Report - strk.enlnks.com/aff_c?offer_id=118&aff_id=471&url_id=103&aff_sub5=MTgxMjUxMzQ=&affsrc=1&aff

Report Overview

Submitted URL
strk.enlnks.com/aff_c?offer_id=118&aff_id=471&url_id=103&aff_sub5=MTgxMjUxMzQ=&affsrc=1&aff_sub4=image
IP
67.227.226.240
ASN
#32244 LIQUIDWEB
Submitted
2022-12-05 21:56:59
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
22

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.4 kB	6.2 kB	23.36.77.32
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	229 B	34.117.237.239
ayxvy.voluumtrk3.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	704 B	580 B	35.156.201.169
gaut-hil.com	342928	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.9 kB	93 kB	3.212.50.125
ajax.googleapis.com	12905	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	397 B	31 kB	142.250.74.170
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
ocsp.sca1b.amazontrust.com	1015	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	700 B	2.0 kB	143.204.42.156
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	686 B	1.4 kB	142.250.74.131
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	54.189.139.67
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.8 kB	64 kB	34.120.237.76
thetakebestbonus.life	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	16 kB	208 kB	194.87.208.61
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	682 B	1.6 kB	93.184.220.29
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	34.102.187.140
strk.enlnks.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.5 kB	3.8 kB	67.227.226.240

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-12-05	medium	thetakebestbonus.life/media/gambling/icon.js	Phishing
2022-12-05	medium	thetakebestbonus.life/cookie/js.cookie9.js	Phishing
2022-12-05	medium	thetakebestbonus.life/media/gambling/backbutton_gmb.js	Phishing
2022-12-05	medium	thetakebestbonus.life/media/gambling/en/slotbar/comment.js	Phishing
2022-12-05	medium	thetakebestbonus.life/media/gambling/en/slotbar/returnDate.no.js	Phishing
2022-12-05	medium	thetakebestbonus.life/media/gambling/exit_gmb.js	Phishing
2022-12-05	medium	thetakebestbonus.life/media/gambling/confetti.js	Phishing
2022-12-05	medium	thetakebestbonus.life/util/utils-gmb.js	Phishing
2022-12-05	medium	thetakebestbonus.life/util/pgamble.js?v=8	Phishing
2022-12-05	medium	thetakebestbonus.life/media/gambling/en/slotbar/win.mp3	Phishing
2022-12-05	medium	thetakebestbonus.life/media/gambling/en/slotbar/spin.mp3	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (23)

	URL	Size	First Seen	Last Seen
	thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9ngqaqj10bgadvki0950sck	137 B	2023-03-07	2023-03-26
Pretty URL thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9ngqaqj10bgadvki0950sck IP 194.87.208.61 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:34:56 Last Seen2023-03-26 07:00:47 Times Seen4 Hash 3778be95a54238774f511c2de56898ec d713d093c13a25726c776bf727e1fda1367677f9 41f062642149fb093841bcb5ff96742d477dc62862776d8e8a99f4bb9f97c93d Loading...

	thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9ngqaqj10bgadvki0950sck	2.7 kB	2023-03-07	2023-03-26
Pretty URL thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9ngqaqj10bgadvki0950sck IP 194.87.208.61 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:34:56 Last Seen2023-03-26 07:00:47 Times Seen4 Hash e01ed3a5a74f1e4aaba7ab9320b3183e dcbd931d929ab6fa189771367de447ff823d48af 245a4d0540c219b56dba2e91313857aa5454f15efb64e85c837fec4bcbe8addb Loading...

	thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9ngqaqj10bgadvki0950sck	1.2 kB	2023-03-07	2023-03-26
Pretty URL thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9ngqaqj10bgadvki0950sck IP 194.87.208.61 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:34:56 Last Seen2023-03-26 07:00:47 Times Seen4 Hash efc716a57e6c470d3a60e4f6aa6234cd 255272f2adcac4213270ca8fe27f7816e4d87849 62b86fa757fe7e1454bcab09cc85e26deb0f0f75696dc7423e1ffea8c2269308 Loading...

	strk.enlnks.com/page/bouncy.php?&bpae=GbhGtKvmvUx797vvfXEniLD22kviQDG7Bf42VunQHkyXUINhH9ZDOs3mGLrsLz6TiG1%2BZdyS%2FsawQr2iq99r%2FVbCor7Sp3VRBNUxj1gH65FdM5RanRuzc%2FzUcdhIBWaSLNSyhM7nXYHw%2BtAzjVUZCUSTyw3eF9Fm%2B7F4zGDJVHFDjj850yikeRt2fFEgNmGk67pZSiYFT3FWnEYj1NmG7rq67W3u9SGX1UTAvMsiWaw3onVkIjcULqOV9%2BU2EWS%2BZQV8%2Fp5FWMWOhh1q%2F7ME6KeubXeKK7XLcV10YMIsEvGOu54YZ%2BG0u%2B3vn1Cku9et3EC08715%2FZTeKQBX5ot1qsnoz7lXoh9bhMz2kQ0YVnlhe5h0O1tu71d3k5tzrYp0G0H3ufBcgFJTcsJJxTsqYeIKpFk9m7WxL0bIMkyGVMENZfAwK7WJS7oSnq2gvYnY5gW7Io4%2FHVP7hfDePnSaOigyy5vEyUGocOdizoEEWr%2BCuSKbmpZiAifPIQ%3D%3D&redirectType=js&inIframe=false&inPopUp=false	702 B	2023-03-08	2023-03-08
Pretty URL strk.enlnks.com/page/bouncy.php?&bpae=GbhGtKvmvUx797vvfXEniLD22kviQDG7Bf42VunQHkyXUINhH9ZDOs3mGLrsLz6TiG1%2BZdyS%2FsawQr2iq99r%2FVbCor7Sp3VRBNUxj1gH65FdM5RanRuzc%2FzUcdhIBWaSLNSyhM7nXYHw%2BtAzjVUZCUSTyw3eF9Fm%2B7F4zGDJVHFDjj850yikeRt2fFEgNmGk67pZSiYFT3FWnEYj1NmG7rq67W3u9SGX1UTAvMsiWaw3onVkIjcULqOV9%2BU2EWS%2BZQV8%2Fp5FWMWOhh1q%2F7ME6KeubXeKK7XLcV10YMIsEvGOu54YZ%2BG0u%2B3vn1Cku9et3EC08715%2FZTeKQBX5ot1qsnoz7lXoh9bhMz2kQ0YVnlhe5h0O1tu71d3k5tzrYp0G0H3ufBcgFJTcsJJxTsqYeIKpFk9m7WxL0bIMkyGVMENZfAwK7WJS7oSnq2gvYnY5gW7Io4%2FHVP7hfDePnSaOigyy5vEyUGocOdizoEEWr%2BCuSKbmpZiAifPIQ%3D%3D&redirectType=js&inIframe=false&inPopUp=false IP 67.227.226.240 ASN #32244 LIQUIDWEB Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 19:51:09 Last Seen2023-03-08 19:51:09 Times Seen1 Hash 44b7ef7d0a4659ff04ec70c8e9ba47ff 0d73af2b348b8352334daca70bf7bc941ffca180 1ea9cbfb0dce051595d261e5dd44b363f8e2bd1f84874b95b19f1a636f5718e5 Loading...

	thetakebestbonus.life/media/gambling/sound.js	1.1 kB	2023-03-07	2024-04-18
Pretty URL thetakebestbonus.life/media/gambling/sound.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:18:07 Last Seen2024-04-18 09:49:16 Times Seen524 Hash 3787b349cb8b744b6917fe43f96b1ccd ab26d82699a166f520a51f722bc6262ef1d5421f 8e4cbdda4f0a209714e470984de7250f946c3afd35ded05302ef431be048e918 Loading...

	thetakebestbonus.life/util/utils-gmb.js	4.7 kB	2023-03-07	2024-01-05
Pretty URL thetakebestbonus.life/util/utils-gmb.js IP 194.87.208.61 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:18:07 Last Seen2024-01-05 11:49:30 Times Seen500 Hash 570df3f849036a1a4a75ca2a28047d36 f69147076e3912116a9765a2ed34afe3cae67978 221e1a80f62592306f7a357aa9ee1a43b32a10314f340b64604ca9d351cf33c4 Loading...

	thetakebestbonus.life/media/gambling/en/slotbar/returnDate.no.js	1.2 kB	2023-03-07	2024-04-18
Pretty URL thetakebestbonus.life/media/gambling/en/slotbar/returnDate.no.js IP 194.87.208.61 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:34:56 Last Seen2024-04-18 16:45:26 Times Seen693 Hash dbdb981f8658c845968ec8226f81d1d8 d679b7bf47f71cd55b6c307cf96146a95660d667 5c9b1b4991000ba0178363dd1c57556fe2d6b433f6d4eef927c2cd15d55660fa Loading...

	thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9ngqaqj10bgadvki0950sck	23 B	2023-03-07	2024-04-18
Pretty URL thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9ngqaqj10bgadvki0950sck IP 194.87.208.61 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:34:56 Last Seen2024-04-18 16:45:26 Times Seen307 Hash df1b896f4fac3bd9289cb281825ec760 f23884052caeb422d137868f7256a442b353e704 82b015da06c8025a4c31b869996f8281cc0cfd74a333728684762861200bac5a Loading...

	thetakebestbonus.life/cookie/js.cookie9.js	4.4 kB	2023-03-07	2024-04-08
Pretty URL thetakebestbonus.life/cookie/js.cookie9.js IP 194.87.208.61 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:18:07 Last Seen2024-04-08 10:15:02 Times Seen439 Hash 16e07bf02a8e81d2cd5679dc45cc318c 7c205205935a3a56a8976b2ac648502b43103b5f 96e91577f6be403fc263780e07e6b7839373588026f793d2b4edd77dcbba871e Loading...

	thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9ngqaqj10bgadvki0950sck	885 B	2023-03-07	2023-03-26
Pretty URL thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9ngqaqj10bgadvki0950sck IP 194.87.208.61 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:34:56 Last Seen2023-03-26 07:00:47 Times Seen4 Hash e58a78c57ef24ce4cc3c0751a8fd6968 d8997952a4919e65acc85c84a9a6aba67fe2a0f2 eacc65db4509ff1c4ef3fce287b9c0ad97fa16ff2126d6e77b55c0ee5b000f10 Loading...

	thetakebestbonus.life/media/gambling/en/slotbar/comment.js	2.8 kB	2023-03-07	2024-04-08
Pretty URL thetakebestbonus.life/media/gambling/en/slotbar/comment.js IP 194.87.208.61 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:34:56 Last Seen2024-04-08 10:15:02 Times Seen80 Hash 8441712705c040dc2ecfd7966c11f131 2f776d7927b20cf9813436f83e3007002979cccb b18340e4cacb8244292577c44d3a37be71c75977ab74e417c8b8cb0da4d84246 Loading...

	strk.enlnks.com/aff_c?offer_id=118&aff_id=471&url_id=103&aff_sub5=MTgxMjUxMzQ=&affsrc=1&aff_sub4=image	1.6 kB	2023-03-08	2023-03-08
Pretty URL strk.enlnks.com/aff_c?offer_id=118&aff_id=471&url_id=103&aff_sub5=MTgxMjUxMzQ=&affsrc=1&aff_sub4=image IP 67.227.226.240 ASN #32244 LIQUIDWEB Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 19:51:09 Last Seen2023-03-08 19:51:09 Times Seen1 Hash c94799553ac9a4640adf708e53b77c5a 7a549fa624a0487df2cad2fce55662f8cd489444 f922f6a482283adb4ee950b0d7d02b5a0f7d275ad34623cfe8c77e158d631fd7 Loading...

	gaut-hil.com/zcredirect?visitid=b6e742b5-74e7-11ed-897e-123db10d14c7&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false	291 B	2023-03-08	2023-03-08
Pretty URL gaut-hil.com/zcredirect?visitid=b6e742b5-74e7-11ed-897e-123db10d14c7&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false IP 3.212.50.125 ASN #14618 AMAZON-AES Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 19:51:09 Last Seen2023-03-08 19:51:09 Times Seen1 Hash c3827521d0ffda7ec9e58e2c06edf601 9a32dd00df1d5d2680a368b5da0fc4c0cdff1370 98ec7dcc220370511b9faa48408742d6586ab311e25cfc599ded741e38d3f31c Loading...

	thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9ngqaqj10bgadvki0950sck	526 B	2023-03-08	2023-03-08
Pretty URL thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9ngqaqj10bgadvki0950sck IP 194.87.208.61 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 19:51:09 Last Seen2023-03-08 19:51:09 Times Seen1 Hash 35ef649dc5ed71fdfdbec696015a743b 3e5f9790eed33118c6afbb33955574598e9817dc 52fa33ee5ce317c6e7a0c2797d9396e1be71a99a8e7bec130c778500e46696de Loading...

	thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9ngqaqj10bgadvki0950sck	372 B	2023-03-07	2023-03-26
Pretty URL thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9ngqaqj10bgadvki0950sck IP 194.87.208.61 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:34:56 Last Seen2023-03-26 07:00:47 Times Seen4 Hash 7032cc1633f9bcd04d1e931a4d2bb3ca f369bbc81cdaf178d22ba241d774d84bff979f90 9edffdf1bf3bb4e4a108389c694c92072a8b7cc81516a26f46746da832441136 Loading...

	thetakebestbonus.life/media/gambling/icon.js	1.6 kB	2023-03-07	2024-04-18
Pretty URL thetakebestbonus.life/media/gambling/icon.js IP 194.87.208.61 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:18:07 Last Seen2024-04-18 09:49:15 Times Seen527 Hash 2b25502a979c3b240fc77e52689e4c29 790d306577b490abe99d88fb55bce2e815689843 328a90c5503266ebe4dda1e9c84558e62016811f112a159aecb36fc489563577 Loading...

	thetakebestbonus.life/util/pgamble.js?v=8	4.2 kB	2023-03-08	2024-01-05
Pretty URL thetakebestbonus.life/util/pgamble.js?v=8 IP 194.87.208.61 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:28:43 Last Seen2024-01-05 11:49:30 Times Seen18 Hash c43bdd4ef0fd292dca304ff4c8f56058 62ddd2026ea77bc7e7bc0c479ecd1b645a5f3b95 270f557d605568785502706a54f3c43811958ffae143753a6515aa2c8d95ae2a Loading...

	thetakebestbonus.life/media/gambling/exit_gmb.js	1.6 kB	2023-03-07	2024-04-08
Pretty URL thetakebestbonus.life/media/gambling/exit_gmb.js IP 194.87.208.61 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:18:07 Last Seen2024-04-08 10:15:02 Times Seen267 Hash 5202df93e55f911a83a995fa38af7ee6 6c0ce8fd3d83e819b40bdff250b8c9331a2bbcf8 28ef9927757f823b79b11ebc2b24e22940e84492d5d78ede4591e4e520a43681 Loading...

	gaut-hil.com/zcvisitor/b6e742b5-74e7-11ed-897e-123db10d14c7/c48f16c0-a519-11ec-9226-0a76dcc61f13?campaignid=58a93170-2381-11ed-8e1b-0a918cbcbb97	849 B	2023-03-08	2023-03-08
Pretty URL gaut-hil.com/zcvisitor/b6e742b5-74e7-11ed-897e-123db10d14c7/c48f16c0-a519-11ec-9226-0a76dcc61f13?campaignid=58a93170-2381-11ed-8e1b-0a918cbcbb97 IP 3.212.50.125 ASN #14618 AMAZON-AES Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 19:51:09 Last Seen2023-03-08 19:51:09 Times Seen1 Hash ea7289ec96d7a4a432f4b35109767b25 780c61b0fde20b8502ed7f467ac91a22880880bf 6a5c45830e74e4b283cadf554ee8bc60a4ea3fbda531869334bee0216bb07c50 Loading...

	ajax.googleapis.com/ajax/libs/jquery/2.2.0/jquery.min.js	86 kB	2023-03-07	2024-04-18
Pretty URL ajax.googleapis.com/ajax/libs/jquery/2.2.0/jquery.min.js IP 142.250.74.170 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:01 Last Seen2024-04-18 14:39:06 Times Seen5762 Hash 6fc159d00dc3cea4153c038739683f93 5d7e5bbfa540f0e53bd599e4305e1a4e815b5dd1 8a102873a33f24f7eb22221e6b23c4f718e29f85168ecc769a35bfaed9b12cce Loading...

	thetakebestbonus.life/media/gambling/backbutton_gmb.js	3.9 kB	2023-03-07	2024-04-08
Pretty URL thetakebestbonus.life/media/gambling/backbutton_gmb.js IP 194.87.208.61 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:18:07 Last Seen2024-04-08 10:15:02 Times Seen438 Hash 42a42a2180debd55caba94527379964c 562c1754c94ce49326b0381805ee14d175487778 52afe26d88ec86edf4a46d872db86007597b8ff5f6d9e79e47c9e6b899d0b781 Loading...

	thetakebestbonus.life/media/gambling/confetti.js	3.5 kB	2023-03-07	2024-04-08
Pretty URL thetakebestbonus.life/media/gambling/confetti.js IP 194.87.208.61 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:18:07 Last Seen2024-04-08 10:15:02 Times Seen508 Hash 116c9460f5e882a7fcf4e837f7efc72a 13a88e74735d05985e5d07e8cbff716329f5d81c 651141c8290087af54c66793aa063ee5697661fb914925f56bd09390a2895ce4 Loading...

		Size	First Seen	Last Seen
	#1 Write - ca550fbdb654aece5a05ccf326cf5419	15 B	2023-03-08	2023-03-08
Pretty Observations First Seen2023-03-08 19:39:17 Last Seen2023-03-08 19:51:09 Times Seen1 Hash ca550fbdb654aece5a05ccf326cf5419 8f07f9b6c26bb997dba1a2c1e241a60b32c3f508 21d8dd3d8b832b06dc1483f0ef7c916b79ef1f680703cc85785487c862330380 Loading...

HTTP Transactions (63)

URL IP Response Size

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
cfec3d7283a9b66d2be426ce54d210f3
808c1feb1ba918951d1928c1f6bfc0c253262774
1bad6c06aa3e88dcbc125fc98a6cb753eb2b18d2c8dd61da21d12209aeeda3f9

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1BAD6C06AA3E88DCBC125FC98A6CB753EB2B18D2C8DD61DA21D12209AEEDA3F9"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5146
Expires: Mon, 05 Dec 2022 23:22:33 GMT
Date: Mon, 05 Dec 2022 21:56:47 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
ee088fab9b287e174cfd1f2c735a909f
25c3335b514a36ad1a24d00413d60c3d394f5161
494e96358ff12366213d7cc0f9197648c6c62ec14fa0d2c78732a683fa26b192

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 279
Cache-Control: max-age=131951
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 21:56:47 GMT
Etag: "638dc877-1d7"
Expires: Wed, 07 Dec 2022 10:35:58 GMT
Last-Modified: Mon, 05 Dec 2022 10:31:19 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471

firefox.settings.services.mozilla.com/v1/

34.102.187.140

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Type, Backoff, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 05 Dec 2022 21:18:31 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 2296
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1ea206ac3c440825741687351f8c6e4e
2f38dafd8c43dcce2411a0590bc5c02cd6286735
7d7232c8c91bcd18161ba2c9d23e3bff159604e058bd5b3fc1c7fcbcd03a7ee3

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7D7232C8C91BCD18161BA2C9D23E3BFF159604E058BD5B3FC1C7FCBCD03A7EE3"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8674
Expires: Tue, 06 Dec 2022 00:21:21 GMT
Date: Mon, 05 Dec 2022 21:56:47 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: aCJzhANc9X8W/cKSuKlo6ioDGzTbNj3Qz3lDdohtLq9gnJ9hH2rG1gcQ0QQui02BIWdjIs23AjQ=
x-amz-request-id: 0X1YMKMMDTP5HNWV
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 05 Dec 2022 21:48:40 GMT
age: 487
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 21:56:47 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

34.102.187.140

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, ETag, Alert, Expires, Cache-Control, Backoff, Content-Length, Content-Type, Pragma, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 05 Dec 2022 21:11:19 GMT
cache-control: public,max-age=3600
age: 2728
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

strk.enlnks.com/aff_c?offer_id=118&aff_id=471&url_id=103&aff_sub5=MTgxMjUxMzQ=&affsrc=1&aff_sub4=image

67.227.226.240

200 OK

2.3 kB

URL HTTP/1.1
strk.enlnks.com/aff_c?offer_id=118&aff_id=471&url_id=103&aff_sub5=MTgxMjUxMzQ=&affsrc=1&aff_sub4=image
IP
67.227.226.240:0
ASN
#32244 LIQUIDWEB

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (632)
Size
2.3 kB (2272 bytes)
Hash
a4c868d9675ce34fa094afff8cbe685a
805368f347241c26e2463ce02987e11e4c59b37e
1ebac2385646a67c4566579b8881ebdbd71ad26e143ee2a1b2a4639ae9292442

HTTP Headers

GET /aff_c?offer_id=118&aff_id=471&url_id=103&aff_sub5=MTgxMjUxMzQ=&affsrc=1&aff_sub4=image HTTP/1.1
Host: strk.enlnks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Mon, 05 Dec 2022 21:56:47 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9
X-Powered-By: PHP/5.4.16
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

strk.enlnks.com/page/bouncy.php?&bpae=GbhGtKvmvUx797vvfXEniLD22kviQDG7Bf42VunQHkyXUINhH9ZDOs3mGLrsLz6TiG1%2BZdyS%2FsawQr2iq99r%2FVbCor7Sp3VRBNUxj1gH65FdM5RanRuzc%2FzUcdhIBWaSLNSyhM7nXYHw%2BtAzjVUZCUSTyw3eF9Fm%2B7F4zGDJVHFDjj850yikeRt2fFEgNmGk67pZSiYFT3FWnEYj1NmG7rq67W3u9SGX1UTAvMsiWaw3onVkIjcULqOV9%2BU2EWS%2BZQV8%2Fp5FWMWOhh1q%2F7ME6KeubXeKK7XLcV10YMIsEvGOu54YZ%2BG0u%2B3vn1Cku9et3EC08715%2FZTeKQBX5ot1qsnoz7lXoh9bhMz2kQ0YVnlhe5h0O1tu71d3k5tzrYp0G0H3ufBcgFJTcsJJxTsqYeIKpFk9m7WxL0bIMkyGVMENZfAwK7WJS7oSnq2gvYnY5gW7Io4%2FHVP7hfDePnSaOigyy5vEyUGocOdizoEEWr%2BCuSKbmpZiAifPIQ%3D%3D&redirectType=js&inIframe=false&inPopUp=false

67.227.226.240

200 OK

982 B

URL HTTP/1.1
strk.enlnks.com/page/bouncy.php?&bpae=GbhGtKvmvUx797vvfXEniLD22kviQDG7Bf42VunQHkyXUINhH9ZDOs3mGLrsLz6TiG1%2BZdyS%2FsawQr2iq99r%2FVbCor7Sp3VRBNUxj1gH65FdM5RanRuzc%2FzUcdhIBWaSLNSyhM7nXYHw%2BtAzjVUZCUSTyw3eF9Fm%2B7F4zGDJVHFDjj850yikeRt2fFEgNmGk67pZSiYFT3FWnEYj1NmG7rq67W3u9SGX1UTAvMsiWaw3onVkIjcULqOV9%2BU2EWS%2BZQV8%2Fp5FWMWOhh1q%2F7ME6KeubXeKK7XLcV10YMIsEvGOu54YZ%2BG0u%2B3vn1Cku9et3EC08715%2FZTeKQBX5ot1qsnoz7lXoh9bhMz2kQ0YVnlhe5h0O1tu71d3k5tzrYp0G0H3ufBcgFJTcsJJxTsqYeIKpFk9m7WxL0bIMkyGVMENZfAwK7WJS7oSnq2gvYnY5gW7Io4%2FHVP7hfDePnSaOigyy5vEyUGocOdizoEEWr%2BCuSKbmpZiAifPIQ%3D%3D&redirectType=js&inIframe=false&inPopUp=false
IP
67.227.226.240:0
ASN
#32244 LIQUIDWEB

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text
Size
982 B (982 bytes)
Hash
07f7998e6741ec9bb59edcd00390c76e
85c89ab02ac789cdf541343f7ff4ac6b421944d4
5fbbc3a2bfc7b5827182872cd3531879002bffe60da4580d30ded4697a7522c8

HTTP Headers

GET /page/bouncy.php?&bpae=GbhGtKvmvUx797vvfXEniLD22kviQDG7Bf42VunQHkyXUINhH9ZDOs3mGLrsLz6TiG1%2BZdyS%2FsawQr2iq99r%2FVbCor7Sp3VRBNUxj1gH65FdM5RanRuzc%2FzUcdhIBWaSLNSyhM7nXYHw%2BtAzjVUZCUSTyw3eF9Fm%2B7F4zGDJVHFDjj850yikeRt2fFEgNmGk67pZSiYFT3FWnEYj1NmG7rq67W3u9SGX1UTAvMsiWaw3onVkIjcULqOV9%2BU2EWS%2BZQV8%2Fp5FWMWOhh1q%2F7ME6KeubXeKK7XLcV10YMIsEvGOu54YZ%2BG0u%2B3vn1Cku9et3EC08715%2FZTeKQBX5ot1qsnoz7lXoh9bhMz2kQ0YVnlhe5h0O1tu71d3k5tzrYp0G0H3ufBcgFJTcsJJxTsqYeIKpFk9m7WxL0bIMkyGVMENZfAwK7WJS7oSnq2gvYnY5gW7Io4%2FHVP7hfDePnSaOigyy5vEyUGocOdizoEEWr%2BCuSKbmpZiAifPIQ%3D%3D&redirectType=js&inIframe=false&inPopUp=false HTTP/1.1
Host: strk.enlnks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://strk.enlnks.com/aff_c?offer_id=118&aff_id=471&url_id=103&aff_sub5=MTgxMjUxMzQ=&affsrc=1&aff_sub4=image
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Mon, 05 Dec 2022 21:56:48 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9
X-Powered-By: PHP/5.4.16
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
2b9d6a686aa3c4ea24568425e43a5221
d53bb4c9579bd1db78a0520619e888aec79f750f
c38734a8dbe51217d73896c0bf7f5c38c107fd79e0dee24b717f130377e9b5f7

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 272
Cache-Control: max-age=126876
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 21:56:48 GMT
Etag: "638db4ac-1d7"
Expires: Wed, 07 Dec 2022 09:11:24 GMT
Last-Modified: Mon, 05 Dec 2022 09:06:52 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471

push.services.mozilla.com/

54.189.139.67

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
54.189.139.67:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: E9n0Wd0NQl+nwa/cApn/8g==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: A6HX8jDgN2uaB+tHBsNCNr45wBs=

ocsp.sca1b.amazontrust.com/

143.204.42.156

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
143.204.42.156:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
94eea522d5b7ce4eeaf5e27f3a615052
31a3c4ba593a343a5fda5bfc55b04e6aadfe68fe
67a7ac5bae21e0ec89f1d35f678a3778e0778a40a14fd536152ae51aa1f0110d

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=139455
Date: Mon, 05 Dec 2022 21:56:48 GMT
Etag: "638dd24c-1d7"
Expires: Wed, 07 Dec 2022 12:41:03 GMT
Last-Modified: Mon, 05 Dec 2022 11:13:16 GMT
Server: ECS (dcb/7EA6)
X-Cache: Miss from cloudfront
Via: 1.1 dac7cf040932e0c072eeed10afdd7b3e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: lLfRVeMKgDrbCdHFM4yI60UDKLVUeQpfy09bwM4wk_FQbaIJJjFXvQ==
Age: 5268

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4955
Expires: Mon, 05 Dec 2022 23:19:23 GMT
Date: Mon, 05 Dec 2022 21:56:48 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4955
Expires: Mon, 05 Dec 2022 23:19:23 GMT
Date: Mon, 05 Dec 2022 21:56:48 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4955
Expires: Mon, 05 Dec 2022 23:19:23 GMT
Date: Mon, 05 Dec 2022 21:56:48 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4955
Expires: Mon, 05 Dec 2022 23:19:23 GMT
Date: Mon, 05 Dec 2022 21:56:48 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae18d1b5-3b75-4897-bd1b-03651e437c2e.jpeg

34.120.237.76

200 OK

4.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae18d1b5-3b75-4897-bd1b-03651e437c2e.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.7 kB (4666 bytes)
Hash
c01fe1cccdb3b672bbade6d98217ffe9
a9a529dc9894827f6243a1bf57f81caa4fe88fc2
c43da6212c79a08e22e78e04e99e8f5422e64b4b0a87f30b7907f1b4bc675c71

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae18d1b5-3b75-4897-bd1b-03651e437c2e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4666
x-amzn-requestid: 850d341f-5ccb-453c-8adf-a8194f8fbdad
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: clr_-GiboAMFwww=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc066-766293f2526e637235067aca;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:32:22 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: z5uqgjB-Bsl0U55a8aFi37cpJ65Vnbjm6bJ2GnMpaO7RXsMZsOCbPQ==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 21:44:01 GMT
age: 767
etag: "a9a529dc9894827f6243a1bf57f81caa4fe88fc2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa99f7bcf-386e-4655-b6f0-99abdf67f097.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.5 kB (8469 bytes)
Hash
2f60a6490f38a772dcd50a1132e98e1b
ff254a1df087d2c157d88a6ef04e395dc49efe5e
653e40becd103cd76cc2f194a87e933e8c548d346f87520fefca3b16430fc4ab

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa99f7bcf-386e-4655-b6f0-99abdf67f097.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8469
x-amzn-requestid: c17eff92-da62-4f0f-9e75-2741012ec43a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: co_sqFSjoAMFQ6w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638d131d-61d61d2f0bb01ecb21b809ea;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 21:37:33 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: i6QasBBRK9APW19sH0DdOipvUJA3gWj0CAMTzt7ejRCOk_V2psz-Xw==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 21:45:47 GMT
age: 661
etag: "ff254a1df087d2c157d88a6ef04e395dc49efe5e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60dcc231-abb7-48f1-8ec5-e25b31bd100b.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10396 bytes)
Hash
24c69d7ef356b352956d6dcbc9f5df1d
2cc31dc1c5d2d2a8b3a378dce8a1240a79acfec9
94d068620c34652cb2d24ca8b3cf962febe9606e6d3a33d937fc9d99f176edef

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60dcc231-abb7-48f1-8ec5-e25b31bd100b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10396
x-amzn-requestid: b879fd2e-b6cf-4373-b780-2d97481c45f8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cioNbH5KoAMFUsA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638a8722-6add7f8e225878473b20c015;Sampled=0
x-amzn-remapped-date: Fri, 02 Dec 2022 23:15:46 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ir97GJKaFoW6BNXCcmMqp0JSUd5JhCACyUvLh5G-0BWCDVJsqs7XhQ==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 22:03:01 GMT
age: 86027
etag: "2cc31dc1c5d2d2a8b3a378dce8a1240a79acfec9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd528f6ee-d348-431d-8220-5c8b154b2941.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.3 kB (8315 bytes)
Hash
db1701b7b9d161a0c935bb6e10b17893
22a8c4bd58c729c1abcf794466e8f3231dfb034b
b495524a33e5b1d3ba34cfbe867ada0da956c061370b1fcde06b23a6194a9787

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd528f6ee-d348-431d-8220-5c8b154b2941.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8315
x-amzn-requestid: aa72885c-526c-4100-92bd-79a57fc1f8e5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csUIZGwYoAMF9oA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e6702-6f95d0a22aabb116475015f7;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:47:46 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 08MfpNdMldGUIdGmOoEM5aMfKKIyp_e8UFWc_kpWHlNqwXypqIyDoQ==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 21:52:50 GMT
age: 238
etag: "22a8c4bd58c729c1abcf794466e8f3231dfb034b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3af2e495-85ff-410f-8418-e683c7f84bcd.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.7 kB (7728 bytes)
Hash
027480c06cd67621f373c6765dafee4d
9f80bb7ca6f699d88eaec2248dec508c589fe994
f69a0d6bd6e79d8fa7f2f15df11237c0a8b04d45af3cd5870eeef86d18f553bf

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3af2e495-85ff-410f-8418-e683c7f84bcd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7728
x-amzn-requestid: 9f37e7a6-1f00-4a81-9b14-962fd0b6cdf4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: clsAMEJxoAMFchQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc067-4a4cce217327b44525ea1e98;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:32:23 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: PGz98Kv7xrcdfvzwMFbA9V206DdlXitB-Xk8dllnaLlk1QMhZZEs9Q==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 82ea95080f526df99896343fb7269b06.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 22:03:04 GMT
age: 86024
etag: "9f80bb7ca6f699d88eaec2248dec508c589fe994"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df54ea7-8915-4ac7-af2b-6a71ce14dbf4.webp
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.7 kB (5681 bytes)
Hash
43309032a892c486f9985ef520df696e
36f4682ca6a33ff80ee02129c77e6f27e996ede0
24225ff504f30405d9ec3feb2555c738fcca0d6b265f285aa9c73a64c78a496e

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df54ea7-8915-4ac7-af2b-6a71ce14dbf4.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5681
x-amzn-requestid: 0850cc40-af60-4f51-8dfa-5e12f42c5d28
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csUP-E_koAMFvmw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e6732-6370b1cb77478c6c73003536;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:48:34 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: moVR9xHj5QojDqE3Vc7-ggjAbhzvdunEX7nmPRuzLPLfN3J46mzloQ==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 21:52:43 GMT
age: 245
etag: "36f4682ca6a33ff80ee02129c77e6f27e996ede0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

gaut-hil.com/favicon.ico

3.212.50.125

404 Not Found

653 B

URL HTTP/2
gaut-hil.com/favicon.ico
IP
3.212.50.125:0
ASN
#14618 AMAZON-AES

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (649), with no line terminators
Size
653 B (653 bytes)
Hash
ba2732b1b2fa2626ffaa15f62f9e7d66
203d4e7fbb1d80449d6e4e1f3ae7a9bf8625debe
879861cb72fe9fbb476dab246021c4c83b4066327de2529e05ec54d3afb0a1c8

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: gaut-hil.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gaut-hil.com/zcredirect?visitid=b6e742b5-74e7-11ed-897e-123db10d14c7&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 404 Not Found
date: Mon, 05 Dec 2022 21:56:48 GMT
content-type: text/html;charset=utf-8
content-length: 653
cache-control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-webkit-csp: default-src 'self'; script-src 'self' 'unsafe-inline'
content-language: en
server: mpZxJHbV
X-Firefox-Spdy: h2

ocsp.sca1b.amazontrust.com/

143.204.42.156

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
143.204.42.156:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
1860c75e20c9515f27695b565f17d175
567a2c56e67f2ae5e5f68480eaa2b333c6034653
85e8d3822ef0050dfb438b2dff8132fea13e044318be4e1dfd5318c145923dad

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=88815
Date: Mon, 05 Dec 2022 21:56:49 GMT
Etag: "638d2110-1d7"
Expires: Tue, 06 Dec 2022 22:37:04 GMT
Last-Modified: Sun, 04 Dec 2022 22:37:04 GMT
Server: nginx
X-Cache: Miss from cloudfront
Via: 1.1 dac7cf040932e0c072eeed10afdd7b3e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: joz3e8OObIQgYfU709xher-a3uCUneEMAVog-X1MzRWlA0OReXwKxw==

ayxvy.voluumtrk3.com/zp-redirect?target=https%3A%2F%2Fthetakebestbonus.life%2F%3Fu%3Dxunwwwr%26o%3Db0hp0zn%26cid%3Dw9ngqaqj10bgadvki0950sck&caid=c3ff4655-a271-48ad-90d6-849e63bfb180&zpid=b6e742b5-74e7-11ed-897e-123db10d14c7&cid=w9ngqaqj10bgadvki0950sck&rt=R

35.156.201.169

302 Found

0 B

URL HTTP/2
ayxvy.voluumtrk3.com/zp-redirect?target=https%3A%2F%2Fthetakebestbonus.life%2F%3Fu%3Dxunwwwr%26o%3Db0hp0zn%26cid%3Dw9ngqaqj10bgadvki0950sck&caid=c3ff4655-a271-48ad-90d6-849e63bfb180&zpid=b6e742b5-74e7-11ed-897e-123db10d14c7&cid=w9ngqaqj10bgadvki0950sck&rt=R
IP
35.156.201.169:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /zp-redirect?target=https%3A%2F%2Fthetakebestbonus.life%2F%3Fu%3Dxunwwwr%26o%3Db0hp0zn%26cid%3Dw9ngqaqj10bgadvki0950sck&caid=c3ff4655-a271-48ad-90d6-849e63bfb180&zpid=b6e742b5-74e7-11ed-897e-123db10d14c7&cid=w9ngqaqj10bgadvki0950sck&rt=R HTTP/1.1
Host: ayxvy.voluumtrk3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gaut-hil.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
date: Mon, 05 Dec 2022 21:56:49 GMT
content-length: 0
location: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9ngqaqj10bgadvki0950sck
cache-control: no-store, no-cache, pre-check=0, post-check=0
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
set-cookie: voluum-cid-v4=%7B%22cid%22%3A%22w9ngqaqj10bgadvki0950sck%22%2C%22caid%22%3A%22c3ff4655-a271-48ad-90d6-849e63bfb180%22%7D; Max-Age=31536000; Expires=Tue, 05-Dec-2023 21:56:49 GMT; Domain=ayxvy.voluumtrk3.com; Path=/; Secure; HttpOnly;SameSite=None
server: nginx
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
0d41b00a452be05a7b5cb871386b6be9
ffba1ae0d8fdfed40bc43b6dec681e7366e5b766
683401e48314ba5b468d05199b744e6db899eb6eb3ca88155e7d973e66abe414

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "683401E48314BA5B468D05199B744E6DB899EB6EB3CA88155E7D973E66ABE414"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11276
Expires: Tue, 06 Dec 2022 01:04:46 GMT
Date: Mon, 05 Dec 2022 21:56:50 GMT
Connection: keep-alive

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
7dfb548d8f8a99d32050803775fad5d6
8b47999a01db7c2217d76a1cec576809a229cf1b
68dd2a1e5a0002f4d25d3b5884ab55bc6b5a91e38f6dc464c4261b19c6e5887e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 21:56:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ajax.googleapis.com/ajax/libs/jquery/2.2.0/jquery.min.js

142.250.74.170

200 OK

30 kB

URL HTTP/2
ajax.googleapis.com/ajax/libs/jquery/2.2.0/jquery.min.js
IP
142.250.74.170:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (32069)
Size
30 kB (30089 bytes)
Hash
4ae540714475aa934955496d990ab15f
b7724c4d72a422b86f5dc06571ff4bc86f0308a3
ca0222f8799d862ca8c427d6c612878f47043c9445ad0e1567f1f80e83c965e2

HTTP Headers

GET /ajax/libs/jquery/2.2.0/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30089
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 04 Dec 2022 15:15:39 GMT
expires: Mon, 04 Dec 2023 15:15:39 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
age: 110471
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
7dfb548d8f8a99d32050803775fad5d6
8b47999a01db7c2217d76a1cec576809a229cf1b
68dd2a1e5a0002f4d25d3b5884ab55bc6b5a91e38f6dc464c4261b19c6e5887e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 21:56:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9ngqaqj10bgadvki0950sck

194.87.208.61

200 OK

19 kB

URL HTTP/1.1
thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9ngqaqj10bgadvki0950sck
IP
194.87.208.61:0
ASN
#0

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with very long lines (552)
Size
19 kB (19425 bytes)
Hash
22cd78a027d47f4546a2fde5f789a9c3
23de47ecf487bf940a4a5f76edb65120e24a4276
6b37974a4dc5fa13406f5c2b65b9f454a61d527668ed2ac16d7ed8d45f7cdb5e

HTTP Headers

GET /?u=xunwwwr&o=b0hp0zn&cid=w9ngqaqj10bgadvki0950sck HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gaut-hil.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Dec 2022 21:56:50 GMT
Content-Type: text/html
Content-Length: 19425
Connection: keep-alive
set-cookie: sid=t2~zq3sbwcxftniqtzcwdssgskg; path=/
cache-control: private, no-transform

thetakebestbonus.life/media/gambling/icon.js

194.87.208.61

200 OK

1.6 kB

URL HTTP/1.1
thetakebestbonus.life/media/gambling/icon.js
IP
194.87.208.61:0
ASN
#0

File type
ASCII text, with CRLF line terminators
Size
1.6 kB (1580 bytes)
Hash
2b25502a979c3b240fc77e52689e4c29
790d306577b490abe99d88fb55bce2e815689843
328a90c5503266ebe4dda1e9c84558e62016811f112a159aecb36fc489563577

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /media/gambling/icon.js HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9ngqaqj10bgadvki0950sck
Cookie: sid=t2~zq3sbwcxftniqtzcwdssgskg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Dec 2022 21:56:50 GMT
Content-Type: application/javascript
Content-Length: 1580
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "2b25502a979c3b240fc77e52689e4c29"
Last-Modified: Wed, 31 Aug 2022 09:34:54 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E03714A9CB942
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Tue, 05 Dec 2023 21:56:50 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes

gaut-hil.com/zcvisitor/b6e742b5-74e7-11ed-897e-123db10d14c7/c48f16c0-a519-11ec-9226-0a76dcc61f13?campaignid=58a93170-2381-11ed-8e1b-0a918cbcbb97

3.212.50.125

200 OK

2.2 kB

URL HTTP/2
gaut-hil.com/zcvisitor/b6e742b5-74e7-11ed-897e-123db10d14c7/c48f16c0-a519-11ec-9226-0a76dcc61f13?campaignid=58a93170-2381-11ed-8e1b-0a918cbcbb97
IP
3.212.50.125:0
ASN
#14618 AMAZON-AES

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size
2.2 kB (2181 bytes)
Hash
5396fd758b6971048eb3ffc689aae69f
a786f4143f65509f5199f7ef6d437ac20fa1b3e5
533ab7a7529d877e1a50c82e08612a6afcc924cb8fef9c71fb2dee3a9b0e559c

HTTP Headers

GET /zcvisitor/b6e742b5-74e7-11ed-897e-123db10d14c7/c48f16c0-a519-11ec-9226-0a76dcc61f13?campaignid=58a93170-2381-11ed-8e1b-0a918cbcbb97 HTTP/1.1
Host: gaut-hil.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://strk.enlnks.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Mon, 05 Dec 2022 21:56:48 GMT
content-type: text/html;charset=UTF-8
cache-control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-webkit-csp: default-src 'self'; script-src 'self' 'unsafe-inline'
access-control-allow-origin: *
access-control-allow-methods: GET,POST,OPTIONS
access-control-allow-headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
server: mpZxJHbV
X-Firefox-Spdy: h2

thetakebestbonus.life/cookie/js.cookie9.js

194.87.208.61

200 OK

4.4 kB

URL HTTP/1.1
thetakebestbonus.life/cookie/js.cookie9.js
IP
194.87.208.61:0
ASN
#0

File type
ASCII text, with very long lines (1709)
Size
4.4 kB (4395 bytes)
Hash
16e07bf02a8e81d2cd5679dc45cc318c
7c205205935a3a56a8976b2ac648502b43103b5f
96e91577f6be403fc263780e07e6b7839373588026f793d2b4edd77dcbba871e

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /cookie/js.cookie9.js HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9ngqaqj10bgadvki0950sck
Cookie: sid=t2~zq3sbwcxftniqtzcwdssgskg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Dec 2022 21:56:50 GMT
Content-Type: application/javascript
Content-Length: 4395
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "16e07bf02a8e81d2cd5679dc45cc318c"
Last-Modified: Wed, 31 Aug 2022 09:31:17 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E032652999335
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Tue, 05 Dec 2023 21:56:50 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes

thetakebestbonus.life/media/gambling/backbutton_gmb.js

194.87.208.61

200 OK

3.9 kB

URL HTTP/1.1
thetakebestbonus.life/media/gambling/backbutton_gmb.js
IP
194.87.208.61:0
ASN
#0

File type
ASCII text, with CRLF line terminators
Size
3.9 kB (3923 bytes)
Hash
42a42a2180debd55caba94527379964c
562c1754c94ce49326b0381805ee14d175487778
52afe26d88ec86edf4a46d872db86007597b8ff5f6d9e79e47c9e6b899d0b781

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /media/gambling/backbutton_gmb.js HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9ngqaqj10bgadvki0950sck
Cookie: sid=t2~zq3sbwcxftniqtzcwdssgskg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Dec 2022 21:56:50 GMT
Content-Type: application/javascript
Content-Length: 3923
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "42a42a2180debd55caba94527379964c"
Last-Modified: Wed, 31 Aug 2022 09:34:51 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E03DAAF0C824A
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Tue, 05 Dec 2023 21:56:50 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes

thetakebestbonus.life/media/gambling/en/slotbar/comment.js

194.87.208.61

200 OK

2.8 kB

URL HTTP/1.1
thetakebestbonus.life/media/gambling/en/slotbar/comment.js
IP
194.87.208.61:0
ASN
#0

File type
ASCII text, with very long lines (2753), with no line terminators
Size
2.8 kB (2753 bytes)
Hash
8441712705c040dc2ecfd7966c11f131
2f776d7927b20cf9813436f83e3007002979cccb
b18340e4cacb8244292577c44d3a37be71c75977ab74e417c8b8cb0da4d84246

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /media/gambling/en/slotbar/comment.js HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9ngqaqj10bgadvki0950sck
Cookie: sid=t2~zq3sbwcxftniqtzcwdssgskg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Dec 2022 21:56:50 GMT
Content-Type: application/javascript
Content-Length: 2753
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "8441712705c040dc2ecfd7966c11f131"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E0370DE44E0A0
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Tue, 05 Dec 2023 21:56:50 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes

thetakebestbonus.life/media/gambling/en/slotbar/returnDate.no.js

194.87.208.61

200 OK

1.2 kB

URL HTTP/1.1
thetakebestbonus.life/media/gambling/en/slotbar/returnDate.no.js
IP
194.87.208.61:0
ASN
#0

File type
Unicode text, UTF-8 text
Size
1.2 kB (1242 bytes)
Hash
dbdb981f8658c845968ec8226f81d1d8
d679b7bf47f71cd55b6c307cf96146a95660d667
5c9b1b4991000ba0178363dd1c57556fe2d6b433f6d4eef927c2cd15d55660fa

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /media/gambling/en/slotbar/returnDate.no.js HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9ngqaqj10bgadvki0950sck
Cookie: sid=t2~zq3sbwcxftniqtzcwdssgskg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Dec 2022 21:56:50 GMT
Content-Type: application/javascript
Content-Length: 1242
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "dbdb981f8658c845968ec8226f81d1d8"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E0474A87600F0
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Tue, 05 Dec 2023 21:56:50 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes

thetakebestbonus.life/media/gambling/exit_gmb.js

194.87.208.61

200 OK

1.6 kB

URL HTTP/1.1
thetakebestbonus.life/media/gambling/exit_gmb.js
IP
194.87.208.61:0
ASN
#0

File type
ASCII text, with CRLF line terminators
Size
1.6 kB (1550 bytes)
Hash
5202df93e55f911a83a995fa38af7ee6
6c0ce8fd3d83e819b40bdff250b8c9331a2bbcf8
28ef9927757f823b79b11ebc2b24e22940e84492d5d78ede4591e4e520a43681

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /media/gambling/exit_gmb.js HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9ngqaqj10bgadvki0950sck
Cookie: sid=t2~zq3sbwcxftniqtzcwdssgskg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Dec 2022 21:56:51 GMT
Content-Type: application/javascript
Content-Length: 1550
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "5202df93e55f911a83a995fa38af7ee6"
Last-Modified: Wed, 31 Aug 2022 09:34:54 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E04412E5D57AE
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Tue, 05 Dec 2023 21:56:51 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes

thetakebestbonus.life/media/gambling/confetti.js

194.87.208.61

200 OK

3.5 kB

URL HTTP/1.1
thetakebestbonus.life/media/gambling/confetti.js
IP
194.87.208.61:0
ASN
#0

File type
ASCII text, with very long lines (3533), with no line terminators
Size
3.5 kB (3533 bytes)
Hash
116c9460f5e882a7fcf4e837f7efc72a
13a88e74735d05985e5d07e8cbff716329f5d81c
651141c8290087af54c66793aa063ee5697661fb914925f56bd09390a2895ce4

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /media/gambling/confetti.js HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9ngqaqj10bgadvki0950sck
Cookie: sid=t2~zq3sbwcxftniqtzcwdssgskg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Dec 2022 21:56:51 GMT
Content-Type: application/javascript
Content-Length: 3533
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "116c9460f5e882a7fcf4e837f7efc72a"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E032672375B29
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Tue, 05 Dec 2023 21:56:51 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes

thetakebestbonus.life/util/utils-gmb.js

194.87.208.61

200 OK

4.7 kB

URL HTTP/1.1
thetakebestbonus.life/util/utils-gmb.js
IP
194.87.208.61:0
ASN
#0

File type
ASCII text, with very long lines (641), with CRLF line terminators
Size
4.7 kB (4651 bytes)
Hash
570df3f849036a1a4a75ca2a28047d36
f69147076e3912116a9765a2ed34afe3cae67978
221e1a80f62592306f7a357aa9ee1a43b32a10314f340b64604ca9d351cf33c4

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /util/utils-gmb.js HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9ngqaqj10bgadvki0950sck
Cookie: sid=t2~zq3sbwcxftniqtzcwdssgskg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Dec 2022 21:56:51 GMT
Content-Type: application/javascript
Content-Length: 4651
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "570df3f849036a1a4a75ca2a28047d36"
Last-Modified: Wed, 31 Aug 2022 09:38:20 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E0327006511B0
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Tue, 05 Dec 2023 21:56:51 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes

thetakebestbonus.life/media/gambling/en/slotbar/style.css

194.87.208.61

200 OK

20 kB

URL HTTP/1.1
thetakebestbonus.life/media/gambling/en/slotbar/style.css
IP
194.87.208.61:0
ASN
#0

File type
ASCII text, with very long lines (492), with CRLF line terminators
Size
20 kB (20006 bytes)
Hash
8c38a209d98ec6a54d6b7cd42046af41
8b84ce3e95d745d2d6b6057344552b647aefe86d
d3b04d04ba4fa44ce3cee6fd4d97958d8ea9bebd93a14a12be14a3259fab0022

HTTP Headers

GET /media/gambling/en/slotbar/style.css HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9ngqaqj10bgadvki0950sck
Cookie: sid=t2~zq3sbwcxftniqtzcwdssgskg
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Dec 2022 21:56:50 GMT
Content-Type: text/css
Content-Length: 20006
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "8c38a209d98ec6a54d6b7cd42046af41"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E03E43F93B335
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Tue, 05 Dec 2023 21:56:50 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes

thetakebestbonus.life/media/gambling/en/slotbar/yWwCB4c.jpg

194.87.208.61

200 OK

2.3 kB

URL HTTP/1.1
thetakebestbonus.life/media/gambling/en/slotbar/yWwCB4c.jpg
IP
194.87.208.61:0
ASN
#0

File type
JPEG image data, baseline, precision 8, 50x50, components 3\012- data
Size
2.3 kB (2336 bytes)
Hash
5edf4db493423ac10c72a27ad5c4a618
5c535d00eaeaa725b39e3e1167a12de5bd66a1f2
a7c86ca5470f7d68b4c5f1c87f29f7daf816d1bd95353091bba8753341bb6f5f

HTTP Headers

GET /media/gambling/en/slotbar/yWwCB4c.jpg HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9ngqaqj10bgadvki0950sck
Cookie: sid=t2~zq3sbwcxftniqtzcwdssgskg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Dec 2022 21:56:51 GMT
Content-Type: image/jpeg
Content-Length: 2336
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "5edf4db493423ac10c72a27ad5c4a618"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E0419106C45D3
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Tue, 05 Dec 2023 21:56:51 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes

thetakebestbonus.life/media/gambling/en/slotbar/7wSpKDu.jpg

194.87.208.61

200 OK

2.0 kB

URL HTTP/1.1
thetakebestbonus.life/media/gambling/en/slotbar/7wSpKDu.jpg
IP
194.87.208.61:0
ASN
#0

File type
JPEG image data, baseline, precision 8, 50x50, components 3\012- data
Size
2.0 kB (2037 bytes)
Hash
6d02d5cf49120718501b9a6629290c48
a7bfde16cd37f6a331e8f17fbfc2f1772a5929a1
84d7f0648aeba8d80bb0f47e781cba8955b8fa7425748d9830c7a8c9bc35e5e9

HTTP Headers

GET /media/gambling/en/slotbar/7wSpKDu.jpg HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9ngqaqj10bgadvki0950sck
Cookie: sid=t2~zq3sbwcxftniqtzcwdssgskg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Dec 2022 21:56:51 GMT
Content-Type: image/jpeg
Content-Length: 2037
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "6d02d5cf49120718501b9a6629290c48"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E04191F93B5FF
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Tue, 05 Dec 2023 21:56:51 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes

thetakebestbonus.life/media/gambling/en/slotbar/img2.jpg

194.87.208.61

200 OK

1.3 kB

URL HTTP/1.1
thetakebestbonus.life/media/gambling/en/slotbar/img2.jpg
IP
194.87.208.61:0
ASN
#0

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 50x50, components 3\012- data
Size
1.3 kB (1297 bytes)
Hash
92b944714cea3e478a8e50dea1a80b26
f12fc267be0ab02e2f3585b42df5b8c10d3cd3a5
fa07d78345204bf48b255523990b544e1b28f9a7810aaf2b8a5a356d05575205

HTTP Headers

GET /media/gambling/en/slotbar/img2.jpg HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9ngqaqj10bgadvki0950sck
Cookie: sid=t2~zq3sbwcxftniqtzcwdssgskg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Dec 2022 21:56:51 GMT
Content-Type: image/jpeg
Content-Length: 1297
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "92b944714cea3e478a8e50dea1a80b26"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E04190B4EBA76
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Tue, 05 Dec 2023 21:56:51 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes

thetakebestbonus.life/media/gambling/en/slotbar/red-arrow-right.png

194.87.208.61

200 OK

1.1 kB

URL HTTP/1.1
thetakebestbonus.life/media/gambling/en/slotbar/red-arrow-right.png
IP
194.87.208.61:0
ASN
#0

File type
PNG image data, 50 x 50, 8-bit colormap, non-interlaced\012- data
Size
1.1 kB (1089 bytes)
Hash
c4d30de24dab6f826e7f27286beaceaa
b42751f5e5ebb1561fc9809235df332e8eb0f8c8
124c45624ec8d62cec06559dcfcd78ae0c686964ffe05911a836a0e4e1410081

HTTP Headers

GET /media/gambling/en/slotbar/red-arrow-right.png HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9ngqaqj10bgadvki0950sck
Cookie: sid=t2~zq3sbwcxftniqtzcwdssgskg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Dec 2022 21:56:51 GMT
Content-Type: image/png
Content-Length: 1089
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "c4d30de24dab6f826e7f27286beaceaa"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E0372C35F23A5
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Tue, 05 Dec 2023 21:56:51 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes

thetakebestbonus.life/media/gambling/en/slotbar/img1.jpg

194.87.208.61

200 OK

1.3 kB

URL HTTP/1.1
thetakebestbonus.life/media/gambling/en/slotbar/img1.jpg
IP
194.87.208.61:0
ASN
#0

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 50x50, components 3\012- data
Size
1.3 kB (1315 bytes)
Hash
c3c59916d3b4977017c89125dc42b664
c8e5a97a6e9fbf41558c09c65b2ca6df9ba8723a
aa05de326a8afd2a7b16c253d8c10fc41857b474f23a814ffa7684d4ef17c1a9

HTTP Headers

GET /media/gambling/en/slotbar/img1.jpg HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9ngqaqj10bgadvki0950sck
Cookie: sid=t2~zq3sbwcxftniqtzcwdssgskg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Dec 2022 21:56:51 GMT
Content-Type: image/jpeg
Content-Length: 1315
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "c3c59916d3b4977017c89125dc42b664"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E03AAFA8AD885
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Tue, 05 Dec 2023 21:56:51 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes

thetakebestbonus.life/media/gambling/en/slotbar/9PH2QqX.jpg

194.87.208.61

200 OK

2.1 kB

URL HTTP/1.1
thetakebestbonus.life/media/gambling/en/slotbar/9PH2QqX.jpg
IP
194.87.208.61:0
ASN
#0

File type
JPEG image data, baseline, precision 8, 50x50, components 3\012- data
Size
2.1 kB (2143 bytes)
Hash
f48aa7778890400e3be6131e64cd4236
9341d039b9f7de4eac9070c36fecac2772cc1ba0
388e1eb0cb648490ea1c4913f4ea3128f3fbfbda0608bf85e471d947db905302

HTTP Headers

GET /media/gambling/en/slotbar/9PH2QqX.jpg HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9ngqaqj10bgadvki0950sck
Cookie: sid=t2~zq3sbwcxftniqtzcwdssgskg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Dec 2022 21:56:51 GMT
Content-Type: image/jpeg
Content-Length: 2143
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "f48aa7778890400e3be6131e64cd4236"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E04192AC29B43
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Tue, 05 Dec 2023 21:56:51 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes

thetakebestbonus.life/media/gambling/en/slotbar/KqX499j.png

194.87.208.61

200 OK

2.2 kB

URL HTTP/1.1
thetakebestbonus.life/media/gambling/en/slotbar/KqX499j.png
IP
194.87.208.61:0
ASN
#0

File type
PNG image data, 48 x 48, 8-bit colormap, non-interlaced\012- data
Size
2.2 kB (2153 bytes)
Hash
8fe70ee687801d77e99e45efa5af9aa7
e49eefbb1115151d92af0285dc58416f0e9ab0f1
4d1d8a5b765092760f02f78036d8df58ad04f835c15619e9522c3f2ac932a0da

HTTP Headers

GET /media/gambling/en/slotbar/KqX499j.png HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9ngqaqj10bgadvki0950sck
Cookie: sid=t2~zq3sbwcxftniqtzcwdssgskg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Dec 2022 21:56:51 GMT
Content-Type: image/png
Content-Length: 2153
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "8fe70ee687801d77e99e45efa5af9aa7"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E04193EE623C8
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Tue, 05 Dec 2023 21:56:51 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes

thetakebestbonus.life/media/gambling/en/slotbar/yEUMY3v.jpg

194.87.208.61

200 OK

1.6 kB

URL HTTP/1.1
thetakebestbonus.life/media/gambling/en/slotbar/yEUMY3v.jpg
IP
194.87.208.61:0
ASN
#0

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 50x50, components 3\012- data
Size
1.6 kB (1608 bytes)
Hash
5da3831556c780010e0e5c5b967e43ce
574623afde349258b91d44849ef16d483b61e223
45f901bd7a281c73db028f014eb9196ad0297d6eaede94151bf2832946eb8f07

HTTP Headers

GET /media/gambling/en/slotbar/yEUMY3v.jpg HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9ngqaqj10bgadvki0950sck
Cookie: sid=t2~zq3sbwcxftniqtzcwdssgskg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Dec 2022 21:56:51 GMT
Content-Type: image/jpeg
Content-Length: 1608
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "5da3831556c780010e0e5c5b967e43ce"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E04193561617F
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Tue, 05 Dec 2023 21:56:51 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes

thetakebestbonus.life/media/gambling/en/slotbar/EKZrmbS.jpg

194.87.208.61

200 OK

2.3 kB

URL HTTP/1.1
thetakebestbonus.life/media/gambling/en/slotbar/EKZrmbS.jpg
IP
194.87.208.61:0
ASN
#0

File type
JPEG image data, baseline, precision 8, 50x50, components 3\012- data
Size
2.3 kB (2264 bytes)
Hash
7364bf39dcf0941d3a1760e46a562710
a358405162193128cceae8551e14648798bd4254
ba858c8ecc8f498253509a9251e5070ce3b3ad9950b704a22a9a1fb1efc62541

HTTP Headers

GET /media/gambling/en/slotbar/EKZrmbS.jpg HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9ngqaqj10bgadvki0950sck
Cookie: sid=t2~zq3sbwcxftniqtzcwdssgskg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Dec 2022 21:56:52 GMT
Content-Type: image/jpeg
Content-Length: 2264
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "7364bf39dcf0941d3a1760e46a562710"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E0419343A69EA
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Tue, 05 Dec 2023 21:56:52 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes

thetakebestbonus.life/util/pgamble.js?v=8

194.87.208.61

200 OK

4.2 kB

URL HTTP/1.1
thetakebestbonus.life/util/pgamble.js?v=8
IP
194.87.208.61:0
ASN
#0

File type
ASCII text, with very long lines (4237), with no line terminators
Size
4.2 kB (4237 bytes)
Hash
c43bdd4ef0fd292dca304ff4c8f56058
62ddd2026ea77bc7e7bc0c479ecd1b645a5f3b95
270f557d605568785502706a54f3c43811958ffae143753a6515aa2c8d95ae2a

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /util/pgamble.js?v=8 HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9ngqaqj10bgadvki0950sck
Cookie: sid=t2~zq3sbwcxftniqtzcwdssgskg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Dec 2022 21:56:51 GMT
Content-Type: application/javascript
Content-Length: 4237
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "c43bdd4ef0fd292dca304ff4c8f56058"
Last-Modified: Wed, 31 Aug 2022 09:38:18 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E03919779C7B2
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Tue, 05 Dec 2023 21:56:51 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes

thetakebestbonus.life/media/gambling/en/slotbar/win.mp3

194.87.208.61

206 Partial Content

10 kB

URL HTTP/1.1
thetakebestbonus.life/media/gambling/en/slotbar/win.mp3
IP
194.87.208.61:0
ASN
#0

File type
Audio file with ID3 version 2.3.0, contains: MPEG ADTS, layer III, v1, 32 kbps, 32 kHz, Monaural\012- data
Size
10 kB (10391 bytes)
Hash
bca40777013dec4a99eaa8b0b98a7fef
bc1c833577a1dcd82ad01a90e82898bc7b47cad7
635e9ee8fcd18bd4c3ae173f00f4c5cbf15ee90a27a302440e2e77c371314176

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /media/gambling/en/slotbar/win.mp3 HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9ngqaqj10bgadvki0950sck
Cookie: sid=t2~zq3sbwcxftniqtzcwdssgskg
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 206 Partial Content
Server: nginx
Date: Mon, 05 Dec 2022 21:56:52 GMT
Content-Type: audio/mpeg
Content-Length: 10391
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "bca40777013dec4a99eaa8b0b98a7fef"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
No-Gzip-Compression: true
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E0474ED3F99AA
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Tue, 05 Dec 2023 21:56:52 GMT
Cache-Control: max-age=31536000, no-transform
Content-Range: bytes 0-10390/10391

thetakebestbonus.life/media/gambling/en/slotbar/slot-start.png

194.87.208.61

200 OK

25 kB

URL HTTP/1.1
thetakebestbonus.life/media/gambling/en/slotbar/slot-start.png
IP
194.87.208.61:0
ASN
#0

File type
PNG image data, 410 x 279, 8-bit colormap, non-interlaced\012- data
Size
25 kB (24873 bytes)
Hash
794c929de9d8b06cf941920aeeceecee
e411636320af6e768cdde0a1ed3cc3cbc5eecc11
c9b63b519ca7e209c7adc6268f0112d83913e09ec44bebb3a8308897eebdef6f

HTTP Headers

GET /media/gambling/en/slotbar/slot-start.png HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9ngqaqj10bgadvki0950sck
Cookie: sid=t2~zq3sbwcxftniqtzcwdssgskg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Dec 2022 21:56:52 GMT
Content-Type: image/png
Content-Length: 24873
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "794c929de9d8b06cf941920aeeceecee"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E041894E4ADE3
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Tue, 05 Dec 2023 21:56:52 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes

thetakebestbonus.life/media/gambling/en/slotbar/plR22yu.jpg

194.87.208.61

200 OK

1.0 kB

URL HTTP/1.1
thetakebestbonus.life/media/gambling/en/slotbar/plR22yu.jpg
IP
194.87.208.61:0
ASN
#0

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 51x51, components 3\012- data
Size
1.0 kB (1017 bytes)
Hash
7a532123e2eda81e018b8c1f90c8b3bd
e03576434acd69d708fae0f3f8df07e93d152280
9545948eefe774be5121de01ef9c14207891c35116bba14056471a59e4c212a1

HTTP Headers

GET /media/gambling/en/slotbar/plR22yu.jpg HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9ngqaqj10bgadvki0950sck
Cookie: sid=t2~zq3sbwcxftniqtzcwdssgskg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Dec 2022 21:56:52 GMT
Content-Type: image/jpeg
Content-Length: 1017
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "7a532123e2eda81e018b8c1f90c8b3bd"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E0419498E850F
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Tue, 05 Dec 2023 21:56:52 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes

thetakebestbonus.life/media/gambling/en/slotbar/DsrKpkj.jpg

194.87.208.61

200 OK

1.5 kB

URL HTTP/1.1
thetakebestbonus.life/media/gambling/en/slotbar/DsrKpkj.jpg
IP
194.87.208.61:0
ASN
#0

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 48x48, components 3\012- data
Size
1.5 kB (1506 bytes)
Hash
0d0f29abfcedc7dfffe3811a5100a6cd
19567e85aab4fd05d752cfa86f88087465042b0a
e3da7d20be42da6e260d3085d2a3f3965a549065345ee2d139e28625104e2393

HTTP Headers

GET /media/gambling/en/slotbar/DsrKpkj.jpg HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9ngqaqj10bgadvki0950sck
Cookie: sid=t2~zq3sbwcxftniqtzcwdssgskg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Dec 2022 21:56:52 GMT
Content-Type: image/jpeg
Content-Length: 1506
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "0d0f29abfcedc7dfffe3811a5100a6cd"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E04194200AC1E
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Tue, 05 Dec 2023 21:56:52 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes

thetakebestbonus.life/media/gambling/en/slotbar/spin.mp3

194.87.208.61

206 Partial Content

8.8 kB

URL HTTP/1.1
thetakebestbonus.life/media/gambling/en/slotbar/spin.mp3
IP
194.87.208.61:0
ASN
#0

File type
MPEG ADTS, layer III, v2, 32 kbps, 16 kHz, JntStereo\012- data
Size
8.8 kB (8784 bytes)
Hash
5a2e10964c7fea8b0181831184bc0d97
8f5233dd6be372e7749c6cd8440db5b43de5a9c9
9b8fa3d6ccb98804102ffd59ee70c19e5d7ca7efabbe6c0d4471a1935348ee3d

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /media/gambling/en/slotbar/spin.mp3 HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9ngqaqj10bgadvki0950sck
Cookie: sid=t2~zq3sbwcxftniqtzcwdssgskg
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 206 Partial Content
Server: nginx
Date: Mon, 05 Dec 2022 21:56:52 GMT
Content-Type: audio/mpeg
Content-Length: 8784
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "5a2e10964c7fea8b0181831184bc0d97"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
No-Gzip-Compression: true
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E0474ED631C14
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Tue, 05 Dec 2023 21:56:52 GMT
Cache-Control: max-age=31536000, no-transform
Content-Range: bytes 0-8783/8784

thetakebestbonus.life/media/gambling/en/slotbar/3temv7e.jpg

194.87.208.61

200 OK

1.2 kB

URL HTTP/1.1
thetakebestbonus.life/media/gambling/en/slotbar/3temv7e.jpg
IP
194.87.208.61:0
ASN
#0

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 50x50, components 3\012- data
Size
1.2 kB (1169 bytes)
Hash
a848711320a9df61e6457f65b0dfa9fb
68a62a84d89f4f9e1e831a6cef920797c7f2e7d5
aea3443ffa2df4454daac365b37a61f9b9b1ba24dc0899ff3afca9f770765ce0

HTTP Headers

GET /media/gambling/en/slotbar/3temv7e.jpg HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9ngqaqj10bgadvki0950sck
Cookie: sid=t2~zq3sbwcxftniqtzcwdssgskg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Dec 2022 21:56:51 GMT
Content-Type: image/jpeg
Content-Length: 1169
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "a848711320a9df61e6457f65b0dfa9fb"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E041915144926
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Tue, 05 Dec 2023 21:56:51 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes

thetakebestbonus.life/media/gambling/en/slotbar/slot-win.png

194.87.208.61

200 OK

14 kB

URL HTTP/1.1
thetakebestbonus.life/media/gambling/en/slotbar/slot-win.png
IP
194.87.208.61:0
ASN
#0

File type
PNG image data, 410 x 279, 8-bit colormap, non-interlaced\012- data
Size
14 kB (13853 bytes)
Hash
efb5cc057d90910eac87b874ae4dba74
6e24b4b704bee110a184ebe7b560bd3e91c73171
89c8a97b460a4fdca3c3bae5cc2f0aac9ca347ba18b6edf90c1c83ea953a6194

HTTP Headers

GET /media/gambling/en/slotbar/slot-win.png HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9ngqaqj10bgadvki0950sck
Cookie: sid=t2~zq3sbwcxftniqtzcwdssgskg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Dec 2022 21:56:52 GMT
Content-Type: image/png
Content-Length: 13853
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "efb5cc057d90910eac87b874ae4dba74"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E02FE7629A26F
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Tue, 05 Dec 2023 21:56:52 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes

thetakebestbonus.life/media/gambling/en/slotbar/slot-result-1.png

194.87.208.61

200 OK

20 kB

URL HTTP/1.1
thetakebestbonus.life/media/gambling/en/slotbar/slot-result-1.png
IP
194.87.208.61:0
ASN
#0

File type
PNG image data, 410 x 279, 8-bit colormap, non-interlaced\012- data
Size
20 kB (19469 bytes)
Hash
54c5bc3e91c88eeff2a8f7f9b07f1fe1
2751cefef9a5045394300d8bfc97e40bc0b7cd9a
989811ca7ffc1465a01cba4e46074e231acb6cf0881a0bb82652025f5cefa3de

HTTP Headers

GET /media/gambling/en/slotbar/slot-result-1.png HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9ngqaqj10bgadvki0950sck
Cookie: sid=t2~zq3sbwcxftniqtzcwdssgskg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Dec 2022 21:56:52 GMT
Content-Type: image/png
Content-Length: 19469
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "54c5bc3e91c88eeff2a8f7f9b07f1fe1"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E043054BA6A76
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Tue, 05 Dec 2023 21:56:52 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes

thetakebestbonus.life/media/gambling/en/slotbar/red-arrow-left.png

194.87.208.61

200 OK

1.1 kB

URL HTTP/1.1
thetakebestbonus.life/media/gambling/en/slotbar/red-arrow-left.png
IP
194.87.208.61:0
ASN
#0

File type
PNG image data, 50 x 50, 8-bit colormap, non-interlaced\012- data
Size
1.1 kB (1059 bytes)
Hash
58f67f1674f5133b9925d3ae27dc0498
81c764ff6133a59dac942dfc76d77ee7c942fc03
29879956bc91fc604349179daa4c866d15cc6a6b120e0e6abb5ff0d078c7484b

HTTP Headers

GET /media/gambling/en/slotbar/red-arrow-left.png HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9ngqaqj10bgadvki0950sck
Cookie: sid=t2~zq3sbwcxftniqtzcwdssgskg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Dec 2022 21:56:52 GMT
Content-Type: image/png
Content-Length: 1059
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "58f67f1674f5133b9925d3ae27dc0498"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E0372A8BF8163
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Tue, 05 Dec 2023 21:56:52 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes

thetakebestbonus.life/media/gambling/en/slotbar/slot-result-2.png

194.87.208.61

200 OK

25 kB

URL HTTP/1.1
thetakebestbonus.life/media/gambling/en/slotbar/slot-result-2.png
IP
194.87.208.61:0
ASN
#0

File type
PNG image data, 410 x 279, 8-bit colormap, non-interlaced\012- data
Size
25 kB (25004 bytes)
Hash
4922e4f8c0c5d208c89921d9a525cbe5
b756a0d6c3f726f00300c87fac1d3a915784ebdf
f13a99343fae8de26ee2e996fcc80487e9687ac5929eefd899db967fd124208c

HTTP Headers

GET /media/gambling/en/slotbar/slot-result-2.png HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9ngqaqj10bgadvki0950sck
Cookie: sid=t2~zq3sbwcxftniqtzcwdssgskg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Dec 2022 21:56:52 GMT
Content-Type: image/png
Content-Length: 25004
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "4922e4f8c0c5d208c89921d9a525cbe5"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E02FE7565E027
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Tue, 05 Dec 2023 21:56:52 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes

gaut-hil.com/zcredirect?visitid=b6e742b5-74e7-11ed-897e-123db10d14c7&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false

3.212.50.125

200 OK

88 kB

URL HTTP/2
gaut-hil.com/zcredirect?visitid=b6e742b5-74e7-11ed-897e-123db10d14c7&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false
IP
3.212.50.125:0
ASN
#14618 AMAZON-AES

File type
data
Size
88 kB (88311 bytes)
Hash
d1c32501cb3a059070722f9405c07056
b7fea81bd096c91f44b42ee4ccb1dc63a849dccd
85c598302619e772eda9d52ae47f12d9f9d7afc3671db21fb4c500bb5de3c5df

HTTP Headers

GET /zcredirect?visitid=b6e742b5-74e7-11ed-897e-123db10d14c7&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false HTTP/1.1
Host: gaut-hil.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gaut-hil.com/zcvisitor/b6e742b5-74e7-11ed-897e-123db10d14c7/c48f16c0-a519-11ec-9226-0a76dcc61f13?campaignid=58a93170-2381-11ed-8e1b-0a918cbcbb97
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Mon, 05 Dec 2022 21:56:48 GMT
content-type: text/html;charset=UTF-8
cache-control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-webkit-csp: default-src 'self'; script-src 'self' 'unsafe-inline'
access-control-allow-origin: *
access-control-allow-methods: GET,POST,OPTIONS
access-control-allow-headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
redirected: JS
server: JObyVBjg
X-Firefox-Spdy: h2

thetakebestbonus.life/favicon.ico

194.87.208.61

204 No Content

0 B

URL HTTP/1.1
thetakebestbonus.life/favicon.ico
IP
194.87.208.61:0
ASN
#0

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9ngqaqj10bgadvki0950sck
Cookie: sid=t2~zq3sbwcxftniqtzcwdssgskg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 204 No Content
Server: nginx
Date: Mon, 05 Dec 2022 21:56:55 GMT
Connection: keep-alive
Cache-Control: no-transform

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fba66ee21-e2f8-434c-a2b3-004950fdfd58.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (11253 bytes)
Hash
557fea28a0a540d2ffdadd828e03de0b
c314368e2e73dabf2c5d856e2c3e1fae610a3005
0fdd195911cdfff46a6dd8ba7b760953e5317fd7ee88abf1e19458518979fdee

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fba66ee21-e2f8-434c-a2b3-004950fdfd58.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-length: 11253
x-amzn-requestid: e0561a00-8657-4af0-b24c-08b328282f79
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: co_wKE9coAMFjmQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638d1334-2844266d51d5c5672f34ff61;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 21:37:56 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: iT3IPDIK-qKf-y1_x7hZNSW-4GqKLNuX6U__8bY8eZP178PPnD0IeA==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 21:57:03 GMT
age: 86392
etag: "c314368e2e73dabf2c5d856e2c3e1fae610a3005"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (23)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations