r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 5ceaca9fd4ad000cb435820812fc69c8
8168397aaf7b572c89a9c83f46c0b65e4ac509f2
9c4e52e7e17158307d752db0bc3d1fbedae4f305cc301fd73b260f73ab796492
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9C4E52E7E17158307D752DB0BC3D1FBEDAE4F305CC301FD73B260F73AB796492"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3897
Expires: Wed, 07 Dec 2022 13:07:46 GMT
Date: Wed, 07 Dec 2022 12:02:49 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash f83c5e33ba42e312ee398848bbb711f5
caa1fd23b1fbbe883292ded04404c1cfd861eb09
106d08fba45f1e13f85b4b5abc456594878494238933e54b6a06e21ed8a52bc9
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5483
Cache-Control: max-age=86392
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 12:02:49 GMT
Etag: "638f19f6-1d7"
Expires: Thu, 08 Dec 2022 12:02:41 GMT
Last-Modified: Tue, 06 Dec 2022 10:31:18 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a0abf10fb7e96c1c98dacf2f013a68b4
acdd839bce85eadc78a8e821e32e00a958d5c0c8
b85d98f8df05431777d96c767ce4c152302ec3f653cdf6e61c8c3fa9574f3255
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B85D98F8DF05431777D96C767CE4C152302EC3F653CDF6E61C8C3FA9574F3255"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8491
Expires: Wed, 07 Dec 2022 14:24:20 GMT
Date: Wed, 07 Dec 2022 12:02:49 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Type, Backoff, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 07 Dec 2022 11:18:46 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 2643
alt-svc: clear
X-Firefox-Spdy: h2
osee5s.in/
64.225.91.73200 OK 329 B IP 64.225.91.73:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash ecbcb8bae64098de3e587487b474f8b8
e275409fb40ea27c3826af493f70faf147d0f995
2597a3f2418586d8a9fb0764743a84486ba066c6af3ff194922fb6c65a783688
GET / HTTP/1.1
Host: osee5s.in
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Wed, 07 Dec 2022 12:02:49 GMT
content-type: text/html
last-modified: Wed, 12 Jan 2022 17:20:45 GMT
etag: W/"61df0ded-1ad"
content-encoding: gzip
transfer-encoding: chunked
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 6vH6HFbCalmarjyPBwT4O64b61FMGgQzdc3Wif6xA1vsCUbexeGUNqXQYhlFkCOVo4ZWDXoWeMw=
x-amz-request-id: B46F7PFR1CHNWMH4
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 07 Dec 2022 11:49:21 GMT
age: 808
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 12:02:49 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js
104.17.24.14200 OK 28 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js
IP 104.17.24.14:0
File type ASCII text, with very long lines (65451)
Hash 4b5f47439b640180cc3450f7de05d0d8
5a0dc9bcab80ddc409dd35fcb00a88fe6846fee2
1f85e8b327f42c17c025d69849914068536d9aa95412fe473ae90ffb2f4ebd82
GET /ajax/libs/jquery/3.5.1/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://osee5s.in
Connection: keep-alive
Referer: http://osee5s.in/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Dec 2022 12:02:49 GMT
content-type: application/javascript; charset=utf-8
content-length: 27958
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb09ed3-15d84"
last-modified: Mon, 04 May 2020 23:01:39 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 15858273
expires: Mon, 27 Nov 2023 12:02:49 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ve3xmIF88tJvOEoZiICU7aQFPIxT3uDP%2BPpACTN60mPVnUvW5p5ssI%2F5EKmeN2oWXFG8gjjMM3lLHsjbQHmNV2E2aK10MiFn9VgGHqvIIjFFj334ctDdqN8JDSKRXffUf8PhUZxx"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 775d1d53491f0af6-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 0c2ba1659dd6ec6bc35327cf76ac6f4e
928c229bba3e3c5e77704f249736c8b771aec318
21f6c89ab01f1f8fa9c188c69692b7919ef8030ab42a3fbfbc0a9073058a184a
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "21F6C89AB01F1F8FA9C188C69692B7919EF8030AB42A3FBFBC0A9073058A184A"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8511
Expires: Wed, 07 Dec 2022 14:24:40 GMT
Date: Wed, 07 Dec 2022 12:02:49 GMT
Connection: keep-alive
osee5s.in/favicon.ico
64.225.91.73200 OK 329 B IP 64.225.91.73:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash ecbcb8bae64098de3e587487b474f8b8
e275409fb40ea27c3826af493f70faf147d0f995
2597a3f2418586d8a9fb0764743a84486ba066c6af3ff194922fb6c65a783688
GET /favicon.ico HTTP/1.1
Host: osee5s.in
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://osee5s.in/
HTTP/1.1 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Wed, 07 Dec 2022 12:02:49 GMT
content-type: text/html
last-modified: Wed, 12 Jan 2022 17:20:45 GMT
etag: W/"61df0ded-1ad"
content-encoding: gzip
transfer-encoding: chunked
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Pragma, Last-Modified, ETag, Alert, Expires, Retry-After, Cache-Control, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 07 Dec 2022 11:11:20 GMT
cache-control: public,max-age=3600
age: 3089
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 053aff7451e55d4269dd9610ab070f3f
b3376256d11d159b0c7280ba1515b78d7d9e12ca
24114ca560fe70d03185bd66985603fd5a03dc310aa9a8ea7a7b3723ed46ce3e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5434
Cache-Control: max-age=167674
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 12:02:50 GMT
Etag: "639057aa-1d7"
Expires: Fri, 09 Dec 2022 10:37:24 GMT
Last-Modified: Wed, 07 Dec 2022 09:06:50 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 471
domaincntrol.com/?orighost=http://osee5s.in/
104.26.10.61200 OK 22 B URL HTTP/2 domaincntrol.com/?orighost=http://osee5s.in/
IP 104.26.10.61:0
File type ASCII text, with no line terminators
Hash d5eb00611f39ce1b0f2f56d0d0bec8ab
28e1877adece4e660b9be36d783de9aec5f3178a
03d5ead39a90d701c3ec20fb09c9ff9c29db06a9e4a4f16bcbc74505e532c2e8
GET /?orighost=http://osee5s.in/ HTTP/1.1
Host: domaincntrol.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://osee5s.in
Connection: keep-alive
Referer: http://osee5s.in/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Dec 2022 12:02:50 GMT
content-type: text/javascript;charset=UTF-8
content-length: 22
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BvyQFddtv0nzAzCjO0Sw3875H1%2FmmDe1kTaeZP1Mv41L0NRdRl4h0lDg16WKeS3JnOn8dGFehg%2FtMIveb5fx84lyXumvsI0nW2AFo0lGo0T6dtRZFG7%2FvBq4PnW0Ib6ZR6U%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 775d1d5409ad0afe-OSL
X-Firefox-Spdy: h2
push.services.mozilla.com/
54.70.239.215101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.70.239.215:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: xp5r3fzhlHjRLXdrdh6/Pw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: yCx6rJjPkuKeS3XkuU2KJNAnrec=
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1ab1615b2c8cc26b12fc0cf41734ff07
a7d54b3709ce75a20210e20013e6f06b0aa88e2d
22b22118173565879d7c4a2d54a3546aeab6a4a30e69268b294a98019fbd6ba1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "22B22118173565879D7C4A2D54A3546AEAB6A4A30E69268B294A98019FBD6BA1"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5994
Expires: Wed, 07 Dec 2022 13:42:45 GMT
Date: Wed, 07 Dec 2022 12:02:51 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1ab1615b2c8cc26b12fc0cf41734ff07
a7d54b3709ce75a20210e20013e6f06b0aa88e2d
22b22118173565879d7c4a2d54a3546aeab6a4a30e69268b294a98019fbd6ba1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "22B22118173565879D7C4A2D54A3546AEAB6A4A30E69268B294A98019FBD6BA1"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5994
Expires: Wed, 07 Dec 2022 13:42:45 GMT
Date: Wed, 07 Dec 2022 12:02:51 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1ab1615b2c8cc26b12fc0cf41734ff07
a7d54b3709ce75a20210e20013e6f06b0aa88e2d
22b22118173565879d7c4a2d54a3546aeab6a4a30e69268b294a98019fbd6ba1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "22B22118173565879D7C4A2D54A3546AEAB6A4A30E69268B294A98019FBD6BA1"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5994
Expires: Wed, 07 Dec 2022 13:42:45 GMT
Date: Wed, 07 Dec 2022 12:02:51 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1ab1615b2c8cc26b12fc0cf41734ff07
a7d54b3709ce75a20210e20013e6f06b0aa88e2d
22b22118173565879d7c4a2d54a3546aeab6a4a30e69268b294a98019fbd6ba1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "22B22118173565879D7C4A2D54A3546AEAB6A4A30E69268B294A98019FBD6BA1"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5994
Expires: Wed, 07 Dec 2022 13:42:45 GMT
Date: Wed, 07 Dec 2022 12:02:51 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1ab1615b2c8cc26b12fc0cf41734ff07
a7d54b3709ce75a20210e20013e6f06b0aa88e2d
22b22118173565879d7c4a2d54a3546aeab6a4a30e69268b294a98019fbd6ba1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "22B22118173565879D7C4A2D54A3546AEAB6A4A30E69268B294A98019FBD6BA1"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5994
Expires: Wed, 07 Dec 2022 13:42:45 GMT
Date: Wed, 07 Dec 2022 12:02:51 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fffe93cbd-4506-4ab1-b0ea-94eabecae7b9.jpeg
34.120.237.76200 OK 6.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fffe93cbd-4506-4ab1-b0ea-94eabecae7b9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 210b27f5f6310d8fad640acce3d9ae0e
08d241e56622cb900754d95bc5d58ed8826d9f32
64410e13759cdfa24976dcba0c64aca27edc3ee56358f344e55f60793422e3ea
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fffe93cbd-4506-4ab1-b0ea-94eabecae7b9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6557
x-amzn-requestid: 0232ddcd-8274-431e-a55e-8298fbfd6dfc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cmcuMG6bIAMFUng=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638c0e5a-3cc17121425f87321ce7ae7e;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 03:04:58 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: va_vly0iX6rzm_aTWrryPRjoTWlI-_0m6rpS6VrTx-nsd71dk1cSZw==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 08:32:51 GMT
age: 12600
etag: "08d241e56622cb900754d95bc5d58ed8826d9f32"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F962c65f4-b402-46b4-83ba-50f3159341f2.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F962c65f4-b402-46b4-83ba-50f3159341f2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b15136d60fd0a5e0f657a4f5c75d540f
36082b7329d473829178f280cb71a83b1531e486
79478269b1f5dcfd1e45ccd4264fa44805b37c5c8fec820bcbd2fa1689dfbbd8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F962c65f4-b402-46b4-83ba-50f3159341f2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11224
x-amzn-requestid: 938de0b8-1055-4416-9ad7-162ab5f4db9f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csUINEwdoAMFuOw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e6701-38b079ef341bb17e567de773;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:47:45 GMT
x-amz-cf-pop: YVR50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: tGtiCE9C3j0BUruNaFN2j1mKxCSouLmocmTXpmLMBJaLNyVwkXu1gQ==
via: 1.1 f0ac467993db44dbfc36b778dfcaf73c.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Dec 2022 20:49:34 GMT
age: 54797
etag: "36082b7329d473829178f280cb71a83b1531e486"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe3a455f5-9c19-4e6f-ab7a-1fe9c399118f.jpeg
34.120.237.76200 OK 8.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe3a455f5-9c19-4e6f-ab7a-1fe9c399118f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a0f0782df385287698881f1c19e79b96
5a25f245b594f6cbf2fdaeed2463ac5fbc08068a
4f795cd2286e194cd96751e6a4e3bd0da09c6db5344182e51986b65149e75cd7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe3a455f5-9c19-4e6f-ab7a-1fe9c399118f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8579
x-amzn-requestid: 0efa303a-364e-488d-beac-24836c7c1e4f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cvlirE2KoAMFX9g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638fb610-5564a0c0264ed36f0497e17e;Sampled=0
x-amzn-remapped-date: Tue, 06 Dec 2022 21:37:20 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: xpzGji_JAWkUjhXLouXWlin6rV-44shz6Z_STqo7uK7ZUV2PWs7Zpg==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Dec 2022 21:57:19 GMT
etag: "5a25f245b594f6cbf2fdaeed2463ac5fbc08068a"
content-type: image/jpeg
age: 50732
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F22142ca2-85b4-47d4-8eaa-fcf2823b2c28.jpeg
34.120.237.76200 OK 8.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F22142ca2-85b4-47d4-8eaa-fcf2823b2c28.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e95ebce9d79ba46cb96af9a45af1762f
985c6761675e6bcc0186f64d55f94cf09352f05c
5837d6bf31e57f955ba2577f112281cc33a5502b358c83192f4e396b57042ac0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F22142ca2-85b4-47d4-8eaa-fcf2823b2c28.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8438
x-amzn-requestid: 0f5d1b0e-1193-4006-8a54-555681d9f62e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cvlqVGMjoAMFS6w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638fb641-6366ea6464122d857407cdff;Sampled=0
x-amzn-remapped-date: Tue, 06 Dec 2022 21:38:09 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: nm0qQpo75zvDYWxv8V3GvOSBFenh8ocfjV9d02Mc2l-ABieIb3h2uA==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 82ea95080f526df99896343fb7269b06.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Dec 2022 21:53:40 GMT
age: 50951
etag: "985c6761675e6bcc0186f64d55f94cf09352f05c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feeb81330-af0b-4cc3-bd0e-591ba064667a.jpeg
34.120.237.76200 OK 7.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feeb81330-af0b-4cc3-bd0e-591ba064667a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c9257f2e3b9bd1b3aa262b0f4bf57968
4bcdd6ecd63834aa1010faf19457a97f37ae99fa
9afd592279c51b533b3bf72a860cf4a8f2bc6cf01b07d1ab6f11f0ff302e0ef6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feeb81330-af0b-4cc3-bd0e-591ba064667a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7392
x-amzn-requestid: f4b6890a-7a8f-48f8-b2af-365cb5f681e4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cpwREFiXoAMFSMw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638d60d3-009e524f30c72d0629c877bb;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 03:09:07 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: C0-H0LUbxaxMEXoDf6PXEFAvVTj2D9K2M7eshRo39QzAAWSk2ubepA==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 03:15:41 GMT
age: 31630
etag: "4bcdd6ecd63834aa1010faf19457a97f37ae99fa"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F51c41646-4c8f-4a18-bf60-2b67be5db8d0.jpeg
34.120.237.76200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F51c41646-4c8f-4a18-bf60-2b67be5db8d0.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 604a4132da78a0c013b5818644adb121
ddf982c6ff7a0d8e5376c119b6642fe7e0ba8566
eecab519c33596c67f2d2021dfd1af24e7fd8f2ed403f99b4ba0c265c08a259f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F51c41646-4c8f-4a18-bf60-2b67be5db8d0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8701
x-amzn-requestid: 653284c3-ee7f-45f1-9513-3a6c81e1d6e3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cm3-2HRWIAMFjfg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638c39f8-6f8969a26787a9463ba6c2ec;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 06:11:04 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: cmRvAOLmk_xZC4RKdin-lozUNeK9-icqkzsQmSjP9scXnnCLxkvJ5A==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Dec 2022 22:01:53 GMT
age: 50458
etag: "ddf982c6ff7a0d8e5376c119b6642fe7e0ba8566"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ww2.osee5s.in/
64.190.63.136200 OK 1.3 kB IP 64.190.63.136:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (678)
Hash f267140bb7a73b5a34706e70d9dc09e2
fc528d4aab7ab514022caeee9143853d265a773e
098784d80ec5710f16f4c6fbefba59087292ed21ac0f4846cd65f6da4bf0cea7
GET / HTTP/1.1
Host: ww2.osee5s.in
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://osee5s.in/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
date: Wed, 07 Dec 2022 12:02:52 GMT
content-type: text/html; charset=UTF-8
transfer-encoding: chunked
vary: Accept-Encoding
x-powered-by: PHP/8.1.9
expires: Mon, 26 Jul 1997 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_tnYnEN5Ic5tkD4fKrdeJQgZEXo6J7QqrPXy9y9NpStwEUL/NI4Z4Y2UCxTBHMjGxyttYYTQzQ5/anf1TTfY7HQ==
last-modified: Wed, 07 Dec 2022 12:02:50 GMT
x-cache-miss-from: parking-d7dbd8c4d-94z7l
server: NginX
content-encoding: gzip
ww2.osee5s.in/search/tsc.php?200=NDY1MDI2MDc4&21=OTEuOTAuNDIuMTU0&681=MTY3MDQxNDU3MjU0NjcwMzE4MWQwOGIwYzMyNjJhZDAxOGU2ZjRiMTQw&crc=de87b780edf9cd2eaf6a202f370ce3b63378b13e&cv=1
64.190.63.136200 OK 0 B URL HTTP/1.1 ww2.osee5s.in/search/tsc.php?200=NDY1MDI2MDc4&21=OTEuOTAuNDIuMTU0&681=MTY3MDQxNDU3MjU0NjcwMzE4MWQwOGIwYzMyNjJhZDAxOGU2ZjRiMTQw&crc=de87b780edf9cd2eaf6a202f370ce3b63378b13e&cv=1
IP 64.190.63.136:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /search/tsc.php?200=NDY1MDI2MDc4&21=OTEuOTAuNDIuMTU0&681=MTY3MDQxNDU3MjU0NjcwMzE4MWQwOGIwYzMyNjJhZDAxOGU2ZjRiMTQw&crc=de87b780edf9cd2eaf6a202f370ce3b63378b13e&cv=1 HTTP/1.1
Host: ww2.osee5s.in
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww2.osee5s.in/
HTTP/1.1 200 OK
date: Wed, 07 Dec 2022 12:02:52 GMT
content-type: text/html; charset=UTF-8
content-length: 0
x-powered-by: PHP/8.1.9
x-cache-miss-from: parking-d7dbd8c4d-lpd8s
server: NginX
img.sedoparking.com/images/js_preloader.gif
205.234.175.175200 OK 4.3 kB URL HTTP/1.1 img.sedoparking.com/images/js_preloader.gif
IP 205.234.175.175:0
File type GIF image data, version 89a, 16 x 16\012- data
Hash 90c93102a88c2ab94bff1575b7a6e86e
56d71bf13de464534643db9d127629a0a3bf677a
5f6ad7031600056b578a6e8c6b34bc718d13125cc8256aa4a9050e549576f81a
GET /images/js_preloader.gif HTTP/1.1
Host: img.sedoparking.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww2.osee5s.in/
HTTP/1.1 200 OK
Date: Wed, 07 Dec 2022 12:02:52 GMT
Content-Type: image/gif
Content-Length: 4254
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=604800
Expires: Wed, 14 Dec 2022 12:02:52 GMT
X-CFHash: "90c93102a88c2ab94bff1575b7a6e86e"
X-CFF: B
Last-Modified: Fri, 15 Mar 2019 12:24:07 GMT
X-CF3: H
CF4Age: 156700
x-cf-tsc: 1648179742
CF4ttl: 31536000.000
X-CF2: H
Server: CFS 0215
X-CF-ReqID: c87ae2cbef40cf87b157747ccd305076
X-CF1: 11696:fA.arn1:cf:cacheN.arn1-01:H
Accept-Ranges: bytes
img.sedoparking.com/templates/logos/sedo_logo.png
205.234.175.175200 OK 15 kB URL HTTP/1.1 img.sedoparking.com/templates/logos/sedo_logo.png
IP 205.234.175.175:0
File type MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Hash def00c11b1596db4efee6a9fbe64fc27
bd298981e6d8d7e4ffa18abcf687041f4246672d
95c427fa3143b1896faf42a6406686ce7602cb39052081bb32d12b51c9e047e4
GET /templates/logos/sedo_logo.png HTTP/1.1
Host: img.sedoparking.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww2.osee5s.in/
HTTP/1.1 200 OK
Date: Wed, 07 Dec 2022 12:02:52 GMT
Content-Type: image/png
Content-Length: 15086
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=604800
Expires: Wed, 14 Dec 2022 12:02:52 GMT
X-CFHash: "def00c11b1596db4efee6a9fbe64fc27"
X-CFF: B
Last-Modified: Mon, 11 Jan 2021 07:44:34 GMT
X-CF3: H
CF4Age: 10
x-cf-tsc: 1665141939
CF4ttl: 31536000.000
X-CF2: M
Server: CFS 0215
X-CF-ReqID: 677f8c2cac93a7987dfd7a22d8fb730f
X-CF1: 11696:fA.arn1:cf:cacheN.arn1-01:H
Accept-Ranges: bytes
ww2.osee5s.in/search/redirect.php?f=http%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DrC5yWCgcfzM_0&v=ZDFiZmYwMTQ4YTZhZjU4ZDY5YWE4MjQ5MzI5YjBmY2QJMQl3dzIub3NlZTVzLmluNjM5MDgwZWFiMTRhNzcuODIxNjc0MzMJd3cyLm9zZWU1cy5pbjYzOTA4MGVhYjE0ZTU5LjkzMDkyOTg3CTE2NzA0MTQ1NzIJYWRfNjNfMA==&l=OAlmZTVlZTU5ZDdhYTg4ZTc3NGE3MTU0NDFiODNjODZhNAkwCTM1CTAJMGMxN2E0MGY4ZTBmODUzNWJkMDFkYTQ0MDFiNzVhYzAJNDY1MDI2MDc4CW9zZWU1cwkwCTYzCTYJMgkxNjcwNDE0NTcyCTAuMDAwNDUxCU4JMAkxCTE4MDUJMTIwNQk0NTI4MTAxOTAJOTEuOTAuNDIuMTU0CTA%3D
64.190.63.136302 Found 0 B URL HTTP/1.1 ww2.osee5s.in/search/redirect.php?f=http%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DrC5yWCgcfzM_0&v=ZDFiZmYwMTQ4YTZhZjU4ZDY5YWE4MjQ5MzI5YjBmY2QJMQl3dzIub3NlZTVzLmluNjM5MDgwZWFiMTRhNzcuODIxNjc0MzMJd3cyLm9zZWU1cy5pbjYzOTA4MGVhYjE0ZTU5LjkzMDkyOTg3CTE2NzA0MTQ1NzIJYWRfNjNfMA==&l=OAlmZTVlZTU5ZDdhYTg4ZTc3NGE3MTU0NDFiODNjODZhNAkwCTM1CTAJMGMxN2E0MGY4ZTBmODUzNWJkMDFkYTQ0MDFiNzVhYzAJNDY1MDI2MDc4CW9zZWU1cwkwCTYzCTYJMgkxNjcwNDE0NTcyCTAuMDAwNDUxCU4JMAkxCTE4MDUJMTIwNQk0NTI4MTAxOTAJOTEuOTAuNDIuMTU0CTA%3D
IP 64.190.63.136:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /search/redirect.php?f=http%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DrC5yWCgcfzM_0&v=ZDFiZmYwMTQ4YTZhZjU4ZDY5YWE4MjQ5MzI5YjBmY2QJMQl3dzIub3NlZTVzLmluNjM5MDgwZWFiMTRhNzcuODIxNjc0MzMJd3cyLm9zZWU1cy5pbjYzOTA4MGVhYjE0ZTU5LjkzMDkyOTg3CTE2NzA0MTQ1NzIJYWRfNjNfMA==&l=OAlmZTVlZTU5ZDdhYTg4ZTc3NGE3MTU0NDFiODNjODZhNAkwCTM1CTAJMGMxN2E0MGY4ZTBmODUzNWJkMDFkYTQ0MDFiNzVhYzAJNDY1MDI2MDc4CW9zZWU1cwkwCTYzCTYJMgkxNjcwNDE0NTcyCTAuMDAwNDUxCU4JMAkxCTE4MDUJMTIwNQk0NTI4MTAxOTAJOTEuOTAuNDIuMTU0CTA%3D HTTP/1.1
Host: ww2.osee5s.in
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww2.osee5s.in/
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
date: Wed, 07 Dec 2022 12:02:52 GMT
content-type: text/html; charset=UTF-8
content-length: 0
x-powered-by: PHP/8.1.9
expires: Mon, 26 Jul 1997 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
last-modified: Wed, 07 Dec 2022 12:02:52 GMT
location: /search/tcerider.php?f=http%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DrC5yWCgcfzM_0&v=ZDFiZmYwMTQ4YTZhZjU4ZDY5YWE4MjQ5MzI5YjBmY2QJMQl3dzIub3NlZTVzLmluNjM5MDgwZWFiMTRhNzcuODIxNjc0MzMJd3cyLm9zZWU1cy5pbjYzOTA4MGVhYjE0ZTU5LjkzMDkyOTg3CTE2NzA0MTQ1NzIJYWRfNjNfMA==&l=OAlmZTVlZTU5ZDdhYTg4ZTc3NGE3MTU0NDFiODNjODZhNAkwCTM1CTAJMGMxN2E0MGY4ZTBmODUzNWJkMDFkYTQ0MDFiNzVhYzAJNDY1MDI2MDc4CW9zZWU1cwkwCTYzCTYJMgkxNjcwNDE0NTcyCTAuMDAwNDUxCU4JMAkxCTE4MDUJMTIwNQk0NTI4MTAxOTAJOTEuOTAuNDIuMTU0CTA%3D
x-cache-miss-from: parking-d7dbd8c4d-pnx5c
server: NginX
ww2.osee5s.in/search/tcerider.php?f=http%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DrC5yWCgcfzM_0&v=ZDFiZmYwMTQ4YTZhZjU4ZDY5YWE4MjQ5MzI5YjBmY2QJMQl3dzIub3NlZTVzLmluNjM5MDgwZWFiMTRhNzcuODIxNjc0MzMJd3cyLm9zZWU1cy5pbjYzOTA4MGVhYjE0ZTU5LjkzMDkyOTg3CTE2NzA0MTQ1NzIJYWRfNjNfMA==&l=OAlmZTVlZTU5ZDdhYTg4ZTc3NGE3MTU0NDFiODNjODZhNAkwCTM1CTAJMGMxN2E0MGY4ZTBmODUzNWJkMDFkYTQ0MDFiNzVhYzAJNDY1MDI2MDc4CW9zZWU1cwkwCTYzCTYJMgkxNjcwNDE0NTcyCTAuMDAwNDUxCU4JMAkxCTE4MDUJMTIwNQk0NTI4MTAxOTAJOTEuOTAuNDIuMTU0CTA%3D
64.190.63.136302 Found 311 B URL HTTP/1.1 ww2.osee5s.in/search/tcerider.php?f=http%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DrC5yWCgcfzM_0&v=ZDFiZmYwMTQ4YTZhZjU4ZDY5YWE4MjQ5MzI5YjBmY2QJMQl3dzIub3NlZTVzLmluNjM5MDgwZWFiMTRhNzcuODIxNjc0MzMJd3cyLm9zZWU1cy5pbjYzOTA4MGVhYjE0ZTU5LjkzMDkyOTg3CTE2NzA0MTQ1NzIJYWRfNjNfMA==&l=OAlmZTVlZTU5ZDdhYTg4ZTc3NGE3MTU0NDFiODNjODZhNAkwCTM1CTAJMGMxN2E0MGY4ZTBmODUzNWJkMDFkYTQ0MDFiNzVhYzAJNDY1MDI2MDc4CW9zZWU1cwkwCTYzCTYJMgkxNjcwNDE0NTcyCTAuMDAwNDUxCU4JMAkxCTE4MDUJMTIwNQk0NTI4MTAxOTAJOTEuOTAuNDIuMTU0CTA%3D
IP 64.190.63.136:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 5ea97611aeedf7816bf2af04a9f158b5
8c1801d53ffca90019dae9bbf6f7b9aff2fc873f
59b9a99111dc605551211e55acb3a4c7cdb81af7f46d1271d08e08de115ae69b
GET /search/tcerider.php?f=http%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DrC5yWCgcfzM_0&v=ZDFiZmYwMTQ4YTZhZjU4ZDY5YWE4MjQ5MzI5YjBmY2QJMQl3dzIub3NlZTVzLmluNjM5MDgwZWFiMTRhNzcuODIxNjc0MzMJd3cyLm9zZWU1cy5pbjYzOTA4MGVhYjE0ZTU5LjkzMDkyOTg3CTE2NzA0MTQ1NzIJYWRfNjNfMA==&l=OAlmZTVlZTU5ZDdhYTg4ZTc3NGE3MTU0NDFiODNjODZhNAkwCTM1CTAJMGMxN2E0MGY4ZTBmODUzNWJkMDFkYTQ0MDFiNzVhYzAJNDY1MDI2MDc4CW9zZWU1cwkwCTYzCTYJMgkxNjcwNDE0NTcyCTAuMDAwNDUxCU4JMAkxCTE4MDUJMTIwNQk0NTI4MTAxOTAJOTEuOTAuNDIuMTU0CTA%3D HTTP/1.1
Host: ww2.osee5s.in
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww2.osee5s.in/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
date: Wed, 07 Dec 2022 12:02:52 GMT
content-type: text/html; charset=UTF-8
transfer-encoding: chunked
x-powered-by: PHP/8.1.9
expires: Mon, 26 Jul 1997 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
last-modified: Wed, 07 Dec 2022 12:02:52 GMT
location: http://xml.sedodna.com/click?i=rC5yWCgcfzM_0
x-cache-miss-from: parking-d7dbd8c4d-tggpp
server: NginX
xml.sedodna.com/click?i=rC5yWCgcfzM_0
173.239.53.32302 Found 0 B URL HTTP/1.1 xml.sedodna.com/click?i=rC5yWCgcfzM_0
IP 173.239.53.32:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /click?i=rC5yWCgcfzM_0 HTTP/1.1
Host: xml.sedodna.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww2.osee5s.in/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Location: http://clarus-che.com/zcvisitor/12c6e462-7627-11ed-871d-12154207ce87/9232f590-d991-493f-b95d-d38c0c6cdd28?campaignid=31a11310-5efd-11ed-9380-0a918cbcbb97
Pragma: no-cache
clarus-che.com/zcvisitor/12c6e462-7627-11ed-871d-12154207ce87/9232f590-d991-493f-b95d-d38c0c6cdd28?campaignid=31a11310-5efd-11ed-9380-0a918cbcbb97
3.212.50.125200 1.1 kB URL HTTP/1.1 clarus-che.com/zcvisitor/12c6e462-7627-11ed-871d-12154207ce87/9232f590-d991-493f-b95d-d38c0c6cdd28?campaignid=31a11310-5efd-11ed-9380-0a918cbcbb97
IP 3.212.50.125:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash baf00f072f5a232f3aca2838f1e9ffec
c7bc5bb631ab03643e32aff1eb847db617d14b20
1c15d7671c9091285a8f02ec0caf8a23de7188618f182c2ce6e777bf16a1ca32
GET /zcvisitor/12c6e462-7627-11ed-871d-12154207ce87/9232f590-d991-493f-b95d-d38c0c6cdd28?campaignid=31a11310-5efd-11ed-9380-0a918cbcbb97 HTTP/1.1
Host: clarus-che.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww2.osee5s.in/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200
Date: Wed, 07 Dec 2022 12:02:52 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
Server: ZcXSFGFK
clarus-che.com/zcredirect?visitid=12c6e462-7627-11ed-871d-12154207ce87&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false
3.212.50.125200 712 B URL HTTP/1.1 clarus-che.com/zcredirect?visitid=12c6e462-7627-11ed-871d-12154207ce87&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false
IP 3.212.50.125:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (313)
Hash d1eeb45ac89569d15c9557d74046ad81
3107f889e73f2d105a37c53c387d2631ba3a9bfc
f1e3d8c6fd1e21617ae9d44c11aeaecdb14daba0180bc7e9a2c1b1293c4e6270
GET /zcredirect?visitid=12c6e462-7627-11ed-871d-12154207ce87&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false HTTP/1.1
Host: clarus-che.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://clarus-che.com/zcvisitor/12c6e462-7627-11ed-871d-12154207ce87/9232f590-d991-493f-b95d-d38c0c6cdd28?campaignid=31a11310-5efd-11ed-9380-0a918cbcbb97
Upgrade-Insecure-Requests: 1
HTTP/1.1 200
Date: Wed, 07 Dec 2022 12:02:53 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
redirected: JS
Server: koUAurXV
ocsp.sca1b.amazontrust.com/
143.204.42.156200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.156:0
Hash fc7f82008a0a06d5eca3ce275e26f93e
ad2ebf9c9c84e76776dcc6d95ad2d54117c53f03
2eb516ee2d1be3532af8b1b010d23a485dc064da1f62ffe32a364eaa06f7e498
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Wed, 07 Dec 2022 12:02:53 GMT
Etag: "638fc419-1d7"
Last-Modified: Wed, 07 Dec 2022 11:22:05 GMT
Server: ECS (dcb/7F81)
X-Cache: Miss from cloudfront
Via: 1.1 8e6dce34fd223e0c9d89fd938d1784a2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: EjO0RGiEeKrRICJkbNq8fy3hjxIAUSam_AKDN8udJ4K3WcksS8xjvw==
Age: 2448
clarus-che.com/favicon.ico
3.212.50.125404 653 B URL HTTP/1.1 clarus-che.com/favicon.ico
IP 3.212.50.125:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (649), with no line terminators
Hash ba2732b1b2fa2626ffaa15f62f9e7d66
203d4e7fbb1d80449d6e4e1f3ae7a9bf8625debe
879861cb72fe9fbb476dab246021c4c83b4066327de2529e05ec54d3afb0a1c8
GET /favicon.ico HTTP/1.1
Host: clarus-che.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://clarus-che.com/zcredirect?visitid=12c6e462-7627-11ed-871d-12154207ce87&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false
HTTP/1.1 404
Date: Wed, 07 Dec 2022 12:02:53 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 653
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Content-Language: en
Server: ApnbkrDZ
ayxvy.voluumtrk3.com/zp-redirect?target=https%3A%2F%2Fthetakebestbonus.life%2F%3Fu%3Dxunwwwr%26o%3Db0hp0zn%26cid%3Dwfc3ua98k9impk0libl87n16&caid=158b5b73-ccca-408f-a150-a43e12f193d8&zpid=12c6e462-7627-11ed-871d-12154207ce87&cid=wfc3ua98k9impk0libl87n16&rt=R
35.156.91.109302 Found 0 B URL HTTP/2 ayxvy.voluumtrk3.com/zp-redirect?target=https%3A%2F%2Fthetakebestbonus.life%2F%3Fu%3Dxunwwwr%26o%3Db0hp0zn%26cid%3Dwfc3ua98k9impk0libl87n16&caid=158b5b73-ccca-408f-a150-a43e12f193d8&zpid=12c6e462-7627-11ed-871d-12154207ce87&cid=wfc3ua98k9impk0libl87n16&rt=R
IP 35.156.91.109:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /zp-redirect?target=https%3A%2F%2Fthetakebestbonus.life%2F%3Fu%3Dxunwwwr%26o%3Db0hp0zn%26cid%3Dwfc3ua98k9impk0libl87n16&caid=158b5b73-ccca-408f-a150-a43e12f193d8&zpid=12c6e462-7627-11ed-871d-12154207ce87&cid=wfc3ua98k9impk0libl87n16&rt=R HTTP/1.1
Host: ayxvy.voluumtrk3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://clarus-che.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Wed, 07 Dec 2022 12:02:53 GMT
content-length: 0
location: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=wfc3ua98k9impk0libl87n16
cache-control: no-store, no-cache, pre-check=0, post-check=0
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
set-cookie: voluum-cid-v4=%7B%22cid%22%3A%22wfc3ua98k9impk0libl87n16%22%2C%22caid%22%3A%22158b5b73-ccca-408f-a150-a43e12f193d8%22%7D; Max-Age=31536000; Expires=Thu, 07-Dec-2023 12:02:53 GMT; Domain=ayxvy.voluumtrk3.com; Path=/; Secure; HttpOnly;SameSite=None
server: nginx
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 21a59cbb8eb1d10c2f707920348918dc
a3d65f715d1d60e73078e2cea0c241439707473d
483077a574ae8a026a909f6c1ab780b7717ded0cc3496f6958ea91079257ba71
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "483077A574AE8A026A909F6C1AB780B7717DED0CC3496F6958EA91079257BA71"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1442
Expires: Wed, 07 Dec 2022 12:26:56 GMT
Date: Wed, 07 Dec 2022 12:02:54 GMT
Connection: keep-alive
thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=wfc3ua98k9impk0libl87n16
194.87.208.61200 OK 10 kB URL HTTP/1.1 thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=wfc3ua98k9impk0libl87n16
IP 194.87.208.61:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (531), with CRLF, LF line terminators
Hash 3963deab7d15794057d2e93f27e88c84
969138c5360b929d60e4b663256eeef13fe6ae79
b43e0d63e5e326dcb916cbbe088a3cc70ff104eb8ef3669f2da3160262d8d8bb
Analyzer Verdict Alert quad9 Sinkholed
GET /?u=xunwwwr&o=b0hp0zn&cid=wfc3ua98k9impk0libl87n16 HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://clarus-che.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 07 Dec 2022 12:02:54 GMT
Content-Type: text/html
Content-Length: 10238
Connection: keep-alive
set-cookie: sid=t2~fqrf3bwrpzvlcbvfqcdj13x5; path=/
cache-control: private, no-transform
thetakebestbonus.life/media/gambling/en/slots/1.css
194.87.208.61200 OK 6.3 kB URL HTTP/1.1 thetakebestbonus.life/media/gambling/en/slots/1.css
IP 194.87.208.61:0
File type ASCII text, with very long lines (6256), with no line terminators
Hash b656c0486bf95fd37ee4a009f141278a
d8f1d5378ea9c9898ba44ba5050ddec6b3b0f32c
828198fdc48d7e5d04252b756694a5393cd457724cb09c47b20913ac3d9ca896
Analyzer Verdict Alert quad9 Sinkholed
GET /media/gambling/en/slots/1.css HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=wfc3ua98k9impk0libl87n16
Cookie: sid=t2~fqrf3bwrpzvlcbvfqcdj13x5
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 07 Dec 2022 12:02:54 GMT
Content-Type: text/css
Content-Length: 6256
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "b656c0486bf95fd37ee4a009f141278a"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E813481098FEB
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Thu, 07 Dec 2023 12:02:54 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
thetakebestbonus.life/util/utils-gmb.js
194.87.208.61200 OK 4.7 kB URL HTTP/1.1 thetakebestbonus.life/util/utils-gmb.js
IP 194.87.208.61:0
File type ASCII text, with very long lines (641), with CRLF line terminators
Hash 570df3f849036a1a4a75ca2a28047d36
f69147076e3912116a9765a2ed34afe3cae67978
221e1a80f62592306f7a357aa9ee1a43b32a10314f340b64604ca9d351cf33c4
Analyzer Verdict Alert quad9 Sinkholed
GET /util/utils-gmb.js HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=wfc3ua98k9impk0libl87n16
Cookie: sid=t2~fqrf3bwrpzvlcbvfqcdj13x5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 07 Dec 2022 12:02:54 GMT
Content-Type: application/javascript
Content-Length: 4651
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "570df3f849036a1a4a75ca2a28047d36"
Last-Modified: Wed, 31 Aug 2022 09:38:20 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E8006C01A5153
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Thu, 07 Dec 2023 12:02:54 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
thetakebestbonus.life/cookie/js.cookie9.js
194.87.208.61200 OK 4.4 kB URL HTTP/1.1 thetakebestbonus.life/cookie/js.cookie9.js
IP 194.87.208.61:0
File type ASCII text, with very long lines (1709)
Hash 16e07bf02a8e81d2cd5679dc45cc318c
7c205205935a3a56a8976b2ac648502b43103b5f
96e91577f6be403fc263780e07e6b7839373588026f793d2b4edd77dcbba871e
Analyzer Verdict Alert quad9 Sinkholed
GET /cookie/js.cookie9.js HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=wfc3ua98k9impk0libl87n16
Cookie: sid=t2~fqrf3bwrpzvlcbvfqcdj13x5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 07 Dec 2022 12:02:54 GMT
Content-Type: application/javascript
Content-Length: 4395
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "16e07bf02a8e81d2cd5679dc45cc318c"
Last-Modified: Wed, 31 Aug 2022 09:31:17 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E805A663B0181
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Thu, 07 Dec 2023 12:02:54 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
thetakebestbonus.life/media/gambling/sound.js
194.87.208.61200 OK 1.1 kB URL HTTP/1.1 thetakebestbonus.life/media/gambling/sound.js
IP 194.87.208.61:0
File type ASCII text, with CRLF line terminators
Hash 3787b349cb8b744b6917fe43f96b1ccd
ab26d82699a166f520a51f722bc6262ef1d5421f
8e4cbdda4f0a209714e470984de7250f946c3afd35ded05302ef431be048e918
Analyzer Verdict Alert quad9 Sinkholed
GET /media/gambling/sound.js HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=wfc3ua98k9impk0libl87n16
Cookie: sid=t2~fqrf3bwrpzvlcbvfqcdj13x5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 07 Dec 2022 12:02:54 GMT
Content-Type: application/javascript
Content-Length: 1083
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "3787b349cb8b744b6917fe43f96b1ccd"
Last-Modified: Wed, 31 Aug 2022 09:34:56 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E8006BFAF85F8
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Thu, 07 Dec 2023 12:02:54 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
thetakebestbonus.life/media/gambling/en/slots/ProgressiveJackpotTicker.min.js
194.87.208.61200 OK 4.5 kB URL HTTP/1.1 thetakebestbonus.life/media/gambling/en/slots/ProgressiveJackpotTicker.min.js
IP 194.87.208.61:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (367), with CRLF line terminators
Hash 6a744bb584cab227b95c35c80a195cc3
4713e0d9b9a3fbc0e3f91973bd42b6f53b84863b
306f65d55609489da8a821f322fc186f8532c3b99e3d2543137a99c15296fcad
Analyzer Verdict Alert quad9 Sinkholed
GET /media/gambling/en/slots/ProgressiveJackpotTicker.min.js HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=wfc3ua98k9impk0libl87n16
Cookie: sid=t2~fqrf3bwrpzvlcbvfqcdj13x5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 07 Dec 2022 12:02:54 GMT
Content-Type: application/javascript
Content-Length: 4485
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "6a744bb584cab227b95c35c80a195cc3"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E7FC86429E00E
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Thu, 07 Dec 2023 12:02:54 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
thetakebestbonus.life/media/gambling/en/slots/style1.css
194.87.208.61200 OK 12 kB URL HTTP/1.1 thetakebestbonus.life/media/gambling/en/slots/style1.css
IP 194.87.208.61:0
File type ASCII text, with very long lines (12064), with no line terminators
Hash 9e8e1b97fb35ea366e6fee346ab90803
68e1efa4406e30e6deaeeb638f0b23313f507ffa
a21b63c52a75717cc9d2ebc9cbd98a3df24bb5c01a4dc55ac6e41533e67c3316
Analyzer Verdict Alert quad9 Sinkholed
GET /media/gambling/en/slots/style1.css HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=wfc3ua98k9impk0libl87n16
Cookie: sid=t2~fqrf3bwrpzvlcbvfqcdj13x5
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 07 Dec 2022 12:02:54 GMT
Content-Type: text/css
Content-Length: 12064
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "9e8e1b97fb35ea366e6fee346ab90803"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E81348ABC6D97
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Thu, 07 Dec 2023 12:02:54 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
thetakebestbonus.life/media/mainstream/js1.js
194.87.208.61200 OK 0 B URL HTTP/1.1 thetakebestbonus.life/media/mainstream/js1.js
IP 194.87.208.61:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /media/mainstream/js1.js HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=wfc3ua98k9impk0libl87n16
Cookie: sid=t2~fqrf3bwrpzvlcbvfqcdj13x5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 07 Dec 2022 12:02:54 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "d41d8cd98f00b204e9800998ecf8427e"
Last-Modified: Wed, 31 Aug 2022 09:36:23 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E7FC864CD6102
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Thu, 07 Dec 2023 12:02:54 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
thetakebestbonus.life/media/gambling/en/slots/jquery-1.11.3.min.js
194.87.208.61200 OK 96 kB URL HTTP/1.1 thetakebestbonus.life/media/gambling/en/slots/jquery-1.11.3.min.js
IP 194.87.208.61:0
File type ASCII text, with very long lines (32038)
Hash 895323ed2f7258af4fae2c738c8aea49
276c87ff3e1e3155679c318938e74e5c1b76d809
ecb916133a9376911f10bc5c659952eb0031e457f5df367cde560edbfba38fb8
Analyzer Verdict Alert quad9 Sinkholed
GET /media/gambling/en/slots/jquery-1.11.3.min.js HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=wfc3ua98k9impk0libl87n16
Cookie: sid=t2~fqrf3bwrpzvlcbvfqcdj13x5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 07 Dec 2022 12:02:54 GMT
Content-Type: application/javascript
Content-Length: 95957
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "895323ed2f7258af4fae2c738c8aea49"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E7FC84E7BAE13
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Thu, 07 Dec 2023 12:02:54 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 3074a66f6d9b2e2af9b41ec0e2f4e2db
942e2c49b3848f11da966937f5914c62aed24bce
7c3b21b91aab06aff58cc56ce4b7273a7d320df8b0b4ad685c660e03ba0b72aa
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 12:02:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 3074a66f6d9b2e2af9b41ec0e2f4e2db
942e2c49b3848f11da966937f5914c62aed24bce
7c3b21b91aab06aff58cc56ce4b7273a7d320df8b0b4ad685c660e03ba0b72aa
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 12:02:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
thetakebestbonus.life/media/gambling/backbutton_gmb.js
194.87.208.61200 OK 3.9 kB URL HTTP/1.1 thetakebestbonus.life/media/gambling/backbutton_gmb.js
IP 194.87.208.61:0
File type ASCII text, with CRLF line terminators
Hash 42a42a2180debd55caba94527379964c
562c1754c94ce49326b0381805ee14d175487778
52afe26d88ec86edf4a46d872db86007597b8ff5f6d9e79e47c9e6b899d0b781
Analyzer Verdict Alert quad9 Sinkholed
GET /media/gambling/backbutton_gmb.js HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=wfc3ua98k9impk0libl87n16
Cookie: sid=t2~fqrf3bwrpzvlcbvfqcdj13x5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 07 Dec 2022 12:02:54 GMT
Content-Type: application/javascript
Content-Length: 3923
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "42a42a2180debd55caba94527379964c"
Last-Modified: Wed, 31 Aug 2022 09:34:51 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E811BF766BAD6
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Thu, 07 Dec 2023 12:02:54 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
thetakebestbonus.life/media/gambling/icon.js
194.87.208.61200 OK 1.6 kB URL HTTP/1.1 thetakebestbonus.life/media/gambling/icon.js
IP 194.87.208.61:0
File type ASCII text, with CRLF line terminators
Hash 2b25502a979c3b240fc77e52689e4c29
790d306577b490abe99d88fb55bce2e815689843
328a90c5503266ebe4dda1e9c84558e62016811f112a159aecb36fc489563577
Analyzer Verdict Alert quad9 Sinkholed
GET /media/gambling/icon.js HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=wfc3ua98k9impk0libl87n16
Cookie: sid=t2~fqrf3bwrpzvlcbvfqcdj13x5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 07 Dec 2022 12:02:54 GMT
Content-Type: application/javascript
Content-Length: 1580
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "2b25502a979c3b240fc77e52689e4c29"
Last-Modified: Wed, 31 Aug 2022 09:34:54 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E8006BD76530A
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Thu, 07 Dec 2023 12:02:54 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
thetakebestbonus.life/media/gambling/confetti.js
194.87.208.61200 OK 3.5 kB URL HTTP/1.1 thetakebestbonus.life/media/gambling/confetti.js
IP 194.87.208.61:0
File type ASCII text, with very long lines (3533), with no line terminators
Hash 116c9460f5e882a7fcf4e837f7efc72a
13a88e74735d05985e5d07e8cbff716329f5d81c
651141c8290087af54c66793aa063ee5697661fb914925f56bd09390a2895ce4
Analyzer Verdict Alert quad9 Sinkholed
GET /media/gambling/confetti.js HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=wfc3ua98k9impk0libl87n16
Cookie: sid=t2~fqrf3bwrpzvlcbvfqcdj13x5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 07 Dec 2022 12:02:54 GMT
Content-Type: application/javascript
Content-Length: 3533
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "116c9460f5e882a7fcf4e837f7efc72a"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E805A6D7A3489
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Thu, 07 Dec 2023 12:02:54 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
thetakebestbonus.life/media/gambling/en/slots/overlay2.png
194.87.208.61200 OK 6.6 kB URL HTTP/1.1 thetakebestbonus.life/media/gambling/en/slots/overlay2.png
IP 194.87.208.61:0
File type PNG image data, 300 x 325, 8-bit colormap, non-interlaced\012- data
Hash 493c0713401f9c3d4a5605e07d5c10f5
fe518a62420af1d47eb2bae34e1c1c34b07f18ab
3cd598f64dc588f99ecb244818423a1a5878f8d8652ef4a5e8011f55e2774f60
Analyzer Verdict Alert quad9 Sinkholed
GET /media/gambling/en/slots/overlay2.png HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=wfc3ua98k9impk0libl87n16
Cookie: sid=t2~fqrf3bwrpzvlcbvfqcdj13x5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 07 Dec 2022 12:02:54 GMT
Content-Type: image/png
Content-Length: 6630
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "493c0713401f9c3d4a5605e07d5c10f5"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E7FC8CE276F89
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Thu, 07 Dec 2023 12:02:54 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
thetakebestbonus.life/media/gambling/en/slots/777.png
194.87.208.61200 OK 112 kB URL HTTP/1.1 thetakebestbonus.life/media/gambling/en/slots/777.png
IP 194.87.208.61:0
File type PNG image data, 142 x 7733, 8-bit colormap, non-interlaced\012- data
Size 112 kB (111473 bytes)
Hash 3908e67ff1fe15bd1136160b8bb831e1
77e9675b157b311ba86db0a60c2bd3187dfd8550
add9628c07e4ab33ababaa283f67b73dc445e4524f64c8e2afb4bdf841270828
Analyzer Verdict Alert quad9 Sinkholed
GET /media/gambling/en/slots/777.png HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=wfc3ua98k9impk0libl87n16
Cookie: sid=t2~fqrf3bwrpzvlcbvfqcdj13x5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 07 Dec 2022 12:02:54 GMT
Content-Type: image/png
Content-Length: 111473
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "3908e67ff1fe15bd1136160b8bb831e1"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E7FC89771C733
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Thu, 07 Dec 2023 12:02:54 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
thetakebestbonus.life/media/gambling/en/slots/overlay.png
194.87.208.61200 OK 7.0 kB URL HTTP/1.1 thetakebestbonus.life/media/gambling/en/slots/overlay.png
IP 194.87.208.61:0
File type PNG image data, 300 x 325, 8-bit colormap, non-interlaced\012- data
Hash 6962c3265c90a29899d439a690d4cb9d
f2deb87030b77ebd20ca9df3f09ee183725879af
bb49a67a9e8ad4147e22deee3c4e5071f00be0d62251e4c57702dc14c23208af
Analyzer Verdict Alert quad9 Sinkholed
GET /media/gambling/en/slots/overlay.png HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=wfc3ua98k9impk0libl87n16
Cookie: sid=t2~fqrf3bwrpzvlcbvfqcdj13x5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 07 Dec 2022 12:02:54 GMT
Content-Type: image/png
Content-Length: 7028
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "6962c3265c90a29899d439a690d4cb9d"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E7FC88F97F8BA
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Thu, 07 Dec 2023 12:02:54 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash ec6ece82a7cb8faa3ba171efae3a9eda
7ee75fba9a9d1078960f7834d71961c38f514b82
301d0c4d73b444369e488ee4f78b3a994a9168ec6c6d46cd7f3448722a841a2e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 12:02:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
thetakebestbonus.life/media/gambling/en/slots/no1.png
194.87.208.61200 OK 2.5 kB URL HTTP/1.1 thetakebestbonus.life/media/gambling/en/slots/no1.png
IP 194.87.208.61:0
File type PNG image data, 385 x 58, 8-bit colormap, non-interlaced\012- data
Hash 1003378b78a3e8f2e568df844d251a01
d6cbd612c2913ea373aeb196adcba7b1295dac1b
a605a29baa527329719d2a6ce0664203b8d271a4c928a730040f553ffb06f38e
Analyzer Verdict Alert quad9 Sinkholed
GET /media/gambling/en/slots/no1.png HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=wfc3ua98k9impk0libl87n16
Cookie: sid=t2~fqrf3bwrpzvlcbvfqcdj13x5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 07 Dec 2022 12:02:54 GMT
Content-Type: image/png
Content-Length: 2546
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "1003378b78a3e8f2e568df844d251a01"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E8134A0300232
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Thu, 07 Dec 2023 12:02:54 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
fonts.gstatic.com/s/robotocondensed/v25/ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2
142.250.74.35200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/robotocondensed/v25/ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 15700, version 1.0\012- data
Hash 3d7f7413fca69bff4d231ebdc50aaab0
cb18e7943b6a8a0e3672d7242197c19a226b92e8
6b4fac99c39b9ee2693d87a2508d0c7d4b4859072966616bd1f6e18c5b2f9d36
GET /s/robotocondensed/v25/ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://thetakebestbonus.life
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15700
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 06 Dec 2022 15:42:33 GMT
expires: Wed, 06 Dec 2023 15:42:33 GMT
cache-control: public, max-age=31536000
age: 73221
last-modified: Tue, 19 Apr 2022 18:51:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Roboto+Condensed
142.250.74.106200 OK 14 kB URL HTTP/2 fonts.googleapis.com/css?family=Roboto+Condensed
IP 142.250.74.106:0
Hash f583905611468cfe61a598238640a9cf
6acdedd6a026a7961595ae669a23a9189e4137cf
fe2a7082e8a19bfc3d8f1475515acf52ca357ffd6f1b244777775da063680df1
GET /css?family=Roboto+Condensed HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 07 Dec 2022 12:02:54 GMT
date: Wed, 07 Dec 2022 12:02:54 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
thetakebestbonus.life/media/gambling/en/slots/loader.gif
194.87.208.61200 OK 2.9 kB URL HTTP/1.1 thetakebestbonus.life/media/gambling/en/slots/loader.gif
IP 194.87.208.61:0
File type GIF image data, version 89a, 128 x 15\012- data
Hash 35de537ece3bfee3ab3f7af4c19e2151
9139201df5d36e1b2b9a8a6566683c95a49e0006
2a020670608060e8f05776815edaa0696f1dd553545ee49946e24be7741433f5
Analyzer Verdict Alert quad9 Sinkholed
GET /media/gambling/en/slots/loader.gif HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=wfc3ua98k9impk0libl87n16
Cookie: sid=t2~fqrf3bwrpzvlcbvfqcdj13x5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 07 Dec 2022 12:02:54 GMT
Content-Type: image/gif
Content-Length: 2892
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "35de537ece3bfee3ab3f7af4c19e2151"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E80B2A1225030
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Thu, 07 Dec 2023 12:02:54 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash ec6ece82a7cb8faa3ba171efae3a9eda
7ee75fba9a9d1078960f7834d71961c38f514b82
301d0c4d73b444369e488ee4f78b3a994a9168ec6c6d46cd7f3448722a841a2e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 12:02:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
thetakebestbonus.life/media/gambling/en/slots/no2.png
194.87.208.61200 OK 36 kB URL HTTP/1.1 thetakebestbonus.life/media/gambling/en/slots/no2.png
IP 194.87.208.61:0
File type PNG image data, 639 x 479, 8-bit colormap, non-interlaced\012- data
Hash e98c2ff5f5da7f9af37f2a70b066a766
11e29c200094f477f68a2c55167d9cbd03590222
a9da42a045c663d7314163518b54d73c87c3d5652fd310367a8cf42f8bebfbaf
Analyzer Verdict Alert quad9 Sinkholed
GET /media/gambling/en/slots/no2.png HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=wfc3ua98k9impk0libl87n16
Cookie: sid=t2~fqrf3bwrpzvlcbvfqcdj13x5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 07 Dec 2022 12:02:54 GMT
Content-Type: image/png
Content-Length: 35487
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "e98c2ff5f5da7f9af37f2a70b066a766"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E8134A0347FA5
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Thu, 07 Dec 2023 12:02:54 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
thetakebestbonus.life/util/pgamble.js?v=8
194.87.208.61200 OK 4.2 kB URL HTTP/1.1 thetakebestbonus.life/util/pgamble.js?v=8
IP 194.87.208.61:0
File type ASCII text, with very long lines (4237), with no line terminators
Hash c43bdd4ef0fd292dca304ff4c8f56058
62ddd2026ea77bc7e7bc0c479ecd1b645a5f3b95
270f557d605568785502706a54f3c43811958ffae143753a6515aa2c8d95ae2a
Analyzer Verdict Alert quad9 Sinkholed
GET /util/pgamble.js?v=8 HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=wfc3ua98k9impk0libl87n16
Cookie: sid=t2~fqrf3bwrpzvlcbvfqcdj13x5
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 07 Dec 2022 12:02:55 GMT
Content-Type: application/javascript
Content-Length: 4237
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "c43bdd4ef0fd292dca304ff4c8f56058"
Last-Modified: Wed, 31 Aug 2022 09:38:18 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E7FC6123921D2
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Thu, 07 Dec 2023 12:02:55 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
thetakebestbonus.life/media/gambling/en/slots/no3.png
194.87.208.61200 OK 38 kB URL HTTP/1.1 thetakebestbonus.life/media/gambling/en/slots/no3.png
IP 194.87.208.61:0
File type PNG image data, 639 x 479, 8-bit colormap, non-interlaced\012- data
Hash b0bca69833a02b70db694d8947c9120d
50da2910a8dca7a53dce99d0b65f1255f6f72764
193bb9071f34f9b4dd45c9dc09b440e9b4857e3f4e55d814d0499fe3818f2167
Analyzer Verdict Alert quad9 Sinkholed
GET /media/gambling/en/slots/no3.png HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=wfc3ua98k9impk0libl87n16
Cookie: sid=t2~fqrf3bwrpzvlcbvfqcdj13x5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 07 Dec 2022 12:02:55 GMT
Content-Type: image/png
Content-Length: 37489
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "b0bca69833a02b70db694d8947c9120d"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E8134AD2A1BA3
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Thu, 07 Dec 2023 12:02:55 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
thetakebestbonus.life/favicon.ico
194.87.208.61204 No Content 0 B URL HTTP/1.1 thetakebestbonus.life/favicon.ico
IP 194.87.208.61:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /favicon.ico HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=wfc3ua98k9impk0libl87n16
Cookie: sid=t2~fqrf3bwrpzvlcbvfqcdj13x5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 204 No Content
Server: nginx
Date: Wed, 07 Dec 2022 12:02:55 GMT
Connection: keep-alive
Cache-Control: no-transform
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash c1eef7d39b6a9aedcdcb0b1ba5b8d9a1
ee3a4f79027d60427ca6fe3c2ace116263ff92af
eee086812e6ebca9a41f629ea77ad04062032ea2db51b73f13162e02f9f291a2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EEE086812E6EBCA9A41F629EA77AD04062032EA2DB51B73F13162E02F9F291A2"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5885
Expires: Wed, 07 Dec 2022 13:41:00 GMT
Date: Wed, 07 Dec 2022 12:02:55 GMT
Connection: keep-alive
confdatabase.com/pc.js?u=3w8p605
5.8.45.62200 OK 315 B URL HTTP/1.1 confdatabase.com/pc.js?u=3w8p605
IP 5.8.45.62:0
ASN #209813 Fast Content Delivery LTD
File type ASCII text, with very long lines (315), with no line terminators
Hash e19da520f9feb2c13e897560f9309801
c0f5f1ca8d870920ba49c4afbcf8f45db0f238dc
6cab2d2817a7968578ca675369a4cbc126f898e75163fc59ba36f899b659831c
GET /pc.js?u=3w8p605 HTTP/1.1
Host: confdatabase.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 07 Dec 2022 12:02:55 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 315
Connection: keep-alive
Cache-Control: private
X-AspNetMvc-Version: 5.2
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
thetakebestbonus.life/media/mainstream/alert.mp3
194.87.208.61200 OK 8.8 kB URL HTTP/1.1 thetakebestbonus.life/media/mainstream/alert.mp3
IP 194.87.208.61:0
File type Audio file with ID3 version 2.3.0, contains: MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, Monaural\012- data
Hash 6d2d3da2ea28ace816fa4a138829dc18
606e0ec3d7fb05c69f16233cfe1ff0a0ee760505
d79bc81189750262716692ade6cc4d6fb6c4fbc4aa01c2b9d0aa67e5788821fc
Analyzer Verdict Alert quad9 Sinkholed
GET /media/mainstream/alert.mp3 HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=wfc3ua98k9impk0libl87n16
Cookie: sid=t2~fqrf3bwrpzvlcbvfqcdj13x5
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 07 Dec 2022 12:02:55 GMT
Content-Type: audio/mpeg
Content-Length: 8802
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "6d2d3da2ea28ace816fa4a138829dc18"
Last-Modified: Wed, 31 Aug 2022 09:35:09 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E7F86628B3CDE
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Thu, 07 Dec 2023 12:02:55 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
thetakebestbonus.life/media/mainstream/alert.mp3
194.87.208.61200 OK 8.8 kB URL HTTP/1.1 thetakebestbonus.life/media/mainstream/alert.mp3
IP 194.87.208.61:0
File type Audio file with ID3 version 2.3.0, contains: MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, Monaural\012- data
Hash 6d2d3da2ea28ace816fa4a138829dc18
606e0ec3d7fb05c69f16233cfe1ff0a0ee760505
d79bc81189750262716692ade6cc4d6fb6c4fbc4aa01c2b9d0aa67e5788821fc
Analyzer Verdict Alert quad9 Sinkholed
GET /media/mainstream/alert.mp3 HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=wfc3ua98k9impk0libl87n16
Cookie: sid=t2~fqrf3bwrpzvlcbvfqcdj13x5
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 07 Dec 2022 12:02:55 GMT
Content-Type: audio/mpeg
Content-Length: 8802
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "6d2d3da2ea28ace816fa4a138829dc18"
Last-Modified: Wed, 31 Aug 2022 09:35:09 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E8134E10A5B92
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Thu, 07 Dec 2023 12:02:55 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes