Report - guttersunlimited.com/

Report Overview

Submitted URL
guttersunlimited.com/
IP
72.52.179.174
ASN
#32244 LIQUIDWEB
Submitted
2022-11-26 11:48:15
Access
public
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
ocsp.digicert.com	86	2012-05-21T09:02:23Z	2023-03-17T12:17:50Z	682 B	1.6 kB	93.184.220.29
guttersunlimited.com	unknown			1.3 kB	3.8 kB	72.52.179.174
thetakebestbonus.life	unknown	2022-11-10T05:25:02Z	2022-12-29T10:54:46Z	12 kB	400 kB	194.87.208.61
fonts.gstatic.com	unknown	2014-09-09T02:40:21Z	2023-03-17T20:37:38Z	508 B	17 kB	216.58.207.195
confdatabase.com	unknown	2021-07-04T19:08:53Z	2023-03-16T16:30:46Z	373 B	586 B	5.8.45.62
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-17T18:14:01Z	782 B	2.4 kB	34.102.187.140
ayxvy.voluumtrk3.com	unknown	2022-08-24T10:32:33Z	2023-03-12T19:03:20Z	704 B	580 B	35.156.91.109
fonts.googleapis.com	8877	2013-06-10T22:14:26Z	2023-03-17T18:23:48Z	403 B	1.8 kB	142.250.74.10
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-17T18:12:15Z	2.7 kB	7.1 kB	23.36.77.32
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-17T18:24:10Z	413 B	5.8 kB	34.160.144.191
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-17T18:12:44Z	333 B	229 B	34.117.237.239
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-17T18:15:12Z	606 B	127 B	52.89.217.163
gaut-hil.com	342928	2020-07-09T22:17:47Z	2023-02-28T19:06:23Z	1.9 kB	18 kB	3.208.247.235
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-17T12:57:05Z	2.2 kB	35 kB	34.120.237.76
ocsp.sca1b.amazontrust.com	1015	2017-03-03T16:20:51Z	2019-03-27T05:05:54Z	700 B	2.0 kB	54.230.245.110
ocsp.pki.goog	175	2018-07-01T08:43:07Z	2023-03-17T18:12:04Z	1.0 kB	2.1 kB	142.250.74.35
www.gstatic.com	unknown	2016-07-26T11:37:06Z	2023-03-17T19:06:40Z	798 B	19 kB	142.250.74.163

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-11-26	medium	guttersunlimited.com/	Malware

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (22)

	URL	Size	First Seen	Last Seen
	gaut-hil.com/zcvisitor/2fea9e62-6d80-11ed-b594-1251e1cda939/c48f16c0-a519-11ec-9226-0a76dcc61f13?campaignid=58a93170-2381-11ed-8e1b-0a918cbcbb97	849 B	2023-03-11	2023-03-17
Pretty URL gaut-hil.com/zcvisitor/2fea9e62-6d80-11ed-b594-1251e1cda939/c48f16c0-a519-11ec-9226-0a76dcc61f13?campaignid=58a93170-2381-11ed-8e1b-0a918cbcbb97 IP 3.208.247.235 ASN #14618 AMAZON-AES Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 20:40:30 Last Seen2023-03-17 22:41:51 Times Seen1 Hash 8cfb8e99e19994eac6e16f94778e870a d9c5cfaa4bc2af77e5ee859bfbe2e5f20302fa75 2dc86c9b4645c565263cd99864bdd5929373f567691d6074fbf4384400e6dd51 Loading...

	gaut-hil.com/zcredirect?visitid=2fea9e62-6d80-11ed-b594-1251e1cda939&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false	291 B	2023-03-11	2023-03-17
Pretty URL gaut-hil.com/zcredirect?visitid=2fea9e62-6d80-11ed-b594-1251e1cda939&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false IP 3.208.247.235 ASN #14618 AMAZON-AES Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 20:40:30 Last Seen2023-03-17 22:41:51 Times Seen1 Hash 0fc9bf3afeb198d3f862acd18b545d38 c7636869f52980fe20a434f0d19a15f033f1623d 0ec61b14096cf1b1f102026637668be329824304627d6845bfbc84cb5f104aae Loading...

	thetakebestbonus.life/util/pgamble.js?v=8	4.2 kB	2023-03-08	2024-01-05
Pretty URL thetakebestbonus.life/util/pgamble.js?v=8 IP 194.87.208.61 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:28:43 Last Seen2024-01-05 11:49:30 Times Seen18 Hash c43bdd4ef0fd292dca304ff4c8f56058 62ddd2026ea77bc7e7bc0c479ecd1b645a5f3b95 270f557d605568785502706a54f3c43811958ffae143753a6515aa2c8d95ae2a Loading...

	thetakebestbonus.life/media/mainstream/js1.js	0 B	2023-03-07	2024-04-26
Pretty URL thetakebestbonus.life/media/mainstream/js1.js IP 194.87.208.61 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-26 12:27:00 Times Seen37091355 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	guttersunlimited.com/page/bouncy.php?&bpae=GbhGtKcGvUxz97vv%2FSo0RFQiPTa8ejG7YcE0Bklko3rZpORhAJ2JTV6SYPhqHF9aLgXSas8STlZwICj%2B863nP2887GIsYJKI3VfZBWF44kjqWy2ZIiJzFNlhlTsGOyD8Qi51FqAKKsAvAfeuprc31qH%2BmPHvSMcPB25v7eHr3MMOwx81VJ6sejl7AMTjfkszuHRBdYRsEd3LlGwpMSFQrAv1ngUpMEHcbgzq0FDK4k14oVjl07nXeJeF4Wc5EGiun9WLDzFIwl2%2BiYuB77sEiBgRhLJzgezjbX1yYE7t7rKOu5Zp5jrxSeRpDVPxbuUYqgQPLNK0mR0f1M9H4ArySXeROXBi6bfi1gOvi9nw0RdjtoXJBhzJu4X65lSSi%2F3IRTGWv6UBiFx%2FrlCPicd5F95dTSJF2fXSXtlRIJ0M66GhBY8TgAEBH%2BcNKtPx9c0pSa2TbCb9NqT3WftPpaSc8GvOADBF0KCw97LCajZ3RDVFOraZXPUDVJVr0P2ZOErSwMT1&redirectType=js&inIframe=false&inPopUp=false	702 B	2023-03-11	2023-03-17
Pretty URL guttersunlimited.com/page/bouncy.php?&bpae=GbhGtKcGvUxz97vv%2FSo0RFQiPTa8ejG7YcE0Bklko3rZpORhAJ2JTV6SYPhqHF9aLgXSas8STlZwICj%2B863nP2887GIsYJKI3VfZBWF44kjqWy2ZIiJzFNlhlTsGOyD8Qi51FqAKKsAvAfeuprc31qH%2BmPHvSMcPB25v7eHr3MMOwx81VJ6sejl7AMTjfkszuHRBdYRsEd3LlGwpMSFQrAv1ngUpMEHcbgzq0FDK4k14oVjl07nXeJeF4Wc5EGiun9WLDzFIwl2%2BiYuB77sEiBgRhLJzgezjbX1yYE7t7rKOu5Zp5jrxSeRpDVPxbuUYqgQPLNK0mR0f1M9H4ArySXeROXBi6bfi1gOvi9nw0RdjtoXJBhzJu4X65lSSi%2F3IRTGWv6UBiFx%2FrlCPicd5F95dTSJF2fXSXtlRIJ0M66GhBY8TgAEBH%2BcNKtPx9c0pSa2TbCb9NqT3WftPpaSc8GvOADBF0KCw97LCajZ3RDVFOraZXPUDVJVr0P2ZOErSwMT1&redirectType=js&inIframe=false&inPopUp=false IP 72.52.179.174 ASN #32244 LIQUIDWEB Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 20:40:30 Last Seen2023-03-17 22:41:51 Times Seen1 Hash d4c1c26b9533231953eb81b4a995405c 8fa94ddbab976b746847140f1204945948baeea9 6a5163e29b139a503f582da687f8dc4f356974212aaa1cc211d351e5dd2cd114 Loading...

	thetakebestbonus.life/media/gambling/icon.js	1.6 kB	2023-03-07	2024-04-18
Pretty URL thetakebestbonus.life/media/gambling/icon.js IP 194.87.208.61 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:18:07 Last Seen2024-04-18 09:49:15 Times Seen527 Hash 2b25502a979c3b240fc77e52689e4c29 790d306577b490abe99d88fb55bce2e815689843 328a90c5503266ebe4dda1e9c84558e62016811f112a159aecb36fc489563577 Loading...

	www.gstatic.com/firebasejs/8.3.0/firebase-messaging.js	41 kB	2023-03-08	2024-01-05
Pretty URL www.gstatic.com/firebasejs/8.3.0/firebase-messaging.js IP 142.250.74.163 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:31:16 Last Seen2024-01-05 11:49:30 Times Seen11 Hash 0300bb79f4a836fd6b2449fa958d592b f44dd6259128c1f21e4d1b414ef79fcbe5bbeb64 e8001772f5fd68cdf6f4d82118d7d0b67cc65eb418f3994a4105837e5624894a Loading...

	thetakebestbonus.life/cookie/js.cookie9.js	4.4 kB	2023-03-07	2024-04-08
Pretty URL thetakebestbonus.life/cookie/js.cookie9.js IP 194.87.208.61 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:18:07 Last Seen2024-04-08 10:15:02 Times Seen439 Hash 16e07bf02a8e81d2cd5679dc45cc318c 7c205205935a3a56a8976b2ac648502b43103b5f 96e91577f6be403fc263780e07e6b7839373588026f793d2b4edd77dcbba871e Loading...

	thetakebestbonus.life/media/gambling/sound.js	1.1 kB	2023-03-07	2024-04-18
Pretty URL thetakebestbonus.life/media/gambling/sound.js IP 194.87.208.61 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:18:07 Last Seen2024-04-18 09:49:16 Times Seen524 Hash 3787b349cb8b744b6917fe43f96b1ccd ab26d82699a166f520a51f722bc6262ef1d5421f 8e4cbdda4f0a209714e470984de7250f946c3afd35ded05302ef431be048e918 Loading...

	thetakebestbonus.life/util/utils-gmb.js	4.7 kB	2023-03-07	2024-01-05
Pretty URL thetakebestbonus.life/util/utils-gmb.js IP 194.87.208.61 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:18:07 Last Seen2024-01-05 11:49:30 Times Seen500 Hash 570df3f849036a1a4a75ca2a28047d36 f69147076e3912116a9765a2ed34afe3cae67978 221e1a80f62592306f7a357aa9ee1a43b32a10314f340b64604ca9d351cf33c4 Loading...

	confdatabase.com/pc.js?u=3w8p605	315 B	2023-03-08	2023-07-17
Pretty URL confdatabase.com/pc.js?u=3w8p605 IP 5.8.45.62 ASN #209813 Fast Content Delivery LTD Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 05:38:43 Last Seen2023-07-17 21:05:34 Times Seen17 Hash e19da520f9feb2c13e897560f9309801 c0f5f1ca8d870920ba49c4afbcf8f45db0f238dc 6cab2d2817a7968578ca675369a4cbc126f898e75163fc59ba36f899b659831c Loading...

	thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9k68vumpk8u8bok2j8m351i	92 B	2023-03-07	2024-02-01
Pretty URL thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9k68vumpk8u8bok2j8m351i IP 194.87.208.61 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:35:30 Last Seen2024-02-01 04:37:31 Times Seen89 Hash 1a65f84c9f0af6b78456c150db5eee7f 6a04218dfd298be1d04c49180cc305488239bc47 2ac5da2f8f8a7a1fffa851b240ce735309d0c8df368b351e18da333751110e79 Loading...

	www.gstatic.com/firebasejs/8.3.0/firebase-app.js	20 kB	2023-03-08	2024-02-21
Pretty URL www.gstatic.com/firebasejs/8.3.0/firebase-app.js IP 142.250.74.163 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:31:16 Last Seen2024-02-21 12:20:11 Times Seen52 Hash 2aacf9b225caeab96ddaac1c892a6108 d2b97bff41401ea1717b8e0257c6c5a80f92bbbf b33c75d66b6115b2b04d07e509b8b5def62e5ff9a5feb52c7b4dfedb748fa8ba Loading...

	thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9k68vumpk8u8bok2j8m351i	475 B	2023-03-07	2024-02-01
Pretty URL thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9k68vumpk8u8bok2j8m351i IP 194.87.208.61 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:35:30 Last Seen2024-02-01 04:37:31 Times Seen89 Hash 3496ef66880d1607813dbb174dd45275 815fc560403c2ece8de21f4e2a2119f6d48dd4e9 fca45e83123934d3b70e58e929ec9dc36979e8f7a92643aa6e3d775cee830b04 Loading...

	guttersunlimited.com/	1.5 kB	2023-03-11	2023-03-17
Pretty URL guttersunlimited.com/ IP 72.52.179.174 ASN #32244 LIQUIDWEB Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 20:40:30 Last Seen2023-03-17 22:41:51 Times Seen1 Hash 385c1eccec251ac837f12e1936dda500 49292b1859d790924a24ca8dcd1661cff95e8992 ec253a91cc67d56ced8ce36f125382f6dfdb9f1bf878d39cbc359a4e0dbefa08 Loading...

	thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9k68vumpk8u8bok2j8m351i	526 B	2023-03-11	2023-03-17
Pretty URL thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9k68vumpk8u8bok2j8m351i IP 194.87.208.61 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 20:40:30 Last Seen2023-03-17 22:41:51 Times Seen1 Hash 164bceb8f9a0d271b3913173d781d8a6 571adbed1bff8092847bda6b645140b337b809d0 4a2d14f0fc57a6407ed2ca2aa12155257e11de9ae47ef2cad12666d3f34706b5 Loading...

	thetakebestbonus.life/media/gambling/backbutton_gmb.js	3.9 kB	2023-03-07	2024-04-08
Pretty URL thetakebestbonus.life/media/gambling/backbutton_gmb.js IP 194.87.208.61 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:18:07 Last Seen2024-04-08 10:15:02 Times Seen438 Hash 42a42a2180debd55caba94527379964c 562c1754c94ce49326b0381805ee14d175487778 52afe26d88ec86edf4a46d872db86007597b8ff5f6d9e79e47c9e6b899d0b781 Loading...

	thetakebestbonus.life/media/gambling/en/slots/jquery-1.11.3.min.js	96 kB	2023-03-07	2024-04-26
Pretty URL thetakebestbonus.life/media/gambling/en/slots/jquery-1.11.3.min.js IP 194.87.208.61 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:25 Last Seen2024-04-26 12:25:39 Times Seen10417 Hash 895323ed2f7258af4fae2c738c8aea49 276c87ff3e1e3155679c318938e74e5c1b76d809 ecb916133a9376911f10bc5c659952eb0031e457f5df367cde560edbfba38fb8 Loading...

	thetakebestbonus.life/media/gambling/en/slots/ProgressiveJackpotTicker.min.js	4.5 kB	2023-03-07	2024-02-01
Pretty URL thetakebestbonus.life/media/gambling/en/slots/ProgressiveJackpotTicker.min.js IP 194.87.208.61 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:35:30 Last Seen2024-02-01 04:37:31 Times Seen89 Hash 1a9c009b8fed0a1aa6e2e93b80b1d92e 17af21437aeab52c10121e30ef41f895ba806932 bc5917d98eb287d8e4113e4455fecf15a5935a5d56304a6cdb5134c117f20595 Loading...

	thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9k68vumpk8u8bok2j8m351i	1.5 kB	2023-03-07	2024-02-01
Pretty URL thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9k68vumpk8u8bok2j8m351i IP 194.87.208.61 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:35:30 Last Seen2024-02-01 04:37:31 Times Seen89 Hash 1e0670d1e38bcbfd19c322b43bc49913 de2bc3aae13a65726a21e1c97fab7a6cba5c2a90 a886b907b52ca480f45ed93245d3cb6a633f75e12928acc91742ac9c6f4480e0 Loading...

	thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9k68vumpk8u8bok2j8m351i	3.9 kB	2023-03-07	2024-02-01
Pretty URL thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9k68vumpk8u8bok2j8m351i IP 194.87.208.61 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:35:30 Last Seen2024-02-01 04:37:31 Times Seen89 Hash 50ea3e73fa830cccf0471a51332c61ec 0e8542449329a3f2a513f4dedc957208fc8787ab c06453175e572e5be656d4c7282de220f12f3288c543a3c622e72e369a45dae8 Loading...

	thetakebestbonus.life/media/gambling/confetti.js	3.5 kB	2023-03-07	2024-04-20
Pretty URL thetakebestbonus.life/media/gambling/confetti.js IP 194.87.208.61 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:18:07 Last Seen2024-04-20 21:10:39 Times Seen510 Hash 116c9460f5e882a7fcf4e837f7efc72a 13a88e74735d05985e5d07e8cbff716329f5d81c 651141c8290087af54c66793aa063ee5697661fb914925f56bd09390a2895ce4 Loading...

HTTP Transactions (59)

URL IP Response Size

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
a9f1d4d98705c281fed3b60343463200
db6f8aa98d2eda4e5473b116a222c3055568bb78
164d11173045b569cafb32e300e4c1ec6d6ab177fd34d0414cc40c541268779f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "164D11173045B569CAFB32E300E4C1EC6D6AB177FD34D0414CC40C541268779F"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2638
Expires: Sat, 26 Nov 2022 12:32:02 GMT
Date: Sat, 26 Nov 2022 11:48:04 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
15b59d5e62caedb4bec3ba6724906c1e
960f801e608a56fdd11449f4face29f62cad2b21
8c72a45737c2eeddf328b0ed3236f3243551d904e94ec9dd7254972ebfb9229e

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1495
Cache-Control: max-age=169679
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 11:48:04 GMT
Etag: "6381eaec-1d7"
Expires: Mon, 28 Nov 2022 10:56:03 GMT
Last-Modified: Sat, 26 Nov 2022 10:31:08 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 471

firefox.settings.services.mozilla.com/v1/

34.102.187.140

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
4d7e4eed097b9c4e5d509419f1cfc85a
290bb3d428a7c6330e2e3d73a952b16f820896c8
0dc9ca0f57af15adcd416035e92794711434e3d53a1feff21d8481d6d500986c

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Length, Alert, Backoff, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 26 Nov 2022 11:19:13 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 1731
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
260e9998c20d831b66f1029c8f47aac9
716d630f647c54dc69a7f9c63a6cac294b3df7f7
c9951a909f354174f0075a01c01c3c3aa6960983040e328bfbbbea81aeb405c2

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C9951A909F354174F0075A01C01C3C3AA6960983040E328BFBBBEA81AEB405C2"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5302
Expires: Sat, 26 Nov 2022 13:16:26 GMT
Date: Sat, 26 Nov 2022 11:48:04 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: tRhCbmowvKz1+J1G3YAegasG+TmATYgjMRRCfXXZpf7/tN41RMx4iwlUyBWM+b2610U2HJ/u180=
x-amz-request-id: 5TNSCRS0AE8HQDRY
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 26 Nov 2022 11:41:11 GMT
age: 413
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 26 Nov 2022 11:48:04 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

34.102.187.140

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Pragma, Alert, Content-Type, ETag, Retry-After, Last-Modified, Content-Length, Cache-Control, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 26 Nov 2022 11:11:12 GMT
cache-control: public,max-age=3600
age: 2212
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
d3df71aab146eefc49acb608796aab63
8401892995193919376dfcd798b09c8261579454
a616c1e54e896576601e6107c1814adbebf35364d8ed807cdd89ac36b8200c88

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4136
Cache-Control: max-age=167262
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 11:48:05 GMT
Etag: "6381d72b-1d7"
Expires: Mon, 28 Nov 2022 10:15:47 GMT
Last-Modified: Sat, 26 Nov 2022 09:06:51 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 471

push.services.mozilla.com/

52.89.217.163

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
52.89.217.163:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: hhGivoR4ndBnK+RXohUIsA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: dEj2leNpZ2zknTQb1rnIU8oIzpA=

guttersunlimited.com/

72.52.179.174

200 OK

2.2 kB

URL HTTP/1.1
guttersunlimited.com/
IP
72.52.179.174:0
ASN
#32244 LIQUIDWEB

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (620)
Size
2.2 kB (2236 bytes)
Hash
62952ac1a9a1934d0c44561ee726b64f
f959f2032fa97156f4cacdfe1810924b609b87fc
220bdcb7d17c10566e74ce8849cc3cd4fb00171ea04182c6f938763f382c941e

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET / HTTP/1.1
Host: guttersunlimited.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 11:48:04 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9
X-Powered-By: PHP/5.4.16
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

guttersunlimited.com/page/bouncy.php?&bpae=GbhGtKcGvUxz97vv%2FSo0RFQiPTa8ejG7YcE0Bklko3rZpORhAJ2JTV6SYPhqHF9aLgXSas8STlZwICj%2B863nP2887GIsYJKI3VfZBWF44kjqWy2ZIiJzFNlhlTsGOyD8Qi51FqAKKsAvAfeuprc31qH%2BmPHvSMcPB25v7eHr3MMOwx81VJ6sejl7AMTjfkszuHRBdYRsEd3LlGwpMSFQrAv1ngUpMEHcbgzq0FDK4k14oVjl07nXeJeF4Wc5EGiun9WLDzFIwl2%2BiYuB77sEiBgRhLJzgezjbX1yYE7t7rKOu5Zp5jrxSeRpDVPxbuUYqgQPLNK0mR0f1M9H4ArySXeROXBi6bfi1gOvi9nw0RdjtoXJBhzJu4X65lSSi%2F3IRTGWv6UBiFx%2FrlCPicd5F95dTSJF2fXSXtlRIJ0M66GhBY8TgAEBH%2BcNKtPx9c0pSa2TbCb9NqT3WftPpaSc8GvOADBF0KCw97LCajZ3RDVFOraZXPUDVJVr0P2ZOErSwMT1&redirectType=js&inIframe=false&inPopUp=false

72.52.179.174

200 OK

982 B

URL HTTP/1.1
guttersunlimited.com/page/bouncy.php?&bpae=GbhGtKcGvUxz97vv%2FSo0RFQiPTa8ejG7YcE0Bklko3rZpORhAJ2JTV6SYPhqHF9aLgXSas8STlZwICj%2B863nP2887GIsYJKI3VfZBWF44kjqWy2ZIiJzFNlhlTsGOyD8Qi51FqAKKsAvAfeuprc31qH%2BmPHvSMcPB25v7eHr3MMOwx81VJ6sejl7AMTjfkszuHRBdYRsEd3LlGwpMSFQrAv1ngUpMEHcbgzq0FDK4k14oVjl07nXeJeF4Wc5EGiun9WLDzFIwl2%2BiYuB77sEiBgRhLJzgezjbX1yYE7t7rKOu5Zp5jrxSeRpDVPxbuUYqgQPLNK0mR0f1M9H4ArySXeROXBi6bfi1gOvi9nw0RdjtoXJBhzJu4X65lSSi%2F3IRTGWv6UBiFx%2FrlCPicd5F95dTSJF2fXSXtlRIJ0M66GhBY8TgAEBH%2BcNKtPx9c0pSa2TbCb9NqT3WftPpaSc8GvOADBF0KCw97LCajZ3RDVFOraZXPUDVJVr0P2ZOErSwMT1&redirectType=js&inIframe=false&inPopUp=false
IP
72.52.179.174:0
ASN
#32244 LIQUIDWEB

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text
Size
982 B (982 bytes)
Hash
4fc702ade620018f547500e4ffca3dff
f904a01223addf1bbfaf7da20d3d9d4ccc672496
861a2a1313ffd9407722ec63b33855aa8b75004b6767ddd978c2712e0d7ac8fc

HTTP Headers

GET /page/bouncy.php?&bpae=GbhGtKcGvUxz97vv%2FSo0RFQiPTa8ejG7YcE0Bklko3rZpORhAJ2JTV6SYPhqHF9aLgXSas8STlZwICj%2B863nP2887GIsYJKI3VfZBWF44kjqWy2ZIiJzFNlhlTsGOyD8Qi51FqAKKsAvAfeuprc31qH%2BmPHvSMcPB25v7eHr3MMOwx81VJ6sejl7AMTjfkszuHRBdYRsEd3LlGwpMSFQrAv1ngUpMEHcbgzq0FDK4k14oVjl07nXeJeF4Wc5EGiun9WLDzFIwl2%2BiYuB77sEiBgRhLJzgezjbX1yYE7t7rKOu5Zp5jrxSeRpDVPxbuUYqgQPLNK0mR0f1M9H4ArySXeROXBi6bfi1gOvi9nw0RdjtoXJBhzJu4X65lSSi%2F3IRTGWv6UBiFx%2FrlCPicd5F95dTSJF2fXSXtlRIJ0M66GhBY8TgAEBH%2BcNKtPx9c0pSa2TbCb9NqT3WftPpaSc8GvOADBF0KCw97LCajZ3RDVFOraZXPUDVJVr0P2ZOErSwMT1&redirectType=js&inIframe=false&inPopUp=false HTTP/1.1
Host: guttersunlimited.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://guttersunlimited.com/
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Sat, 26 Nov 2022 11:48:05 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9
X-Powered-By: PHP/5.4.16
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

ocsp.sca1b.amazontrust.com/

54.230.245.110

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
54.230.245.110:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
d68a2b62f97ce70df4f6d7af069054b1
8f5593384e5574b822eed974f9f6157093a544f0
21ae0f483b24a116befc06e8258710f9781f9b0489ca03cd8b5107d2efc2b66c

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=88925
Date: Sat, 26 Nov 2022 11:48:06 GMT
Etag: "6380a348-1d7"
Expires: Sun, 27 Nov 2022 12:30:11 GMT
Last-Modified: Fri, 25 Nov 2022 11:13:12 GMT
Server: ECS (bsa/EB21)
X-Cache: Miss from cloudfront
Via: 1.1 60929bddfcfe8b3a510a9502ad6d8742.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: o6K6gvjpxZBzj8ejqBq-ndCPuvicLrhValQqKnS-PnlqZOjwHrVuhQ==
Age: 4619

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
6827d82f488045e02e40d6a2fdbae4b3
4944139a4b08769511ffc6aa913857d88a0db7bc
0e4ef6ddef97ec03d43df4c0bada61d792b9f030e4d9fab5bd3cf904aeaa3bc9

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4681
Expires: Sat, 26 Nov 2022 13:06:07 GMT
Date: Sat, 26 Nov 2022 11:48:06 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
6827d82f488045e02e40d6a2fdbae4b3
4944139a4b08769511ffc6aa913857d88a0db7bc
0e4ef6ddef97ec03d43df4c0bada61d792b9f030e4d9fab5bd3cf904aeaa3bc9

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4681
Expires: Sat, 26 Nov 2022 13:06:07 GMT
Date: Sat, 26 Nov 2022 11:48:06 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
6827d82f488045e02e40d6a2fdbae4b3
4944139a4b08769511ffc6aa913857d88a0db7bc
0e4ef6ddef97ec03d43df4c0bada61d792b9f030e4d9fab5bd3cf904aeaa3bc9

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4681
Expires: Sat, 26 Nov 2022 13:06:07 GMT
Date: Sat, 26 Nov 2022 11:48:06 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
6827d82f488045e02e40d6a2fdbae4b3
4944139a4b08769511ffc6aa913857d88a0db7bc
0e4ef6ddef97ec03d43df4c0bada61d792b9f030e4d9fab5bd3cf904aeaa3bc9

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4681
Expires: Sat, 26 Nov 2022 13:06:07 GMT
Date: Sat, 26 Nov 2022 11:48:06 GMT
Connection: keep-alive

gaut-hil.com/zcredirect?visitid=2fea9e62-6d80-11ed-b594-1251e1cda939&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false

3.208.247.235

200 OK

5.0 kB

URL HTTP/2
gaut-hil.com/zcredirect?visitid=2fea9e62-6d80-11ed-b594-1251e1cda939&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false
IP
3.208.247.235:0
ASN
#14618 AMAZON-AES

File type
data
Size
5.0 kB (5021 bytes)
Hash
d7c2eba7da7e49dd81b5a0edd3656868
a4249d2c96a4c1cb1df53799f727d2340487b111
191b88b956046004485a51554f8d45c44d9f89540c422397f812b058726fdc39

HTTP Headers

GET /zcredirect?visitid=2fea9e62-6d80-11ed-b594-1251e1cda939&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false HTTP/1.1
Host: gaut-hil.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gaut-hil.com/zcvisitor/2fea9e62-6d80-11ed-b594-1251e1cda939/c48f16c0-a519-11ec-9226-0a76dcc61f13?campaignid=58a93170-2381-11ed-8e1b-0a918cbcbb97
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 26 Nov 2022 11:48:06 GMT
content-type: text/html;charset=UTF-8
cache-control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-webkit-csp: default-src 'self'; script-src 'self' 'unsafe-inline'
access-control-allow-origin: *
access-control-allow-methods: GET,POST,OPTIONS
access-control-allow-headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
redirected: JS
server: QOmeMSPK
X-Firefox-Spdy: h2

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F34ec689c-96b7-450b-b77e-e0ecb4d89c3c.jpeg

34.120.237.76

200 OK

9.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F34ec689c-96b7-450b-b77e-e0ecb4d89c3c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.0 kB (9049 bytes)
Hash
c8dc4b8a7e9f7f4f84f0da568b43392b
3d32bff85cb7ec118c4496d0c3802829fdc9af3b
4b0ffde427085c796a7a5823604b29a4af43dbb93e99ec41f34feb37f52ac7d9

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F34ec689c-96b7-450b-b77e-e0ecb4d89c3c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9049
x-amzn-requestid: 6cbd9639-c29d-4ff4-8091-3168f64f4c78
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cLVVGHzKoAMFSuA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638135ba-100ea4235fdf1df8491041c8;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 21:38:02 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: OJZkZ18TlSgdBWsmSroQPIcYIvBFvz5-7hu9_GravTcz6zqxKXHZrg==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 21:43:36 GMT
age: 50670
etag: "3d32bff85cb7ec118c4496d0c3802829fdc9af3b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc537c2d0-d011-4ed0-a5d4-5f5d2190c49b.webp
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.4 kB (4366 bytes)
Hash
abd79421a3c44a8df11ad2cc50083309
8665e5f3026f2c2b9505eb139c478f4d359851c3
3a66b00498fa1322730705b1c4502614b5a520ac3f884f494d65e27a5bb62c3f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc537c2d0-d011-4ed0-a5d4-5f5d2190c49b.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4366
x-amzn-requestid: ce25f5ab-0c92-431e-ae4e-618829594a74
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cLVNZFjHoAMFXLg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63813588-6a3a8dff70e717011e3a0606;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 21:37:12 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 75AMMfa7oq0Y51YPEC_FEDOoNVc9cgfjg9bOSOXwikONPdhW7OG3uQ==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 4f3feb5c4393987d42d1971d404d7cea.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 21:48:10 GMT
age: 50396
etag: "8665e5f3026f2c2b9505eb139c478f4d359851c3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

3.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf04cc9f-ee4b-42fd-914f-cd86b9dc30eb.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
3.5 kB (3502 bytes)
Hash
a783df85f30f9c555f9df6b99f61744d
61f9bed607e81606be78285596acdc5e0e4f4994
19db42201d0fa059f680d890ede6683c04e893e6308a2256d0203f826a7f34de

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf04cc9f-ee4b-42fd-914f-cd86b9dc30eb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 3502
x-amzn-requestid: ca3f2610-e03c-48a7-abb3-fbbab76f63d2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cCvYUHO5IAMFqDA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637dc5ce-7e36137711dc4668278c1c94;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 07:03:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: QS3ZKYetcm87GNwSr34eRPF2d4r8ppwf3fT19aV-u84f7ObX4bU8wQ==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 07:13:26 GMT
age: 16480
etag: "61f9bed607e81606be78285596acdc5e0e4f4994"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

gaut-hil.com/zcvisitor/2fea9e62-6d80-11ed-b594-1251e1cda939/c48f16c0-a519-11ec-9226-0a76dcc61f13?campaignid=58a93170-2381-11ed-8e1b-0a918cbcbb97

3.208.247.235

200 OK

11 kB

URL HTTP/2
gaut-hil.com/zcvisitor/2fea9e62-6d80-11ed-b594-1251e1cda939/c48f16c0-a519-11ec-9226-0a76dcc61f13?campaignid=58a93170-2381-11ed-8e1b-0a918cbcbb97
IP
3.208.247.235:0
ASN
#14618 AMAZON-AES

File type
data
Size
11 kB (10885 bytes)
Hash
45aacc74a0a7922f322e86fe4c8d66ce
d1c37b0f80ac82c1faf7ba18c07207600b159fe2
b03537b886b3ebfb80688ce1ab0efd610d22ef01ab234912ecd9c03e9db4e4f1

HTTP Headers

GET /zcvisitor/2fea9e62-6d80-11ed-b594-1251e1cda939/c48f16c0-a519-11ec-9226-0a76dcc61f13?campaignid=58a93170-2381-11ed-8e1b-0a918cbcbb97 HTTP/1.1
Host: gaut-hil.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://guttersunlimited.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 26 Nov 2022 11:48:06 GMT
content-type: text/html;charset=UTF-8
cache-control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-webkit-csp: default-src 'self'; script-src 'self' 'unsafe-inline'
access-control-allow-origin: *
access-control-allow-methods: GET,POST,OPTIONS
access-control-allow-headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
server: xDYLqknZ
X-Firefox-Spdy: h2

34.120.237.76

200 OK

14 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffc791f23-9e0d-4ffd-991b-9c697774e053.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
14 kB (14128 bytes)
Hash
e0174b63e0e8e8184799bedd77c7ca5f
ab196fcf5ef72cd13d1f8f370039258b963834ba
ffb99678ae74f059a66aaf5097b1c4b659519012f137b40a644ded7a3c524623

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffc791f23-9e0d-4ffd-991b-9c697774e053.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 14128
x-amzn-requestid: ac7d027c-55fe-479d-a5ca-baa09eabebea
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cLUgEEXSIAMFzmA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63813466-061f1c9c36d007347d0c1302;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 21:32:22 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: QSNpiUlg-IP41ezykW8i6qiDO9pXaopLa5Wnc_UtWP5AR5jJNbHywQ==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 22:02:02 GMT
age: 49564
etag: "ab196fcf5ef72cd13d1f8f370039258b963834ba"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

gaut-hil.com/favicon.ico

3.208.247.235

404 Not Found

653 B

URL HTTP/2
gaut-hil.com/favicon.ico
IP
3.208.247.235:0
ASN
#14618 AMAZON-AES

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (649), with no line terminators
Size
653 B (653 bytes)
Hash
ba2732b1b2fa2626ffaa15f62f9e7d66
203d4e7fbb1d80449d6e4e1f3ae7a9bf8625debe
879861cb72fe9fbb476dab246021c4c83b4066327de2529e05ec54d3afb0a1c8

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: gaut-hil.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gaut-hil.com/zcredirect?visitid=2fea9e62-6d80-11ed-b594-1251e1cda939&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
date: Sat, 26 Nov 2022 11:48:06 GMT
content-type: text/html;charset=utf-8
content-length: 653
cache-control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-webkit-csp: default-src 'self'; script-src 'self' 'unsafe-inline'
content-language: en
server: bhxoNhSG
X-Firefox-Spdy: h2

ocsp.sca1b.amazontrust.com/

54.230.245.110

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
54.230.245.110:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
8a757aaa229cdb48376c968ec0226f91
68ab4958b44b17127c4fb7a7d155e68916220170
4d486f31ed4e613e3d68eabe0c8e10945868aa4036507aa6feffadc542e88c71

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=125344
Date: Sat, 26 Nov 2022 11:48:06 GMT
Etag: "63814396-1d7"
Expires: Sun, 27 Nov 2022 22:37:10 GMT
Last-Modified: Fri, 25 Nov 2022 22:37:10 GMT
Server: nginx
X-Cache: Miss from cloudfront
Via: 1.1 60929bddfcfe8b3a510a9502ad6d8742.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: DB3dS949iy76AMS1BQms6VgndAk6Vo9H82CYwdgqPq3MEF_lGcGUdw==

ayxvy.voluumtrk3.com/zp-redirect?target=https%3A%2F%2Fthetakebestbonus.life%2F%3Fu%3Dxunwwwr%26o%3Db0hp0zn%26cid%3Dw9k68vumpk8u8bok2j8m351i&caid=c3ff4655-a271-48ad-90d6-849e63bfb180&zpid=2fea9e62-6d80-11ed-b594-1251e1cda939&cid=w9k68vumpk8u8bok2j8m351i&rt=R

35.156.91.109

302 Found

0 B

URL HTTP/2
ayxvy.voluumtrk3.com/zp-redirect?target=https%3A%2F%2Fthetakebestbonus.life%2F%3Fu%3Dxunwwwr%26o%3Db0hp0zn%26cid%3Dw9k68vumpk8u8bok2j8m351i&caid=c3ff4655-a271-48ad-90d6-849e63bfb180&zpid=2fea9e62-6d80-11ed-b594-1251e1cda939&cid=w9k68vumpk8u8bok2j8m351i&rt=R
IP
35.156.91.109:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /zp-redirect?target=https%3A%2F%2Fthetakebestbonus.life%2F%3Fu%3Dxunwwwr%26o%3Db0hp0zn%26cid%3Dw9k68vumpk8u8bok2j8m351i&caid=c3ff4655-a271-48ad-90d6-849e63bfb180&zpid=2fea9e62-6d80-11ed-b594-1251e1cda939&cid=w9k68vumpk8u8bok2j8m351i&rt=R HTTP/1.1
Host: ayxvy.voluumtrk3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gaut-hil.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
date: Sat, 26 Nov 2022 11:48:06 GMT
content-length: 0
location: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9k68vumpk8u8bok2j8m351i
cache-control: no-store, no-cache, pre-check=0, post-check=0
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
set-cookie: voluum-cid-v4=%7B%22cid%22%3A%22w9k68vumpk8u8bok2j8m351i%22%2C%22caid%22%3A%22c3ff4655-a271-48ad-90d6-849e63bfb180%22%7D; Max-Age=31536000; Expires=Sun, 26-Nov-2023 11:48:06 GMT; Domain=ayxvy.voluumtrk3.com; Path=/; Secure; HttpOnly;SameSite=None
server: nginx
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
892f67531d185f86d9c791285b8ce34b
f9426125e0c5593df37aef084022e642e7b690e4
10dc197b7face579cdee803f0f7d21f05d252e608ea5b029ed7c64482d20cdfb

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "10DC197B7FACE579CDEE803F0F7D21F05D252E608EA5B029ED7C64482D20CDFB"
Last-Modified: Sat, 26 Nov 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18241
Expires: Sat, 26 Nov 2022 16:52:08 GMT
Date: Sat, 26 Nov 2022 11:48:07 GMT
Connection: keep-alive

thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9k68vumpk8u8bok2j8m351i

194.87.208.61

200 OK

10 kB

URL HTTP/1.1
thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9k68vumpk8u8bok2j8m351i
IP
194.87.208.61:0
ASN
#0

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (531), with CRLF, LF line terminators
Size
10 kB (10238 bytes)
Hash
449dc2544ff7c65b812ef567b20a6d8a
c5b9719349dc9b800c09605e99686087dc219c6e
15c10c8438a4dce52fd099cbd604563924bdd120e28661955d56ab041e8081b7

HTTP Headers

GET /?u=xunwwwr&o=b0hp0zn&cid=w9k68vumpk8u8bok2j8m351i HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gaut-hil.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Nov 2022 11:48:07 GMT
Content-Type: text/html
Content-Length: 10238
Connection: keep-alive
set-cookie: sid=t2~lkp4cukonsub12jtiayns5rv; path=/
cache-control: private, no-transform

thetakebestbonus.life/media/gambling/en/slots/1.css

194.87.208.61

200 OK

6.3 kB

URL HTTP/1.1
thetakebestbonus.life/media/gambling/en/slots/1.css
IP
194.87.208.61:0
ASN
#0

File type
ASCII text, with very long lines (6256), with no line terminators
Size
6.3 kB (6256 bytes)
Hash
b656c0486bf95fd37ee4a009f141278a
d8f1d5378ea9c9898ba44ba5050ddec6b3b0f32c
828198fdc48d7e5d04252b756694a5393cd457724cb09c47b20913ac3d9ca896

HTTP Headers

GET /media/gambling/en/slots/1.css HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9k68vumpk8u8bok2j8m351i
Cookie: sid=t2~lkp4cukonsub12jtiayns5rv
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Nov 2022 11:48:07 GMT
Content-Type: text/css
Content-Length: 6256
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "b656c0486bf95fd37ee4a009f141278a"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172B1EADFA9D5DD4
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Sun, 26 Nov 2023 11:48:07 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes

thetakebestbonus.life/media/gambling/en/slots/style1.css

194.87.208.61

200 OK

12 kB

URL HTTP/1.1
thetakebestbonus.life/media/gambling/en/slots/style1.css
IP
194.87.208.61:0
ASN
#0

File type
ASCII text, with very long lines (12064), with no line terminators
Size
12 kB (12064 bytes)
Hash
9e8e1b97fb35ea366e6fee346ab90803
68e1efa4406e30e6deaeeb638f0b23313f507ffa
a21b63c52a75717cc9d2ebc9cbd98a3df24bb5c01a4dc55ac6e41533e67c3316

HTTP Headers

GET /media/gambling/en/slots/style1.css HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9k68vumpk8u8bok2j8m351i
Cookie: sid=t2~lkp4cukonsub12jtiayns5rv
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Nov 2022 11:48:07 GMT
Content-Type: text/css
Content-Length: 12064
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "9e8e1b97fb35ea366e6fee346ab90803"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172B1FD430D5AE8D
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Sun, 26 Nov 2023 11:48:07 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes

thetakebestbonus.life/cookie/js.cookie9.js

194.87.208.61

200 OK

4.4 kB

URL HTTP/1.1
thetakebestbonus.life/cookie/js.cookie9.js
IP
194.87.208.61:0
ASN
#0

File type
ASCII text, with very long lines (1709)
Size
4.4 kB (4395 bytes)
Hash
16e07bf02a8e81d2cd5679dc45cc318c
7c205205935a3a56a8976b2ac648502b43103b5f
96e91577f6be403fc263780e07e6b7839373588026f793d2b4edd77dcbba871e

HTTP Headers

GET /cookie/js.cookie9.js HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9k68vumpk8u8bok2j8m351i
Cookie: sid=t2~lkp4cukonsub12jtiayns5rv
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Nov 2022 11:48:07 GMT
Content-Type: application/javascript
Content-Length: 4395
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "16e07bf02a8e81d2cd5679dc45cc318c"
Last-Modified: Wed, 31 Aug 2022 09:31:17 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172B1FC192584C1E
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Sun, 26 Nov 2023 11:48:07 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes

thetakebestbonus.life/media/gambling/backbutton_gmb.js

194.87.208.61

200 OK

3.9 kB

URL HTTP/1.1
thetakebestbonus.life/media/gambling/backbutton_gmb.js
IP
194.87.208.61:0
ASN
#0

File type
ASCII text, with CRLF line terminators
Size
3.9 kB (3923 bytes)
Hash
42a42a2180debd55caba94527379964c
562c1754c94ce49326b0381805ee14d175487778
52afe26d88ec86edf4a46d872db86007597b8ff5f6d9e79e47c9e6b899d0b781

HTTP Headers

GET /media/gambling/backbutton_gmb.js HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9k68vumpk8u8bok2j8m351i
Cookie: sid=t2~lkp4cukonsub12jtiayns5rv
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Nov 2022 11:48:07 GMT
Content-Type: application/javascript
Content-Length: 3923
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "42a42a2180debd55caba94527379964c"
Last-Modified: Wed, 31 Aug 2022 09:34:51 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172B1FC192A2CDD0
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Sun, 26 Nov 2023 11:48:07 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes

thetakebestbonus.life/media/gambling/icon.js

194.87.208.61

200 OK

1.6 kB

URL HTTP/1.1
thetakebestbonus.life/media/gambling/icon.js
IP
194.87.208.61:0
ASN
#0

File type
ASCII text, with CRLF line terminators
Size
1.6 kB (1580 bytes)
Hash
2b25502a979c3b240fc77e52689e4c29
790d306577b490abe99d88fb55bce2e815689843
328a90c5503266ebe4dda1e9c84558e62016811f112a159aecb36fc489563577

HTTP Headers

GET /media/gambling/icon.js HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9k68vumpk8u8bok2j8m351i
Cookie: sid=t2~lkp4cukonsub12jtiayns5rv
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Nov 2022 11:48:07 GMT
Content-Type: application/javascript
Content-Length: 1580
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "2b25502a979c3b240fc77e52689e4c29"
Last-Modified: Wed, 31 Aug 2022 09:34:54 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172B1FC181BE1D20
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Sun, 26 Nov 2023 11:48:07 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes

thetakebestbonus.life/media/gambling/sound.js

194.87.208.61

200 OK

1.1 kB

URL HTTP/1.1
thetakebestbonus.life/media/gambling/sound.js
IP
194.87.208.61:0
ASN
#0

File type
ASCII text, with CRLF line terminators
Size
1.1 kB (1083 bytes)
Hash
3787b349cb8b744b6917fe43f96b1ccd
ab26d82699a166f520a51f722bc6262ef1d5421f
8e4cbdda4f0a209714e470984de7250f946c3afd35ded05302ef431be048e918

HTTP Headers

GET /media/gambling/sound.js HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9k68vumpk8u8bok2j8m351i
Cookie: sid=t2~lkp4cukonsub12jtiayns5rv
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Nov 2022 11:48:07 GMT
Content-Type: application/javascript
Content-Length: 1083
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "3787b349cb8b744b6917fe43f96b1ccd"
Last-Modified: Wed, 31 Aug 2022 09:34:56 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172B1FC1829BD07B
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Sun, 26 Nov 2023 11:48:07 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes

thetakebestbonus.life/util/utils-gmb.js

194.87.208.61

200 OK

4.7 kB

URL HTTP/1.1
thetakebestbonus.life/util/utils-gmb.js
IP
194.87.208.61:0
ASN
#0

File type
ASCII text, with very long lines (641), with CRLF line terminators
Size
4.7 kB (4651 bytes)
Hash
570df3f849036a1a4a75ca2a28047d36
f69147076e3912116a9765a2ed34afe3cae67978
221e1a80f62592306f7a357aa9ee1a43b32a10314f340b64604ca9d351cf33c4

HTTP Headers

GET /util/utils-gmb.js HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9k68vumpk8u8bok2j8m351i
Cookie: sid=t2~lkp4cukonsub12jtiayns5rv
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Nov 2022 11:48:07 GMT
Content-Type: application/javascript
Content-Length: 4651
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "570df3f849036a1a4a75ca2a28047d36"
Last-Modified: Wed, 31 Aug 2022 09:38:20 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172B1FC1830A196A
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Sun, 26 Nov 2023 11:48:07 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes

thetakebestbonus.life/media/gambling/en/slots/ProgressiveJackpotTicker.min.js

194.87.208.61

200 OK

4.5 kB

URL HTTP/1.1
thetakebestbonus.life/media/gambling/en/slots/ProgressiveJackpotTicker.min.js
IP
194.87.208.61:0
ASN
#0

File type
Unicode text, UTF-8 (with BOM) text, with very long lines (367), with CRLF line terminators
Size
4.5 kB (4485 bytes)
Hash
6a744bb584cab227b95c35c80a195cc3
4713e0d9b9a3fbc0e3f91973bd42b6f53b84863b
306f65d55609489da8a821f322fc186f8532c3b99e3d2543137a99c15296fcad

HTTP Headers

GET /media/gambling/en/slots/ProgressiveJackpotTicker.min.js HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9k68vumpk8u8bok2j8m351i
Cookie: sid=t2~lkp4cukonsub12jtiayns5rv
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Nov 2022 11:48:07 GMT
Content-Type: application/javascript
Content-Length: 4485
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "6a744bb584cab227b95c35c80a195cc3"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172B1FD44EBFEE76
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Sun, 26 Nov 2023 11:48:07 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes

thetakebestbonus.life/media/gambling/confetti.js

194.87.208.61

200 OK

3.5 kB

URL HTTP/1.1
thetakebestbonus.life/media/gambling/confetti.js
IP
194.87.208.61:0
ASN
#0

File type
ASCII text, with very long lines (3533), with no line terminators
Size
3.5 kB (3533 bytes)
Hash
116c9460f5e882a7fcf4e837f7efc72a
13a88e74735d05985e5d07e8cbff716329f5d81c
651141c8290087af54c66793aa063ee5697661fb914925f56bd09390a2895ce4

HTTP Headers

GET /media/gambling/confetti.js HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9k68vumpk8u8bok2j8m351i
Cookie: sid=t2~lkp4cukonsub12jtiayns5rv
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Nov 2022 11:48:07 GMT
Content-Type: application/javascript
Content-Length: 3533
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "116c9460f5e882a7fcf4e837f7efc72a"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172B1FC192A3355F
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Sun, 26 Nov 2023 11:48:07 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes

thetakebestbonus.life/media/mainstream/js1.js

194.87.208.61

200 OK

0 B

URL HTTP/1.1
thetakebestbonus.life/media/mainstream/js1.js
IP
194.87.208.61:0
ASN
#0

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /media/mainstream/js1.js HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9k68vumpk8u8bok2j8m351i
Cookie: sid=t2~lkp4cukonsub12jtiayns5rv
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Nov 2022 11:48:07 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "d41d8cd98f00b204e9800998ecf8427e"
Last-Modified: Wed, 31 Aug 2022 09:36:23 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172B1FD475507010
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Sun, 26 Nov 2023 11:48:07 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
619fa0039b94697fc8a5bd24f57e8aa2
53a366391a51d625029cc6d32fb4e8b6060990fd
dff604305831a0399aa44b2fac806e43512afa846569ba6e5685eca6495d9fa5

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 11:48:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

thetakebestbonus.life/media/gambling/en/slots/overlay.png

194.87.208.61

200 OK

7.0 kB

URL HTTP/1.1
thetakebestbonus.life/media/gambling/en/slots/overlay.png
IP
194.87.208.61:0
ASN
#0

File type
PNG image data, 300 x 325, 8-bit colormap, non-interlaced\012- data
Size
7.0 kB (7028 bytes)
Hash
6962c3265c90a29899d439a690d4cb9d
f2deb87030b77ebd20ca9df3f09ee183725879af
bb49a67a9e8ad4147e22deee3c4e5071f00be0d62251e4c57702dc14c23208af

HTTP Headers

GET /media/gambling/en/slots/overlay.png HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9k68vumpk8u8bok2j8m351i
Cookie: sid=t2~lkp4cukonsub12jtiayns5rv
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Nov 2022 11:48:07 GMT
Content-Type: image/png
Content-Length: 7028
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "6962c3265c90a29899d439a690d4cb9d"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172B1FD475F2D2D2
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Sun, 26 Nov 2023 11:48:07 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes

thetakebestbonus.life/media/gambling/en/slots/loader.gif

194.87.208.61

200 OK

2.9 kB

URL HTTP/1.1
thetakebestbonus.life/media/gambling/en/slots/loader.gif
IP
194.87.208.61:0
ASN
#0

File type
GIF image data, version 89a, 128 x 15\012- data
Size
2.9 kB (2892 bytes)
Hash
35de537ece3bfee3ab3f7af4c19e2151
9139201df5d36e1b2b9a8a6566683c95a49e0006
2a020670608060e8f05776815edaa0696f1dd553545ee49946e24be7741433f5

HTTP Headers

GET /media/gambling/en/slots/loader.gif HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9k68vumpk8u8bok2j8m351i
Cookie: sid=t2~lkp4cukonsub12jtiayns5rv
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Nov 2022 11:48:07 GMT
Content-Type: image/gif
Content-Length: 2892
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "35de537ece3bfee3ab3f7af4c19e2151"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172B1FD4815E73C5
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Sun, 26 Nov 2023 11:48:07 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes

fonts.googleapis.com/css?family=Roboto+Condensed

142.250.74.10

200 OK

1.0 kB

URL HTTP/2
fonts.googleapis.com/css?family=Roboto+Condensed
IP
142.250.74.10:0
ASN
#15169 GOOGLE

File type
data
Size
1.0 kB (1006 bytes)
Hash
3cf18fab33f673ef45dc131794dd3ffe
379cdeb41739da1bf112413094d0996aa96245c5
9ae6ca80531ca11bc5eb447bd73fda3e427d9975885ffc1d5dd501ba459d9dec

HTTP Headers

GET /css?family=Roboto+Condensed HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 26 Nov 2022 11:48:07 GMT
date: Sat, 26 Nov 2022 11:48:07 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
b05606331c6f88a724d9e404e62974e4
72176bc6b618fbbe567b5746ed54e14d381a9815
7179b3d4ee227d9bf6d768a5fb1a9499f285d5949d21893c9a6997da8ea7b026

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 11:48:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

thetakebestbonus.life/util/pgamble.js?v=8

194.87.208.61

200 OK

4.2 kB

URL HTTP/1.1
thetakebestbonus.life/util/pgamble.js?v=8
IP
194.87.208.61:0
ASN
#0

File type
ASCII text, with very long lines (4237), with no line terminators
Size
4.2 kB (4237 bytes)
Hash
c43bdd4ef0fd292dca304ff4c8f56058
62ddd2026ea77bc7e7bc0c479ecd1b645a5f3b95
270f557d605568785502706a54f3c43811958ffae143753a6515aa2c8d95ae2a

HTTP Headers

GET /util/pgamble.js?v=8 HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9k68vumpk8u8bok2j8m351i
Cookie: sid=t2~lkp4cukonsub12jtiayns5rv
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Nov 2022 11:48:07 GMT
Content-Type: application/javascript
Content-Length: 4237
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "c43bdd4ef0fd292dca304ff4c8f56058"
Last-Modified: Wed, 31 Aug 2022 09:38:18 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172B1FC1BDFD0645
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Sun, 26 Nov 2023 11:48:07 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes

thetakebestbonus.life/media/gambling/en/slots/1.png

194.87.208.61

200 OK

13 kB

URL HTTP/1.1
thetakebestbonus.life/media/gambling/en/slots/1.png
IP
194.87.208.61:0
ASN
#0

File type
PNG image data, 500 x 150, 8-bit colormap, non-interlaced\012- data
Size
13 kB (13280 bytes)
Hash
dea1959e9b62e2359fd3e3517b6c182d
1d27644380fb754715dbed8c5b20a2c6b3bb80b6
c04f3ccc7d29702cafa9fd88b3ac2d72449af001b04637b9433654892888890a

HTTP Headers

GET /media/gambling/en/slots/1.png HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/media/gambling/en/slots/style1.css
Cookie: sid=t2~lkp4cukonsub12jtiayns5rv
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Nov 2022 11:48:07 GMT
Content-Type: image/png
Content-Length: 13280
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "dea1959e9b62e2359fd3e3517b6c182d"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172B1FD47AB58B09
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Sun, 26 Nov 2023 11:48:07 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes

fonts.gstatic.com/s/robotocondensed/v25/ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2

216.58.207.195

200 OK

16 kB

URL HTTP/2
fonts.gstatic.com/s/robotocondensed/v25/ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2
IP
216.58.207.195:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15700, version 1.0\012- data
Size
16 kB (15700 bytes)
Hash
3d7f7413fca69bff4d231ebdc50aaab0
cb18e7943b6a8a0e3672d7242197c19a226b92e8
6b4fac99c39b9ee2693d87a2508d0c7d4b4859072966616bd1f6e18c5b2f9d36

HTTP Headers

GET /s/robotocondensed/v25/ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://thetakebestbonus.life
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15700
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Nov 2022 18:51:51 GMT
expires: Thu, 23 Nov 2023 18:51:51 GMT
cache-control: public, max-age=31536000
age: 233776
last-modified: Tue, 19 Apr 2022 18:51:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

thetakebestbonus.life/media/gambling/en/slots/no1.png

194.87.208.61

200 OK

2.5 kB

URL HTTP/1.1
thetakebestbonus.life/media/gambling/en/slots/no1.png
IP
194.87.208.61:0
ASN
#0

File type
PNG image data, 385 x 58, 8-bit colormap, non-interlaced\012- data
Size
2.5 kB (2546 bytes)
Hash
1003378b78a3e8f2e568df844d251a01
d6cbd612c2913ea373aeb196adcba7b1295dac1b
a605a29baa527329719d2a6ce0664203b8d271a4c928a730040f553ffb06f38e

HTTP Headers

GET /media/gambling/en/slots/no1.png HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9k68vumpk8u8bok2j8m351i
Cookie: sid=t2~lkp4cukonsub12jtiayns5rv
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Nov 2022 11:48:07 GMT
Content-Type: image/png
Content-Length: 2546
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "1003378b78a3e8f2e568df844d251a01"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172B2003D29903C0
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Sun, 26 Nov 2023 11:48:07 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
b05606331c6f88a724d9e404e62974e4
72176bc6b618fbbe567b5746ed54e14d381a9815
7179b3d4ee227d9bf6d768a5fb1a9499f285d5949d21893c9a6997da8ea7b026

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 26 Nov 2022 11:48:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

thetakebestbonus.life/media/gambling/en/slots/overlay2.png

194.87.208.61

200 OK

6.6 kB

URL HTTP/1.1
thetakebestbonus.life/media/gambling/en/slots/overlay2.png
IP
194.87.208.61:0
ASN
#0

File type
PNG image data, 300 x 325, 8-bit colormap, non-interlaced\012- data
Size
6.6 kB (6630 bytes)
Hash
493c0713401f9c3d4a5605e07d5c10f5
fe518a62420af1d47eb2bae34e1c1c34b07f18ab
3cd598f64dc588f99ecb244818423a1a5878f8d8652ef4a5e8011f55e2774f60

HTTP Headers

GET /media/gambling/en/slots/overlay2.png HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9k68vumpk8u8bok2j8m351i
Cookie: sid=t2~lkp4cukonsub12jtiayns5rv
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Nov 2022 11:48:07 GMT
Content-Type: image/png
Content-Length: 6630
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "493c0713401f9c3d4a5605e07d5c10f5"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172B1FD47627BBC8
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Sun, 26 Nov 2023 11:48:07 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes

thetakebestbonus.life/media/gambling/en/slots/no2.png

194.87.208.61

200 OK

36 kB

URL HTTP/1.1
thetakebestbonus.life/media/gambling/en/slots/no2.png
IP
194.87.208.61:0
ASN
#0

File type
PNG image data, 639 x 479, 8-bit colormap, non-interlaced\012- data
Size
36 kB (35487 bytes)
Hash
e98c2ff5f5da7f9af37f2a70b066a766
11e29c200094f477f68a2c55167d9cbd03590222
a9da42a045c663d7314163518b54d73c87c3d5652fd310367a8cf42f8bebfbaf

HTTP Headers

GET /media/gambling/en/slots/no2.png HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9k68vumpk8u8bok2j8m351i
Cookie: sid=t2~lkp4cukonsub12jtiayns5rv
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Nov 2022 11:48:07 GMT
Content-Type: image/png
Content-Length: 35487
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "e98c2ff5f5da7f9af37f2a70b066a766"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172B2003D2C5B4B0
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Sun, 26 Nov 2023 11:48:07 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes

thetakebestbonus.life/media/gambling/en/slots/no3.png

194.87.208.61

200 OK

38 kB

URL HTTP/1.1
thetakebestbonus.life/media/gambling/en/slots/no3.png
IP
194.87.208.61:0
ASN
#0

File type
PNG image data, 639 x 479, 8-bit colormap, non-interlaced\012- data
Size
38 kB (37489 bytes)
Hash
b0bca69833a02b70db694d8947c9120d
50da2910a8dca7a53dce99d0b65f1255f6f72764
193bb9071f34f9b4dd45c9dc09b440e9b4857e3f4e55d814d0499fe3818f2167

HTTP Headers

GET /media/gambling/en/slots/no3.png HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9k68vumpk8u8bok2j8m351i
Cookie: sid=t2~lkp4cukonsub12jtiayns5rv
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Nov 2022 11:48:07 GMT
Content-Type: image/png
Content-Length: 37489
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "b0bca69833a02b70db694d8947c9120d"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172B2003D2D09537
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Sun, 26 Nov 2023 11:48:07 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
da7098f591d5458dbd92ce48db5f7dbe
8f074d5a8f182192823324b0bfffc36e0b258f5f
baed5f0d5c9b8786fd453bd2d0d26c45884d1b4252106ea63b6769e05b6d7886

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BAED5F0D5C9B8786FD453BD2D0D26C45884D1B4252106EA63B6769E05B6D7886"
Last-Modified: Sat, 26 Nov 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7913
Expires: Sat, 26 Nov 2022 14:00:00 GMT
Date: Sat, 26 Nov 2022 11:48:07 GMT
Connection: keep-alive

thetakebestbonus.life/media/gambling/en/slots/777.png

194.87.208.61

200 OK

112 kB

URL HTTP/1.1
thetakebestbonus.life/media/gambling/en/slots/777.png
IP
194.87.208.61:0
ASN
#0

File type
PNG image data, 142 x 7733, 8-bit colormap, non-interlaced\012- data
Size
112 kB (111473 bytes)
Hash
3908e67ff1fe15bd1136160b8bb831e1
77e9675b157b311ba86db0a60c2bd3187dfd8550
add9628c07e4ab33ababaa283f67b73dc445e4524f64c8e2afb4bdf841270828

HTTP Headers

GET /media/gambling/en/slots/777.png HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9k68vumpk8u8bok2j8m351i
Cookie: sid=t2~lkp4cukonsub12jtiayns5rv
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Nov 2022 11:48:07 GMT
Content-Type: image/png
Content-Length: 111473
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "3908e67ff1fe15bd1136160b8bb831e1"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172B1FD47632F372
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Sun, 26 Nov 2023 11:48:07 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes

confdatabase.com/pc.js?u=3w8p605

5.8.45.62

200 OK

315 B

URL HTTP/1.1
confdatabase.com/pc.js?u=3w8p605
IP
5.8.45.62:0
ASN
#209813 Fast Content Delivery LTD

File type
ASCII text, with very long lines (315), with no line terminators
Size
315 B (315 bytes)
Hash
e19da520f9feb2c13e897560f9309801
c0f5f1ca8d870920ba49c4afbcf8f45db0f238dc
6cab2d2817a7968578ca675369a4cbc126f898e75163fc59ba36f899b659831c

HTTP Headers

GET /pc.js?u=3w8p605 HTTP/1.1
Host: confdatabase.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Nov 2022 11:48:07 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 315
Connection: keep-alive
Cache-Control: private
X-AspNetMvc-Version: 5.2
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET

thetakebestbonus.life/media/gambling/en/slots/jquery-1.11.3.min.js

194.87.208.61

200 OK

96 kB

URL HTTP/1.1
thetakebestbonus.life/media/gambling/en/slots/jquery-1.11.3.min.js
IP
194.87.208.61:0
ASN
#0

File type
ASCII text, with very long lines (32038)
Size
96 kB (95957 bytes)
Hash
895323ed2f7258af4fae2c738c8aea49
276c87ff3e1e3155679c318938e74e5c1b76d809
ecb916133a9376911f10bc5c659952eb0031e457f5df367cde560edbfba38fb8

HTTP Headers

GET /media/gambling/en/slots/jquery-1.11.3.min.js HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9k68vumpk8u8bok2j8m351i
Cookie: sid=t2~lkp4cukonsub12jtiayns5rv
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Nov 2022 11:48:07 GMT
Content-Type: application/javascript
Content-Length: 95957
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "895323ed2f7258af4fae2c738c8aea49"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172B1FD446693775
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Sun, 26 Nov 2023 11:48:07 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes

www.gstatic.com/firebasejs/8.3.0/firebase-app.js

142.250.74.163

200 OK

6.5 kB

URL HTTP/2
www.gstatic.com/firebasejs/8.3.0/firebase-app.js
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (19825)
Size
6.5 kB (6476 bytes)
Hash
43c3734b2cfb13661f56759743cac41a
7be79c16a57f27caf3c119d7a25b4ea8e032daa0
02ba33c71689d40237b8cd12efe7dc992f15a0b472438a005fff6d93c26a4b8c

HTTP Headers

GET /firebasejs/8.3.0/firebase-app.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 6476
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Nov 2022 16:02:24 GMT
expires: Thu, 23 Nov 2023 16:02:24 GMT
cache-control: public, max-age=31536000
age: 243944
last-modified: Thu, 11 Mar 2021 00:35:57 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.gstatic.com/firebasejs/8.3.0/firebase-messaging.js

142.250.74.163

200 OK

11 kB

URL HTTP/2
www.gstatic.com/firebasejs/8.3.0/firebase-messaging.js
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (40756)
Size
11 kB (10873 bytes)
Hash
cb176a70b7e6817ee2c03f8f102aca88
f549f85d108247f0abcd8a984330aff1e4fc3868
26b51278fa6616027124cd03f434539968540bc4baf4e6779cea64e2c6f2c199

HTTP Headers

GET /firebasejs/8.3.0/firebase-messaging.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 10873
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 25 Nov 2022 23:39:09 GMT
expires: Sat, 25 Nov 2023 23:39:09 GMT
cache-control: public, max-age=31536000
age: 43739
last-modified: Thu, 11 Mar 2021 00:36:01 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

thetakebestbonus.life/favicon.ico

194.87.208.61

204 No Content

0 B

URL HTTP/1.1
thetakebestbonus.life/favicon.ico
IP
194.87.208.61:0
ASN
#0

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9k68vumpk8u8bok2j8m351i
Cookie: sid=t2~lkp4cukonsub12jtiayns5rv
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 204 No Content
Server: nginx
Date: Sat, 26 Nov 2022 11:48:08 GMT
Connection: keep-alive
Cache-Control: no-transform

thetakebestbonus.life/media/mainstream/alert.mp3

194.87.208.61

200 OK

8.8 kB

URL HTTP/1.1
thetakebestbonus.life/media/mainstream/alert.mp3
IP
194.87.208.61:0
ASN
#0

File type
Audio file with ID3 version 2.3.0, contains: MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, Monaural\012- data
Size
8.8 kB (8802 bytes)
Hash
6d2d3da2ea28ace816fa4a138829dc18
606e0ec3d7fb05c69f16233cfe1ff0a0ee760505
d79bc81189750262716692ade6cc4d6fb6c4fbc4aa01c2b9d0aa67e5788821fc

HTTP Headers

GET /media/mainstream/alert.mp3 HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9k68vumpk8u8bok2j8m351i
Cookie: sid=t2~lkp4cukonsub12jtiayns5rv
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Nov 2022 11:48:08 GMT
Content-Type: audio/mpeg
Content-Length: 8802
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "6d2d3da2ea28ace816fa4a138829dc18"
Last-Modified: Wed, 31 Aug 2022 09:35:09 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172B1EAE830CFB9A
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Sun, 26 Nov 2023 11:48:08 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes

thetakebestbonus.life/media/mainstream/alert.mp3

194.87.208.61

200 OK

8.8 kB

URL HTTP/1.1
thetakebestbonus.life/media/mainstream/alert.mp3
IP
194.87.208.61:0
ASN
#0

File type
Audio file with ID3 version 2.3.0, contains: MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, Monaural\012- data
Size
8.8 kB (8802 bytes)
Hash
6d2d3da2ea28ace816fa4a138829dc18
606e0ec3d7fb05c69f16233cfe1ff0a0ee760505
d79bc81189750262716692ade6cc4d6fb6c4fbc4aa01c2b9d0aa67e5788821fc

HTTP Headers

GET /media/mainstream/alert.mp3 HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9k68vumpk8u8bok2j8m351i
Cookie: sid=t2~lkp4cukonsub12jtiayns5rv
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Nov 2022 11:48:08 GMT
Content-Type: audio/mpeg
Content-Length: 8802
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "6d2d3da2ea28ace816fa4a138829dc18"
Last-Modified: Wed, 31 Aug 2022 09:35:09 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172B1EAE830CFB9A
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Sun, 26 Nov 2023 11:48:08 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (22)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations