Overview

URLmkkuei4kdsz.com/338/909.html
IP 64.225.91.73 (United States)
ASN#14061 DIGITALOCEAN-ASN
UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Report completed2022-12-04 08:41:12 UTC
StatusLoading report..
IDS alerts0
Blocklist alert7
urlquery alerts No alerts detected
Tags None

Domain Summary (0)

No passive DNS data

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro
 No alerts detected

Blocklists

OpenPhish
 No alerts detected

PhishTank
 No alerts detected

Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-12-04 2 mkkuei4kdsz.com/338/909.html Malware
2022-12-04 2 ww2.mkkuei4kdsz.com/ Malware

mnemonic secure dns
 No alerts detected

Quad9 DNS
Scan Date Severity Indicator Comment
2022-12-03 2 mkkuei4kdsz.com Sinkholed
2022-12-03 2 mkkuei4kdsz.com Sinkholed
2022-12-03 2 mkkuei4kdsz.com Sinkholed
2022-12-03 2 mkkuei4kdsz.com Sinkholed
2022-12-03 2 mkkuei4kdsz.com Sinkholed


Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 64.225.91.73
Date UQ / IDS / BL URL IP
2023-01-29 22:30:07 +0000 0 - 0 - 7 mkkuei4kdsz.com/337/209.html 64.225.91.73
2023-01-29 22:20:42 +0000 0 - 0 - 7 mkkuei4kdsz.com/835/765.html 64.225.91.73
2023-01-29 22:05:57 +0000 0 - 0 - 8 mkkuei4kdsz.com/350/31.html 64.225.91.73
2023-01-29 18:03:55 +0000 0 - 0 - 7 mkkuei4kdsz.com/629/875.html 64.225.91.73
2023-01-29 17:01:37 +0000 0 - 0 - 8 mkkuei4kdsz.com/855/917.html 64.225.91.73


Last 5 reports on ASN: DIGITALOCEAN-ASN
Date UQ / IDS / BL URL IP
2023-01-30 00:29:58 +0000 0 - 0 - 2 suppliers.bitshepherd.org/wp-content/uploads/ (...) 198.199.127.43
2023-01-30 00:23:20 +0000 0 - 0 - 1 informazioni23-digitale01filiale23.shimueps.c (...) 159.203.121.61
2023-01-30 00:23:00 +0000 0 - 0 - 1 informazioni23-digitale01filiale23.shimueps.c (...) 159.203.121.61
2023-01-30 00:05:29 +0000 0 - 0 - 2 informazioni23-digitale01filiale23.shimueps.c (...) 159.203.121.61
2023-01-29 23:43:32 +0000 0 - 0 - 1 data4business1.info/ 188.166.100.17


Last 5 reports on domain: mkkuei4kdsz.com
Date UQ / IDS / BL URL IP
2023-01-29 22:30:07 +0000 0 - 0 - 7 mkkuei4kdsz.com/337/209.html 64.225.91.73
2023-01-29 22:20:42 +0000 0 - 0 - 7 mkkuei4kdsz.com/835/765.html 64.225.91.73
2023-01-29 22:05:57 +0000 0 - 0 - 8 mkkuei4kdsz.com/350/31.html 64.225.91.73
2023-01-29 18:03:55 +0000 0 - 0 - 7 mkkuei4kdsz.com/629/875.html 64.225.91.73
2023-01-29 17:01:37 +0000 0 - 0 - 8 mkkuei4kdsz.com/855/917.html 64.225.91.73


Last 5 reports with similar screenshot
Date UQ / IDS / BL URL IP
2023-01-29 13:11:43 +0000 1 - 3 - 7 15.winprizes215.biz/brtcad1/index.php 217.69.14.8
2023-01-28 04:55:16 +0000 1 - 0 - 0 in.fastadtrck.com/go/9b59f2ef-60c7-4bbb-b299- (...) 3.70.16.242
2023-01-27 07:11:19 +0000 1 - 1 - 2 track.rendan-compto.com/f42516eb-b5ae-4c83-88 (...) 18.195.128.171
2023-01-26 23:55:59 +0000 1 - 1 - 1 track.rendan-compto.com/f42516eb-b5ae-4c83-88 (...) 18.195.128.171
2023-01-26 19:25:50 +0000 1 - 0 - 0 quickdirectclick.com/ip14c2/index.html?td=get (...) 75.2.60.5

JavaScript

Executed Scripts (23)

Executed Evals (0)

Executed Writes (1)
#1 JavaScript::Write (size: 15) - SHA256: 85a636802f7bfffb2579eb9f9750451e653f2fb9f7fa000658cb4711fc4701f6
4 desember 2022


HTTP Transactions (71)


Request Response
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "1BAD6C06AA3E88DCBC125FC98A6CB753EB2B18D2C8DD61DA21D12209AEEDA3F9"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7034
Expires: Sun, 04 Dec 2022 10:38:14 GMT
Date: Sun, 04 Dec 2022 08:41:00 GMT
Connection: keep-alive

                                        
                                            GET /338/909.html HTTP/1.1 
Host: mkkuei4kdsz.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         64.225.91.73
HTTP/1.1 200 OK
content-type: text/html
                                        
server: nginx/1.18.0 (Ubuntu)
date: Sun, 04 Dec 2022 08:41:00 GMT
last-modified: Wed, 12 Jan 2022 17:20:45 GMT
etag: W/"61df0ded-1ad"
content-encoding: gzip
transfer-encoding: chunked


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Size:   329
Md5:    ecbcb8bae64098de3e587487b474f8b8
Sha1:   e275409fb40ea27c3826af493f70faf147d0f995
Sha256: 2597a3f2418586d8a9fb0764743a84486ba066c6af3ff194922fb6c65a783688

Alerts:
  Blocklists:
    - fortinet: Malware
    - quad9: Sinkholed
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 4737
Cache-Control: max-age=97749
Date: Sun, 04 Dec 2022 08:41:00 GMT
Etag: "638b2570-1d7"
Expires: Mon, 05 Dec 2022 11:50:09 GMT
Last-Modified: Sat, 03 Dec 2022 10:31:12 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "7D7232C8C91BCD18161BA2C9D23E3BFF159604E058BD5B3FC1C7FCBCD03A7EE3"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14851
Expires: Sun, 04 Dec 2022 12:48:31 GMT
Date: Sun, 04 Dec 2022 08:41:00 GMT
Connection: keep-alive

                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Backoff, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 04 Dec 2022 08:18:24 GMT
cache-control: public,max-age=3600
age: 1356
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    14cd9a0afb6ba9a763651d5112760d1e
Sha1:   75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
Sha256: 4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: TipVcZ9pkFKPbSVxg0D9HIIgOPvYje2qUfawtJvenFkAVzDn8/iWMPwi9v6BLoXoA1+OWT0iKF0=
x-amz-request-id: DKVCFFZKEGH10XVZ
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 04 Dec 2022 07:46:53 GMT
age: 3247
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    9ebddc2b260d081ebbefee47c037cb28
Sha1:   492bad62a7ca6a74738921ef5ae6f0be5edebf39
Sha256: 74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Sun, 04 Dec 2022 08:41:00 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /ajax/libs/jquery/3.5.1/jquery.min.js HTTP/1.1 
Host: cdnjs.cloudflare.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://mkkuei4kdsz.com
Connection: keep-alive
Referer: http://mkkuei4kdsz.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         104.17.24.14
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Sun, 04 Dec 2022 08:41:00 GMT
content-length: 27958
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb09ed3-15d84"
last-modified: Mon, 04 May 2020 23:01:39 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 15586964
expires: Fri, 24 Nov 2023 08:41:00 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Rurgbef07dS0Yb4doB6zx7SdTb1VcQbAv2xVsX6htMPmbyskGZ4mBZUlobMDBDQzdOg1vvQBku8JGQCu%2F80Xu08UWQmrpKZZEp1%2FcweAajgSwG%2Bsq8ZjhaabdQkB9%2BkJFh7saMhF"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 77433d94f876b512-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65451)
Size:   27958
Md5:    4b5f47439b640180cc3450f7de05d0d8
Sha1:   5a0dc9bcab80ddc409dd35fcb00a88fe6846fee2
Sha256: 1f85e8b327f42c17c025d69849914068536d9aa95412fe473ae90ffb2f4ebd82
                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 345
ETag: "8E3C803C1A2287F39F626151D6293AD860F15AAFB2E004BEB589205B0B92219E"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9774
Expires: Sun, 04 Dec 2022 11:23:55 GMT
Date: Sun, 04 Dec 2022 08:41:01 GMT
Connection: keep-alive

                                        
                                            GET /?orighost=http://mkkuei4kdsz.com/338/909.html HTTP/1.1 
Host: domaincntrol.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://mkkuei4kdsz.com
Connection: keep-alive
Referer: http://mkkuei4kdsz.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         104.26.10.61
HTTP/2 200 OK
content-type: text/javascript;charset=UTF-8
                                        
date: Sun, 04 Dec 2022 08:41:01 GMT
content-length: 28
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=w4YutM0g43ZTZtX%2BFtq1T84FrF0%2BXjRmXG%2BKwsD4FlWSXELMRxUvsjCLIYy7G3M0OB8j8FPczMUbubJK1cIclH3sYLraF4ZtJx8gaR8N34WeuPSud%2BgknaqbSf4y5EaDhKs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77433d95fc3b0b45-OSL
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   28
Md5:    7aae16ed70d2e07943585bbb1cd02b55
Sha1:   3209123510c034e6e38ca45edf14307f1375a8f5
Sha256: 51bfb53a70df6adc48f0670be59a16a657ab5a2bafc176973a32d5c36a4fc5d3
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Pragma, Last-Modified, ETag, Alert, Expires, Retry-After, Cache-Control, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 04 Dec 2022 08:11:19 GMT
cache-control: public,max-age=3600
age: 1782
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 4728
Cache-Control: max-age=92678
Date: Sun, 04 Dec 2022 08:41:01 GMT
Etag: "638b11ab-1d7"
Expires: Mon, 05 Dec 2022 10:25:39 GMT
Last-Modified: Sat, 03 Dec 2022 09:06:51 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: +0vcKYtYF177D4bhs1JeYQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

search
                                         54.149.51.98
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: wGHX443qA8zwe4GAj6lGGW3CP0k=

                                        
                                            GET / HTTP/1.1 
Host: ww2.mkkuei4kdsz.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://mkkuei4kdsz.com/
Upgrade-Insecure-Requests: 1

search
                                         64.190.63.136
HTTP/1.1 200 OK
content-type: text/html; charset=UTF-8
                                        
date: Sun, 04 Dec 2022 08:41:02 GMT
transfer-encoding: chunked
vary: Accept-Encoding
x-powered-by: PHP/8.1.9
expires: Mon, 26 Jul 1997 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_zfi2IAQMFhbeJz7TohoVHVtJWU2hwm7Lrp9mU2CS1tg8fh6Um4KcOzzYJ6LQkNLWAjiGBQP1WU+h5qP7TrTizQ==
last-modified: Sun, 04 Dec 2022 08:41:01 GMT
x-cache-miss-from: parking-d7dbd8c4d-5wc8k
server: NginX
content-encoding: gzip


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (700)
Size:   1327
Md5:    29b2c5bd73d2ea3e22f93879fb7663bd
Sha1:   6d3ad0d44176ccf7a1513499f2ddd726f8e59768
Sha256: a70378ef7e4a1cebebdb67a70ccd0cba42a52bf48db0f7f11139cd64f9e55e97

Alerts:
  Blocklists:
    - fortinet: Malware
    - quad9: Sinkholed
                                        
                                            GET /images/js_preloader.gif HTTP/1.1 
Host: img.sedoparking.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww2.mkkuei4kdsz.com/

search
                                         205.234.175.175
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Date: Sun, 04 Dec 2022 08:41:02 GMT
Content-Length: 4254
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=604800
Expires: Sun, 11 Dec 2022 08:41:02 GMT
X-CFHash: "90c93102a88c2ab94bff1575b7a6e86e"
X-CFF: B
Last-Modified: Fri, 15 Mar 2019 12:24:07 GMT
X-CF3: H
CF4Age: 156700
x-cf-tsc: 1648179742
CF4ttl: 31536000.000
X-CF2: H
Server: CFS 0215
X-CF-ReqID: 3d8fa245c6fd5761a72d707647e2e204
X-CF1: 11696:fA.arn1:cf:cacheN.arn1-01:H
Accept-Ranges: bytes


--- Additional Info ---
Magic:  GIF image data, version 89a, 16 x 16\012- data
Size:   4254
Md5:    90c93102a88c2ab94bff1575b7a6e86e
Sha1:   56d71bf13de464534643db9d127629a0a3bf677a
Sha256: 5f6ad7031600056b578a6e8c6b34bc718d13125cc8256aa4a9050e549576f81a
                                        
                                            GET /search/tsc.php?200=MzgzNDQ1ODM3&21=OTEuOTAuNDIuMTU0&681=MTY3MDE0MzI2MjkwMThjMjAyMGU4YmQ3N2M5NzViMGVmM2NjNDA0NjUz&crc=7983c8f12a78fdedd8f5662a9a72931842553b35&cv=1 HTTP/1.1 
Host: ww2.mkkuei4kdsz.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww2.mkkuei4kdsz.com/

search
                                         64.190.63.136
HTTP/1.1 200 OK
content-type: text/html; charset=UTF-8
                                        
date: Sun, 04 Dec 2022 08:41:02 GMT
content-length: 0
x-powered-by: PHP/8.1.9
x-cache-miss-from: parking-d7dbd8c4d-pnx5c
server: NginX


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /search/redirect.php?f=http%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DvWWRhqEUQVI_0&v=MDE1ZDA4ZDYwMGUwZTc1ODA3MDk4Yzk4MGFkNjM2YjIJMQl3dzIubWtrdWVpNGtkc3ouY29tNjM4YzVkMWQ0NThiNDUuODIzNjg1NTQJd3cyLm1ra3VlaTRrZHN6LmNvbTYzOGM1ZDFkNDU4ZjQwLjUxNjUyNTQzCTE2NzAxNDMyNjIJYWRfNjNfMA==&l=OAkwZDkyZDE5NmJlZDRlODRmZTkxN2U3MjEyZGIzZmY3NQkwCTM1CTAJZmNkNDlmNzBlMDZlMTY5ZDg4MzVkMGFhNTQ3OGM5N2IJMzgzNDQ1ODM3CW1ra3VlaTRrZHN6CTAJNjMJNgkyCTE2NzAxNDMyNjIJMC4wMDAzNjUJTgkwCTEJODMwCTEyMDUJMTk0MDQzMTQyCTkxLjkwLjQyLjE1NAkw HTTP/1.1 
Host: ww2.mkkuei4kdsz.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww2.mkkuei4kdsz.com/
Upgrade-Insecure-Requests: 1

search
                                         64.190.63.136
HTTP/1.1 302 Found
content-type: text/html; charset=UTF-8
                                        
date: Sun, 04 Dec 2022 08:41:02 GMT
content-length: 0
x-powered-by: PHP/8.1.9
expires: Mon, 26 Jul 1997 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
last-modified: Sun, 04 Dec 2022 08:41:02 GMT
location: /search/tcerider.php?f=http%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DvWWRhqEUQVI_0&v=MDE1ZDA4ZDYwMGUwZTc1ODA3MDk4Yzk4MGFkNjM2YjIJMQl3dzIubWtrdWVpNGtkc3ouY29tNjM4YzVkMWQ0NThiNDUuODIzNjg1NTQJd3cyLm1ra3VlaTRrZHN6LmNvbTYzOGM1ZDFkNDU4ZjQwLjUxNjUyNTQzCTE2NzAxNDMyNjIJYWRfNjNfMA==&l=OAkwZDkyZDE5NmJlZDRlODRmZTkxN2U3MjEyZGIzZmY3NQkwCTM1CTAJZmNkNDlmNzBlMDZlMTY5ZDg4MzVkMGFhNTQ3OGM5N2IJMzgzNDQ1ODM3CW1ra3VlaTRrZHN6CTAJNjMJNgkyCTE2NzAxNDMyNjIJMC4wMDAzNjUJTgkwCTEJODMwCTEyMDUJMTk0MDQzMTQyCTkxLjkwLjQyLjE1NAkw
x-cache-miss-from: parking-d7dbd8c4d-lpd8s
server: NginX


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /search/tcerider.php?f=http%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DvWWRhqEUQVI_0&v=MDE1ZDA4ZDYwMGUwZTc1ODA3MDk4Yzk4MGFkNjM2YjIJMQl3dzIubWtrdWVpNGtkc3ouY29tNjM4YzVkMWQ0NThiNDUuODIzNjg1NTQJd3cyLm1ra3VlaTRrZHN6LmNvbTYzOGM1ZDFkNDU4ZjQwLjUxNjUyNTQzCTE2NzAxNDMyNjIJYWRfNjNfMA==&l=OAkwZDkyZDE5NmJlZDRlODRmZTkxN2U3MjEyZGIzZmY3NQkwCTM1CTAJZmNkNDlmNzBlMDZlMTY5ZDg4MzVkMGFhNTQ3OGM5N2IJMzgzNDQ1ODM3CW1ra3VlaTRrZHN6CTAJNjMJNgkyCTE2NzAxNDMyNjIJMC4wMDAzNjUJTgkwCTEJODMwCTEyMDUJMTk0MDQzMTQyCTkxLjkwLjQyLjE1NAkw HTTP/1.1 
Host: ww2.mkkuei4kdsz.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww2.mkkuei4kdsz.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         64.190.63.136
HTTP/1.1 302 Found
content-type: text/html; charset=UTF-8
                                        
date: Sun, 04 Dec 2022 08:41:02 GMT
transfer-encoding: chunked
x-powered-by: PHP/8.1.9
expires: Mon, 26 Jul 1997 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
last-modified: Sun, 04 Dec 2022 08:41:02 GMT
location: http://xml.sedodna.com/click?i=vWWRhqEUQVI_0
x-cache-miss-from: parking-d7dbd8c4d-pnx5c
server: NginX


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   311
Md5:    7769c75a52b6ac5a17d022ef8ca935de
Sha1:   eb87aa2c617f3a5bac30c8fad6e9a163f7518fbd
Sha256: c405d170d8204f5f8c6a0ae7cc6502f82bf49c6d6d173d4fc163a0bea1767329

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8716
Expires: Sun, 04 Dec 2022 11:06:18 GMT
Date: Sun, 04 Dec 2022 08:41:02 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8716
Expires: Sun, 04 Dec 2022 11:06:18 GMT
Date: Sun, 04 Dec 2022 08:41:02 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8716
Expires: Sun, 04 Dec 2022 11:06:18 GMT
Date: Sun, 04 Dec 2022 08:41:02 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8716
Expires: Sun, 04 Dec 2022 11:06:18 GMT
Date: Sun, 04 Dec 2022 08:41:02 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df54ea7-8915-4ac7-af2b-6a71ce14dbf4.webp HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 5681
x-amzn-requestid: 8f0d66b8-d532-48d9-9a29-74540cd6ab3a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cltXnEotIAMFqkA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc296-27349a376ff819ab63b04a81;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:41:42 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: vNP2rQwmWTntetjJyjonO8N_YOBqvQuZUm42BWX7c1GoX7jASOIpCg==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 f9d716a351f14a0ac1fac2449734849a.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:49:42 GMT
age: 39080
etag: "36f4682ca6a33ff80ee02129c77e6f27e996ede0"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5681
Md5:    43309032a892c486f9985ef520df696e
Sha1:   36f4682ca6a33ff80ee02129c77e6f27e996ede0
Sha256: 24225ff504f30405d9ec3feb2555c738fcca0d6b265f285aa9c73a64c78a496e
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F757562c1-a4bf-4a51-bf99-64f3a0d51840.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8285
x-amzn-requestid: 882c673f-4e3f-4f84-a51d-bbac56f716eb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: clsAAEWUoAMFWuA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc066-3a2c571d6272b3493ec2a1c5;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:32:22 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: DX2amuyEjkaWng9x7x8TknBMeXzYPSW7pimxhVkcwOPPPbKrX0beQQ==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:50:24 GMT
etag: "364a32a224b2cacc26b138d57a8945c191e537b1"
age: 39038
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8285
Md5:    2c37ed587ee5e3fbdc8cab86ef1345f9
Sha1:   364a32a224b2cacc26b138d57a8945c191e537b1
Sha256: 3c66654da4670e0d5ec87afb6c62f0a420d90875c57b280710f2592269a9303e
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F85837b29-ffdd-4915-a6ab-8d0721427d1b.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 9356
x-amzn-requestid: 11f22578-a356-4f74-99bf-6d8462e25fdf
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ckdKGG8RIAMFc9Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638b4240-5c5fa5332d60db084c8d3bb6;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 12:34:08 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: QjicIljz29ZU_XTAeiVG5u_Y6unOHCN1CzOBdtnyDRckYwsPkWToBg==
via: 1.1 9b311162717b41c968f6f00426d88aaa.cloudfront.net (CloudFront), 1.1 a847181d425b7fc57e81eb3c800bfdf2.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 05:29:03 GMT
age: 11519
etag: "aa134912d4f5ddfb371c45d9975506246af68400"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9356
Md5:    591104ff3c76193fe3c24fbbbb332f7d
Sha1:   aa134912d4f5ddfb371c45d9975506246af68400
Sha256: af0cbb5c37c901019c1e684fe9a019bb7a2fb8359909ab831b7ff86cbc3d0fec
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d571e0e-b14e-436b-8156-2e49aad75d4f.png HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 16143
x-amzn-requestid: dc86fad4-4e53-42c9-9b0a-5e4d2cfcd087
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cdGyLGqmoAMFnaA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638851a7-0ea324b31e8c6578098b8ab9;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 07:03:03 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: KHd4ajJWl-8TDH5HGbkuJXI4NL6I83IwSUBKzfq85cxpyRH_LGl6OA==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 05:55:20 GMT
age: 9942
etag: "1d702df3a64258628f4124eafd580695f2d350af"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   16143
Md5:    14dcca2a9c4792d835ee709bcd947402
Sha1:   1d702df3a64258628f4124eafd580695f2d350af
Sha256: da01dcd8fef7c50bdb6f7a8a6a4955694092f479df3dba72f7fa69d7280d07b2
                                        
                                            GET /click?i=vWWRhqEUQVI_0 HTTP/1.1 
Host: xml.sedodna.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww2.mkkuei4kdsz.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         173.239.53.32
HTTP/1.1 302 Found
                                        
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Location: http://dipaka-ead.com/zcvisitor/61ba6539-73af-11ed-aec1-12cafe9a7ba3/9232f590-d991-493f-b95d-d38c0c6cdd28?campaignid=31a11310-5efd-11ed-9380-0a918cbcbb97
Pragma: no-cache

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8f00caab-057c-4cc2-a163-fd0bb4d0b5f7.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 11482
x-amzn-requestid: d1db05ab-bd5d-4ad4-96b4-8f439152e435
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: clssNEeAoAMFh_g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc181-0221c53842a2f5ef071e8071;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:37:05 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: UZ5kblxfN8fkp55YeSpUA55GzDxZgsLpFZrYTsdJBihf53HLCN0hTA==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 36810aa1793ee589dc8c194860296078.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 22:17:35 GMT
age: 37407
etag: "527220e4e8cd1065ce05fcd0694d0d703d817e2e"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   11482
Md5:    1521243a6fc065bb631bfbde22886fa2
Sha1:   527220e4e8cd1065ce05fcd0694d0d703d817e2e
Sha256: b83ebf768bbfb34f49d5467f3dfb43ceb3ca3d30d3454e6f37db9aef72d7689a
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F826f887d-ca78-40db-9b7d-6c693667c155.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7503
x-amzn-requestid: a4120308-c51e-4cff-99c2-90e86018b05d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cgZjCGkVIAMFpsw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6389a2e0-6fdf362a6d32449239476155;Sampled=0
x-amzn-remapped-date: Fri, 02 Dec 2022 07:01:52 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: dy619jlSTwCjwDhGuLmwTMcmuYj1Kg2oLA7xORyAYX8IHWimhNo6pw==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 07:23:21 GMT
age: 4661
etag: "6a0258e8c97ce09f1723382c8a16d9682b7dc50c"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7503
Md5:    c1a6f4805f59db44f9d3520d88701a58
Sha1:   6a0258e8c97ce09f1723382c8a16d9682b7dc50c
Sha256: ae120df5e96352c6998c24c69c709dfd2b01a7ff8a7b935d496757fd7661f2f5
                                        
                                            GET /zcvisitor/61ba6539-73af-11ed-aec1-12cafe9a7ba3/9232f590-d991-493f-b95d-d38c0c6cdd28?campaignid=31a11310-5efd-11ed-9380-0a918cbcbb97 HTTP/1.1 
Host: dipaka-ead.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww2.mkkuei4kdsz.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         3.212.50.125
HTTP/1.1 200
Content-Type: text/html;charset=UTF-8
                                        
Date: Sun, 04 Dec 2022 08:41:03 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
Server: lUlUzhjT


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   1100
Md5:    e727170577ac7b943f82ae051e4eb1ca
Sha1:   219993bb2c33339de1d209c305f4f327e2205bc0
Sha256: 405c260710e8acfb8867bc430a01f5037a57552d351a2d31093e198750580fcf
                                        
                                            GET /zcredirect?visitid=61ba6539-73af-11ed-aec1-12cafe9a7ba3&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false HTTP/1.1 
Host: dipaka-ead.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://dipaka-ead.com/zcvisitor/61ba6539-73af-11ed-aec1-12cafe9a7ba3/9232f590-d991-493f-b95d-d38c0c6cdd28?campaignid=31a11310-5efd-11ed-9380-0a918cbcbb97
Upgrade-Insecure-Requests: 1

search
                                         3.212.50.125
HTTP/1.1 200
Content-Type: text/html;charset=UTF-8
                                        
Date: Sun, 04 Dec 2022 08:41:03 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
redirected: JS
Server: aVaGlhqH


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (313)
Size:   712
Md5:    85a36c8af1b7140d5834e1db2bf4f6c5
Sha1:   247cd48e76a7a2a499787a4801df0d9efea49b2a
Sha256: 6e80a4a7b12070f63dc61f06373efad868c562dc4739b5643da9a91accc4baf2
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: dipaka-ead.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://dipaka-ead.com/zcredirect?visitid=61ba6539-73af-11ed-aec1-12cafe9a7ba3&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false

search
                                         3.212.50.125
HTTP/1.1 404
Content-Type: text/html;charset=utf-8
                                        
Date: Sun, 04 Dec 2022 08:41:03 GMT
Content-Length: 653
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Content-Language: en
Server: PNWhRqSQ


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (649), with no line terminators
Size:   653
Md5:    ba2732b1b2fa2626ffaa15f62f9e7d66
Sha1:   203d4e7fbb1d80449d6e4e1f3ae7a9bf8625debe
Sha256: 879861cb72fe9fbb476dab246021c4c83b4066327de2529e05ec54d3afb0a1c8
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         54.230.96.27
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=136925
Date: Sun, 04 Dec 2022 08:41:03 GMT
Etag: "638bcf92-1d7"
Expires: Mon, 05 Dec 2022 22:43:08 GMT
Last-Modified: Sat, 03 Dec 2022 22:37:06 GMT
Server: ECS (dcb/7FA5)
X-Cache: Miss from cloudfront
Via: 1.1 67d9c6999f4bc9c9c60e1e5f24b316e8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ARN1-C1
X-Amz-Cf-Id: Es4HXnE95fO9qVYA0XHLqoQyPsgpFwCTz8_-SkN7iaq5yC6AaS6BbA==
Age: 362

                                        
                                            GET /zp-redirect?target=https%3A%2F%2Fthetakebestbonus.life%2F%3Fu%3Dxunwwwr%26o%3Db0hp0zn%26cid%3Dw23posn9l9i8n8ukiv556uia&caid=158b5b73-ccca-408f-a150-a43e12f193d8&zpid=61ba6539-73af-11ed-aec1-12cafe9a7ba3&cid=w23posn9l9i8n8ukiv556uia&rt=R HTTP/1.1 
Host: ayxvy.voluumtrk3.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://dipaka-ead.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

search
                                         35.156.91.109
HTTP/2 302 Found
                                        
date: Sun, 04 Dec 2022 08:41:03 GMT
content-length: 0
location: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w23posn9l9i8n8ukiv556uia
cache-control: no-store, no-cache, pre-check=0, post-check=0
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
set-cookie: voluum-cid-v4=%7B%22cid%22%3A%22w23posn9l9i8n8ukiv556uia%22%2C%22caid%22%3A%22158b5b73-ccca-408f-a150-a43e12f193d8%22%7D; Max-Age=31536000; Expires=Mon, 04-Dec-2023 08:41:03 GMT; Domain=ayxvy.voluumtrk3.com; Path=/; Secure; HttpOnly;SameSite=None
server: nginx
X-Firefox-Spdy: h2

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "683401E48314BA5B468D05199B744E6DB899EB6EB3CA88155E7D973E66ABE414"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18687
Expires: Sun, 04 Dec 2022 13:52:31 GMT
Date: Sun, 04 Dec 2022 08:41:04 GMT
Connection: keep-alive

                                        
                                            GET /?u=xunwwwr&o=b0hp0zn&cid=w23posn9l9i8n8ukiv556uia HTTP/1.1 
Host: thetakebestbonus.life
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://dipaka-ead.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

search
                                         194.87.208.61
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Server: nginx
Date: Sun, 04 Dec 2022 08:41:04 GMT
Content-Length: 19425
Connection: keep-alive
set-cookie: sid=t2~4zdnzsjnjfvxlaljnzju5xye; path=/
cache-control: private, no-transform


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with very long lines (552)
Size:   19425
Md5:    260843e6c1161ccea11d92a05d1d8de9
Sha1:   5d35245b7906a546c92d80d257a49110a1aafff9
Sha256: 4343a7538d9ebd5d03661a4bade95777f0db5fcf1082e68df0ddccb280c67bec
                                        
                                            GET /media/gambling/en/slotbar/style.css HTTP/1.1 
Host: thetakebestbonus.life
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w23posn9l9i8n8ukiv556uia
Cookie: sid=t2~4zdnzsjnjfvxlaljnzju5xye
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         194.87.208.61
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Server: nginx
Date: Sun, 04 Dec 2022 08:41:04 GMT
Content-Length: 20006
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "8c38a209d98ec6a54d6b7cd42046af41"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172D893D0FDE38AC
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Mon, 04 Dec 2023 08:41:04 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII text, with very long lines (492), with CRLF line terminators
Size:   20006
Md5:    8c38a209d98ec6a54d6b7cd42046af41
Sha1:   8b84ce3e95d745d2d6b6057344552b647aefe86d
Sha256: d3b04d04ba4fa44ce3cee6fd4d97958d8ea9bebd93a14a12be14a3259fab0022
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 04 Dec 2022 08:41:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /ajax/libs/jquery/2.2.0/jquery.min.js HTTP/1.1 
Host: ajax.googleapis.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.42
HTTP/2 200 OK
content-type: text/javascript; charset=UTF-8
                                        
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30089
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 28 Nov 2022 11:02:32 GMT
expires: Tue, 28 Nov 2023 11:02:32 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
age: 509912
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (32069)
Size:   30089
Md5:    4ae540714475aa934955496d990ab15f
Sha1:   b7724c4d72a422b86f5dc06571ff4bc86f0308a3
Sha256: ca0222f8799d862ca8c427d6c612878f47043c9445ad0e1567f1f80e83c965e2
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.131
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sun, 04 Dec 2022 08:41:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /cookie/js.cookie9.js HTTP/1.1 
Host: thetakebestbonus.life
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w23posn9l9i8n8ukiv556uia
Cookie: sid=t2~4zdnzsjnjfvxlaljnzju5xye
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         194.87.208.61
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Sun, 04 Dec 2022 08:41:04 GMT
Content-Length: 4395
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "16e07bf02a8e81d2cd5679dc45cc318c"
Last-Modified: Wed, 31 Aug 2022 09:31:17 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172D8A18AC2AF580
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Mon, 04 Dec 2023 08:41:04 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII text, with very long lines (1709)
Size:   4395
Md5:    16e07bf02a8e81d2cd5679dc45cc318c
Sha1:   7c205205935a3a56a8976b2ac648502b43103b5f
Sha256: 96e91577f6be403fc263780e07e6b7839373588026f793d2b4edd77dcbba871e
                                        
                                            GET /media/gambling/backbutton_gmb.js HTTP/1.1 
Host: thetakebestbonus.life
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w23posn9l9i8n8ukiv556uia
Cookie: sid=t2~4zdnzsjnjfvxlaljnzju5xye
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         194.87.208.61
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Sun, 04 Dec 2022 08:41:04 GMT
Content-Length: 3923
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "42a42a2180debd55caba94527379964c"
Last-Modified: Wed, 31 Aug 2022 09:34:51 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172D89386E3D1472
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Mon, 04 Dec 2023 08:41:04 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   3923
Md5:    42a42a2180debd55caba94527379964c
Sha1:   562c1754c94ce49326b0381805ee14d175487778
Sha256: 52afe26d88ec86edf4a46d872db86007597b8ff5f6d9e79e47c9e6b899d0b781
                                        
                                            GET /media/gambling/icon.js HTTP/1.1 
Host: thetakebestbonus.life
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w23posn9l9i8n8ukiv556uia
Cookie: sid=t2~4zdnzsjnjfvxlaljnzju5xye
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         194.87.208.61
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Sun, 04 Dec 2022 08:41:04 GMT
Content-Length: 1580
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "2b25502a979c3b240fc77e52689e4c29"
Last-Modified: Wed, 31 Aug 2022 09:34:54 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172D8A61DE02AE5E
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Mon, 04 Dec 2023 08:41:04 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   1580
Md5:    2b25502a979c3b240fc77e52689e4c29
Sha1:   790d306577b490abe99d88fb55bce2e815689843
Sha256: 328a90c5503266ebe4dda1e9c84558e62016811f112a159aecb36fc489563577
                                        
                                            GET /media/gambling/en/slotbar/comment.js HTTP/1.1 
Host: thetakebestbonus.life
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w23posn9l9i8n8ukiv556uia
Cookie: sid=t2~4zdnzsjnjfvxlaljnzju5xye
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         194.87.208.61
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Sun, 04 Dec 2022 08:41:04 GMT
Content-Length: 2753
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "8441712705c040dc2ecfd7966c11f131"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172D8A605A1E66C5
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Mon, 04 Dec 2023 08:41:04 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII text, with very long lines (2753), with no line terminators
Size:   2753
Md5:    8441712705c040dc2ecfd7966c11f131
Sha1:   2f776d7927b20cf9813436f83e3007002979cccb
Sha256: b18340e4cacb8244292577c44d3a37be71c75977ab74e417c8b8cb0da4d84246
                                        
                                            GET /media/gambling/exit_gmb.js HTTP/1.1 
Host: thetakebestbonus.life
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w23posn9l9i8n8ukiv556uia
Cookie: sid=t2~4zdnzsjnjfvxlaljnzju5xye
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         194.87.208.61
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Sun, 04 Dec 2022 08:41:04 GMT
Content-Length: 1550
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "5202df93e55f911a83a995fa38af7ee6"
Last-Modified: Wed, 31 Aug 2022 09:34:54 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172D897AEDE3E69B
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Mon, 04 Dec 2023 08:41:04 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   1550
Md5:    5202df93e55f911a83a995fa38af7ee6
Sha1:   6c0ce8fd3d83e819b40bdff250b8c9331a2bbcf8
Sha256: 28ef9927757f823b79b11ebc2b24e22940e84492d5d78ede4591e4e520a43681
                                        
                                            GET /media/gambling/confetti.js HTTP/1.1 
Host: thetakebestbonus.life
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w23posn9l9i8n8ukiv556uia
Cookie: sid=t2~4zdnzsjnjfvxlaljnzju5xye
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         194.87.208.61
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Sun, 04 Dec 2022 08:41:04 GMT
Content-Length: 3533
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "116c9460f5e882a7fcf4e837f7efc72a"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172D8A61F4930EF6
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Mon, 04 Dec 2023 08:41:04 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII text, with very long lines (3533), with no line terminators
Size:   3533
Md5:    116c9460f5e882a7fcf4e837f7efc72a
Sha1:   13a88e74735d05985e5d07e8cbff716329f5d81c
Sha256: 651141c8290087af54c66793aa063ee5697661fb914925f56bd09390a2895ce4
                                        
                                            GET /media/gambling/en/slotbar/returnDate.no.js HTTP/1.1 
Host: thetakebestbonus.life
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w23posn9l9i8n8ukiv556uia
Cookie: sid=t2~4zdnzsjnjfvxlaljnzju5xye
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         194.87.208.61
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Sun, 04 Dec 2022 08:41:04 GMT
Content-Length: 1242
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "dbdb981f8658c845968ec8226f81d1d8"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172D8A7355A5F2A3
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Mon, 04 Dec 2023 08:41:04 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes


--- Additional Info ---
Magic:  Unicode text, UTF-8 text
Size:   1242
Md5:    dbdb981f8658c845968ec8226f81d1d8
Sha1:   d679b7bf47f71cd55b6c307cf96146a95660d667
Sha256: 5c9b1b4991000ba0178363dd1c57556fe2d6b433f6d4eef927c2cd15d55660fa
                                        
                                            GET /media/gambling/sound.js HTTP/1.1 
Host: thetakebestbonus.life
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w23posn9l9i8n8ukiv556uia
Cookie: sid=t2~4zdnzsjnjfvxlaljnzju5xye
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         194.87.208.61
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Sun, 04 Dec 2022 08:41:04 GMT
Content-Length: 1083
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "3787b349cb8b744b6917fe43f96b1ccd"
Last-Modified: Wed, 31 Aug 2022 09:34:56 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172D8A18C03C357A
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Mon, 04 Dec 2023 08:41:04 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   1083
Md5:    3787b349cb8b744b6917fe43f96b1ccd
Sha1:   ab26d82699a166f520a51f722bc6262ef1d5421f
Sha256: 8e4cbdda4f0a209714e470984de7250f946c3afd35ded05302ef431be048e918
                                        
                                            GET /util/utils-gmb.js HTTP/1.1 
Host: thetakebestbonus.life
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w23posn9l9i8n8ukiv556uia
Cookie: sid=t2~4zdnzsjnjfvxlaljnzju5xye
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         194.87.208.61
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Sun, 04 Dec 2022 08:41:04 GMT
Content-Length: 4651
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "570df3f849036a1a4a75ca2a28047d36"
Last-Modified: Wed, 31 Aug 2022 09:38:20 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172D8A61A60A1EEF
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Mon, 04 Dec 2023 08:41:04 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII text, with very long lines (641), with CRLF line terminators
Size:   4651
Md5:    570df3f849036a1a4a75ca2a28047d36
Sha1:   f69147076e3912116a9765a2ed34afe3cae67978
Sha256: 221e1a80f62592306f7a357aa9ee1a43b32a10314f340b64604ca9d351cf33c4
                                        
                                            GET /media/gambling/en/slotbar/red-arrow-left.png HTTP/1.1 
Host: thetakebestbonus.life
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w23posn9l9i8n8ukiv556uia
Cookie: sid=t2~4zdnzsjnjfvxlaljnzju5xye
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         194.87.208.61
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: nginx
Date: Sun, 04 Dec 2022 08:41:04 GMT
Content-Length: 1059
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "58f67f1674f5133b9925d3ae27dc0498"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172D89B713FD80D7
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Mon, 04 Dec 2023 08:41:04 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes


--- Additional Info ---
Magic:  PNG image data, 50 x 50, 8-bit colormap, non-interlaced\012- data
Size:   1059
Md5:    58f67f1674f5133b9925d3ae27dc0498
Sha1:   81c764ff6133a59dac942dfc76d77ee7c942fc03
Sha256: 29879956bc91fc604349179daa4c866d15cc6a6b120e0e6abb5ff0d078c7484b
                                        
                                            GET /media/gambling/en/slotbar/3temv7e.jpg HTTP/1.1 
Host: thetakebestbonus.life
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w23posn9l9i8n8ukiv556uia
Cookie: sid=t2~4zdnzsjnjfvxlaljnzju5xye
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         194.87.208.61
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Server: nginx
Date: Sun, 04 Dec 2022 08:41:04 GMT
Content-Length: 1169
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "a848711320a9df61e6457f65b0dfa9fb"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172D8A3F69FB132F
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Mon, 04 Dec 2023 08:41:04 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 50x50, components 3\012- data
Size:   1169
Md5:    a848711320a9df61e6457f65b0dfa9fb
Sha1:   68a62a84d89f4f9e1e831a6cef920797c7f2e7d5
Sha256: aea3443ffa2df4454daac365b37a61f9b9b1ba24dc0899ff3afca9f770765ce0
                                        
                                            GET /media/gambling/en/slotbar/img1.jpg HTTP/1.1 
Host: thetakebestbonus.life
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w23posn9l9i8n8ukiv556uia
Cookie: sid=t2~4zdnzsjnjfvxlaljnzju5xye
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         194.87.208.61
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Server: nginx
Date: Sun, 04 Dec 2022 08:41:04 GMT
Content-Length: 1315
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "c3c59916d3b4977017c89125dc42b664"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172D8A3F3C90C958
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Mon, 04 Dec 2023 08:41:04 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 50x50, components 3\012- data
Size:   1315
Md5:    c3c59916d3b4977017c89125dc42b664
Sha1:   c8e5a97a6e9fbf41558c09c65b2ca6df9ba8723a
Sha256: aa05de326a8afd2a7b16c253d8c10fc41857b474f23a814ffa7684d4ef17c1a9
                                        
                                            GET /media/gambling/en/slotbar/slot-win.png HTTP/1.1 
Host: thetakebestbonus.life
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w23posn9l9i8n8ukiv556uia
Cookie: sid=t2~4zdnzsjnjfvxlaljnzju5xye
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         194.87.208.61
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: nginx
Date: Sun, 04 Dec 2022 08:41:04 GMT
Content-Length: 13853
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "efb5cc057d90910eac87b874ae4dba74"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172D893D60ABF607
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Mon, 04 Dec 2023 08:41:04 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes


--- Additional Info ---
Magic:  PNG image data, 410 x 279, 8-bit colormap, non-interlaced\012- data
Size:   13853
Md5:    efb5cc057d90910eac87b874ae4dba74
Sha1:   6e24b4b704bee110a184ebe7b560bd3e91c73171
Sha256: 89c8a97b460a4fdca3c3bae5cc2f0aac9ca347ba18b6edf90c1c83ea953a6194
                                        
                                            GET /media/gambling/en/slotbar/EKZrmbS.jpg HTTP/1.1 
Host: thetakebestbonus.life
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w23posn9l9i8n8ukiv556uia
Cookie: sid=t2~4zdnzsjnjfvxlaljnzju5xye
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         194.87.208.61
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Server: nginx
Date: Sun, 04 Dec 2022 08:41:05 GMT
Content-Length: 2264
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "7364bf39dcf0941d3a1760e46a562710"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172D8A3F7D9F0443
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Mon, 04 Dec 2023 08:41:05 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes


--- Additional Info ---
Magic:  JPEG image data, baseline, precision 8, 50x50, components 3\012- data
Size:   2264
Md5:    7364bf39dcf0941d3a1760e46a562710
Sha1:   a358405162193128cceae8551e14648798bd4254
Sha256: ba858c8ecc8f498253509a9251e5070ce3b3ad9950b704a22a9a1fb1efc62541
                                        
                                            GET /media/gambling/en/slotbar/img2.jpg HTTP/1.1 
Host: thetakebestbonus.life
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w23posn9l9i8n8ukiv556uia
Cookie: sid=t2~4zdnzsjnjfvxlaljnzju5xye
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         194.87.208.61
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Server: nginx
Date: Sun, 04 Dec 2022 08:41:05 GMT
Content-Length: 1297
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "92b944714cea3e478a8e50dea1a80b26"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172D8A3F463D353F
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Mon, 04 Dec 2023 08:41:05 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 50x50, components 3\012- data
Size:   1297
Md5:    92b944714cea3e478a8e50dea1a80b26
Sha1:   f12fc267be0ab02e2f3585b42df5b8c10d3cd3a5
Sha256: fa07d78345204bf48b255523990b544e1b28f9a7810aaf2b8a5a356d05575205
                                        
                                            GET /util/pgamble.js?v=8 HTTP/1.1 
Host: thetakebestbonus.life
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w23posn9l9i8n8ukiv556uia
Cookie: sid=t2~4zdnzsjnjfvxlaljnzju5xye
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         194.87.208.61
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Sun, 04 Dec 2022 08:41:05 GMT
Content-Length: 4237
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "c43bdd4ef0fd292dca304ff4c8f56058"
Last-Modified: Wed, 31 Aug 2022 09:38:18 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172D89B165C8BCAD
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Mon, 04 Dec 2023 08:41:05 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes


--- Additional Info ---
Magic:  ASCII text, with very long lines (4237), with no line terminators
Size:   4237
Md5:    c43bdd4ef0fd292dca304ff4c8f56058
Sha1:   62ddd2026ea77bc7e7bc0c479ecd1b645a5f3b95
Sha256: 270f557d605568785502706a54f3c43811958ffae143753a6515aa2c8d95ae2a
                                        
                                            GET /media/gambling/en/slotbar/win.mp3 HTTP/1.1 
Host: thetakebestbonus.life
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w23posn9l9i8n8ukiv556uia
Cookie: sid=t2~4zdnzsjnjfvxlaljnzju5xye
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         194.87.208.61
HTTP/1.1 206 Partial Content
Content-Type: audio/mpeg
                                        
Server: nginx
Date: Sun, 04 Dec 2022 08:41:05 GMT
Content-Length: 10391
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "bca40777013dec4a99eaa8b0b98a7fef"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
No-Gzip-Compression: true
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172D895D41CCE6F6
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Mon, 04 Dec 2023 08:41:05 GMT
Cache-Control: max-age=31536000, no-transform
Content-Range: bytes 0-10390/10391


--- Additional Info ---
Magic:  Audio file with ID3 version 2.3.0, contains: MPEG ADTS, layer III, v1, 32 kbps, 32 kHz, Monaural\012- data
Size:   10391
Md5:    bca40777013dec4a99eaa8b0b98a7fef
Sha1:   bc1c833577a1dcd82ad01a90e82898bc7b47cad7
Sha256: 635e9ee8fcd18bd4c3ae173f00f4c5cbf15ee90a27a302440e2e77c371314176
                                        
                                            GET /media/gambling/en/slotbar/spin.mp3 HTTP/1.1 
Host: thetakebestbonus.life
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w23posn9l9i8n8ukiv556uia
Cookie: sid=t2~4zdnzsjnjfvxlaljnzju5xye
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         194.87.208.61
HTTP/1.1 206 Partial Content
Content-Type: audio/mpeg
                                        
Server: nginx
Date: Sun, 04 Dec 2022 08:41:05 GMT
Content-Length: 8784
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "5a2e10964c7fea8b0181831184bc0d97"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
No-Gzip-Compression: true
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172D895D42F4F435
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Mon, 04 Dec 2023 08:41:05 GMT
Cache-Control: max-age=31536000, no-transform
Content-Range: bytes 0-8783/8784


--- Additional Info ---
Magic:  MPEG ADTS, layer III, v2, 32 kbps, 16 kHz, JntStereo\012- data
Size:   8784
Md5:    5a2e10964c7fea8b0181831184bc0d97
Sha1:   8f5233dd6be372e7749c6cd8440db5b43de5a9c9
Sha256: 9b8fa3d6ccb98804102ffd59ee70c19e5d7ca7efabbe6c0d4471a1935348ee3d
                                        
                                            GET /media/gambling/en/slotbar/9PH2QqX.jpg HTTP/1.1 
Host: thetakebestbonus.life
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w23posn9l9i8n8ukiv556uia
Cookie: sid=t2~4zdnzsjnjfvxlaljnzju5xye
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         194.87.208.61
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Server: nginx
Date: Sun, 04 Dec 2022 08:41:05 GMT
Content-Length: 2143
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "f48aa7778890400e3be6131e64cd4236"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172D8A3F79737F45
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Mon, 04 Dec 2023 08:41:05 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes


--- Additional Info ---
Magic:  JPEG image data, baseline, precision 8, 50x50, components 3\012- data
Size:   2143
Md5:    f48aa7778890400e3be6131e64cd4236
Sha1:   9341d039b9f7de4eac9070c36fecac2772cc1ba0
Sha256: 388e1eb0cb648490ea1c4913f4ea3128f3fbfbda0608bf85e471d947db905302
                                        
                                            GET /media/gambling/en/slotbar/7wSpKDu.jpg HTTP/1.1 
Host: thetakebestbonus.life
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w23posn9l9i8n8ukiv556uia
Cookie: sid=t2~4zdnzsjnjfvxlaljnzju5xye
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         194.87.208.61
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Server: nginx
Date: Sun, 04 Dec 2022 08:41:05 GMT
Content-Length: 2037
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "6d02d5cf49120718501b9a6629290c48"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172D8A3F71E91CE9
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Mon, 04 Dec 2023 08:41:05 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes


--- Additional Info ---
Magic:  JPEG image data, baseline, precision 8, 50x50, components 3\012- data
Size:   2037
Md5:    6d02d5cf49120718501b9a6629290c48
Sha1:   a7bfde16cd37f6a331e8f17fbfc2f1772a5929a1
Sha256: 84d7f0648aeba8d80bb0f47e781cba8955b8fa7425748d9830c7a8c9bc35e5e9
                                        
                                            GET /media/gambling/en/slotbar/plR22yu.jpg HTTP/1.1 
Host: thetakebestbonus.life
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w23posn9l9i8n8ukiv556uia
Cookie: sid=t2~4zdnzsjnjfvxlaljnzju5xye
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         194.87.208.61
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Server: nginx
Date: Sun, 04 Dec 2022 08:41:05 GMT
Content-Length: 1017
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "7a532123e2eda81e018b8c1f90c8b3bd"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172D8A3F9D7C1F0B
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Mon, 04 Dec 2023 08:41:05 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 51x51, components 3\012- data
Size:   1017
Md5:    7a532123e2eda81e018b8c1f90c8b3bd
Sha1:   e03576434acd69d708fae0f3f8df07e93d152280
Sha256: 9545948eefe774be5121de01ef9c14207891c35116bba14056471a59e4c212a1
                                        
                                            GET /media/gambling/en/slotbar/DsrKpkj.jpg HTTP/1.1 
Host: thetakebestbonus.life
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w23posn9l9i8n8ukiv556uia
Cookie: sid=t2~4zdnzsjnjfvxlaljnzju5xye
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         194.87.208.61
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Server: nginx
Date: Sun, 04 Dec 2022 08:41:05 GMT
Content-Length: 1506
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "0d0f29abfcedc7dfffe3811a5100a6cd"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172D8A3F9081C1B4
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Mon, 04 Dec 2023 08:41:05 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 48x48, components 3\012- data
Size:   1506
Md5:    0d0f29abfcedc7dfffe3811a5100a6cd
Sha1:   19567e85aab4fd05d752cfa86f88087465042b0a
Sha256: e3da7d20be42da6e260d3085d2a3f3965a549065345ee2d139e28625104e2393
                                        
                                            GET /media/gambling/en/slotbar/yEUMY3v.jpg HTTP/1.1 
Host: thetakebestbonus.life
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w23posn9l9i8n8ukiv556uia
Cookie: sid=t2~4zdnzsjnjfvxlaljnzju5xye
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         194.87.208.61
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Server: nginx
Date: Sun, 04 Dec 2022 08:41:05 GMT
Content-Length: 1608
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "5da3831556c780010e0e5c5b967e43ce"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172D8A3F84B5AB82
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Mon, 04 Dec 2023 08:41:05 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 50x50, components 3\012- data
Size:   1608
Md5:    5da3831556c780010e0e5c5b967e43ce
Sha1:   574623afde349258b91d44849ef16d483b61e223
Sha256: 45f901bd7a281c73db028f014eb9196ad0297d6eaede94151bf2832946eb8f07
                                        
                                            GET /media/gambling/en/slotbar/KqX499j.png HTTP/1.1 
Host: thetakebestbonus.life
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w23posn9l9i8n8ukiv556uia
Cookie: sid=t2~4zdnzsjnjfvxlaljnzju5xye
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         194.87.208.61
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: nginx
Date: Sun, 04 Dec 2022 08:41:05 GMT
Content-Length: 2153
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "8fe70ee687801d77e99e45efa5af9aa7"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172D8A3F93760BF2
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Mon, 04 Dec 2023 08:41:05 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes


--- Additional Info ---
Magic:  PNG image data, 48 x 48, 8-bit colormap, non-interlaced\012- data
Size:   2153
Md5:    8fe70ee687801d77e99e45efa5af9aa7
Sha1:   e49eefbb1115151d92af0285dc58416f0e9ab0f1
Sha256: 4d1d8a5b765092760f02f78036d8df58ad04f835c15619e9522c3f2ac932a0da
                                        
                                            GET /media/gambling/en/slotbar/slot-result-2.png HTTP/1.1 
Host: thetakebestbonus.life
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w23posn9l9i8n8ukiv556uia
Cookie: sid=t2~4zdnzsjnjfvxlaljnzju5xye
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         194.87.208.61
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: nginx
Date: Sun, 04 Dec 2022 08:41:05 GMT
Content-Length: 25004
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "4922e4f8c0c5d208c89921d9a525cbe5"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172D893D5E50C68B
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Mon, 04 Dec 2023 08:41:05 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes


--- Additional Info ---
Magic:  PNG image data, 410 x 279, 8-bit colormap, non-interlaced\012- data
Size:   25004
Md5:    4922e4f8c0c5d208c89921d9a525cbe5
Sha1:   b756a0d6c3f726f00300c87fac1d3a915784ebdf
Sha256: f13a99343fae8de26ee2e996fcc80487e9687ac5929eefd899db967fd124208c
                                        
                                            GET /media/gambling/en/slotbar/yWwCB4c.jpg HTTP/1.1 
Host: thetakebestbonus.life
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w23posn9l9i8n8ukiv556uia
Cookie: sid=t2~4zdnzsjnjfvxlaljnzju5xye
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         194.87.208.61
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Server: nginx
Date: Sun, 04 Dec 2022 08:41:05 GMT
Content-Length: 2336
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "5edf4db493423ac10c72a27ad5c4a618"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172D8A3F606400DF
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Mon, 04 Dec 2023 08:41:05 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes


--- Additional Info ---
Magic:  JPEG image data, baseline, precision 8, 50x50, components 3\012- data
Size:   2336
Md5:    5edf4db493423ac10c72a27ad5c4a618
Sha1:   5c535d00eaeaa725b39e3e1167a12de5bd66a1f2
Sha256: a7c86ca5470f7d68b4c5f1c87f29f7daf816d1bd95353091bba8753341bb6f5f
                                        
                                            GET /media/gambling/en/slotbar/slot-result-1.png HTTP/1.1 
Host: thetakebestbonus.life
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w23posn9l9i8n8ukiv556uia
Cookie: sid=t2~4zdnzsjnjfvxlaljnzju5xye
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         194.87.208.61
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: nginx
Date: Sun, 04 Dec 2022 08:41:05 GMT
Content-Length: 19469
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "54c5bc3e91c88eeff2a8f7f9b07f1fe1"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172D893D4AA4D230
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Mon, 04 Dec 2023 08:41:05 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes


--- Additional Info ---
Magic:  PNG image data, 410 x 279, 8-bit colormap, non-interlaced\012- data
Size:   19469
Md5:    54c5bc3e91c88eeff2a8f7f9b07f1fe1
Sha1:   2751cefef9a5045394300d8bfc97e40bc0b7cd9a
Sha256: 989811ca7ffc1465a01cba4e46074e231acb6cf0881a0bb82652025f5cefa3de
                                        
                                            GET /media/gambling/en/slotbar/red-arrow-right.png HTTP/1.1 
Host: thetakebestbonus.life
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w23posn9l9i8n8ukiv556uia
Cookie: sid=t2~4zdnzsjnjfvxlaljnzju5xye
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         194.87.208.61
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: nginx
Date: Sun, 04 Dec 2022 08:41:05 GMT
Content-Length: 1089
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "c4d30de24dab6f826e7f27286beaceaa"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172D89B725978DA8
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Mon, 04 Dec 2023 08:41:05 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes


--- Additional Info ---
Magic:  PNG image data, 50 x 50, 8-bit colormap, non-interlaced\012- data
Size:   1089
Md5:    c4d30de24dab6f826e7f27286beaceaa
Sha1:   b42751f5e5ebb1561fc9809235df332e8eb0f8c8
Sha256: 124c45624ec8d62cec06559dcfcd78ae0c686964ffe05911a836a0e4e1410081
                                        
                                            GET /media/gambling/en/slotbar/slot-spin.gif HTTP/1.1 
Host: thetakebestbonus.life
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w23posn9l9i8n8ukiv556uia
Cookie: sid=t2~4zdnzsjnjfvxlaljnzju5xye
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         194.87.208.61
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx
Date: Sun, 04 Dec 2022 08:41:05 GMT
Content-Length: 87599
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "617c16c5e04c8603dd7f157862b1c682"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172D893D26E4C2F8
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Mon, 04 Dec 2023 08:41:05 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes


--- Additional Info ---
Magic:  GIF image data, version 89a, 410 x 279\012- data
Size:   87599
Md5:    617c16c5e04c8603dd7f157862b1c682
Sha1:   1306296f9a666a7fc50f339a2a924ce8a3a18169
Sha256: 7f8e36cf7ac437d7c42440ef5f522c8e27adb06348b573192308038fa7c1dc7e
                                        
                                            GET /media/gambling/en/slotbar/slot-start.png HTTP/1.1 
Host: thetakebestbonus.life
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w23posn9l9i8n8ukiv556uia
Cookie: sid=t2~4zdnzsjnjfvxlaljnzju5xye
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         194.87.208.61
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: nginx
Date: Sun, 04 Dec 2022 08:41:05 GMT
Content-Length: 24873
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "794c929de9d8b06cf941920aeeceecee"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172D893D222439CF
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Mon, 04 Dec 2023 08:41:05 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes


--- Additional Info ---
Magic:  PNG image data, 410 x 279, 8-bit colormap, non-interlaced\012- data
Size:   24873
Md5:    794c929de9d8b06cf941920aeeceecee
Sha1:   e411636320af6e768cdde0a1ed3cc3cbc5eecc11
Sha256: c9b63b519ca7e209c7adc6268f0112d83913e09ec44bebb3a8308897eebdef6f
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: thetakebestbonus.life
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w23posn9l9i8n8ukiv556uia
Cookie: sid=t2~4zdnzsjnjfvxlaljnzju5xye
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

search
                                         194.87.208.61
HTTP/1.1 204 No Content
                                        
Server: nginx
Date: Sun, 04 Dec 2022 08:41:06 GMT
Connection: keep-alive
Cache-Control: no-transform