
8f5593384e5574b822eed974f9f6157093a544f0
21ae0f483b24a116befc06e8258710f9781f9b0489ca03cd8b5107d2efc2b66c
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=88925
Date: Sat, 26 Nov 2022 11:48:06 GMT
Etag: "6380a348-1d7"
Expires: Sun, 27 Nov 2022 12:30:11 GMT
Last-Modified: Fri, 25 Nov 2022 11:13:12 GMT
Server: ECS (bsa/EB21)
X-Cache: Miss from cloudfront
Via: 1.1 60929bddfcfe8b3a510a9502ad6d8742.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: o6K6gvjpxZBzj8ejqBq-ndCPuvicLrhValQqKnS-PnlqZOjwHrVuhQ==
Age: 4619
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 6827d82f488045e02e40d6a2fdbae4b3
4944139a4b08769511ffc6aa913857d88a0db7bc
0e4ef6ddef97ec03d43df4c0bada61d792b9f030e4d9fab5bd3cf904aeaa3bc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4681
Expires: Sat, 26 Nov 2022 13:06:07 GMT
Date: Sat, 26 Nov 2022 11:48:06 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 6827d82f488045e02e40d6a2fdbae4b3
4944139a4b08769511ffc6aa913857d88a0db7bc
0e4ef6ddef97ec03d43df4c0bada61d792b9f030e4d9fab5bd3cf904aeaa3bc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4681
Expires: Sat, 26 Nov 2022 13:06:07 GMT
Date: Sat, 26 Nov 2022 11:48:06 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 6827d82f488045e02e40d6a2fdbae4b3
4944139a4b08769511ffc6aa913857d88a0db7bc
0e4ef6ddef97ec03d43df4c0bada61d792b9f030e4d9fab5bd3cf904aeaa3bc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4681
Expires: Sat, 26 Nov 2022 13:06:07 GMT
Date: Sat, 26 Nov 2022 11:48:06 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 6827d82f488045e02e40d6a2fdbae4b3
4944139a4b08769511ffc6aa913857d88a0db7bc
0e4ef6ddef97ec03d43df4c0bada61d792b9f030e4d9fab5bd3cf904aeaa3bc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4681
Expires: Sat, 26 Nov 2022 13:06:07 GMT
Date: Sat, 26 Nov 2022 11:48:06 GMT
Connection: keep-alive
gaut-hil.com/zcredirect?visitid=2fea9e62-6d80-11ed-b594-1251e1cda939&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false
3.208.247.235200 OK 5.0 kB URL HTTP/2 gaut-hil.com/zcredirect?visitid=2fea9e62-6d80-11ed-b594-1251e1cda939&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false
IP 3.208.247.235:0
Hash d7c2eba7da7e49dd81b5a0edd3656868
a4249d2c96a4c1cb1df53799f727d2340487b111
191b88b956046004485a51554f8d45c44d9f89540c422397f812b058726fdc39
GET /zcredirect?visitid=2fea9e62-6d80-11ed-b594-1251e1cda939&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false HTTP/1.1
Host: gaut-hil.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gaut-hil.com/zcvisitor/2fea9e62-6d80-11ed-b594-1251e1cda939/c48f16c0-a519-11ec-9226-0a76dcc61f13?campaignid=58a93170-2381-11ed-8e1b-0a918cbcbb97
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 26 Nov 2022 11:48:06 GMT
content-type: text/html;charset=UTF-8
cache-control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-webkit-csp: default-src 'self'; script-src 'self' 'unsafe-inline'
access-control-allow-origin: *
access-control-allow-methods: GET,POST,OPTIONS
access-control-allow-headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
redirected: JS
server: QOmeMSPK
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F34ec689c-96b7-450b-b77e-e0ecb4d89c3c.jpeg
34.120.237.76200 OK 9.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F34ec689c-96b7-450b-b77e-e0ecb4d89c3c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c8dc4b8a7e9f7f4f84f0da568b43392b
3d32bff85cb7ec118c4496d0c3802829fdc9af3b
4b0ffde427085c796a7a5823604b29a4af43dbb93e99ec41f34feb37f52ac7d9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F34ec689c-96b7-450b-b77e-e0ecb4d89c3c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9049
x-amzn-requestid: 6cbd9639-c29d-4ff4-8091-3168f64f4c78
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cLVVGHzKoAMFSuA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638135ba-100ea4235fdf1df8491041c8;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 21:38:02 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: OJZkZ18TlSgdBWsmSroQPIcYIvBFvz5-7hu9_GravTcz6zqxKXHZrg==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 21:43:36 GMT
age: 50670
etag: "3d32bff85cb7ec118c4496d0c3802829fdc9af3b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc537c2d0-d011-4ed0-a5d4-5f5d2190c49b.webp
34.120.237.76200 OK 4.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc537c2d0-d011-4ed0-a5d4-5f5d2190c49b.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash abd79421a3c44a8df11ad2cc50083309
8665e5f3026f2c2b9505eb139c478f4d359851c3
3a66b00498fa1322730705b1c4502614b5a520ac3f884f494d65e27a5bb62c3f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc537c2d0-d011-4ed0-a5d4-5f5d2190c49b.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4366
x-amzn-requestid: ce25f5ab-0c92-431e-ae4e-618829594a74
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cLVNZFjHoAMFXLg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63813588-6a3a8dff70e717011e3a0606;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 21:37:12 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 75AMMfa7oq0Y51YPEC_FEDOoNVc9cgfjg9bOSOXwikONPdhW7OG3uQ==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 4f3feb5c4393987d42d1971d404d7cea.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 21:48:10 GMT
age: 50396
etag: "8665e5f3026f2c2b9505eb139c478f4d359851c3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf04cc9f-ee4b-42fd-914f-cd86b9dc30eb.jpeg
34.120.237.76200 OK 3.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf04cc9f-ee4b-42fd-914f-cd86b9dc30eb.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a783df85f30f9c555f9df6b99f61744d
61f9bed607e81606be78285596acdc5e0e4f4994
19db42201d0fa059f680d890ede6683c04e893e6308a2256d0203f826a7f34de
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf04cc9f-ee4b-42fd-914f-cd86b9dc30eb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3502
x-amzn-requestid: ca3f2610-e03c-48a7-abb3-fbbab76f63d2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cCvYUHO5IAMFqDA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637dc5ce-7e36137711dc4668278c1c94;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 07:03:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: QS3ZKYetcm87GNwSr34eRPF2d4r8ppwf3fT19aV-u84f7ObX4bU8wQ==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 07:13:26 GMT
age: 16480
etag: "61f9bed607e81606be78285596acdc5e0e4f4994"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
gaut-hil.com/zcvisitor/2fea9e62-6d80-11ed-b594-1251e1cda939/c48f16c0-a519-11ec-9226-0a76dcc61f13?campaignid=58a93170-2381-11ed-8e1b-0a918cbcbb97
3.208.247.235200 OK 11 kB URL HTTP/2 gaut-hil.com/zcvisitor/2fea9e62-6d80-11ed-b594-1251e1cda939/c48f16c0-a519-11ec-9226-0a76dcc61f13?campaignid=58a93170-2381-11ed-8e1b-0a918cbcbb97
IP 3.208.247.235:0
Hash 45aacc74a0a7922f322e86fe4c8d66ce
d1c37b0f80ac82c1faf7ba18c07207600b159fe2
b03537b886b3ebfb80688ce1ab0efd610d22ef01ab234912ecd9c03e9db4e4f1
GET /zcvisitor/2fea9e62-6d80-11ed-b594-1251e1cda939/c48f16c0-a519-11ec-9226-0a76dcc61f13?campaignid=58a93170-2381-11ed-8e1b-0a918cbcbb97 HTTP/1.1
Host: gaut-hil.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://guttersunlimited.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 26 Nov 2022 11:48:06 GMT
content-type: text/html;charset=UTF-8
cache-control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-webkit-csp: default-src 'self'; script-src 'self' 'unsafe-inline'
access-control-allow-origin: *
access-control-allow-methods: GET,POST,OPTIONS
access-control-allow-headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
server: xDYLqknZ
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffc791f23-9e0d-4ffd-991b-9c697774e053.jpeg
34.120.237.76200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffc791f23-9e0d-4ffd-991b-9c697774e053.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e0174b63e0e8e8184799bedd77c7ca5f
ab196fcf5ef72cd13d1f8f370039258b963834ba
ffb99678ae74f059a66aaf5097b1c4b659519012f137b40a644ded7a3c524623
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffc791f23-9e0d-4ffd-991b-9c697774e053.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 14128
x-amzn-requestid: ac7d027c-55fe-479d-a5ca-baa09eabebea
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cLUgEEXSIAMFzmA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63813466-061f1c9c36d007347d0c1302;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 21:32:22 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: QSNpiUlg-IP41ezykW8i6qiDO9pXaopLa5Wnc_UtWP5AR5jJNbHywQ==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 22:02:02 GMT
age: 49564
etag: "ab196fcf5ef72cd13d1f8f370039258b963834ba"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
gaut-hil.com/favicon.ico
3.208.247.235404 Not Found 653 B IP 3.208.247.235:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (649), with no line terminators
Hash ba2732b1b2fa2626ffaa15f62f9e7d66
203d4e7fbb1d80449d6e4e1f3ae7a9bf8625debe
879861cb72fe9fbb476dab246021c4c83b4066327de2529e05ec54d3afb0a1c8
GET /favicon.ico HTTP/1.1
Host: gaut-hil.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gaut-hil.com/zcredirect?visitid=2fea9e62-6d80-11ed-b594-1251e1cda939&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
date: Sat, 26 Nov 2022 11:48:06 GMT
content-type: text/html;charset=utf-8
content-length: 653
cache-control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-webkit-csp: default-src 'self'; script-src 'self' 'unsafe-inline'
content-language: en
server: bhxoNhSG
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
54.230.245.110200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.110:0
Hash 8a757aaa229cdb48376c968ec0226f91
68ab4958b44b17127c4fb7a7d155e68916220170
4d486f31ed4e613e3d68eabe0c8e10945868aa4036507aa6feffadc542e88c71
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=125344
Date: Sat, 26 Nov 2022 11:48:06 GMT
Etag: "63814396-1d7"
Expires: Sun, 27 Nov 2022 22:37:10 GMT
Last-Modified: Fri, 25 Nov 2022 22:37:10 GMT
Server: nginx
X-Cache: Miss from cloudfront
Via: 1.1 60929bddfcfe8b3a510a9502ad6d8742.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: DB3dS949iy76AMS1BQms6VgndAk6Vo9H82CYwdgqPq3MEF_lGcGUdw==
ayxvy.voluumtrk3.com/zp-redirect?target=https%3A%2F%2Fthetakebestbonus.life%2F%3Fu%3Dxunwwwr%26o%3Db0hp0zn%26cid%3Dw9k68vumpk8u8bok2j8m351i&caid=c3ff4655-a271-48ad-90d6-849e63bfb180&zpid=2fea9e62-6d80-11ed-b594-1251e1cda939&cid=w9k68vumpk8u8bok2j8m351i&rt=R
35.156.91.109302 Found 0 B URL HTTP/2 ayxvy.voluumtrk3.com/zp-redirect?target=https%3A%2F%2Fthetakebestbonus.life%2F%3Fu%3Dxunwwwr%26o%3Db0hp0zn%26cid%3Dw9k68vumpk8u8bok2j8m351i&caid=c3ff4655-a271-48ad-90d6-849e63bfb180&zpid=2fea9e62-6d80-11ed-b594-1251e1cda939&cid=w9k68vumpk8u8bok2j8m351i&rt=R
IP 35.156.91.109:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /zp-redirect?target=https%3A%2F%2Fthetakebestbonus.life%2F%3Fu%3Dxunwwwr%26o%3Db0hp0zn%26cid%3Dw9k68vumpk8u8bok2j8m351i&caid=c3ff4655-a271-48ad-90d6-849e63bfb180&zpid=2fea9e62-6d80-11ed-b594-1251e1cda939&cid=w9k68vumpk8u8bok2j8m351i&rt=R HTTP/1.1
Host: ayxvy.voluumtrk3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gaut-hil.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Sat, 26 Nov 2022 11:48:06 GMT
content-length: 0
location: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9k68vumpk8u8bok2j8m351i
cache-control: no-store, no-cache, pre-check=0, post-check=0
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
set-cookie: voluum-cid-v4=%7B%22cid%22%3A%22w9k68vumpk8u8bok2j8m351i%22%2C%22caid%22%3A%22c3ff4655-a271-48ad-90d6-849e63bfb180%22%7D; Max-Age=31536000; Expires=Sun, 26-Nov-2023 11:48:06 GMT; Domain=ayxvy.voluumtrk3.com; Path=/; Secure; HttpOnly;SameSite=None
server: nginx
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 892f67531d185f86d9c791285b8ce34b
f9426125e0c5593df37aef084022e642e7b690e4
10dc197b7face579cdee803f0f7d21f05d252e608ea5b029ed7c64482d20cdfb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "10DC197B7FACE579CDEE803F0F7D21F05D252E608EA5B029ED7C64482D20CDFB"
Last-Modified: Sat, 26 Nov 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18241
Expires: Sat, 26 Nov 2022 16:52:08 GMT
Date: Sat, 26 Nov 2022 11:48:07 GMT
Connection: keep-alive
thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9k68vumpk8u8bok2j8m351i
194.87.208.61200 OK 10 kB URL HTTP/1.1 thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9k68vumpk8u8bok2j8m351i
IP 194.87.208.61:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (531), with CRLF, LF line terminators
Hash 449dc2544ff7c65b812ef567b20a6d8a
c5b9719349dc9b800c09605e99686087dc219c6e
15c10c8438a4dce52fd099cbd604563924bdd120e28661955d56ab041e8081b7
GET /?u=xunwwwr&o=b0hp0zn&cid=w9k68vumpk8u8bok2j8m351i HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gaut-hil.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Nov 2022 11:48:07 GMT
Content-Type: text/html
Content-Length: 10238
Connection: keep-alive
set-cookie: sid=t2~lkp4cukonsub12jtiayns5rv; path=/
cache-control: private, no-transform
thetakebestbonus.life/media/gambling/en/slots/1.css
194.87.208.61200 OK 6.3 kB URL HTTP/1.1 thetakebestbonus.life/media/gambling/en/slots/1.css
IP 194.87.208.61:0
File type ASCII text, with very long lines (6256), with no line terminators
Hash b656c0486bf95fd37ee4a009f141278a
d8f1d5378ea9c9898ba44ba5050ddec6b3b0f32c
828198fdc48d7e5d04252b756694a5393cd457724cb09c47b20913ac3d9ca896
GET /media/gambling/en/slots/1.css HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9k68vumpk8u8bok2j8m351i
Cookie: sid=t2~lkp4cukonsub12jtiayns5rv
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Nov 2022 11:48:07 GMT
Content-Type: text/css
Content-Length: 6256
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "b656c0486bf95fd37ee4a009f141278a"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172B1EADFA9D5DD4
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Sun, 26 Nov 2023 11:48:07 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
thetakebestbonus.life/media/gambling/en/slots/style1.css
194.87.208.61200 OK 12 kB URL HTTP/1.1 thetakebestbonus.life/media/gambling/en/slots/style1.css
IP 194.87.208.61:0
File type ASCII text, with very long lines (12064), with no line terminators
Hash 9e8e1b97fb35ea366e6fee346ab90803
68e1efa4406e30e6deaeeb638f0b23313f507ffa
a21b63c52a75717cc9d2ebc9cbd98a3df24bb5c01a4dc55ac6e41533e67c3316
GET /media/gambling/en/slots/style1.css HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9k68vumpk8u8bok2j8m351i
Cookie: sid=t2~lkp4cukonsub12jtiayns5rv
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Nov 2022 11:48:07 GMT
Content-Type: text/css
Content-Length: 12064
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "9e8e1b97fb35ea366e6fee346ab90803"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172B1FD430D5AE8D
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Sun, 26 Nov 2023 11:48:07 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
thetakebestbonus.life/cookie/js.cookie9.js
194.87.208.61200 OK 4.4 kB URL HTTP/1.1 thetakebestbonus.life/cookie/js.cookie9.js
IP 194.87.208.61:0
File type ASCII text, with very long lines (1709)
Hash 16e07bf02a8e81d2cd5679dc45cc318c
7c205205935a3a56a8976b2ac648502b43103b5f
96e91577f6be403fc263780e07e6b7839373588026f793d2b4edd77dcbba871e
GET /cookie/js.cookie9.js HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9k68vumpk8u8bok2j8m351i
Cookie: sid=t2~lkp4cukonsub12jtiayns5rv
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Nov 2022 11:48:07 GMT
Content-Type: application/javascript
Content-Length: 4395
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "16e07bf02a8e81d2cd5679dc45cc318c"
Last-Modified: Wed, 31 Aug 2022 09:31:17 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172B1FC192584C1E
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Sun, 26 Nov 2023 11:48:07 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
thetakebestbonus.life/media/gambling/backbutton_gmb.js
194.87.208.61200 OK 3.9 kB URL HTTP/1.1 thetakebestbonus.life/media/gambling/backbutton_gmb.js
IP 194.87.208.61:0
File type ASCII text, with CRLF line terminators
Hash 42a42a2180debd55caba94527379964c
562c1754c94ce49326b0381805ee14d175487778
52afe26d88ec86edf4a46d872db86007597b8ff5f6d9e79e47c9e6b899d0b781
GET /media/gambling/backbutton_gmb.js HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9k68vumpk8u8bok2j8m351i
Cookie: sid=t2~lkp4cukonsub12jtiayns5rv
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Nov 2022 11:48:07 GMT
Content-Type: application/javascript
Content-Length: 3923
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "42a42a2180debd55caba94527379964c"
Last-Modified: Wed, 31 Aug 2022 09:34:51 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172B1FC192A2CDD0
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Sun, 26 Nov 2023 11:48:07 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
thetakebestbonus.life/media/gambling/icon.js
194.87.208.61200 OK 1.6 kB URL HTTP/1.1 thetakebestbonus.life/media/gambling/icon.js
IP 194.87.208.61:0
File type ASCII text, with CRLF line terminators
Hash 2b25502a979c3b240fc77e52689e4c29
790d306577b490abe99d88fb55bce2e815689843
328a90c5503266ebe4dda1e9c84558e62016811f112a159aecb36fc489563577
GET /media/gambling/icon.js HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9k68vumpk8u8bok2j8m351i
Cookie: sid=t2~lkp4cukonsub12jtiayns5rv
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Nov 2022 11:48:07 GMT
Content-Type: application/javascript
Content-Length: 1580
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "2b25502a979c3b240fc77e52689e4c29"
Last-Modified: Wed, 31 Aug 2022 09:34:54 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172B1FC181BE1D20
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Sun, 26 Nov 2023 11:48:07 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
thetakebestbonus.life/media/gambling/sound.js
194.87.208.61200 OK 1.1 kB URL HTTP/1.1 thetakebestbonus.life/media/gambling/sound.js
IP 194.87.208.61:0
File type ASCII text, with CRLF line terminators
Hash 3787b349cb8b744b6917fe43f96b1ccd
ab26d82699a166f520a51f722bc6262ef1d5421f
8e4cbdda4f0a209714e470984de7250f946c3afd35ded05302ef431be048e918
GET /media/gambling/sound.js HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9k68vumpk8u8bok2j8m351i
Cookie: sid=t2~lkp4cukonsub12jtiayns5rv
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Nov 2022 11:48:07 GMT
Content-Type: application/javascript
Content-Length: 1083
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "3787b349cb8b744b6917fe43f96b1ccd"
Last-Modified: Wed, 31 Aug 2022 09:34:56 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172B1FC1829BD07B
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Sun, 26 Nov 2023 11:48:07 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
thetakebestbonus.life/util/utils-gmb.js
194.87.208.61200 OK 4.7 kB URL HTTP/1.1 thetakebestbonus.life/util/utils-gmb.js
IP 194.87.208.61:0
File type ASCII text, with very long lines (641), with CRLF line terminators
Hash 570df3f849036a1a4a75ca2a28047d36
f69147076e3912116a9765a2ed34afe3cae67978
221e1a80f62592306f7a357aa9ee1a43b32a10314f340b64604ca9d351cf33c4
GET /util/utils-gmb.js HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9k68vumpk8u8bok2j8m351i
Cookie: sid=t2~lkp4cukonsub12jtiayns5rv
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Nov 2022 11:48:07 GMT
Content-Type: application/javascript
Content-Length: 4651
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "570df3f849036a1a4a75ca2a28047d36"
Last-Modified: Wed, 31 Aug 2022 09:38:20 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172B1FC1830A196A
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Sun, 26 Nov 2023 11:48:07 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
thetakebestbonus.life/media/gambling/en/slots/ProgressiveJackpotTicker.min.js
194.87.208.61200 OK 4.5 kB URL HTTP/1.1 thetakebestbonus.life/media/gambling/en/slots/ProgressiveJackpotTicker.min.js
IP 194.87.208.61:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (367), with CRLF line terminators
Hash 6a744bb584cab227b95c35c80a195cc3
4713e0d9b9a3fbc0e3f91973bd42b6f53b84863b
306f65d55609489da8a821f322fc186f8532c3b99e3d2543137a99c15296fcad
GET /media/gambling/en/slots/ProgressiveJackpotTicker.min.js HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9k68vumpk8u8bok2j8m351i
Cookie: sid=t2~lkp4cukonsub12jtiayns5rv
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Nov 2022 11:48:07 GMT
Content-Type: application/javascript
Content-Length: 4485
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "6a744bb584cab227b95c35c80a195cc3"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172B1FD44EBFEE76
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Sun, 26 Nov 2023 11:48:07 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
thetakebestbonus.life/media/gambling/confetti.js
194.87.208.61200 OK 3.5 kB URL HTTP/1.1 thetakebestbonus.life/media/gambling/confetti.js
IP 194.87.208.61:0
File type ASCII text, with very long lines (3533), with no line terminators
Hash 116c9460f5e882a7fcf4e837f7efc72a
13a88e74735d05985e5d07e8cbff716329f5d81c
651141c8290087af54c66793aa063ee5697661fb914925f56bd09390a2895ce4
GET /media/gambling/confetti.js HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9k68vumpk8u8bok2j8m351i
Cookie: sid=t2~lkp4cukonsub12jtiayns5rv
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Nov 2022 11:48:07 GMT
Content-Type: application/javascript
Content-Length: 3533
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "116c9460f5e882a7fcf4e837f7efc72a"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172B1FC192A3355F
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Sun, 26 Nov 2023 11:48:07 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
thetakebestbonus.life/media/mainstream/js1.js
194.87.208.61200 OK 0 B URL HTTP/1.1 thetakebestbonus.life/media/mainstream/js1.js
IP 194.87.208.61:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /media/mainstream/js1.js HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9k68vumpk8u8bok2j8m351i
Cookie: sid=t2~lkp4cukonsub12jtiayns5rv
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Nov 2022 11:48:07 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "d41d8cd98f00b204e9800998ecf8427e"
Last-Modified: Wed, 31 Aug 2022 09:36:23 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172B1FD475507010
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Sun, 26 Nov 2023 11:48:07 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 619fa0039b94697fc8a5bd24f57e8aa2
53a366391a51d625029cc6d32fb4e8b6060990fd
dff604305831a0399aa44b2fac806e43512afa846569ba6e5685eca6495d9fa5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 11:48:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
thetakebestbonus.life/media/gambling/en/slots/overlay.png
194.87.208.61200 OK 7.0 kB URL HTTP/1.1 thetakebestbonus.life/media/gambling/en/slots/overlay.png
IP 194.87.208.61:0
File type PNG image data, 300 x 325, 8-bit colormap, non-interlaced\012- data
Hash 6962c3265c90a29899d439a690d4cb9d
f2deb87030b77ebd20ca9df3f09ee183725879af
bb49a67a9e8ad4147e22deee3c4e5071f00be0d62251e4c57702dc14c23208af
GET /media/gambling/en/slots/overlay.png HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9k68vumpk8u8bok2j8m351i
Cookie: sid=t2~lkp4cukonsub12jtiayns5rv
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Nov 2022 11:48:07 GMT
Content-Type: image/png
Content-Length: 7028
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "6962c3265c90a29899d439a690d4cb9d"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172B1FD475F2D2D2
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Sun, 26 Nov 2023 11:48:07 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
thetakebestbonus.life/media/gambling/en/slots/loader.gif
194.87.208.61200 OK 2.9 kB URL HTTP/1.1 thetakebestbonus.life/media/gambling/en/slots/loader.gif
IP 194.87.208.61:0
File type GIF image data, version 89a, 128 x 15\012- data
Hash 35de537ece3bfee3ab3f7af4c19e2151
9139201df5d36e1b2b9a8a6566683c95a49e0006
2a020670608060e8f05776815edaa0696f1dd553545ee49946e24be7741433f5
GET /media/gambling/en/slots/loader.gif HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9k68vumpk8u8bok2j8m351i
Cookie: sid=t2~lkp4cukonsub12jtiayns5rv
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Nov 2022 11:48:07 GMT
Content-Type: image/gif
Content-Length: 2892
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "35de537ece3bfee3ab3f7af4c19e2151"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172B1FD4815E73C5
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Sun, 26 Nov 2023 11:48:07 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
fonts.googleapis.com/css?family=Roboto+Condensed
142.250.74.10200 OK 1.0 kB URL HTTP/2 fonts.googleapis.com/css?family=Roboto+Condensed
IP 142.250.74.10:0
Hash 3cf18fab33f673ef45dc131794dd3ffe
379cdeb41739da1bf112413094d0996aa96245c5
9ae6ca80531ca11bc5eb447bd73fda3e427d9975885ffc1d5dd501ba459d9dec
GET /css?family=Roboto+Condensed HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 26 Nov 2022 11:48:07 GMT
date: Sat, 26 Nov 2022 11:48:07 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash b05606331c6f88a724d9e404e62974e4
72176bc6b618fbbe567b5746ed54e14d381a9815
7179b3d4ee227d9bf6d768a5fb1a9499f285d5949d21893c9a6997da8ea7b026
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 11:48:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
thetakebestbonus.life/util/pgamble.js?v=8
194.87.208.61200 OK 4.2 kB URL HTTP/1.1 thetakebestbonus.life/util/pgamble.js?v=8
IP 194.87.208.61:0
File type ASCII text, with very long lines (4237), with no line terminators
Hash c43bdd4ef0fd292dca304ff4c8f56058
62ddd2026ea77bc7e7bc0c479ecd1b645a5f3b95
270f557d605568785502706a54f3c43811958ffae143753a6515aa2c8d95ae2a
GET /util/pgamble.js?v=8 HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9k68vumpk8u8bok2j8m351i
Cookie: sid=t2~lkp4cukonsub12jtiayns5rv
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Nov 2022 11:48:07 GMT
Content-Type: application/javascript
Content-Length: 4237
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "c43bdd4ef0fd292dca304ff4c8f56058"
Last-Modified: Wed, 31 Aug 2022 09:38:18 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172B1FC1BDFD0645
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Sun, 26 Nov 2023 11:48:07 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
thetakebestbonus.life/media/gambling/en/slots/1.png
194.87.208.61200 OK 13 kB URL HTTP/1.1 thetakebestbonus.life/media/gambling/en/slots/1.png
IP 194.87.208.61:0
File type PNG image data, 500 x 150, 8-bit colormap, non-interlaced\012- data
Hash dea1959e9b62e2359fd3e3517b6c182d
1d27644380fb754715dbed8c5b20a2c6b3bb80b6
c04f3ccc7d29702cafa9fd88b3ac2d72449af001b04637b9433654892888890a
GET /media/gambling/en/slots/1.png HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/media/gambling/en/slots/style1.css
Cookie: sid=t2~lkp4cukonsub12jtiayns5rv
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Nov 2022 11:48:07 GMT
Content-Type: image/png
Content-Length: 13280
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "dea1959e9b62e2359fd3e3517b6c182d"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172B1FD47AB58B09
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Sun, 26 Nov 2023 11:48:07 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
fonts.gstatic.com/s/robotocondensed/v25/ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2
216.58.207.195200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/robotocondensed/v25/ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15700, version 1.0\012- data
Hash 3d7f7413fca69bff4d231ebdc50aaab0
cb18e7943b6a8a0e3672d7242197c19a226b92e8
6b4fac99c39b9ee2693d87a2508d0c7d4b4859072966616bd1f6e18c5b2f9d36
GET /s/robotocondensed/v25/ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://thetakebestbonus.life
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15700
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Nov 2022 18:51:51 GMT
expires: Thu, 23 Nov 2023 18:51:51 GMT
cache-control: public, max-age=31536000
age: 233776
last-modified: Tue, 19 Apr 2022 18:51:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
thetakebestbonus.life/media/gambling/en/slots/no1.png
194.87.208.61200 OK 2.5 kB URL HTTP/1.1 thetakebestbonus.life/media/gambling/en/slots/no1.png
IP 194.87.208.61:0
File type PNG image data, 385 x 58, 8-bit colormap, non-interlaced\012- data
Hash 1003378b78a3e8f2e568df844d251a01
d6cbd612c2913ea373aeb196adcba7b1295dac1b
a605a29baa527329719d2a6ce0664203b8d271a4c928a730040f553ffb06f38e
GET /media/gambling/en/slots/no1.png HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9k68vumpk8u8bok2j8m351i
Cookie: sid=t2~lkp4cukonsub12jtiayns5rv
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Nov 2022 11:48:07 GMT
Content-Type: image/png
Content-Length: 2546
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "1003378b78a3e8f2e568df844d251a01"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172B2003D29903C0
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Sun, 26 Nov 2023 11:48:07 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash b05606331c6f88a724d9e404e62974e4
72176bc6b618fbbe567b5746ed54e14d381a9815
7179b3d4ee227d9bf6d768a5fb1a9499f285d5949d21893c9a6997da8ea7b026
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 11:48:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
thetakebestbonus.life/media/gambling/en/slots/overlay2.png
194.87.208.61200 OK 6.6 kB URL HTTP/1.1 thetakebestbonus.life/media/gambling/en/slots/overlay2.png
IP 194.87.208.61:0
File type PNG image data, 300 x 325, 8-bit colormap, non-interlaced\012- data
Hash 493c0713401f9c3d4a5605e07d5c10f5
fe518a62420af1d47eb2bae34e1c1c34b07f18ab
3cd598f64dc588f99ecb244818423a1a5878f8d8652ef4a5e8011f55e2774f60
GET /media/gambling/en/slots/overlay2.png HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9k68vumpk8u8bok2j8m351i
Cookie: sid=t2~lkp4cukonsub12jtiayns5rv
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Nov 2022 11:48:07 GMT
Content-Type: image/png
Content-Length: 6630
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "493c0713401f9c3d4a5605e07d5c10f5"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172B1FD47627BBC8
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Sun, 26 Nov 2023 11:48:07 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
thetakebestbonus.life/media/gambling/en/slots/no2.png
194.87.208.61200 OK 36 kB URL HTTP/1.1 thetakebestbonus.life/media/gambling/en/slots/no2.png
IP 194.87.208.61:0
File type PNG image data, 639 x 479, 8-bit colormap, non-interlaced\012- data
Hash e98c2ff5f5da7f9af37f2a70b066a766
11e29c200094f477f68a2c55167d9cbd03590222
a9da42a045c663d7314163518b54d73c87c3d5652fd310367a8cf42f8bebfbaf
GET /media/gambling/en/slots/no2.png HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9k68vumpk8u8bok2j8m351i
Cookie: sid=t2~lkp4cukonsub12jtiayns5rv
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Nov 2022 11:48:07 GMT
Content-Type: image/png
Content-Length: 35487
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "e98c2ff5f5da7f9af37f2a70b066a766"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172B2003D2C5B4B0
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Sun, 26 Nov 2023 11:48:07 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
thetakebestbonus.life/media/gambling/en/slots/no3.png
194.87.208.61200 OK 38 kB URL HTTP/1.1 thetakebestbonus.life/media/gambling/en/slots/no3.png
IP 194.87.208.61:0
File type PNG image data, 639 x 479, 8-bit colormap, non-interlaced\012- data
Hash b0bca69833a02b70db694d8947c9120d
50da2910a8dca7a53dce99d0b65f1255f6f72764
193bb9071f34f9b4dd45c9dc09b440e9b4857e3f4e55d814d0499fe3818f2167
GET /media/gambling/en/slots/no3.png HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9k68vumpk8u8bok2j8m351i
Cookie: sid=t2~lkp4cukonsub12jtiayns5rv
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Nov 2022 11:48:07 GMT
Content-Type: image/png
Content-Length: 37489
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "b0bca69833a02b70db694d8947c9120d"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172B2003D2D09537
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Sun, 26 Nov 2023 11:48:07 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash da7098f591d5458dbd92ce48db5f7dbe
8f074d5a8f182192823324b0bfffc36e0b258f5f
baed5f0d5c9b8786fd453bd2d0d26c45884d1b4252106ea63b6769e05b6d7886
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BAED5F0D5C9B8786FD453BD2D0D26C45884D1B4252106EA63B6769E05B6D7886"
Last-Modified: Sat, 26 Nov 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7913
Expires: Sat, 26 Nov 2022 14:00:00 GMT
Date: Sat, 26 Nov 2022 11:48:07 GMT
Connection: keep-alive
thetakebestbonus.life/media/gambling/en/slots/777.png
194.87.208.61200 OK 112 kB URL HTTP/1.1 thetakebestbonus.life/media/gambling/en/slots/777.png
IP 194.87.208.61:0
File type PNG image data, 142 x 7733, 8-bit colormap, non-interlaced\012- data
Size 112 kB (111473 bytes)
Hash 3908e67ff1fe15bd1136160b8bb831e1
77e9675b157b311ba86db0a60c2bd3187dfd8550
add9628c07e4ab33ababaa283f67b73dc445e4524f64c8e2afb4bdf841270828
GET /media/gambling/en/slots/777.png HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9k68vumpk8u8bok2j8m351i
Cookie: sid=t2~lkp4cukonsub12jtiayns5rv
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Nov 2022 11:48:07 GMT
Content-Type: image/png
Content-Length: 111473
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "3908e67ff1fe15bd1136160b8bb831e1"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172B1FD47632F372
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Sun, 26 Nov 2023 11:48:07 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
confdatabase.com/pc.js?u=3w8p605
5.8.45.62200 OK 315 B URL HTTP/1.1 confdatabase.com/pc.js?u=3w8p605
IP 5.8.45.62:0
ASN #209813 Fast Content Delivery LTD
File type ASCII text, with very long lines (315), with no line terminators
Hash e19da520f9feb2c13e897560f9309801
c0f5f1ca8d870920ba49c4afbcf8f45db0f238dc
6cab2d2817a7968578ca675369a4cbc126f898e75163fc59ba36f899b659831c
GET /pc.js?u=3w8p605 HTTP/1.1
Host: confdatabase.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Nov 2022 11:48:07 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 315
Connection: keep-alive
Cache-Control: private
X-AspNetMvc-Version: 5.2
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
thetakebestbonus.life/media/gambling/en/slots/jquery-1.11.3.min.js
194.87.208.61200 OK 96 kB URL HTTP/1.1 thetakebestbonus.life/media/gambling/en/slots/jquery-1.11.3.min.js
IP 194.87.208.61:0
File type ASCII text, with very long lines (32038)
Hash 895323ed2f7258af4fae2c738c8aea49
276c87ff3e1e3155679c318938e74e5c1b76d809
ecb916133a9376911f10bc5c659952eb0031e457f5df367cde560edbfba38fb8
GET /media/gambling/en/slots/jquery-1.11.3.min.js HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9k68vumpk8u8bok2j8m351i
Cookie: sid=t2~lkp4cukonsub12jtiayns5rv
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Nov 2022 11:48:07 GMT
Content-Type: application/javascript
Content-Length: 95957
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "895323ed2f7258af4fae2c738c8aea49"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172B1FD446693775
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Sun, 26 Nov 2023 11:48:07 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
www.gstatic.com/firebasejs/8.3.0/firebase-app.js
142.250.74.163200 OK 6.5 kB URL HTTP/2 www.gstatic.com/firebasejs/8.3.0/firebase-app.js
IP 142.250.74.163:0
File type ASCII text, with very long lines (19825)
Hash 43c3734b2cfb13661f56759743cac41a
7be79c16a57f27caf3c119d7a25b4ea8e032daa0
02ba33c71689d40237b8cd12efe7dc992f15a0b472438a005fff6d93c26a4b8c
GET /firebasejs/8.3.0/firebase-app.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 6476
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Nov 2022 16:02:24 GMT
expires: Thu, 23 Nov 2023 16:02:24 GMT
cache-control: public, max-age=31536000
age: 243944
last-modified: Thu, 11 Mar 2021 00:35:57 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.gstatic.com/firebasejs/8.3.0/firebase-messaging.js
142.250.74.163200 OK 11 kB URL HTTP/2 www.gstatic.com/firebasejs/8.3.0/firebase-messaging.js
IP 142.250.74.163:0
File type ASCII text, with very long lines (40756)
Hash cb176a70b7e6817ee2c03f8f102aca88
f549f85d108247f0abcd8a984330aff1e4fc3868
26b51278fa6616027124cd03f434539968540bc4baf4e6779cea64e2c6f2c199
GET /firebasejs/8.3.0/firebase-messaging.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 10873
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 25 Nov 2022 23:39:09 GMT
expires: Sat, 25 Nov 2023 23:39:09 GMT
cache-control: public, max-age=31536000
age: 43739
last-modified: Thu, 11 Mar 2021 00:36:01 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
thetakebestbonus.life/favicon.ico
194.87.208.61204 No Content 0 B URL HTTP/1.1 thetakebestbonus.life/favicon.ico
IP 194.87.208.61:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9k68vumpk8u8bok2j8m351i
Cookie: sid=t2~lkp4cukonsub12jtiayns5rv
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 204 No Content
Server: nginx
Date: Sat, 26 Nov 2022 11:48:08 GMT
Connection: keep-alive
Cache-Control: no-transform
thetakebestbonus.life/media/mainstream/alert.mp3
194.87.208.61200 OK 8.8 kB URL HTTP/1.1 thetakebestbonus.life/media/mainstream/alert.mp3
IP 194.87.208.61:0
File type Audio file with ID3 version 2.3.0, contains: MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, Monaural\012- data
Hash 6d2d3da2ea28ace816fa4a138829dc18
606e0ec3d7fb05c69f16233cfe1ff0a0ee760505
d79bc81189750262716692ade6cc4d6fb6c4fbc4aa01c2b9d0aa67e5788821fc
GET /media/mainstream/alert.mp3 HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9k68vumpk8u8bok2j8m351i
Cookie: sid=t2~lkp4cukonsub12jtiayns5rv
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Nov 2022 11:48:08 GMT
Content-Type: audio/mpeg
Content-Length: 8802
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "6d2d3da2ea28ace816fa4a138829dc18"
Last-Modified: Wed, 31 Aug 2022 09:35:09 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172B1EAE830CFB9A
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Sun, 26 Nov 2023 11:48:08 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
thetakebestbonus.life/media/mainstream/alert.mp3
194.87.208.61200 OK 8.8 kB URL HTTP/1.1 thetakebestbonus.life/media/mainstream/alert.mp3
IP 194.87.208.61:0
File type Audio file with ID3 version 2.3.0, contains: MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, Monaural\012- data
Hash 6d2d3da2ea28ace816fa4a138829dc18
606e0ec3d7fb05c69f16233cfe1ff0a0ee760505
d79bc81189750262716692ade6cc4d6fb6c4fbc4aa01c2b9d0aa67e5788821fc
GET /media/mainstream/alert.mp3 HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9k68vumpk8u8bok2j8m351i
Cookie: sid=t2~lkp4cukonsub12jtiayns5rv
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Nov 2022 11:48:08 GMT
Content-Type: audio/mpeg
Content-Length: 8802
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "6d2d3da2ea28ace816fa4a138829dc18"
Last-Modified: Wed, 31 Aug 2022 09:35:09 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172B1EAE830CFB9A
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Sun, 26 Nov 2023 11:48:08 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes