os-test.thebestimageeditorfunapp.com/CM/?v=3.0&c=1972836822
93.115.28.104200 OK 514 B URL HTTP/1.1 os-test.thebestimageeditorfunapp.com/CM/?v=3.0&c=1972836822
IP 93.115.28.104:0
ASN #16125 UAB Cherry Servers
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (514), with no line terminators
Hash 3c3b8157bbc3f5152f3c4317e7072a94
3f9dcd4638030edff3d873ee287ebc6329d26a6c
e942f0def40d3bff7678dd9ae21cbc3c6ebc77d4a7e71cac638eb20f76078509
GET /CM/?v=3.0&c=1972836822 HTTP/1.1
Host: os-test.thebestimageeditorfunapp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 514
content-type: text/html; charset=utf-8
date: Sun, 23 Oct 2022 06:42:49 GMT
server: nginx
set-cookie: sid=e9df4954-529d-11ed-9002-b6d8c222295a; path=/; domain=.thebestimageeditorfunapp.com; expires=Fri, 10 Nov 2090 09:56:57 GMT; max-age=2147483647; HttpOnly
firefox.settings.services.mozilla.com/v1/
143.204.55.27200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.27:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash c9df6b36bf16969ac566c1b798362e4a
e56eff34815153ae019a4bf63eb9746dd9ae2e5b
33c1175144ab2be42c9de383f7893a6e60cd1f21f282eacb413d546331db3fa0
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Retry-After, Alert, Content-Type, Backoff
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sun, 23 Oct 2022 05:52:50 GMT
Expires: Sun, 23 Oct 2022 06:06:35 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 50584ad285d5f627ddebae74efdd0770.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: s9g6T_gee7cFmiep2D5TBj--SuAy2WtZUKVqLM2yKPXebYvNyF3Eww==
Age: 3000
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash c19f4a1def760c07cbc4aec1d0d6c050
6ad911a7c02f5e5fdd82fa86cae0453528d53a6d
750bba81910a4bbd78ab484ba03781a36459a0aec147d7c47424e9a9bf152b40
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "750BBA81910A4BBD78AB484BA03781A36459A0AEC147D7C47424E9A9BF152B40"
Last-Modified: Fri, 21 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3001
Expires: Sun, 23 Oct 2022 07:32:51 GMT
Date: Sun, 23 Oct 2022 06:42:50 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash cecd3b2e0cd07173ee1fb63b0a744119
774e0935fffd5bb39799c040098e32c3dc88702f
78c2c60f2d752f572f1711e23aa3f82d5e5bce1940064405f6f989886f6315df
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "78C2C60F2D752F572F1711E23AA3F82D5E5BCE1940064405F6F989886F6315DF"
Last-Modified: Sat, 22 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4062
Expires: Sun, 23 Oct 2022 07:50:32 GMT
Date: Sun, 23 Oct 2022 06:42:50 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 3ZZqZbSjsiiTDnoYJsav4J/0RztNXCvMzomlviNGX8nILzfgQsGn+p5N5C5EAX9yrtzGaEBAEwg=
x-amz-request-id: A4PKESAEVHXZ2QMV
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 23 Oct 2022 06:07:59 GMT
age: 2091
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 23 Oct 2022 06:42:50 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
os-test.thebestimageeditorfunapp.com/favicon.ico
93.115.28.104404 Not Found 9 B URL HTTP/1.1 os-test.thebestimageeditorfunapp.com/favicon.ico
IP 93.115.28.104:0
ASN #16125 UAB Cherry Servers
File type ASCII text, with no line terminators
Hash d8f4a1993546cc4b850cde3599e27aec
094b763b4cfcc0b05e5d040581cd513c3ca08067
907ba78b4545338d3539683e63ecb51cf51c10adc9dabd86e92bd52339f298b9
GET /favicon.ico HTTP/1.1
Host: os-test.thebestimageeditorfunapp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://os-test.thebestimageeditorfunapp.com/CM/?v=3.0&c=1972836822
Cookie: sid=e9df4954-529d-11ed-9002-b6d8c222295a
HTTP/1.1 404 Not Found
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 9
date: Sun, 23 Oct 2022 06:42:50 GMT
server: nginx
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.27200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.27:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Sun, 23 Oct 2022 05:43:40 GMT
Expires: Sun, 23 Oct 2022 06:21:36 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 185768229530368be94556dcab1c486a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: ylWNCpUD-1lNvZZ4jP882P4993k_qIPhIy-L_LsWGBsOWf3ZTSyNYg==
Age: 3551
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash fecd12689ba4c6aa556814b7fac0d344
a3005f6333ce5201a73e2857c764a1b0091a91d5
83e0fb564f86df4300e8fc4b5baaf0ed13102c384922d388e02620fb3363a842
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1086
Cache-Control: max-age=92520
Content-Type: application/ocsp-response
Date: Sun, 23 Oct 2022 06:42:51 GMT
Etag: "6353a495-1d7"
Expires: Mon, 24 Oct 2022 08:24:51 GMT
Last-Modified: Sat, 22 Oct 2022 08:06:45 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 471
os-test.thebestimageeditorfunapp.com/CM/?c=1972836822&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY2NjUxNDU3MCwiaWF0IjoxNjY2NTA3MzcwLCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIyc2c5djd0c3VjZXQxcWlxZ3MxdWV1bzIiLCJuYmYiOjE2NjY1MDczNzAsInRzIjoxNjY2NTA3MzcwNTQ1NzA3fQ.OLA5Jz2PCta2GhRbWUB0-lg0xYKLReUA6Lnh77Tdmoo&sid=e9df4954-529d-11ed-9002-b6d8c222295a&v=3.0
93.115.28.104302 Found 11 B URL HTTP/1.1 os-test.thebestimageeditorfunapp.com/CM/?c=1972836822&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY2NjUxNDU3MCwiaWF0IjoxNjY2NTA3MzcwLCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIyc2c5djd0c3VjZXQxcWlxZ3MxdWV1bzIiLCJuYmYiOjE2NjY1MDczNzAsInRzIjoxNjY2NTA3MzcwNTQ1NzA3fQ.OLA5Jz2PCta2GhRbWUB0-lg0xYKLReUA6Lnh77Tdmoo&sid=e9df4954-529d-11ed-9002-b6d8c222295a&v=3.0
IP 93.115.28.104:0
ASN #16125 UAB Cherry Servers
File type ASCII text, with no line terminators
Hash 32682312d17c7cbf18e73594f5570319
60e22121bdd0bc71cdb2bae2a3aa577006b2eae9
e55fb1a1d731153e943b68844af12dcce8bfac917c98ffdea64c80da0607dd47
GET /CM/?c=1972836822&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY2NjUxNDU3MCwiaWF0IjoxNjY2NTA3MzcwLCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIyc2c5djd0c3VjZXQxcWlxZ3MxdWV1bzIiLCJuYmYiOjE2NjY1MDczNzAsInRzIjoxNjY2NTA3MzcwNTQ1NzA3fQ.OLA5Jz2PCta2GhRbWUB0-lg0xYKLReUA6Lnh77Tdmoo&sid=e9df4954-529d-11ed-9002-b6d8c222295a&v=3.0 HTTP/1.1
Host: os-test.thebestimageeditorfunapp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://os-test.thebestimageeditorfunapp.com/CM/?v=3.0&c=1972836822
Cookie: sid=e9df4954-529d-11ed-9002-b6d8c222295a
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 11
date: Sun, 23 Oct 2022 06:42:50 GMT
location: http://btpnav.com/click?data=TTAtdVlwVFF0WUJvV3JCR2QyMHpXZU51X1FtSnpLckZ5ZUt0dllNZ3VmOFR2TjIyM0VPSVdXRkQzTFhyRjMzTU9PMnRMX0xOdWJwMXNJeWxabTdmSWlXQkdfT1J6U1ZINU8yckV4bWdEZkxidm9hNnVockJiNkJtcjhvdnBXU3lTY2VEclF5OWpzell2d0dKOTEwNHBWM3dOckk4bVlvdmNlVkNaeE1pd2hzMQ2&id=b5d17734-b65d-4709-bb43-8091ef77f31a
server: nginx
set-cookie: sid=e9df4954-529d-11ed-9002-b6d8c222295a; path=/; domain=.thebestimageeditorfunapp.com; expires=Fri, 10 Nov 2090 09:56:58 GMT; max-age=2147483647; HttpOnly
btpnav.com/click?data=TTAtdVlwVFF0WUJvV3JCR2QyMHpXZU51X1FtSnpLckZ5ZUt0dllNZ3VmOFR2TjIyM0VPSVdXRkQzTFhyRjMzTU9PMnRMX0xOdWJwMXNJeWxabTdmSWlXQkdfT1J6U1ZINU8yckV4bWdEZkxidm9hNnVockJiNkJtcjhvdnBXU3lTY2VEclF5OWpzell2d0dKOTEwNHBWM3dOckk4bVlvdmNlVkNaeE1pd2hzMQ2&id=b5d17734-b65d-4709-bb43-8091ef77f31a
209.15.13.136200 OK 2.2 kB URL HTTP/1.1 btpnav.com/click?data=TTAtdVlwVFF0WUJvV3JCR2QyMHpXZU51X1FtSnpLckZ5ZUt0dllNZ3VmOFR2TjIyM0VPSVdXRkQzTFhyRjMzTU9PMnRMX0xOdWJwMXNJeWxabTdmSWlXQkdfT1J6U1ZINU8yckV4bWdEZkxidm9hNnVockJiNkJtcjhvdnBXU3lTY2VEclF5OWpzell2d0dKOTEwNHBWM3dOckk4bVlvdmNlVkNaeE1pd2hzMQ2&id=b5d17734-b65d-4709-bb43-8091ef77f31a
IP 209.15.13.136:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (377), with CRLF line terminators
Hash 5b13abbde967c152f03cacae35554850
c1afa287a9e22959a80f7a35e4590fe7f1227f2a
dc87537c201b6999b315ec5a76b4df585b749f15a4e8817342dbd5ece0d6d396
GET /click?data=TTAtdVlwVFF0WUJvV3JCR2QyMHpXZU51X1FtSnpLckZ5ZUt0dllNZ3VmOFR2TjIyM0VPSVdXRkQzTFhyRjMzTU9PMnRMX0xOdWJwMXNJeWxabTdmSWlXQkdfT1J6U1ZINU8yckV4bWdEZkxidm9hNnVockJiNkJtcjhvdnBXU3lTY2VEclF5OWpzell2d0dKOTEwNHBWM3dOckk4bVlvdmNlVkNaeE1pd2hzMQ2&id=b5d17734-b65d-4709-bb43-8091ef77f31a HTTP/1.1
Host: btpnav.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://os-test.thebestimageeditorfunapp.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-AspNetMvc-Version: 5.2
X-AspNet-Version: 4.0.30319
Set-Cookie: wWoBNwuDDNfmmkr=wWoBNwuDDNfmmkr; path=/
X-Server: web02
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type
Date: Sun, 23 Oct 2022 06:42:51 GMT
Content-Length: 2214
push.services.mozilla.com/
44.240.207.158101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 44.240.207.158:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: ATNgDBHDyC0/6/ivuUTcyg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: FzTXUwMvsuA89kQJTlBp7J12Mhc=
btpnav.com/Redirect/
209.15.13.136302 Found 269 B IP 209.15.13.136:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 7fc2d9038a7465e42e7b1b664af75db1
77a482c0c45597177fe244b3b8340af2be9eb91f
e9b0d643a94ede717d1e00883350dc4230159fefd897f9a58b1e1e40bfe242d1
POST /Redirect/ HTTP/1.1
Host: btpnav.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 386
Origin: http://btpnav.com
Connection: keep-alive
Referer: http://btpnav.com/click?data=TTAtdVlwVFF0WUJvV3JCR2QyMHpXZU51X1FtSnpLckZ5ZUt0dllNZ3VmOFR2TjIyM0VPSVdXRkQzTFhyRjMzTU9PMnRMX0xOdWJwMXNJeWxabTdmSWlXQkdfT1J6U1ZINU8yckV4bWdEZkxidm9hNnVockJiNkJtcjhvdnBXU3lTY2VEclF5OWpzell2d0dKOTEwNHBWM3dOckk4bVlvdmNlVkNaeE1pd2hzMQ2&id=b5d17734-b65d-4709-bb43-8091ef77f31a
Cookie: wWoBNwuDDNfmmkr=wWoBNwuDDNfmmkr
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: http://bilqi-omv.com/zcvisitor/ea29bb62-529d-11ed-96e9-12501c43caaf/fa8076ca-64e7-4648-95fb-59f8b6b1f6e1?campaignid=21df8310-2377-11ed-a767-128084d1ce51
Server: Microsoft-IIS/8.5
X-AspNetMvc-Version: 5.2
X-AspNet-Version: 4.0.30319
X-Server: web02
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type
Date: Sun, 23 Oct 2022 06:42:52 GMT
Content-Length: 269
bilqi-omv.com/zcvisitor/ea29bb62-529d-11ed-96e9-12501c43caaf/fa8076ca-64e7-4648-95fb-59f8b6b1f6e1?campaignid=21df8310-2377-11ed-a767-128084d1ce51
35.174.150.83200 996 B URL HTTP/1.1 bilqi-omv.com/zcvisitor/ea29bb62-529d-11ed-96e9-12501c43caaf/fa8076ca-64e7-4648-95fb-59f8b6b1f6e1?campaignid=21df8310-2377-11ed-a767-128084d1ce51
IP 35.174.150.83:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 533c96ec98ea1c4ad1d7c1554af693c1
e77eb98e4450346decd4e15f14977cfd023aa292
431de842e22cf62ec3e65d2d67e2e77b4db158d4ccb6cf698a97360588767a29
GET /zcvisitor/ea29bb62-529d-11ed-96e9-12501c43caaf/fa8076ca-64e7-4648-95fb-59f8b6b1f6e1?campaignid=21df8310-2377-11ed-a767-128084d1ce51 HTTP/1.1
Host: bilqi-omv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://btpnav.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200
Date: Sun, 23 Oct 2022 06:42:52 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
Server: bMfPywwf
bilqi-omv.com/zcredirect?visitid=ea29bb62-529d-11ed-96e9-12501c43caaf&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false
35.174.150.83200 714 B URL HTTP/1.1 bilqi-omv.com/zcredirect?visitid=ea29bb62-529d-11ed-96e9-12501c43caaf&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false
IP 35.174.150.83:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (314)
Hash f39486a5bdc4932e2baa26c241b21efb
9b32ea7dabf9aa87c96399ecca5e3359e0d7a2d4
4888eed64ea6b9ab3632986d25f9a479d424d5191d39e792dfc8b3460d50486e
GET /zcredirect?visitid=ea29bb62-529d-11ed-96e9-12501c43caaf&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false HTTP/1.1
Host: bilqi-omv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bilqi-omv.com/zcvisitor/ea29bb62-529d-11ed-96e9-12501c43caaf/fa8076ca-64e7-4648-95fb-59f8b6b1f6e1?campaignid=21df8310-2377-11ed-a767-128084d1ce51
Upgrade-Insecure-Requests: 1
HTTP/1.1 200
Date: Sun, 23 Oct 2022 06:42:52 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
redirected: JS
Server: MNhpAEYF
ocsp.sca1b.amazontrust.com/
143.204.42.158200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.158:0
Hash 44706d308f06ed812cb7e51dda296a32
aa90d512f56f6714f0aef8ec5aea620666bcf27e
ab3f30608679b186c146a4d96a5e50b51a2333d10c9ec3df9226f4078226aea2
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=145226
Date: Sun, 23 Oct 2022 06:42:52 GMT
Etag: "6354627d-1d7"
Expires: Mon, 24 Oct 2022 23:03:18 GMT
Last-Modified: Sat, 22 Oct 2022 21:37:01 GMT
Server: ECS (dcb/7F60)
X-Cache: Miss from cloudfront
Via: 1.1 814e8c24454087e83cd261a6cf477166.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: hoYeRHUfBGjVGsF8a6WJ4xyly_EZM52tSz_cubGEE5FOFUShEaDOUQ==
Age: 5177
bilqi-omv.com/favicon.ico
35.174.150.83404 653 B URL HTTP/1.1 bilqi-omv.com/favicon.ico
IP 35.174.150.83:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (649), with no line terminators
Hash ba2732b1b2fa2626ffaa15f62f9e7d66
203d4e7fbb1d80449d6e4e1f3ae7a9bf8625debe
879861cb72fe9fbb476dab246021c4c83b4066327de2529e05ec54d3afb0a1c8
GET /favicon.ico HTTP/1.1
Host: bilqi-omv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://bilqi-omv.com/zcredirect?visitid=ea29bb62-529d-11ed-96e9-12501c43caaf&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false
HTTP/1.1 404
Date: Sun, 23 Oct 2022 06:42:52 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 653
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Content-Language: en
Server: ajCHvhjZ
ayxvy.voluumtrk3.com/zp-redirect?target=https%3A%2F%2Ftake-best-bonuses.life%2F%3Fu%3Dxunwwwr%26o%3Db0hp0zn%26cid%3Dwrbgqqqidnchjmuj2ddlaj90&caid=158b5b73-ccca-408f-a150-a43e12f193d8&zpid=ea29bb62-529d-11ed-96e9-12501c43caaf&cid=wrbgqqqidnchjmuj2ddlaj90&rt=R
35.156.198.22302 Found 0 B URL HTTP/2 ayxvy.voluumtrk3.com/zp-redirect?target=https%3A%2F%2Ftake-best-bonuses.life%2F%3Fu%3Dxunwwwr%26o%3Db0hp0zn%26cid%3Dwrbgqqqidnchjmuj2ddlaj90&caid=158b5b73-ccca-408f-a150-a43e12f193d8&zpid=ea29bb62-529d-11ed-96e9-12501c43caaf&cid=wrbgqqqidnchjmuj2ddlaj90&rt=R
IP 35.156.198.22:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /zp-redirect?target=https%3A%2F%2Ftake-best-bonuses.life%2F%3Fu%3Dxunwwwr%26o%3Db0hp0zn%26cid%3Dwrbgqqqidnchjmuj2ddlaj90&caid=158b5b73-ccca-408f-a150-a43e12f193d8&zpid=ea29bb62-529d-11ed-96e9-12501c43caaf&cid=wrbgqqqidnchjmuj2ddlaj90&rt=R HTTP/1.1
Host: ayxvy.voluumtrk3.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://bilqi-omv.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Sun, 23 Oct 2022 06:42:52 GMT
content-length: 0
location: https://take-best-bonuses.life/?u=xunwwwr&o=b0hp0zn&cid=wrbgqqqidnchjmuj2ddlaj90
cache-control: no-store, no-cache, pre-check=0, post-check=0
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
set-cookie: voluum-cid-v4=%7B%22cid%22%3A%22wrbgqqqidnchjmuj2ddlaj90%22%2C%22caid%22%3A%22158b5b73-ccca-408f-a150-a43e12f193d8%22%7D; Max-Age=31536000; Expires=Mon, 23-Oct-2023 06:42:52 GMT; Domain=ayxvy.voluumtrk3.com; Path=/; Secure; HttpOnly;SameSite=None
server: nginx
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f1b833a135e4d839859e4994f349bb6c
399b607015c4d9200df20084c7396591007dc995
28db09a2a0e821b37dc1cfb710bf896c438755bfc992eb775f41128b0e52e5d1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "28DB09A2A0E821B37DC1CFB710BF896C438755BFC992EB775F41128B0E52E5D1"
Last-Modified: Fri, 21 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3631
Expires: Sun, 23 Oct 2022 07:43:23 GMT
Date: Sun, 23 Oct 2022 06:42:52 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f1b833a135e4d839859e4994f349bb6c
399b607015c4d9200df20084c7396591007dc995
28db09a2a0e821b37dc1cfb710bf896c438755bfc992eb775f41128b0e52e5d1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "28DB09A2A0E821B37DC1CFB710BF896C438755BFC992EB775F41128B0E52E5D1"
Last-Modified: Fri, 21 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3631
Expires: Sun, 23 Oct 2022 07:43:23 GMT
Date: Sun, 23 Oct 2022 06:42:52 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f1b833a135e4d839859e4994f349bb6c
399b607015c4d9200df20084c7396591007dc995
28db09a2a0e821b37dc1cfb710bf896c438755bfc992eb775f41128b0e52e5d1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "28DB09A2A0E821B37DC1CFB710BF896C438755BFC992EB775F41128B0E52E5D1"
Last-Modified: Fri, 21 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3631
Expires: Sun, 23 Oct 2022 07:43:23 GMT
Date: Sun, 23 Oct 2022 06:42:52 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f1b833a135e4d839859e4994f349bb6c
399b607015c4d9200df20084c7396591007dc995
28db09a2a0e821b37dc1cfb710bf896c438755bfc992eb775f41128b0e52e5d1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "28DB09A2A0E821B37DC1CFB710BF896C438755BFC992EB775F41128B0E52E5D1"
Last-Modified: Fri, 21 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3631
Expires: Sun, 23 Oct 2022 07:43:23 GMT
Date: Sun, 23 Oct 2022 06:42:52 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F080f3444-90ed-495b-96d4-2db78eb397df.jpeg
34.120.237.76200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F080f3444-90ed-495b-96d4-2db78eb397df.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3c0675dc4be3e7a62f7083f4b34e5959
f6c43d035774306f3622029fb6a2c9d44086a3f8
56153c1a09bbf2a2d0079fe15ee54733460bbce7572d6b1b66972a0e00123b1e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F080f3444-90ed-495b-96d4-2db78eb397df.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7588
x-amzn-requestid: b6a2786a-7863-49b7-b96f-09b94c44dcdc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: abRm0GRfIAMFVcw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-635462f8-58ef725d7c9a71fc0c90a86d;Sampled=0
x-amzn-remapped-date: Sat, 22 Oct 2022 21:39:04 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: jtZFCDkxgLwr6JRka5OuVuFcxmZH4sNWrhT_kx1DkFTSN3NQ9NUu0Q==
via: 1.1 95b0ac620fa3a80ee590ecf1cda1c698.cloudfront.net (CloudFront), 1.1 68fadeb91f97256bb67b03bfca74d830.cloudfront.net (CloudFront), 1.1 google
date: Sat, 22 Oct 2022 21:43:36 GMT
etag: "f6c43d035774306f3622029fb6a2c9d44086a3f8"
content-type: image/jpeg
age: 32357
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa75f7b18-e0d1-4cfe-b763-83c991def199.webp
34.120.237.76200 OK 4.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa75f7b18-e0d1-4cfe-b763-83c991def199.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash bed49abb7a64c9f0717ac283b30bff8b
0f9e4ab8e7ceff21752ea83a243431fc4c78a4e3
ddb5ed6e7b818593ac9819be0a8d376e26ef3b45b417f00ce1d7dbee47465bec
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa75f7b18-e0d1-4cfe-b763-83c991def199.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4746
x-amzn-requestid: fa85cf46-7cea-439e-92d5-db3875ff4479
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aIQpNFk5IAMF16Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634cc7d4-245cdd691d0c415d508421ce;Sampled=0
x-amzn-remapped-date: Mon, 17 Oct 2022 03:11:16 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: _-h7oz6Zv1P40jltqN71dpyrUJG_HzVJS8gKby0vgdkaNJ4ljXUwCg==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 707e733794d52100fde0ab21bf0b1462.cloudfront.net (CloudFront), 1.1 google
date: Sat, 22 Oct 2022 15:25:14 GMT
age: 55059
etag: "0f9e4ab8e7ceff21752ea83a243431fc4c78a4e3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F59238334-9f45-421d-9067-ed59fbf8b0b6.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F59238334-9f45-421d-9067-ed59fbf8b0b6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2a47128c87b628846400333388bd8326
b0d44fc160f020dba7782d1ffd3995b93bceb909
77123eae8c61d6ad061d2a0720b608d34ca9ed59e274ecb6824e5fc30a997505
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F59238334-9f45-421d-9067-ed59fbf8b0b6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10292
x-amzn-requestid: fca5e428-9855-4891-bc80-5ff5a7c29ca0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aDVCRHlRIAMFgdQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634acedb-140b0cdc0d2d814e4ee53ef7;Sampled=0
x-amzn-remapped-date: Sat, 15 Oct 2022 15:16:43 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: uuzjffiuDYZObYZ1pP6_ndGpUxpxM3AVamvctTfVkDIv9fxF-0RZUg==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 01147dcc35d57fc0238a3c1700c13f16.cloudfront.net (CloudFront), 1.1 google
date: Sun, 23 Oct 2022 03:09:44 GMT
age: 12789
etag: "b0d44fc160f020dba7782d1ffd3995b93bceb909"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd337e0f9-4135-4fa1-9843-c609356020a9.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd337e0f9-4135-4fa1-9843-c609356020a9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash bcadefe69587d4ab5bf5ff9e71eb5cab
066fb94a6ae38e57d67001cc319eea17f837d511
45b175a2cecee90b2d0efc16c4139686ffcf34bfac9084fe9e5e1c926dc1330c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd337e0f9-4135-4fa1-9843-c609356020a9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10036
x-amzn-requestid: b1f0e0b9-6fc6-4b7c-a9b0-55845cdfd2d9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: abR9aEvjIAMF22Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63546388-72742b3a1279d76e2e842930;Sampled=0
x-amzn-remapped-date: Sat, 22 Oct 2022 21:41:28 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: e-Q7z6QYQB1CGZ57JUJIf6l7Ofu9nGkF-ONfTrXJb6MMegchNYMqWQ==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 ebe4011a81a36e2bf678f69ce1711330.cloudfront.net (CloudFront), 1.1 google
date: Sat, 22 Oct 2022 21:50:36 GMT
etag: "066fb94a6ae38e57d67001cc319eea17f837d511"
content-type: image/jpeg
age: 31937
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F50afa8fe-bd4e-4951-bc9f-b9a25aa28c7b.jpeg
34.120.237.76200 OK 8.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F50afa8fe-bd4e-4951-bc9f-b9a25aa28c7b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 319c9a70bded148097c378aee2e5e7e3
9815cabee697f91758b3d6049b33b6e6372fc69e
511dfb789ee7031302e0b18761854b93b47a7113d7a6a1a8ee16b3f1e425786b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F50afa8fe-bd4e-4951-bc9f-b9a25aa28c7b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8344
x-amzn-requestid: 563c255f-62bf-4038-92e0-ffb869de9acd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: abRkFHUUIAMFY3A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-635462e6-34b76ac446e96214580e6fe6;Sampled=0
x-amzn-remapped-date: Sat, 22 Oct 2022 21:38:46 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: ODC-cdFkM2mIQFcZjYm_ECZjhrFEewsJxzlZXisEt8l8GYnD4KuKEg==
via: 1.1 95b0ac620fa3a80ee590ecf1cda1c698.cloudfront.net (CloudFront), 1.1 31119c39c5a6dc62dfa1fe940afd7be2.cloudfront.net (CloudFront), 1.1 google
date: Sat, 22 Oct 2022 21:43:36 GMT
age: 32357
etag: "9815cabee697f91758b3d6049b33b6e6372fc69e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faeb090f5-d3fb-4dcf-bfb4-7490dee6c833.jpeg
34.120.237.76200 OK 6.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faeb090f5-d3fb-4dcf-bfb4-7490dee6c833.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ebab98ee9ab567348e2c31cccdbc62c2
6c453568c39d65380ebcf7151b5383994b864abe
e9bf601eb67aa9778b326e7568f990352d9bfa574da283e879e62e9a2dddb2fa
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faeb090f5-d3fb-4dcf-bfb4-7490dee6c833.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6821
x-amzn-requestid: 05d1de38-a072-4392-b1c6-a07f7d67fbf0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aMGWZGH-IAMFVzg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634e50f5-3868ae460a52caa178d8ff2f;Sampled=0
x-amzn-remapped-date: Tue, 18 Oct 2022 07:08:37 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: Q0jfZigs37oi_sofHLQimt37uujfVdoqz2kLm26FgF5i1ziagz3noQ==
via: 1.1 331202b5b8aab67acbf389883133f256.cloudfront.net (CloudFront), 1.1 91356d2137f5a7345e93da4516c49ec4.cloudfront.net (CloudFront), 1.1 google
date: Sat, 22 Oct 2022 21:09:09 GMT
age: 34424
etag: "6c453568c39d65380ebcf7151b5383994b864abe"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 2f55c42b2a629159713596c0d5be7f22
a917fd62759400b941b28b72f29c2cff5093b2a6
20a213e10d75eaf9d96c0d5c375e37a8204b3a0645773589687661d1e0a6130a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "20A213E10D75EAF9D96C0D5C375E37A8204B3A0645773589687661D1E0A6130A"
Last-Modified: Thu, 20 Oct 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3625
Expires: Sun, 23 Oct 2022 07:43:18 GMT
Date: Sun, 23 Oct 2022 06:42:53 GMT
Connection: keep-alive
take-best-bonuses.life/?u=xunwwwr&o=b0hp0zn&cid=wrbgqqqidnchjmuj2ddlaj90
146.19.213.102200 OK 19 kB URL HTTP/1.1 take-best-bonuses.life/?u=xunwwwr&o=b0hp0zn&cid=wrbgqqqidnchjmuj2ddlaj90
IP 146.19.213.102:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with very long lines (549)
Hash c187e7d34ebaec8bf21434369a1ea0fc
bf4c045f2db07d14a92c5e7899c32443054aa0d7
2b074ba7175bacb3c0cbfab492d7d5f1f5c3ab9dbc9d7b93bb513540971e3b3f
GET /?u=xunwwwr&o=b0hp0zn&cid=wrbgqqqidnchjmuj2ddlaj90 HTTP/1.1
Host: take-best-bonuses.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://bilqi-omv.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 23 Oct 2022 06:42:53 GMT
Content-Type: text/html
Content-Length: 19422
Connection: keep-alive
set-cookie: sid=t2~uin5d1nduafhwbwlin3zlszk; path=/
cache-control: private, no-transform
take-best-bonuses.life/media/gambling/en/slotbar/style.css
146.19.213.102200 OK 20 kB URL HTTP/1.1 take-best-bonuses.life/media/gambling/en/slotbar/style.css
IP 146.19.213.102:0
File type ASCII text, with very long lines (492), with CRLF line terminators
Hash 8c38a209d98ec6a54d6b7cd42046af41
8b84ce3e95d745d2d6b6057344552b647aefe86d
d3b04d04ba4fa44ce3cee6fd4d97958d8ea9bebd93a14a12be14a3259fab0022
GET /media/gambling/en/slotbar/style.css HTTP/1.1
Host: take-best-bonuses.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://take-best-bonuses.life/?u=xunwwwr&o=b0hp0zn&cid=wrbgqqqidnchjmuj2ddlaj90
Cookie: sid=t2~uin5d1nduafhwbwlin3zlszk
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 23 Oct 2022 06:42:53 GMT
Content-Type: text/css
Content-Length: 20006
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "8c38a209d98ec6a54d6b7cd42046af41"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17209EAD30C899EC
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Mon, 23 Oct 2023 06:42:53 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash ea20460028066b7fba2f10b51d883192
a73b8263a4477aceeda349c7beff7050de9df38b
f933a7ff2c6ec9189ba29fdf09da9125ac59d9c03b4a14e14e9f1b5fa5322b1c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 23 Oct 2022 06:42:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ajax.googleapis.com/ajax/libs/jquery/2.2.0/jquery.min.js
142.250.74.170200 OK 30 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/2.2.0/jquery.min.js
IP 142.250.74.170:0
File type ASCII text, with very long lines (32069)
Hash 4ae540714475aa934955496d990ab15f
b7724c4d72a422b86f5dc06571ff4bc86f0308a3
ca0222f8799d862ca8c427d6c612878f47043c9445ad0e1567f1f80e83c965e2
GET /ajax/libs/jquery/2.2.0/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://take-best-bonuses.life/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30089
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 21 Oct 2022 20:28:36 GMT
expires: Sat, 21 Oct 2023 20:28:36 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
age: 123257
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
take-best-bonuses.life/cookie/js.cookie9.js
146.19.213.102200 OK 4.4 kB URL HTTP/1.1 take-best-bonuses.life/cookie/js.cookie9.js
IP 146.19.213.102:0
File type ASCII text, with very long lines (1709)
Hash 16e07bf02a8e81d2cd5679dc45cc318c
7c205205935a3a56a8976b2ac648502b43103b5f
96e91577f6be403fc263780e07e6b7839373588026f793d2b4edd77dcbba871e
GET /cookie/js.cookie9.js HTTP/1.1
Host: take-best-bonuses.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://take-best-bonuses.life/?u=xunwwwr&o=b0hp0zn&cid=wrbgqqqidnchjmuj2ddlaj90
Cookie: sid=t2~uin5d1nduafhwbwlin3zlszk
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 23 Oct 2022 06:42:53 GMT
Content-Type: application/javascript
Content-Length: 4395
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "16e07bf02a8e81d2cd5679dc45cc318c"
Last-Modified: Wed, 31 Aug 2022 09:31:17 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17209F3712A79112
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Mon, 23 Oct 2023 06:42:53 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash ea20460028066b7fba2f10b51d883192
a73b8263a4477aceeda349c7beff7050de9df38b
f933a7ff2c6ec9189ba29fdf09da9125ac59d9c03b4a14e14e9f1b5fa5322b1c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 23 Oct 2022 06:42:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
take-best-bonuses.life/media/gambling/backbutton_gmb.js
146.19.213.102200 OK 3.9 kB URL HTTP/1.1 take-best-bonuses.life/media/gambling/backbutton_gmb.js
IP 146.19.213.102:0
File type ASCII text, with CRLF line terminators
Hash 42a42a2180debd55caba94527379964c
562c1754c94ce49326b0381805ee14d175487778
52afe26d88ec86edf4a46d872db86007597b8ff5f6d9e79e47c9e6b899d0b781
GET /media/gambling/backbutton_gmb.js HTTP/1.1
Host: take-best-bonuses.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://take-best-bonuses.life/?u=xunwwwr&o=b0hp0zn&cid=wrbgqqqidnchjmuj2ddlaj90
Cookie: sid=t2~uin5d1nduafhwbwlin3zlszk
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 23 Oct 2022 06:42:53 GMT
Content-Type: application/javascript
Content-Length: 3923
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "42a42a2180debd55caba94527379964c"
Last-Modified: Wed, 31 Aug 2022 09:34:51 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17209F3716FB6791
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Mon, 23 Oct 2023 06:42:53 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
take-best-bonuses.life/media/gambling/icon.js
146.19.213.102200 OK 1.6 kB URL HTTP/1.1 take-best-bonuses.life/media/gambling/icon.js
IP 146.19.213.102:0
File type ASCII text, with CRLF line terminators
Hash 2b25502a979c3b240fc77e52689e4c29
790d306577b490abe99d88fb55bce2e815689843
328a90c5503266ebe4dda1e9c84558e62016811f112a159aecb36fc489563577
GET /media/gambling/icon.js HTTP/1.1
Host: take-best-bonuses.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://take-best-bonuses.life/?u=xunwwwr&o=b0hp0zn&cid=wrbgqqqidnchjmuj2ddlaj90
Cookie: sid=t2~uin5d1nduafhwbwlin3zlszk
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 23 Oct 2022 06:42:53 GMT
Content-Type: application/javascript
Content-Length: 1580
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "2b25502a979c3b240fc77e52689e4c29"
Last-Modified: Wed, 31 Aug 2022 09:34:54 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17209F370BD59DBA
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Mon, 23 Oct 2023 06:42:53 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
take-best-bonuses.life/media/gambling/sound.js
146.19.213.102200 OK 1.1 kB URL HTTP/1.1 take-best-bonuses.life/media/gambling/sound.js
IP 146.19.213.102:0
File type ASCII text, with CRLF line terminators
Hash 3787b349cb8b744b6917fe43f96b1ccd
ab26d82699a166f520a51f722bc6262ef1d5421f
8e4cbdda4f0a209714e470984de7250f946c3afd35ded05302ef431be048e918
GET /media/gambling/sound.js HTTP/1.1
Host: take-best-bonuses.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://take-best-bonuses.life/?u=xunwwwr&o=b0hp0zn&cid=wrbgqqqidnchjmuj2ddlaj90
Cookie: sid=t2~uin5d1nduafhwbwlin3zlszk
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 23 Oct 2022 06:42:53 GMT
Content-Type: application/javascript
Content-Length: 1083
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "3787b349cb8b744b6917fe43f96b1ccd"
Last-Modified: Wed, 31 Aug 2022 09:34:56 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17209F3700670E73
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Mon, 23 Oct 2023 06:42:53 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
take-best-bonuses.life/util/utils-gmb.js
146.19.213.102200 OK 4.7 kB URL HTTP/1.1 take-best-bonuses.life/util/utils-gmb.js
IP 146.19.213.102:0
File type ASCII text, with very long lines (641), with CRLF line terminators
Hash 570df3f849036a1a4a75ca2a28047d36
f69147076e3912116a9765a2ed34afe3cae67978
221e1a80f62592306f7a357aa9ee1a43b32a10314f340b64604ca9d351cf33c4
GET /util/utils-gmb.js HTTP/1.1
Host: take-best-bonuses.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://take-best-bonuses.life/?u=xunwwwr&o=b0hp0zn&cid=wrbgqqqidnchjmuj2ddlaj90
Cookie: sid=t2~uin5d1nduafhwbwlin3zlszk
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 23 Oct 2022 06:42:53 GMT
Content-Type: application/javascript
Content-Length: 4651
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "570df3f849036a1a4a75ca2a28047d36"
Last-Modified: Wed, 31 Aug 2022 09:38:20 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17209F36FE634ADC
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Mon, 23 Oct 2023 06:42:53 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
take-best-bonuses.life/media/gambling/en/slotbar/comment.js
146.19.213.102200 OK 2.8 kB URL HTTP/1.1 take-best-bonuses.life/media/gambling/en/slotbar/comment.js
IP 146.19.213.102:0
File type ASCII text, with very long lines (2753), with no line terminators
Hash 8441712705c040dc2ecfd7966c11f131
2f776d7927b20cf9813436f83e3007002979cccb
b18340e4cacb8244292577c44d3a37be71c75977ab74e417c8b8cb0da4d84246
GET /media/gambling/en/slotbar/comment.js HTTP/1.1
Host: take-best-bonuses.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://take-best-bonuses.life/?u=xunwwwr&o=b0hp0zn&cid=wrbgqqqidnchjmuj2ddlaj90
Cookie: sid=t2~uin5d1nduafhwbwlin3zlszk
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 23 Oct 2022 06:42:53 GMT
Content-Type: application/javascript
Content-Length: 2753
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "8441712705c040dc2ecfd7966c11f131"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17209EAD43EA3D38
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Mon, 23 Oct 2023 06:42:53 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
take-best-bonuses.life/media/gambling/exit_gmb.js
146.19.213.102200 OK 1.6 kB URL HTTP/1.1 take-best-bonuses.life/media/gambling/exit_gmb.js
IP 146.19.213.102:0
File type ASCII text, with CRLF line terminators
Hash 5202df93e55f911a83a995fa38af7ee6
6c0ce8fd3d83e819b40bdff250b8c9331a2bbcf8
28ef9927757f823b79b11ebc2b24e22940e84492d5d78ede4591e4e520a43681
GET /media/gambling/exit_gmb.js HTTP/1.1
Host: take-best-bonuses.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://take-best-bonuses.life/?u=xunwwwr&o=b0hp0zn&cid=wrbgqqqidnchjmuj2ddlaj90
Cookie: sid=t2~uin5d1nduafhwbwlin3zlszk
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 23 Oct 2022 06:42:53 GMT
Content-Type: application/javascript
Content-Length: 1550
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "5202df93e55f911a83a995fa38af7ee6"
Last-Modified: Wed, 31 Aug 2022 09:34:54 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17209F371783B57B
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Mon, 23 Oct 2023 06:42:53 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
take-best-bonuses.life/media/gambling/confetti.js
146.19.213.102200 OK 3.5 kB URL HTTP/1.1 take-best-bonuses.life/media/gambling/confetti.js
IP 146.19.213.102:0
File type ASCII text, with very long lines (3533), with no line terminators
Hash 116c9460f5e882a7fcf4e837f7efc72a
13a88e74735d05985e5d07e8cbff716329f5d81c
651141c8290087af54c66793aa063ee5697661fb914925f56bd09390a2895ce4
GET /media/gambling/confetti.js HTTP/1.1
Host: take-best-bonuses.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://take-best-bonuses.life/?u=xunwwwr&o=b0hp0zn&cid=wrbgqqqidnchjmuj2ddlaj90
Cookie: sid=t2~uin5d1nduafhwbwlin3zlszk
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 23 Oct 2022 06:42:53 GMT
Content-Type: application/javascript
Content-Length: 3533
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "116c9460f5e882a7fcf4e837f7efc72a"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17209F3713434B78
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Mon, 23 Oct 2023 06:42:53 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
take-best-bonuses.life/media/gambling/en/slotbar/returnDate.no.js
146.19.213.102200 OK 1.2 kB URL HTTP/1.1 take-best-bonuses.life/media/gambling/en/slotbar/returnDate.no.js
IP 146.19.213.102:0
Hash dbdb981f8658c845968ec8226f81d1d8
d679b7bf47f71cd55b6c307cf96146a95660d667
5c9b1b4991000ba0178363dd1c57556fe2d6b433f6d4eef927c2cd15d55660fa
GET /media/gambling/en/slotbar/returnDate.no.js HTTP/1.1
Host: take-best-bonuses.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://take-best-bonuses.life/?u=xunwwwr&o=b0hp0zn&cid=wrbgqqqidnchjmuj2ddlaj90
Cookie: sid=t2~uin5d1nduafhwbwlin3zlszk
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 23 Oct 2022 06:42:53 GMT
Content-Type: application/javascript
Content-Length: 1242
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "dbdb981f8658c845968ec8226f81d1d8"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17209FA07A380A5D
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Mon, 23 Oct 2023 06:42:53 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
take-best-bonuses.life/media/gambling/en/slotbar/img1.jpg
146.19.213.102200 OK 1.3 kB URL HTTP/1.1 take-best-bonuses.life/media/gambling/en/slotbar/img1.jpg
IP 146.19.213.102:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 50x50, components 3\012- data
Hash c3c59916d3b4977017c89125dc42b664
c8e5a97a6e9fbf41558c09c65b2ca6df9ba8723a
aa05de326a8afd2a7b16c253d8c10fc41857b474f23a814ffa7684d4ef17c1a9
GET /media/gambling/en/slotbar/img1.jpg HTTP/1.1
Host: take-best-bonuses.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://take-best-bonuses.life/?u=xunwwwr&o=b0hp0zn&cid=wrbgqqqidnchjmuj2ddlaj90
Cookie: sid=t2~uin5d1nduafhwbwlin3zlszk
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 23 Oct 2022 06:42:53 GMT
Content-Type: image/jpeg
Content-Length: 1315
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "c3c59916d3b4977017c89125dc42b664"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17209EAD5961EF67
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Mon, 23 Oct 2023 06:42:53 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
take-best-bonuses.life/media/gambling/en/slotbar/3temv7e.jpg
146.19.213.102200 OK 1.2 kB URL HTTP/1.1 take-best-bonuses.life/media/gambling/en/slotbar/3temv7e.jpg
IP 146.19.213.102:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 50x50, components 3\012- data
Hash a848711320a9df61e6457f65b0dfa9fb
68a62a84d89f4f9e1e831a6cef920797c7f2e7d5
aea3443ffa2df4454daac365b37a61f9b9b1ba24dc0899ff3afca9f770765ce0
GET /media/gambling/en/slotbar/3temv7e.jpg HTTP/1.1
Host: take-best-bonuses.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://take-best-bonuses.life/?u=xunwwwr&o=b0hp0zn&cid=wrbgqqqidnchjmuj2ddlaj90
Cookie: sid=t2~uin5d1nduafhwbwlin3zlszk
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 23 Oct 2022 06:42:53 GMT
Content-Type: image/jpeg
Content-Length: 1169
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "a848711320a9df61e6457f65b0dfa9fb"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17209EAD5EE7BBD1
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Mon, 23 Oct 2023 06:42:53 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
take-best-bonuses.life/media/gambling/en/slotbar/yWwCB4c.jpg
146.19.213.102200 OK 2.3 kB URL HTTP/1.1 take-best-bonuses.life/media/gambling/en/slotbar/yWwCB4c.jpg
IP 146.19.213.102:0
File type JPEG image data, baseline, precision 8, 50x50, components 3\012- data
Hash 5edf4db493423ac10c72a27ad5c4a618
5c535d00eaeaa725b39e3e1167a12de5bd66a1f2
a7c86ca5470f7d68b4c5f1c87f29f7daf816d1bd95353091bba8753341bb6f5f
GET /media/gambling/en/slotbar/yWwCB4c.jpg HTTP/1.1
Host: take-best-bonuses.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://take-best-bonuses.life/?u=xunwwwr&o=b0hp0zn&cid=wrbgqqqidnchjmuj2ddlaj90
Cookie: sid=t2~uin5d1nduafhwbwlin3zlszk
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 23 Oct 2022 06:42:53 GMT
Content-Type: image/jpeg
Content-Length: 2336
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "5edf4db493423ac10c72a27ad5c4a618"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17209EAD597DDBFC
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Mon, 23 Oct 2023 06:42:53 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
take-best-bonuses.life/media/gambling/en/slotbar/red-arrow-right.png
146.19.213.102200 OK 1.1 kB URL HTTP/1.1 take-best-bonuses.life/media/gambling/en/slotbar/red-arrow-right.png
IP 146.19.213.102:0
File type PNG image data, 50 x 50, 8-bit colormap, non-interlaced\012- data
Hash c4d30de24dab6f826e7f27286beaceaa
b42751f5e5ebb1561fc9809235df332e8eb0f8c8
124c45624ec8d62cec06559dcfcd78ae0c686964ffe05911a836a0e4e1410081
GET /media/gambling/en/slotbar/red-arrow-right.png HTTP/1.1
Host: take-best-bonuses.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://take-best-bonuses.life/?u=xunwwwr&o=b0hp0zn&cid=wrbgqqqidnchjmuj2ddlaj90
Cookie: sid=t2~uin5d1nduafhwbwlin3zlszk
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 23 Oct 2022 06:42:53 GMT
Content-Type: image/png
Content-Length: 1089
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "c4d30de24dab6f826e7f27286beaceaa"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17209EAD5940A8D0
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Mon, 23 Oct 2023 06:42:53 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
take-best-bonuses.life/media/gambling/en/slotbar/red-arrow-left.png
146.19.213.102200 OK 1.1 kB URL HTTP/1.1 take-best-bonuses.life/media/gambling/en/slotbar/red-arrow-left.png
IP 146.19.213.102:0
File type PNG image data, 50 x 50, 8-bit colormap, non-interlaced\012- data
Hash 58f67f1674f5133b9925d3ae27dc0498
81c764ff6133a59dac942dfc76d77ee7c942fc03
29879956bc91fc604349179daa4c866d15cc6a6b120e0e6abb5ff0d078c7484b
GET /media/gambling/en/slotbar/red-arrow-left.png HTTP/1.1
Host: take-best-bonuses.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://take-best-bonuses.life/?u=xunwwwr&o=b0hp0zn&cid=wrbgqqqidnchjmuj2ddlaj90
Cookie: sid=t2~uin5d1nduafhwbwlin3zlszk
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 23 Oct 2022 06:42:53 GMT
Content-Type: image/png
Content-Length: 1059
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "58f67f1674f5133b9925d3ae27dc0498"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17209EAD51103D85
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Mon, 23 Oct 2023 06:42:53 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
take-best-bonuses.life/media/gambling/en/slotbar/slot-win.png
146.19.213.102200 OK 14 kB URL HTTP/1.1 take-best-bonuses.life/media/gambling/en/slotbar/slot-win.png
IP 146.19.213.102:0
File type PNG image data, 410 x 279, 8-bit colormap, non-interlaced\012- data
Hash efb5cc057d90910eac87b874ae4dba74
6e24b4b704bee110a184ebe7b560bd3e91c73171
89c8a97b460a4fdca3c3bae5cc2f0aac9ca347ba18b6edf90c1c83ea953a6194
GET /media/gambling/en/slotbar/slot-win.png HTTP/1.1
Host: take-best-bonuses.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://take-best-bonuses.life/?u=xunwwwr&o=b0hp0zn&cid=wrbgqqqidnchjmuj2ddlaj90
Cookie: sid=t2~uin5d1nduafhwbwlin3zlszk
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 23 Oct 2022 06:42:53 GMT
Content-Type: image/png
Content-Length: 13853
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "efb5cc057d90910eac87b874ae4dba74"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17209EAD45DCF529
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Mon, 23 Oct 2023 06:42:53 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
take-best-bonuses.life/media/gambling/en/slotbar/img2.jpg
146.19.213.102200 OK 1.3 kB URL HTTP/1.1 take-best-bonuses.life/media/gambling/en/slotbar/img2.jpg
IP 146.19.213.102:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 50x50, components 3\012- data
Hash 92b944714cea3e478a8e50dea1a80b26
f12fc267be0ab02e2f3585b42df5b8c10d3cd3a5
fa07d78345204bf48b255523990b544e1b28f9a7810aaf2b8a5a356d05575205
GET /media/gambling/en/slotbar/img2.jpg HTTP/1.1
Host: take-best-bonuses.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://take-best-bonuses.life/?u=xunwwwr&o=b0hp0zn&cid=wrbgqqqidnchjmuj2ddlaj90
Cookie: sid=t2~uin5d1nduafhwbwlin3zlszk
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 23 Oct 2022 06:42:53 GMT
Content-Type: image/jpeg
Content-Length: 1297
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "92b944714cea3e478a8e50dea1a80b26"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17209EAD596CA7C0
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Mon, 23 Oct 2023 06:42:53 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
take-best-bonuses.life/media/gambling/en/slotbar/EKZrmbS.jpg
146.19.213.102200 OK 2.3 kB URL HTTP/1.1 take-best-bonuses.life/media/gambling/en/slotbar/EKZrmbS.jpg
IP 146.19.213.102:0
File type JPEG image data, baseline, precision 8, 50x50, components 3\012- data
Hash 7364bf39dcf0941d3a1760e46a562710
a358405162193128cceae8551e14648798bd4254
ba858c8ecc8f498253509a9251e5070ce3b3ad9950b704a22a9a1fb1efc62541
GET /media/gambling/en/slotbar/EKZrmbS.jpg HTTP/1.1
Host: take-best-bonuses.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://take-best-bonuses.life/?u=xunwwwr&o=b0hp0zn&cid=wrbgqqqidnchjmuj2ddlaj90
Cookie: sid=t2~uin5d1nduafhwbwlin3zlszk
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 23 Oct 2022 06:42:53 GMT
Content-Type: image/jpeg
Content-Length: 2264
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "7364bf39dcf0941d3a1760e46a562710"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17209EAD674E4786
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Mon, 23 Oct 2023 06:42:53 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
take-best-bonuses.life/media/gambling/en/slotbar/9PH2QqX.jpg
146.19.213.102200 OK 2.1 kB URL HTTP/1.1 take-best-bonuses.life/media/gambling/en/slotbar/9PH2QqX.jpg
IP 146.19.213.102:0
File type JPEG image data, baseline, precision 8, 50x50, components 3\012- data
Hash f48aa7778890400e3be6131e64cd4236
9341d039b9f7de4eac9070c36fecac2772cc1ba0
388e1eb0cb648490ea1c4913f4ea3128f3fbfbda0608bf85e471d947db905302
GET /media/gambling/en/slotbar/9PH2QqX.jpg HTTP/1.1
Host: take-best-bonuses.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://take-best-bonuses.life/?u=xunwwwr&o=b0hp0zn&cid=wrbgqqqidnchjmuj2ddlaj90
Cookie: sid=t2~uin5d1nduafhwbwlin3zlszk
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 23 Oct 2022 06:42:53 GMT
Content-Type: image/jpeg
Content-Length: 2143
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "f48aa7778890400e3be6131e64cd4236"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17209EAD670C32D8
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Mon, 23 Oct 2023 06:42:53 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
take-best-bonuses.life/media/gambling/en/slotbar/7wSpKDu.jpg
146.19.213.102200 OK 2.0 kB URL HTTP/1.1 take-best-bonuses.life/media/gambling/en/slotbar/7wSpKDu.jpg
IP 146.19.213.102:0
File type JPEG image data, baseline, precision 8, 50x50, components 3\012- data
Hash 6d02d5cf49120718501b9a6629290c48
a7bfde16cd37f6a331e8f17fbfc2f1772a5929a1
84d7f0648aeba8d80bb0f47e781cba8955b8fa7425748d9830c7a8c9bc35e5e9
GET /media/gambling/en/slotbar/7wSpKDu.jpg HTTP/1.1
Host: take-best-bonuses.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://take-best-bonuses.life/?u=xunwwwr&o=b0hp0zn&cid=wrbgqqqidnchjmuj2ddlaj90
Cookie: sid=t2~uin5d1nduafhwbwlin3zlszk
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 23 Oct 2022 06:42:53 GMT
Content-Type: image/jpeg
Content-Length: 2037
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "6d02d5cf49120718501b9a6629290c48"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17209EAD5F30D6AD
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Mon, 23 Oct 2023 06:42:53 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
take-best-bonuses.life/media/gambling/en/slotbar/plR22yu.jpg
146.19.213.102200 OK 1.0 kB URL HTTP/1.1 take-best-bonuses.life/media/gambling/en/slotbar/plR22yu.jpg
IP 146.19.213.102:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 51x51, components 3\012- data
Hash 7a532123e2eda81e018b8c1f90c8b3bd
e03576434acd69d708fae0f3f8df07e93d152280
9545948eefe774be5121de01ef9c14207891c35116bba14056471a59e4c212a1
GET /media/gambling/en/slotbar/plR22yu.jpg HTTP/1.1
Host: take-best-bonuses.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://take-best-bonuses.life/?u=xunwwwr&o=b0hp0zn&cid=wrbgqqqidnchjmuj2ddlaj90
Cookie: sid=t2~uin5d1nduafhwbwlin3zlszk
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 23 Oct 2022 06:42:53 GMT
Content-Type: image/jpeg
Content-Length: 1017
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "7a532123e2eda81e018b8c1f90c8b3bd"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17209F677736BCBE
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Mon, 23 Oct 2023 06:42:53 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
take-best-bonuses.life/media/gambling/en/slotbar/DsrKpkj.jpg
146.19.213.102200 OK 1.5 kB URL HTTP/1.1 take-best-bonuses.life/media/gambling/en/slotbar/DsrKpkj.jpg
IP 146.19.213.102:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 48x48, components 3\012- data
Hash 0d0f29abfcedc7dfffe3811a5100a6cd
19567e85aab4fd05d752cfa86f88087465042b0a
e3da7d20be42da6e260d3085d2a3f3965a549065345ee2d139e28625104e2393
GET /media/gambling/en/slotbar/DsrKpkj.jpg HTTP/1.1
Host: take-best-bonuses.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://take-best-bonuses.life/?u=xunwwwr&o=b0hp0zn&cid=wrbgqqqidnchjmuj2ddlaj90
Cookie: sid=t2~uin5d1nduafhwbwlin3zlszk
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 23 Oct 2022 06:42:53 GMT
Content-Type: image/jpeg
Content-Length: 1506
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "0d0f29abfcedc7dfffe3811a5100a6cd"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17209F67605887AF
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Mon, 23 Oct 2023 06:42:53 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
take-best-bonuses.life/media/gambling/en/slotbar/KqX499j.png
146.19.213.102200 OK 2.2 kB URL HTTP/1.1 take-best-bonuses.life/media/gambling/en/slotbar/KqX499j.png
IP 146.19.213.102:0
File type PNG image data, 48 x 48, 8-bit colormap, non-interlaced\012- data
Hash 8fe70ee687801d77e99e45efa5af9aa7
e49eefbb1115151d92af0285dc58416f0e9ab0f1
4d1d8a5b765092760f02f78036d8df58ad04f835c15619e9522c3f2ac932a0da
GET /media/gambling/en/slotbar/KqX499j.png HTTP/1.1
Host: take-best-bonuses.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://take-best-bonuses.life/?u=xunwwwr&o=b0hp0zn&cid=wrbgqqqidnchjmuj2ddlaj90
Cookie: sid=t2~uin5d1nduafhwbwlin3zlszk
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 23 Oct 2022 06:42:53 GMT
Content-Type: image/png
Content-Length: 2153
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "8fe70ee687801d77e99e45efa5af9aa7"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17209EAD670769ED
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Mon, 23 Oct 2023 06:42:53 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
take-best-bonuses.life/media/gambling/en/slotbar/slot-result-2.png
146.19.213.102200 OK 25 kB URL HTTP/1.1 take-best-bonuses.life/media/gambling/en/slotbar/slot-result-2.png
IP 146.19.213.102:0
File type PNG image data, 410 x 279, 8-bit colormap, non-interlaced\012- data
Hash 4922e4f8c0c5d208c89921d9a525cbe5
b756a0d6c3f726f00300c87fac1d3a915784ebdf
f13a99343fae8de26ee2e996fcc80487e9687ac5929eefd899db967fd124208c
GET /media/gambling/en/slotbar/slot-result-2.png HTTP/1.1
Host: take-best-bonuses.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://take-best-bonuses.life/?u=xunwwwr&o=b0hp0zn&cid=wrbgqqqidnchjmuj2ddlaj90
Cookie: sid=t2~uin5d1nduafhwbwlin3zlszk
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 23 Oct 2022 06:42:53 GMT
Content-Type: image/png
Content-Length: 25004
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "4922e4f8c0c5d208c89921d9a525cbe5"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17209EAD45E9AA97
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Mon, 23 Oct 2023 06:42:53 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
take-best-bonuses.life/media/gambling/en/slotbar/yEUMY3v.jpg
146.19.213.102200 OK 1.6 kB URL HTTP/1.1 take-best-bonuses.life/media/gambling/en/slotbar/yEUMY3v.jpg
IP 146.19.213.102:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 50x50, components 3\012- data
Hash 5da3831556c780010e0e5c5b967e43ce
574623afde349258b91d44849ef16d483b61e223
45f901bd7a281c73db028f014eb9196ad0297d6eaede94151bf2832946eb8f07
GET /media/gambling/en/slotbar/yEUMY3v.jpg HTTP/1.1
Host: take-best-bonuses.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://take-best-bonuses.life/?u=xunwwwr&o=b0hp0zn&cid=wrbgqqqidnchjmuj2ddlaj90
Cookie: sid=t2~uin5d1nduafhwbwlin3zlszk
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 23 Oct 2022 06:42:53 GMT
Content-Type: image/jpeg
Content-Length: 1608
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "5da3831556c780010e0e5c5b967e43ce"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17209EAD6700BA5D
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Mon, 23 Oct 2023 06:42:53 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
take-best-bonuses.life/media/gambling/en/slotbar/slot-start.png
146.19.213.102200 OK 25 kB URL HTTP/1.1 take-best-bonuses.life/media/gambling/en/slotbar/slot-start.png
IP 146.19.213.102:0
File type PNG image data, 410 x 279, 8-bit colormap, non-interlaced\012- data
Hash 794c929de9d8b06cf941920aeeceecee
e411636320af6e768cdde0a1ed3cc3cbc5eecc11
c9b63b519ca7e209c7adc6268f0112d83913e09ec44bebb3a8308897eebdef6f
GET /media/gambling/en/slotbar/slot-start.png HTTP/1.1
Host: take-best-bonuses.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://take-best-bonuses.life/?u=xunwwwr&o=b0hp0zn&cid=wrbgqqqidnchjmuj2ddlaj90
Cookie: sid=t2~uin5d1nduafhwbwlin3zlszk
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 23 Oct 2022 06:42:54 GMT
Content-Type: image/png
Content-Length: 24873
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "794c929de9d8b06cf941920aeeceecee"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17209EAD45E504EE
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Mon, 23 Oct 2023 06:42:54 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
take-best-bonuses.life/media/gambling/en/slotbar/spin.mp3
146.19.213.102206 Partial Content 8.8 kB URL HTTP/1.1 take-best-bonuses.life/media/gambling/en/slotbar/spin.mp3
IP 146.19.213.102:0
File type MPEG ADTS, layer III, v2, 32 kbps, 16 kHz, JntStereo\012- data
Hash 5a2e10964c7fea8b0181831184bc0d97
8f5233dd6be372e7749c6cd8440db5b43de5a9c9
9b8fa3d6ccb98804102ffd59ee70c19e5d7ca7efabbe6c0d4471a1935348ee3d
GET /media/gambling/en/slotbar/spin.mp3 HTTP/1.1
Host: take-best-bonuses.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://take-best-bonuses.life/?u=xunwwwr&o=b0hp0zn&cid=wrbgqqqidnchjmuj2ddlaj90
Cookie: sid=t2~uin5d1nduafhwbwlin3zlszk
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 206 Partial Content
Server: nginx
Date: Sun, 23 Oct 2022 06:42:54 GMT
Content-Type: audio/mpeg
Content-Length: 8784
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "5a2e10964c7fea8b0181831184bc0d97"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
No-Gzip-Compression: true
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17209FA08D527E69
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Mon, 23 Oct 2023 06:42:54 GMT
Cache-Control: max-age=31536000, no-transform
Content-Range: bytes 0-8783/8784
take-best-bonuses.life/media/gambling/en/slotbar/win.mp3
146.19.213.102206 Partial Content 10 kB URL HTTP/1.1 take-best-bonuses.life/media/gambling/en/slotbar/win.mp3
IP 146.19.213.102:0
File type Audio file with ID3 version 2.3.0, contains: MPEG ADTS, layer III, v1, 32 kbps, 32 kHz, Monaural\012- data
Hash bca40777013dec4a99eaa8b0b98a7fef
bc1c833577a1dcd82ad01a90e82898bc7b47cad7
635e9ee8fcd18bd4c3ae173f00f4c5cbf15ee90a27a302440e2e77c371314176
GET /media/gambling/en/slotbar/win.mp3 HTTP/1.1
Host: take-best-bonuses.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://take-best-bonuses.life/?u=xunwwwr&o=b0hp0zn&cid=wrbgqqqidnchjmuj2ddlaj90
Cookie: sid=t2~uin5d1nduafhwbwlin3zlszk
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 206 Partial Content
Server: nginx
Date: Sun, 23 Oct 2022 06:42:54 GMT
Content-Type: audio/mpeg
Content-Length: 10391
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "bca40777013dec4a99eaa8b0b98a7fef"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
No-Gzip-Compression: true
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17209FA08D4CB3A8
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Mon, 23 Oct 2023 06:42:54 GMT
Cache-Control: max-age=31536000, no-transform
Content-Range: bytes 0-10390/10391
take-best-bonuses.life/media/gambling/en/slotbar/slot-result-1.png
146.19.213.102200 OK 20 kB URL HTTP/1.1 take-best-bonuses.life/media/gambling/en/slotbar/slot-result-1.png
IP 146.19.213.102:0
File type PNG image data, 410 x 279, 8-bit colormap, non-interlaced\012- data
Hash 54c5bc3e91c88eeff2a8f7f9b07f1fe1
2751cefef9a5045394300d8bfc97e40bc0b7cd9a
989811ca7ffc1465a01cba4e46074e231acb6cf0881a0bb82652025f5cefa3de
GET /media/gambling/en/slotbar/slot-result-1.png HTTP/1.1
Host: take-best-bonuses.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://take-best-bonuses.life/?u=xunwwwr&o=b0hp0zn&cid=wrbgqqqidnchjmuj2ddlaj90
Cookie: sid=t2~uin5d1nduafhwbwlin3zlszk
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 23 Oct 2022 06:42:54 GMT
Content-Type: image/png
Content-Length: 19469
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "54c5bc3e91c88eeff2a8f7f9b07f1fe1"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17209EAD45EC6537
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Mon, 23 Oct 2023 06:42:54 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
take-best-bonuses.life/media/gambling/en/slotbar/slot-spin.gif
146.19.213.102200 OK 88 kB URL HTTP/1.1 take-best-bonuses.life/media/gambling/en/slotbar/slot-spin.gif
IP 146.19.213.102:0
File type GIF image data, version 89a, 410 x 279\012- data
Hash 617c16c5e04c8603dd7f157862b1c682
1306296f9a666a7fc50f339a2a924ce8a3a18169
7f8e36cf7ac437d7c42440ef5f522c8e27adb06348b573192308038fa7c1dc7e
GET /media/gambling/en/slotbar/slot-spin.gif HTTP/1.1
Host: take-best-bonuses.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://take-best-bonuses.life/?u=xunwwwr&o=b0hp0zn&cid=wrbgqqqidnchjmuj2ddlaj90
Cookie: sid=t2~uin5d1nduafhwbwlin3zlszk
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 23 Oct 2022 06:42:54 GMT
Content-Type: image/gif
Content-Length: 87599
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "617c16c5e04c8603dd7f157862b1c682"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 17209EAD45F08D75
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Mon, 23 Oct 2023 06:42:54 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
take-best-bonuses.life/favicon.ico
146.19.213.102204 No Content 0 B URL HTTP/1.1 take-best-bonuses.life/favicon.ico
IP 146.19.213.102:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: take-best-bonuses.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://take-best-bonuses.life/?u=xunwwwr&o=b0hp0zn&cid=wrbgqqqidnchjmuj2ddlaj90
Cookie: sid=t2~uin5d1nduafhwbwlin3zlszk
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 204 No Content
Server: nginx
Date: Sun, 23 Oct 2022 06:42:54 GMT
Connection: keep-alive
Cache-Control: no-transform