r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash cfec3d7283a9b66d2be426ce54d210f3
808c1feb1ba918951d1928c1f6bfc0c253262774
1bad6c06aa3e88dcbc125fc98a6cb753eb2b18d2c8dd61da21d12209aeeda3f9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1BAD6C06AA3E88DCBC125FC98A6CB753EB2B18D2C8DD61DA21D12209AEEDA3F9"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5146
Expires: Mon, 05 Dec 2022 23:22:33 GMT
Date: Mon, 05 Dec 2022 21:56:47 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash ee088fab9b287e174cfd1f2c735a909f
25c3335b514a36ad1a24d00413d60c3d394f5161
494e96358ff12366213d7cc0f9197648c6c62ec14fa0d2c78732a683fa26b192
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 279
Cache-Control: max-age=131951
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 21:56:47 GMT
Etag: "638dc877-1d7"
Expires: Wed, 07 Dec 2022 10:35:58 GMT
Last-Modified: Mon, 05 Dec 2022 10:31:19 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Type, Backoff, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 05 Dec 2022 21:18:31 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 2296
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1ea206ac3c440825741687351f8c6e4e
2f38dafd8c43dcce2411a0590bc5c02cd6286735
7d7232c8c91bcd18161ba2c9d23e3bff159604e058bd5b3fc1c7fcbcd03a7ee3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7D7232C8C91BCD18161BA2C9D23E3BFF159604E058BD5B3FC1C7FCBCD03A7EE3"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8674
Expires: Tue, 06 Dec 2022 00:21:21 GMT
Date: Mon, 05 Dec 2022 21:56:47 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: aCJzhANc9X8W/cKSuKlo6ioDGzTbNj3Qz3lDdohtLq9gnJ9hH2rG1gcQ0QQui02BIWdjIs23AjQ=
x-amz-request-id: 0X1YMKMMDTP5HNWV
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 05 Dec 2022 21:48:40 GMT
age: 487
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 05 Dec 2022 21:56:47 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, ETag, Alert, Expires, Cache-Control, Backoff, Content-Length, Content-Type, Pragma, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 05 Dec 2022 21:11:19 GMT
cache-control: public,max-age=3600
age: 2728
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
strk.enlnks.com/aff_c?offer_id=118&aff_id=471&url_id=103&aff_sub5=MTgxMjUxMzQ=&affsrc=1&aff_sub4=image
67.227.226.240200 OK 2.3 kB URL HTTP/1.1 strk.enlnks.com/aff_c?offer_id=118&aff_id=471&url_id=103&aff_sub5=MTgxMjUxMzQ=&affsrc=1&aff_sub4=image
IP 67.227.226.240:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (632)
Hash a4c868d9675ce34fa094afff8cbe685a
805368f347241c26e2463ce02987e11e4c59b37e
1ebac2385646a67c4566579b8881ebdbd71ad26e143ee2a1b2a4639ae9292442
GET /aff_c?offer_id=118&aff_id=471&url_id=103&aff_sub5=MTgxMjUxMzQ=&affsrc=1&aff_sub4=image HTTP/1.1
Host: strk.enlnks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Mon, 05 Dec 2022 21:56:47 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9
X-Powered-By: PHP/5.4.16
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
strk.enlnks.com/page/bouncy.php?&bpae=GbhGtKvmvUx797vvfXEniLD22kviQDG7Bf42VunQHkyXUINhH9ZDOs3mGLrsLz6TiG1%2BZdyS%2FsawQr2iq99r%2FVbCor7Sp3VRBNUxj1gH65FdM5RanRuzc%2FzUcdhIBWaSLNSyhM7nXYHw%2BtAzjVUZCUSTyw3eF9Fm%2B7F4zGDJVHFDjj850yikeRt2fFEgNmGk67pZSiYFT3FWnEYj1NmG7rq67W3u9SGX1UTAvMsiWaw3onVkIjcULqOV9%2BU2EWS%2BZQV8%2Fp5FWMWOhh1q%2F7ME6KeubXeKK7XLcV10YMIsEvGOu54YZ%2BG0u%2B3vn1Cku9et3EC08715%2FZTeKQBX5ot1qsnoz7lXoh9bhMz2kQ0YVnlhe5h0O1tu71d3k5tzrYp0G0H3ufBcgFJTcsJJxTsqYeIKpFk9m7WxL0bIMkyGVMENZfAwK7WJS7oSnq2gvYnY5gW7Io4%2FHVP7hfDePnSaOigyy5vEyUGocOdizoEEWr%2BCuSKbmpZiAifPIQ%3D%3D&redirectType=js&inIframe=false&inPopUp=false
67.227.226.240200 OK 982 B URL HTTP/1.1 strk.enlnks.com/page/bouncy.php?&bpae=GbhGtKvmvUx797vvfXEniLD22kviQDG7Bf42VunQHkyXUINhH9ZDOs3mGLrsLz6TiG1%2BZdyS%2FsawQr2iq99r%2FVbCor7Sp3VRBNUxj1gH65FdM5RanRuzc%2FzUcdhIBWaSLNSyhM7nXYHw%2BtAzjVUZCUSTyw3eF9Fm%2B7F4zGDJVHFDjj850yikeRt2fFEgNmGk67pZSiYFT3FWnEYj1NmG7rq67W3u9SGX1UTAvMsiWaw3onVkIjcULqOV9%2BU2EWS%2BZQV8%2Fp5FWMWOhh1q%2F7ME6KeubXeKK7XLcV10YMIsEvGOu54YZ%2BG0u%2B3vn1Cku9et3EC08715%2FZTeKQBX5ot1qsnoz7lXoh9bhMz2kQ0YVnlhe5h0O1tu71d3k5tzrYp0G0H3ufBcgFJTcsJJxTsqYeIKpFk9m7WxL0bIMkyGVMENZfAwK7WJS7oSnq2gvYnY5gW7Io4%2FHVP7hfDePnSaOigyy5vEyUGocOdizoEEWr%2BCuSKbmpZiAifPIQ%3D%3D&redirectType=js&inIframe=false&inPopUp=false
IP 67.227.226.240:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 07f7998e6741ec9bb59edcd00390c76e
85c89ab02ac789cdf541343f7ff4ac6b421944d4
5fbbc3a2bfc7b5827182872cd3531879002bffe60da4580d30ded4697a7522c8
GET /page/bouncy.php?&bpae=GbhGtKvmvUx797vvfXEniLD22kviQDG7Bf42VunQHkyXUINhH9ZDOs3mGLrsLz6TiG1%2BZdyS%2FsawQr2iq99r%2FVbCor7Sp3VRBNUxj1gH65FdM5RanRuzc%2FzUcdhIBWaSLNSyhM7nXYHw%2BtAzjVUZCUSTyw3eF9Fm%2B7F4zGDJVHFDjj850yikeRt2fFEgNmGk67pZSiYFT3FWnEYj1NmG7rq67W3u9SGX1UTAvMsiWaw3onVkIjcULqOV9%2BU2EWS%2BZQV8%2Fp5FWMWOhh1q%2F7ME6KeubXeKK7XLcV10YMIsEvGOu54YZ%2BG0u%2B3vn1Cku9et3EC08715%2FZTeKQBX5ot1qsnoz7lXoh9bhMz2kQ0YVnlhe5h0O1tu71d3k5tzrYp0G0H3ufBcgFJTcsJJxTsqYeIKpFk9m7WxL0bIMkyGVMENZfAwK7WJS7oSnq2gvYnY5gW7Io4%2FHVP7hfDePnSaOigyy5vEyUGocOdizoEEWr%2BCuSKbmpZiAifPIQ%3D%3D&redirectType=js&inIframe=false&inPopUp=false HTTP/1.1
Host: strk.enlnks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://strk.enlnks.com/aff_c?offer_id=118&aff_id=471&url_id=103&aff_sub5=MTgxMjUxMzQ=&affsrc=1&aff_sub4=image
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Mon, 05 Dec 2022 21:56:48 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9
X-Powered-By: PHP/5.4.16
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 2b9d6a686aa3c4ea24568425e43a5221
d53bb4c9579bd1db78a0520619e888aec79f750f
c38734a8dbe51217d73896c0bf7f5c38c107fd79e0dee24b717f130377e9b5f7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 272
Cache-Control: max-age=126876
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 21:56:48 GMT
Etag: "638db4ac-1d7"
Expires: Wed, 07 Dec 2022 09:11:24 GMT
Last-Modified: Mon, 05 Dec 2022 09:06:52 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
54.189.139.67101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.189.139.67:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: E9n0Wd0NQl+nwa/cApn/8g==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: A6HX8jDgN2uaB+tHBsNCNr45wBs=
ocsp.sca1b.amazontrust.com/
143.204.42.156200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.156:0
Hash 94eea522d5b7ce4eeaf5e27f3a615052
31a3c4ba593a343a5fda5bfc55b04e6aadfe68fe
67a7ac5bae21e0ec89f1d35f678a3778e0778a40a14fd536152ae51aa1f0110d
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=139455
Date: Mon, 05 Dec 2022 21:56:48 GMT
Etag: "638dd24c-1d7"
Expires: Wed, 07 Dec 2022 12:41:03 GMT
Last-Modified: Mon, 05 Dec 2022 11:13:16 GMT
Server: ECS (dcb/7EA6)
X-Cache: Miss from cloudfront
Via: 1.1 dac7cf040932e0c072eeed10afdd7b3e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: lLfRVeMKgDrbCdHFM4yI60UDKLVUeQpfy09bwM4wk_FQbaIJJjFXvQ==
Age: 5268
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4955
Expires: Mon, 05 Dec 2022 23:19:23 GMT
Date: Mon, 05 Dec 2022 21:56:48 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4955
Expires: Mon, 05 Dec 2022 23:19:23 GMT
Date: Mon, 05 Dec 2022 21:56:48 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4955
Expires: Mon, 05 Dec 2022 23:19:23 GMT
Date: Mon, 05 Dec 2022 21:56:48 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4955
Expires: Mon, 05 Dec 2022 23:19:23 GMT
Date: Mon, 05 Dec 2022 21:56:48 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae18d1b5-3b75-4897-bd1b-03651e437c2e.jpeg
34.120.237.76200 OK 4.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae18d1b5-3b75-4897-bd1b-03651e437c2e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c01fe1cccdb3b672bbade6d98217ffe9
a9a529dc9894827f6243a1bf57f81caa4fe88fc2
c43da6212c79a08e22e78e04e99e8f5422e64b4b0a87f30b7907f1b4bc675c71
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae18d1b5-3b75-4897-bd1b-03651e437c2e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4666
x-amzn-requestid: 850d341f-5ccb-453c-8adf-a8194f8fbdad
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: clr_-GiboAMFwww=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc066-766293f2526e637235067aca;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:32:22 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: z5uqgjB-Bsl0U55a8aFi37cpJ65Vnbjm6bJ2GnMpaO7RXsMZsOCbPQ==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 21:44:01 GMT
age: 767
etag: "a9a529dc9894827f6243a1bf57f81caa4fe88fc2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa99f7bcf-386e-4655-b6f0-99abdf67f097.jpeg
34.120.237.76200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa99f7bcf-386e-4655-b6f0-99abdf67f097.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2f60a6490f38a772dcd50a1132e98e1b
ff254a1df087d2c157d88a6ef04e395dc49efe5e
653e40becd103cd76cc2f194a87e933e8c548d346f87520fefca3b16430fc4ab
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa99f7bcf-386e-4655-b6f0-99abdf67f097.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8469
x-amzn-requestid: c17eff92-da62-4f0f-9e75-2741012ec43a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: co_sqFSjoAMFQ6w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638d131d-61d61d2f0bb01ecb21b809ea;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 21:37:33 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: i6QasBBRK9APW19sH0DdOipvUJA3gWj0CAMTzt7ejRCOk_V2psz-Xw==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 21:45:47 GMT
age: 661
etag: "ff254a1df087d2c157d88a6ef04e395dc49efe5e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60dcc231-abb7-48f1-8ec5-e25b31bd100b.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60dcc231-abb7-48f1-8ec5-e25b31bd100b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 24c69d7ef356b352956d6dcbc9f5df1d
2cc31dc1c5d2d2a8b3a378dce8a1240a79acfec9
94d068620c34652cb2d24ca8b3cf962febe9606e6d3a33d937fc9d99f176edef
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60dcc231-abb7-48f1-8ec5-e25b31bd100b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10396
x-amzn-requestid: b879fd2e-b6cf-4373-b780-2d97481c45f8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cioNbH5KoAMFUsA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638a8722-6add7f8e225878473b20c015;Sampled=0
x-amzn-remapped-date: Fri, 02 Dec 2022 23:15:46 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ir97GJKaFoW6BNXCcmMqp0JSUd5JhCACyUvLh5G-0BWCDVJsqs7XhQ==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 22:03:01 GMT
age: 86027
etag: "2cc31dc1c5d2d2a8b3a378dce8a1240a79acfec9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd528f6ee-d348-431d-8220-5c8b154b2941.jpeg
34.120.237.76200 OK 8.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd528f6ee-d348-431d-8220-5c8b154b2941.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash db1701b7b9d161a0c935bb6e10b17893
22a8c4bd58c729c1abcf794466e8f3231dfb034b
b495524a33e5b1d3ba34cfbe867ada0da956c061370b1fcde06b23a6194a9787
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd528f6ee-d348-431d-8220-5c8b154b2941.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8315
x-amzn-requestid: aa72885c-526c-4100-92bd-79a57fc1f8e5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csUIZGwYoAMF9oA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e6702-6f95d0a22aabb116475015f7;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:47:46 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 08MfpNdMldGUIdGmOoEM5aMfKKIyp_e8UFWc_kpWHlNqwXypqIyDoQ==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 21:52:50 GMT
age: 238
etag: "22a8c4bd58c729c1abcf794466e8f3231dfb034b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3af2e495-85ff-410f-8418-e683c7f84bcd.jpeg
34.120.237.76200 OK 7.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3af2e495-85ff-410f-8418-e683c7f84bcd.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 027480c06cd67621f373c6765dafee4d
9f80bb7ca6f699d88eaec2248dec508c589fe994
f69a0d6bd6e79d8fa7f2f15df11237c0a8b04d45af3cd5870eeef86d18f553bf
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3af2e495-85ff-410f-8418-e683c7f84bcd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7728
x-amzn-requestid: 9f37e7a6-1f00-4a81-9b14-962fd0b6cdf4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: clsAMEJxoAMFchQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc067-4a4cce217327b44525ea1e98;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:32:23 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: PGz98Kv7xrcdfvzwMFbA9V206DdlXitB-Xk8dllnaLlk1QMhZZEs9Q==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 82ea95080f526df99896343fb7269b06.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 22:03:04 GMT
age: 86024
etag: "9f80bb7ca6f699d88eaec2248dec508c589fe994"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df54ea7-8915-4ac7-af2b-6a71ce14dbf4.webp
34.120.237.76200 OK 5.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df54ea7-8915-4ac7-af2b-6a71ce14dbf4.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 43309032a892c486f9985ef520df696e
36f4682ca6a33ff80ee02129c77e6f27e996ede0
24225ff504f30405d9ec3feb2555c738fcca0d6b265f285aa9c73a64c78a496e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df54ea7-8915-4ac7-af2b-6a71ce14dbf4.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5681
x-amzn-requestid: 0850cc40-af60-4f51-8dfa-5e12f42c5d28
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csUP-E_koAMFvmw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e6732-6370b1cb77478c6c73003536;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:48:34 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: moVR9xHj5QojDqE3Vc7-ggjAbhzvdunEX7nmPRuzLPLfN3J46mzloQ==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 21:52:43 GMT
age: 245
etag: "36f4682ca6a33ff80ee02129c77e6f27e996ede0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
gaut-hil.com/favicon.ico
3.212.50.125404 Not Found 653 B IP 3.212.50.125:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (649), with no line terminators
Hash ba2732b1b2fa2626ffaa15f62f9e7d66
203d4e7fbb1d80449d6e4e1f3ae7a9bf8625debe
879861cb72fe9fbb476dab246021c4c83b4066327de2529e05ec54d3afb0a1c8
GET /favicon.ico HTTP/1.1
Host: gaut-hil.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gaut-hil.com/zcredirect?visitid=b6e742b5-74e7-11ed-897e-123db10d14c7&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
date: Mon, 05 Dec 2022 21:56:48 GMT
content-type: text/html;charset=utf-8
content-length: 653
cache-control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-webkit-csp: default-src 'self'; script-src 'self' 'unsafe-inline'
content-language: en
server: mpZxJHbV
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.156200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.156:0
Hash 1860c75e20c9515f27695b565f17d175
567a2c56e67f2ae5e5f68480eaa2b333c6034653
85e8d3822ef0050dfb438b2dff8132fea13e044318be4e1dfd5318c145923dad
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=88815
Date: Mon, 05 Dec 2022 21:56:49 GMT
Etag: "638d2110-1d7"
Expires: Tue, 06 Dec 2022 22:37:04 GMT
Last-Modified: Sun, 04 Dec 2022 22:37:04 GMT
Server: nginx
X-Cache: Miss from cloudfront
Via: 1.1 dac7cf040932e0c072eeed10afdd7b3e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: joz3e8OObIQgYfU709xher-a3uCUneEMAVog-X1MzRWlA0OReXwKxw==
ayxvy.voluumtrk3.com/zp-redirect?target=https%3A%2F%2Fthetakebestbonus.life%2F%3Fu%3Dxunwwwr%26o%3Db0hp0zn%26cid%3Dw9ngqaqj10bgadvki0950sck&caid=c3ff4655-a271-48ad-90d6-849e63bfb180&zpid=b6e742b5-74e7-11ed-897e-123db10d14c7&cid=w9ngqaqj10bgadvki0950sck&rt=R
35.156.201.169302 Found 0 B URL HTTP/2 ayxvy.voluumtrk3.com/zp-redirect?target=https%3A%2F%2Fthetakebestbonus.life%2F%3Fu%3Dxunwwwr%26o%3Db0hp0zn%26cid%3Dw9ngqaqj10bgadvki0950sck&caid=c3ff4655-a271-48ad-90d6-849e63bfb180&zpid=b6e742b5-74e7-11ed-897e-123db10d14c7&cid=w9ngqaqj10bgadvki0950sck&rt=R
IP 35.156.201.169:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /zp-redirect?target=https%3A%2F%2Fthetakebestbonus.life%2F%3Fu%3Dxunwwwr%26o%3Db0hp0zn%26cid%3Dw9ngqaqj10bgadvki0950sck&caid=c3ff4655-a271-48ad-90d6-849e63bfb180&zpid=b6e742b5-74e7-11ed-897e-123db10d14c7&cid=w9ngqaqj10bgadvki0950sck&rt=R HTTP/1.1
Host: ayxvy.voluumtrk3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gaut-hil.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Mon, 05 Dec 2022 21:56:49 GMT
content-length: 0
location: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9ngqaqj10bgadvki0950sck
cache-control: no-store, no-cache, pre-check=0, post-check=0
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
set-cookie: voluum-cid-v4=%7B%22cid%22%3A%22w9ngqaqj10bgadvki0950sck%22%2C%22caid%22%3A%22c3ff4655-a271-48ad-90d6-849e63bfb180%22%7D; Max-Age=31536000; Expires=Tue, 05-Dec-2023 21:56:49 GMT; Domain=ayxvy.voluumtrk3.com; Path=/; Secure; HttpOnly;SameSite=None
server: nginx
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 0d41b00a452be05a7b5cb871386b6be9
ffba1ae0d8fdfed40bc43b6dec681e7366e5b766
683401e48314ba5b468d05199b744e6db899eb6eb3ca88155e7d973e66abe414
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "683401E48314BA5B468D05199B744E6DB899EB6EB3CA88155E7D973E66ABE414"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11276
Expires: Tue, 06 Dec 2022 01:04:46 GMT
Date: Mon, 05 Dec 2022 21:56:50 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 7dfb548d8f8a99d32050803775fad5d6
8b47999a01db7c2217d76a1cec576809a229cf1b
68dd2a1e5a0002f4d25d3b5884ab55bc6b5a91e38f6dc464c4261b19c6e5887e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 21:56:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ajax.googleapis.com/ajax/libs/jquery/2.2.0/jquery.min.js
142.250.74.170200 OK 30 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/2.2.0/jquery.min.js
IP 142.250.74.170:0
File type ASCII text, with very long lines (32069)
Hash 4ae540714475aa934955496d990ab15f
b7724c4d72a422b86f5dc06571ff4bc86f0308a3
ca0222f8799d862ca8c427d6c612878f47043c9445ad0e1567f1f80e83c965e2
GET /ajax/libs/jquery/2.2.0/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30089
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 04 Dec 2022 15:15:39 GMT
expires: Mon, 04 Dec 2023 15:15:39 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
age: 110471
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 7dfb548d8f8a99d32050803775fad5d6
8b47999a01db7c2217d76a1cec576809a229cf1b
68dd2a1e5a0002f4d25d3b5884ab55bc6b5a91e38f6dc464c4261b19c6e5887e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Dec 2022 21:56:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9ngqaqj10bgadvki0950sck
194.87.208.61200 OK 19 kB URL HTTP/1.1 thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9ngqaqj10bgadvki0950sck
IP 194.87.208.61:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with very long lines (552)
Hash 22cd78a027d47f4546a2fde5f789a9c3
23de47ecf487bf940a4a5f76edb65120e24a4276
6b37974a4dc5fa13406f5c2b65b9f454a61d527668ed2ac16d7ed8d45f7cdb5e
GET /?u=xunwwwr&o=b0hp0zn&cid=w9ngqaqj10bgadvki0950sck HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gaut-hil.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Dec 2022 21:56:50 GMT
Content-Type: text/html
Content-Length: 19425
Connection: keep-alive
set-cookie: sid=t2~zq3sbwcxftniqtzcwdssgskg; path=/
cache-control: private, no-transform
thetakebestbonus.life/media/gambling/icon.js
194.87.208.61200 OK 1.6 kB URL HTTP/1.1 thetakebestbonus.life/media/gambling/icon.js
IP 194.87.208.61:0
File type ASCII text, with CRLF line terminators
Hash 2b25502a979c3b240fc77e52689e4c29
790d306577b490abe99d88fb55bce2e815689843
328a90c5503266ebe4dda1e9c84558e62016811f112a159aecb36fc489563577
Analyzer Verdict Alert fortinet Phishing
GET /media/gambling/icon.js HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9ngqaqj10bgadvki0950sck
Cookie: sid=t2~zq3sbwcxftniqtzcwdssgskg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Dec 2022 21:56:50 GMT
Content-Type: application/javascript
Content-Length: 1580
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "2b25502a979c3b240fc77e52689e4c29"
Last-Modified: Wed, 31 Aug 2022 09:34:54 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E03714A9CB942
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Tue, 05 Dec 2023 21:56:50 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
gaut-hil.com/zcvisitor/b6e742b5-74e7-11ed-897e-123db10d14c7/c48f16c0-a519-11ec-9226-0a76dcc61f13?campaignid=58a93170-2381-11ed-8e1b-0a918cbcbb97
3.212.50.125200 OK 2.2 kB URL HTTP/2 gaut-hil.com/zcvisitor/b6e742b5-74e7-11ed-897e-123db10d14c7/c48f16c0-a519-11ec-9226-0a76dcc61f13?campaignid=58a93170-2381-11ed-8e1b-0a918cbcbb97
IP 3.212.50.125:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 5396fd758b6971048eb3ffc689aae69f
a786f4143f65509f5199f7ef6d437ac20fa1b3e5
533ab7a7529d877e1a50c82e08612a6afcc924cb8fef9c71fb2dee3a9b0e559c
GET /zcvisitor/b6e742b5-74e7-11ed-897e-123db10d14c7/c48f16c0-a519-11ec-9226-0a76dcc61f13?campaignid=58a93170-2381-11ed-8e1b-0a918cbcbb97 HTTP/1.1
Host: gaut-hil.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://strk.enlnks.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 05 Dec 2022 21:56:48 GMT
content-type: text/html;charset=UTF-8
cache-control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-webkit-csp: default-src 'self'; script-src 'self' 'unsafe-inline'
access-control-allow-origin: *
access-control-allow-methods: GET,POST,OPTIONS
access-control-allow-headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
server: mpZxJHbV
X-Firefox-Spdy: h2
thetakebestbonus.life/cookie/js.cookie9.js
194.87.208.61200 OK 4.4 kB URL HTTP/1.1 thetakebestbonus.life/cookie/js.cookie9.js
IP 194.87.208.61:0
File type ASCII text, with very long lines (1709)
Hash 16e07bf02a8e81d2cd5679dc45cc318c
7c205205935a3a56a8976b2ac648502b43103b5f
96e91577f6be403fc263780e07e6b7839373588026f793d2b4edd77dcbba871e
Analyzer Verdict Alert fortinet Phishing
GET /cookie/js.cookie9.js HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9ngqaqj10bgadvki0950sck
Cookie: sid=t2~zq3sbwcxftniqtzcwdssgskg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Dec 2022 21:56:50 GMT
Content-Type: application/javascript
Content-Length: 4395
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "16e07bf02a8e81d2cd5679dc45cc318c"
Last-Modified: Wed, 31 Aug 2022 09:31:17 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E032652999335
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Tue, 05 Dec 2023 21:56:50 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
thetakebestbonus.life/media/gambling/backbutton_gmb.js
194.87.208.61200 OK 3.9 kB URL HTTP/1.1 thetakebestbonus.life/media/gambling/backbutton_gmb.js
IP 194.87.208.61:0
File type ASCII text, with CRLF line terminators
Hash 42a42a2180debd55caba94527379964c
562c1754c94ce49326b0381805ee14d175487778
52afe26d88ec86edf4a46d872db86007597b8ff5f6d9e79e47c9e6b899d0b781
Analyzer Verdict Alert fortinet Phishing
GET /media/gambling/backbutton_gmb.js HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9ngqaqj10bgadvki0950sck
Cookie: sid=t2~zq3sbwcxftniqtzcwdssgskg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Dec 2022 21:56:50 GMT
Content-Type: application/javascript
Content-Length: 3923
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "42a42a2180debd55caba94527379964c"
Last-Modified: Wed, 31 Aug 2022 09:34:51 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E03DAAF0C824A
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Tue, 05 Dec 2023 21:56:50 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
thetakebestbonus.life/media/gambling/en/slotbar/comment.js
194.87.208.61200 OK 2.8 kB URL HTTP/1.1 thetakebestbonus.life/media/gambling/en/slotbar/comment.js
IP 194.87.208.61:0
File type ASCII text, with very long lines (2753), with no line terminators
Hash 8441712705c040dc2ecfd7966c11f131
2f776d7927b20cf9813436f83e3007002979cccb
b18340e4cacb8244292577c44d3a37be71c75977ab74e417c8b8cb0da4d84246
Analyzer Verdict Alert fortinet Phishing
GET /media/gambling/en/slotbar/comment.js HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9ngqaqj10bgadvki0950sck
Cookie: sid=t2~zq3sbwcxftniqtzcwdssgskg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Dec 2022 21:56:50 GMT
Content-Type: application/javascript
Content-Length: 2753
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "8441712705c040dc2ecfd7966c11f131"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E0370DE44E0A0
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Tue, 05 Dec 2023 21:56:50 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
thetakebestbonus.life/media/gambling/en/slotbar/returnDate.no.js
194.87.208.61200 OK 1.2 kB URL HTTP/1.1 thetakebestbonus.life/media/gambling/en/slotbar/returnDate.no.js
IP 194.87.208.61:0
Hash dbdb981f8658c845968ec8226f81d1d8
d679b7bf47f71cd55b6c307cf96146a95660d667
5c9b1b4991000ba0178363dd1c57556fe2d6b433f6d4eef927c2cd15d55660fa
Analyzer Verdict Alert fortinet Phishing
GET /media/gambling/en/slotbar/returnDate.no.js HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9ngqaqj10bgadvki0950sck
Cookie: sid=t2~zq3sbwcxftniqtzcwdssgskg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Dec 2022 21:56:50 GMT
Content-Type: application/javascript
Content-Length: 1242
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "dbdb981f8658c845968ec8226f81d1d8"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E0474A87600F0
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Tue, 05 Dec 2023 21:56:50 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
thetakebestbonus.life/media/gambling/exit_gmb.js
194.87.208.61200 OK 1.6 kB URL HTTP/1.1 thetakebestbonus.life/media/gambling/exit_gmb.js
IP 194.87.208.61:0
File type ASCII text, with CRLF line terminators
Hash 5202df93e55f911a83a995fa38af7ee6
6c0ce8fd3d83e819b40bdff250b8c9331a2bbcf8
28ef9927757f823b79b11ebc2b24e22940e84492d5d78ede4591e4e520a43681
Analyzer Verdict Alert fortinet Phishing
GET /media/gambling/exit_gmb.js HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9ngqaqj10bgadvki0950sck
Cookie: sid=t2~zq3sbwcxftniqtzcwdssgskg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Dec 2022 21:56:51 GMT
Content-Type: application/javascript
Content-Length: 1550
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "5202df93e55f911a83a995fa38af7ee6"
Last-Modified: Wed, 31 Aug 2022 09:34:54 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E04412E5D57AE
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Tue, 05 Dec 2023 21:56:51 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
thetakebestbonus.life/media/gambling/confetti.js
194.87.208.61200 OK 3.5 kB URL HTTP/1.1 thetakebestbonus.life/media/gambling/confetti.js
IP 194.87.208.61:0
File type ASCII text, with very long lines (3533), with no line terminators
Hash 116c9460f5e882a7fcf4e837f7efc72a
13a88e74735d05985e5d07e8cbff716329f5d81c
651141c8290087af54c66793aa063ee5697661fb914925f56bd09390a2895ce4
Analyzer Verdict Alert fortinet Phishing
GET /media/gambling/confetti.js HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9ngqaqj10bgadvki0950sck
Cookie: sid=t2~zq3sbwcxftniqtzcwdssgskg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Dec 2022 21:56:51 GMT
Content-Type: application/javascript
Content-Length: 3533
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "116c9460f5e882a7fcf4e837f7efc72a"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E032672375B29
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Tue, 05 Dec 2023 21:56:51 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
thetakebestbonus.life/util/utils-gmb.js
194.87.208.61200 OK 4.7 kB URL HTTP/1.1 thetakebestbonus.life/util/utils-gmb.js
IP 194.87.208.61:0
File type ASCII text, with very long lines (641), with CRLF line terminators
Hash 570df3f849036a1a4a75ca2a28047d36
f69147076e3912116a9765a2ed34afe3cae67978
221e1a80f62592306f7a357aa9ee1a43b32a10314f340b64604ca9d351cf33c4
Analyzer Verdict Alert fortinet Phishing
GET /util/utils-gmb.js HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9ngqaqj10bgadvki0950sck
Cookie: sid=t2~zq3sbwcxftniqtzcwdssgskg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Dec 2022 21:56:51 GMT
Content-Type: application/javascript
Content-Length: 4651
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "570df3f849036a1a4a75ca2a28047d36"
Last-Modified: Wed, 31 Aug 2022 09:38:20 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E0327006511B0
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Tue, 05 Dec 2023 21:56:51 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
thetakebestbonus.life/media/gambling/en/slotbar/style.css
194.87.208.61200 OK 20 kB URL HTTP/1.1 thetakebestbonus.life/media/gambling/en/slotbar/style.css
IP 194.87.208.61:0
File type ASCII text, with very long lines (492), with CRLF line terminators
Hash 8c38a209d98ec6a54d6b7cd42046af41
8b84ce3e95d745d2d6b6057344552b647aefe86d
d3b04d04ba4fa44ce3cee6fd4d97958d8ea9bebd93a14a12be14a3259fab0022
GET /media/gambling/en/slotbar/style.css HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9ngqaqj10bgadvki0950sck
Cookie: sid=t2~zq3sbwcxftniqtzcwdssgskg
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Dec 2022 21:56:50 GMT
Content-Type: text/css
Content-Length: 20006
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "8c38a209d98ec6a54d6b7cd42046af41"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E03E43F93B335
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Tue, 05 Dec 2023 21:56:50 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
thetakebestbonus.life/media/gambling/en/slotbar/yWwCB4c.jpg
194.87.208.61200 OK 2.3 kB URL HTTP/1.1 thetakebestbonus.life/media/gambling/en/slotbar/yWwCB4c.jpg
IP 194.87.208.61:0
File type JPEG image data, baseline, precision 8, 50x50, components 3\012- data
Hash 5edf4db493423ac10c72a27ad5c4a618
5c535d00eaeaa725b39e3e1167a12de5bd66a1f2
a7c86ca5470f7d68b4c5f1c87f29f7daf816d1bd95353091bba8753341bb6f5f
GET /media/gambling/en/slotbar/yWwCB4c.jpg HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9ngqaqj10bgadvki0950sck
Cookie: sid=t2~zq3sbwcxftniqtzcwdssgskg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Dec 2022 21:56:51 GMT
Content-Type: image/jpeg
Content-Length: 2336
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "5edf4db493423ac10c72a27ad5c4a618"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E0419106C45D3
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Tue, 05 Dec 2023 21:56:51 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
thetakebestbonus.life/media/gambling/en/slotbar/7wSpKDu.jpg
194.87.208.61200 OK 2.0 kB URL HTTP/1.1 thetakebestbonus.life/media/gambling/en/slotbar/7wSpKDu.jpg
IP 194.87.208.61:0
File type JPEG image data, baseline, precision 8, 50x50, components 3\012- data
Hash 6d02d5cf49120718501b9a6629290c48
a7bfde16cd37f6a331e8f17fbfc2f1772a5929a1
84d7f0648aeba8d80bb0f47e781cba8955b8fa7425748d9830c7a8c9bc35e5e9
GET /media/gambling/en/slotbar/7wSpKDu.jpg HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9ngqaqj10bgadvki0950sck
Cookie: sid=t2~zq3sbwcxftniqtzcwdssgskg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Dec 2022 21:56:51 GMT
Content-Type: image/jpeg
Content-Length: 2037
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "6d02d5cf49120718501b9a6629290c48"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E04191F93B5FF
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Tue, 05 Dec 2023 21:56:51 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
thetakebestbonus.life/media/gambling/en/slotbar/img2.jpg
194.87.208.61200 OK 1.3 kB URL HTTP/1.1 thetakebestbonus.life/media/gambling/en/slotbar/img2.jpg
IP 194.87.208.61:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 50x50, components 3\012- data
Hash 92b944714cea3e478a8e50dea1a80b26
f12fc267be0ab02e2f3585b42df5b8c10d3cd3a5
fa07d78345204bf48b255523990b544e1b28f9a7810aaf2b8a5a356d05575205
GET /media/gambling/en/slotbar/img2.jpg HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9ngqaqj10bgadvki0950sck
Cookie: sid=t2~zq3sbwcxftniqtzcwdssgskg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Dec 2022 21:56:51 GMT
Content-Type: image/jpeg
Content-Length: 1297
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "92b944714cea3e478a8e50dea1a80b26"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E04190B4EBA76
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Tue, 05 Dec 2023 21:56:51 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
thetakebestbonus.life/media/gambling/en/slotbar/red-arrow-right.png
194.87.208.61200 OK 1.1 kB URL HTTP/1.1 thetakebestbonus.life/media/gambling/en/slotbar/red-arrow-right.png
IP 194.87.208.61:0
File type PNG image data, 50 x 50, 8-bit colormap, non-interlaced\012- data
Hash c4d30de24dab6f826e7f27286beaceaa
b42751f5e5ebb1561fc9809235df332e8eb0f8c8
124c45624ec8d62cec06559dcfcd78ae0c686964ffe05911a836a0e4e1410081
GET /media/gambling/en/slotbar/red-arrow-right.png HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9ngqaqj10bgadvki0950sck
Cookie: sid=t2~zq3sbwcxftniqtzcwdssgskg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Dec 2022 21:56:51 GMT
Content-Type: image/png
Content-Length: 1089
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "c4d30de24dab6f826e7f27286beaceaa"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E0372C35F23A5
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Tue, 05 Dec 2023 21:56:51 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
thetakebestbonus.life/media/gambling/en/slotbar/img1.jpg
194.87.208.61200 OK 1.3 kB URL HTTP/1.1 thetakebestbonus.life/media/gambling/en/slotbar/img1.jpg
IP 194.87.208.61:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 50x50, components 3\012- data
Hash c3c59916d3b4977017c89125dc42b664
c8e5a97a6e9fbf41558c09c65b2ca6df9ba8723a
aa05de326a8afd2a7b16c253d8c10fc41857b474f23a814ffa7684d4ef17c1a9
GET /media/gambling/en/slotbar/img1.jpg HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9ngqaqj10bgadvki0950sck
Cookie: sid=t2~zq3sbwcxftniqtzcwdssgskg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Dec 2022 21:56:51 GMT
Content-Type: image/jpeg
Content-Length: 1315
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "c3c59916d3b4977017c89125dc42b664"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E03AAFA8AD885
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Tue, 05 Dec 2023 21:56:51 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
thetakebestbonus.life/media/gambling/en/slotbar/9PH2QqX.jpg
194.87.208.61200 OK 2.1 kB URL HTTP/1.1 thetakebestbonus.life/media/gambling/en/slotbar/9PH2QqX.jpg
IP 194.87.208.61:0
File type JPEG image data, baseline, precision 8, 50x50, components 3\012- data
Hash f48aa7778890400e3be6131e64cd4236
9341d039b9f7de4eac9070c36fecac2772cc1ba0
388e1eb0cb648490ea1c4913f4ea3128f3fbfbda0608bf85e471d947db905302
GET /media/gambling/en/slotbar/9PH2QqX.jpg HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9ngqaqj10bgadvki0950sck
Cookie: sid=t2~zq3sbwcxftniqtzcwdssgskg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Dec 2022 21:56:51 GMT
Content-Type: image/jpeg
Content-Length: 2143
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "f48aa7778890400e3be6131e64cd4236"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E04192AC29B43
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Tue, 05 Dec 2023 21:56:51 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
thetakebestbonus.life/media/gambling/en/slotbar/KqX499j.png
194.87.208.61200 OK 2.2 kB URL HTTP/1.1 thetakebestbonus.life/media/gambling/en/slotbar/KqX499j.png
IP 194.87.208.61:0
File type PNG image data, 48 x 48, 8-bit colormap, non-interlaced\012- data
Hash 8fe70ee687801d77e99e45efa5af9aa7
e49eefbb1115151d92af0285dc58416f0e9ab0f1
4d1d8a5b765092760f02f78036d8df58ad04f835c15619e9522c3f2ac932a0da
GET /media/gambling/en/slotbar/KqX499j.png HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9ngqaqj10bgadvki0950sck
Cookie: sid=t2~zq3sbwcxftniqtzcwdssgskg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Dec 2022 21:56:51 GMT
Content-Type: image/png
Content-Length: 2153
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "8fe70ee687801d77e99e45efa5af9aa7"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E04193EE623C8
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Tue, 05 Dec 2023 21:56:51 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
thetakebestbonus.life/media/gambling/en/slotbar/yEUMY3v.jpg
194.87.208.61200 OK 1.6 kB URL HTTP/1.1 thetakebestbonus.life/media/gambling/en/slotbar/yEUMY3v.jpg
IP 194.87.208.61:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 50x50, components 3\012- data
Hash 5da3831556c780010e0e5c5b967e43ce
574623afde349258b91d44849ef16d483b61e223
45f901bd7a281c73db028f014eb9196ad0297d6eaede94151bf2832946eb8f07
GET /media/gambling/en/slotbar/yEUMY3v.jpg HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9ngqaqj10bgadvki0950sck
Cookie: sid=t2~zq3sbwcxftniqtzcwdssgskg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Dec 2022 21:56:51 GMT
Content-Type: image/jpeg
Content-Length: 1608
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "5da3831556c780010e0e5c5b967e43ce"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E04193561617F
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Tue, 05 Dec 2023 21:56:51 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
thetakebestbonus.life/media/gambling/en/slotbar/EKZrmbS.jpg
194.87.208.61200 OK 2.3 kB URL HTTP/1.1 thetakebestbonus.life/media/gambling/en/slotbar/EKZrmbS.jpg
IP 194.87.208.61:0
File type JPEG image data, baseline, precision 8, 50x50, components 3\012- data
Hash 7364bf39dcf0941d3a1760e46a562710
a358405162193128cceae8551e14648798bd4254
ba858c8ecc8f498253509a9251e5070ce3b3ad9950b704a22a9a1fb1efc62541
GET /media/gambling/en/slotbar/EKZrmbS.jpg HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9ngqaqj10bgadvki0950sck
Cookie: sid=t2~zq3sbwcxftniqtzcwdssgskg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Dec 2022 21:56:52 GMT
Content-Type: image/jpeg
Content-Length: 2264
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "7364bf39dcf0941d3a1760e46a562710"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E0419343A69EA
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Tue, 05 Dec 2023 21:56:52 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
thetakebestbonus.life/util/pgamble.js?v=8
194.87.208.61200 OK 4.2 kB URL HTTP/1.1 thetakebestbonus.life/util/pgamble.js?v=8
IP 194.87.208.61:0
File type ASCII text, with very long lines (4237), with no line terminators
Hash c43bdd4ef0fd292dca304ff4c8f56058
62ddd2026ea77bc7e7bc0c479ecd1b645a5f3b95
270f557d605568785502706a54f3c43811958ffae143753a6515aa2c8d95ae2a
Analyzer Verdict Alert fortinet Phishing
GET /util/pgamble.js?v=8 HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9ngqaqj10bgadvki0950sck
Cookie: sid=t2~zq3sbwcxftniqtzcwdssgskg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Dec 2022 21:56:51 GMT
Content-Type: application/javascript
Content-Length: 4237
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "c43bdd4ef0fd292dca304ff4c8f56058"
Last-Modified: Wed, 31 Aug 2022 09:38:18 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E03919779C7B2
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Tue, 05 Dec 2023 21:56:51 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
thetakebestbonus.life/media/gambling/en/slotbar/win.mp3
194.87.208.61206 Partial Content 10 kB URL HTTP/1.1 thetakebestbonus.life/media/gambling/en/slotbar/win.mp3
IP 194.87.208.61:0
File type Audio file with ID3 version 2.3.0, contains: MPEG ADTS, layer III, v1, 32 kbps, 32 kHz, Monaural\012- data
Hash bca40777013dec4a99eaa8b0b98a7fef
bc1c833577a1dcd82ad01a90e82898bc7b47cad7
635e9ee8fcd18bd4c3ae173f00f4c5cbf15ee90a27a302440e2e77c371314176
Analyzer Verdict Alert fortinet Phishing
GET /media/gambling/en/slotbar/win.mp3 HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9ngqaqj10bgadvki0950sck
Cookie: sid=t2~zq3sbwcxftniqtzcwdssgskg
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 206 Partial Content
Server: nginx
Date: Mon, 05 Dec 2022 21:56:52 GMT
Content-Type: audio/mpeg
Content-Length: 10391
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "bca40777013dec4a99eaa8b0b98a7fef"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
No-Gzip-Compression: true
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E0474ED3F99AA
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Tue, 05 Dec 2023 21:56:52 GMT
Cache-Control: max-age=31536000, no-transform
Content-Range: bytes 0-10390/10391
thetakebestbonus.life/media/gambling/en/slotbar/slot-start.png
194.87.208.61200 OK 25 kB URL HTTP/1.1 thetakebestbonus.life/media/gambling/en/slotbar/slot-start.png
IP 194.87.208.61:0
File type PNG image data, 410 x 279, 8-bit colormap, non-interlaced\012- data
Hash 794c929de9d8b06cf941920aeeceecee
e411636320af6e768cdde0a1ed3cc3cbc5eecc11
c9b63b519ca7e209c7adc6268f0112d83913e09ec44bebb3a8308897eebdef6f
GET /media/gambling/en/slotbar/slot-start.png HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9ngqaqj10bgadvki0950sck
Cookie: sid=t2~zq3sbwcxftniqtzcwdssgskg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Dec 2022 21:56:52 GMT
Content-Type: image/png
Content-Length: 24873
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "794c929de9d8b06cf941920aeeceecee"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E041894E4ADE3
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Tue, 05 Dec 2023 21:56:52 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
thetakebestbonus.life/media/gambling/en/slotbar/plR22yu.jpg
194.87.208.61200 OK 1.0 kB URL HTTP/1.1 thetakebestbonus.life/media/gambling/en/slotbar/plR22yu.jpg
IP 194.87.208.61:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 51x51, components 3\012- data
Hash 7a532123e2eda81e018b8c1f90c8b3bd
e03576434acd69d708fae0f3f8df07e93d152280
9545948eefe774be5121de01ef9c14207891c35116bba14056471a59e4c212a1
GET /media/gambling/en/slotbar/plR22yu.jpg HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9ngqaqj10bgadvki0950sck
Cookie: sid=t2~zq3sbwcxftniqtzcwdssgskg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Dec 2022 21:56:52 GMT
Content-Type: image/jpeg
Content-Length: 1017
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "7a532123e2eda81e018b8c1f90c8b3bd"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E0419498E850F
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Tue, 05 Dec 2023 21:56:52 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
thetakebestbonus.life/media/gambling/en/slotbar/DsrKpkj.jpg
194.87.208.61200 OK 1.5 kB URL HTTP/1.1 thetakebestbonus.life/media/gambling/en/slotbar/DsrKpkj.jpg
IP 194.87.208.61:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 48x48, components 3\012- data
Hash 0d0f29abfcedc7dfffe3811a5100a6cd
19567e85aab4fd05d752cfa86f88087465042b0a
e3da7d20be42da6e260d3085d2a3f3965a549065345ee2d139e28625104e2393
GET /media/gambling/en/slotbar/DsrKpkj.jpg HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9ngqaqj10bgadvki0950sck
Cookie: sid=t2~zq3sbwcxftniqtzcwdssgskg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Dec 2022 21:56:52 GMT
Content-Type: image/jpeg
Content-Length: 1506
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "0d0f29abfcedc7dfffe3811a5100a6cd"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E04194200AC1E
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Tue, 05 Dec 2023 21:56:52 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
thetakebestbonus.life/media/gambling/en/slotbar/spin.mp3
194.87.208.61206 Partial Content 8.8 kB URL HTTP/1.1 thetakebestbonus.life/media/gambling/en/slotbar/spin.mp3
IP 194.87.208.61:0
File type MPEG ADTS, layer III, v2, 32 kbps, 16 kHz, JntStereo\012- data
Hash 5a2e10964c7fea8b0181831184bc0d97
8f5233dd6be372e7749c6cd8440db5b43de5a9c9
9b8fa3d6ccb98804102ffd59ee70c19e5d7ca7efabbe6c0d4471a1935348ee3d
Analyzer Verdict Alert fortinet Phishing
GET /media/gambling/en/slotbar/spin.mp3 HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9ngqaqj10bgadvki0950sck
Cookie: sid=t2~zq3sbwcxftniqtzcwdssgskg
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 206 Partial Content
Server: nginx
Date: Mon, 05 Dec 2022 21:56:52 GMT
Content-Type: audio/mpeg
Content-Length: 8784
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "5a2e10964c7fea8b0181831184bc0d97"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
No-Gzip-Compression: true
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E0474ED631C14
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Tue, 05 Dec 2023 21:56:52 GMT
Cache-Control: max-age=31536000, no-transform
Content-Range: bytes 0-8783/8784
thetakebestbonus.life/media/gambling/en/slotbar/3temv7e.jpg
194.87.208.61200 OK 1.2 kB URL HTTP/1.1 thetakebestbonus.life/media/gambling/en/slotbar/3temv7e.jpg
IP 194.87.208.61:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 50x50, components 3\012- data
Hash a848711320a9df61e6457f65b0dfa9fb
68a62a84d89f4f9e1e831a6cef920797c7f2e7d5
aea3443ffa2df4454daac365b37a61f9b9b1ba24dc0899ff3afca9f770765ce0
GET /media/gambling/en/slotbar/3temv7e.jpg HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9ngqaqj10bgadvki0950sck
Cookie: sid=t2~zq3sbwcxftniqtzcwdssgskg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Dec 2022 21:56:51 GMT
Content-Type: image/jpeg
Content-Length: 1169
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "a848711320a9df61e6457f65b0dfa9fb"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E041915144926
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Tue, 05 Dec 2023 21:56:51 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
thetakebestbonus.life/media/gambling/en/slotbar/slot-win.png
194.87.208.61200 OK 14 kB URL HTTP/1.1 thetakebestbonus.life/media/gambling/en/slotbar/slot-win.png
IP 194.87.208.61:0
File type PNG image data, 410 x 279, 8-bit colormap, non-interlaced\012- data
Hash efb5cc057d90910eac87b874ae4dba74
6e24b4b704bee110a184ebe7b560bd3e91c73171
89c8a97b460a4fdca3c3bae5cc2f0aac9ca347ba18b6edf90c1c83ea953a6194
GET /media/gambling/en/slotbar/slot-win.png HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9ngqaqj10bgadvki0950sck
Cookie: sid=t2~zq3sbwcxftniqtzcwdssgskg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Dec 2022 21:56:52 GMT
Content-Type: image/png
Content-Length: 13853
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "efb5cc057d90910eac87b874ae4dba74"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E02FE7629A26F
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Tue, 05 Dec 2023 21:56:52 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
thetakebestbonus.life/media/gambling/en/slotbar/slot-result-1.png
194.87.208.61200 OK 20 kB URL HTTP/1.1 thetakebestbonus.life/media/gambling/en/slotbar/slot-result-1.png
IP 194.87.208.61:0
File type PNG image data, 410 x 279, 8-bit colormap, non-interlaced\012- data
Hash 54c5bc3e91c88eeff2a8f7f9b07f1fe1
2751cefef9a5045394300d8bfc97e40bc0b7cd9a
989811ca7ffc1465a01cba4e46074e231acb6cf0881a0bb82652025f5cefa3de
GET /media/gambling/en/slotbar/slot-result-1.png HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9ngqaqj10bgadvki0950sck
Cookie: sid=t2~zq3sbwcxftniqtzcwdssgskg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Dec 2022 21:56:52 GMT
Content-Type: image/png
Content-Length: 19469
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "54c5bc3e91c88eeff2a8f7f9b07f1fe1"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E043054BA6A76
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Tue, 05 Dec 2023 21:56:52 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
thetakebestbonus.life/media/gambling/en/slotbar/red-arrow-left.png
194.87.208.61200 OK 1.1 kB URL HTTP/1.1 thetakebestbonus.life/media/gambling/en/slotbar/red-arrow-left.png
IP 194.87.208.61:0
File type PNG image data, 50 x 50, 8-bit colormap, non-interlaced\012- data
Hash 58f67f1674f5133b9925d3ae27dc0498
81c764ff6133a59dac942dfc76d77ee7c942fc03
29879956bc91fc604349179daa4c866d15cc6a6b120e0e6abb5ff0d078c7484b
GET /media/gambling/en/slotbar/red-arrow-left.png HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9ngqaqj10bgadvki0950sck
Cookie: sid=t2~zq3sbwcxftniqtzcwdssgskg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Dec 2022 21:56:52 GMT
Content-Type: image/png
Content-Length: 1059
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "58f67f1674f5133b9925d3ae27dc0498"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E0372A8BF8163
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Tue, 05 Dec 2023 21:56:52 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
thetakebestbonus.life/media/gambling/en/slotbar/slot-result-2.png
194.87.208.61200 OK 25 kB URL HTTP/1.1 thetakebestbonus.life/media/gambling/en/slotbar/slot-result-2.png
IP 194.87.208.61:0
File type PNG image data, 410 x 279, 8-bit colormap, non-interlaced\012- data
Hash 4922e4f8c0c5d208c89921d9a525cbe5
b756a0d6c3f726f00300c87fac1d3a915784ebdf
f13a99343fae8de26ee2e996fcc80487e9687ac5929eefd899db967fd124208c
GET /media/gambling/en/slotbar/slot-result-2.png HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9ngqaqj10bgadvki0950sck
Cookie: sid=t2~zq3sbwcxftniqtzcwdssgskg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 05 Dec 2022 21:56:52 GMT
Content-Type: image/png
Content-Length: 25004
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "4922e4f8c0c5d208c89921d9a525cbe5"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E02FE7565E027
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Tue, 05 Dec 2023 21:56:52 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
gaut-hil.com/zcredirect?visitid=b6e742b5-74e7-11ed-897e-123db10d14c7&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false
3.212.50.125200 OK 88 kB URL HTTP/2 gaut-hil.com/zcredirect?visitid=b6e742b5-74e7-11ed-897e-123db10d14c7&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false
IP 3.212.50.125:0
Hash d1c32501cb3a059070722f9405c07056
b7fea81bd096c91f44b42ee4ccb1dc63a849dccd
85c598302619e772eda9d52ae47f12d9f9d7afc3671db21fb4c500bb5de3c5df
GET /zcredirect?visitid=b6e742b5-74e7-11ed-897e-123db10d14c7&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false HTTP/1.1
Host: gaut-hil.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gaut-hil.com/zcvisitor/b6e742b5-74e7-11ed-897e-123db10d14c7/c48f16c0-a519-11ec-9226-0a76dcc61f13?campaignid=58a93170-2381-11ed-8e1b-0a918cbcbb97
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 05 Dec 2022 21:56:48 GMT
content-type: text/html;charset=UTF-8
cache-control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-webkit-csp: default-src 'self'; script-src 'self' 'unsafe-inline'
access-control-allow-origin: *
access-control-allow-methods: GET,POST,OPTIONS
access-control-allow-headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
redirected: JS
server: JObyVBjg
X-Firefox-Spdy: h2
thetakebestbonus.life/favicon.ico
194.87.208.61204 No Content 0 B URL HTTP/1.1 thetakebestbonus.life/favicon.ico
IP 194.87.208.61:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=w9ngqaqj10bgadvki0950sck
Cookie: sid=t2~zq3sbwcxftniqtzcwdssgskg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 204 No Content
Server: nginx
Date: Mon, 05 Dec 2022 21:56:55 GMT
Connection: keep-alive
Cache-Control: no-transform
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fba66ee21-e2f8-434c-a2b3-004950fdfd58.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fba66ee21-e2f8-434c-a2b3-004950fdfd58.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 557fea28a0a540d2ffdadd828e03de0b
c314368e2e73dabf2c5d856e2c3e1fae610a3005
0fdd195911cdfff46a6dd8ba7b760953e5317fd7ee88abf1e19458518979fdee
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fba66ee21-e2f8-434c-a2b3-004950fdfd58.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 11253
x-amzn-requestid: e0561a00-8657-4af0-b24c-08b328282f79
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: co_wKE9coAMFjmQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638d1334-2844266d51d5c5672f34ff61;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 21:37:56 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: iT3IPDIK-qKf-y1_x7hZNSW-4GqKLNuX6U__8bY8eZP178PPnD0IeA==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 21:57:03 GMT
age: 86392
etag: "c314368e2e73dabf2c5d856e2c3e1fae610a3005"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2