r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 5ceaca9fd4ad000cb435820812fc69c8
8168397aaf7b572c89a9c83f46c0b65e4ac509f2
9c4e52e7e17158307d752db0bc3d1fbedae4f305cc301fd73b260f73ab796492
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9C4E52E7E17158307D752DB0BC3D1FBEDAE4F305CC301FD73B260F73AB796492"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4304
Expires: Tue, 06 Dec 2022 16:39:12 GMT
Date: Tue, 06 Dec 2022 15:27:28 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash f83c5e33ba42e312ee398848bbb711f5
caa1fd23b1fbbe883292ded04404c1cfd861eb09
106d08fba45f1e13f85b4b5abc456594878494238933e54b6a06e21ed8a52bc9
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3929
Cache-Control: max-age=158959
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 15:27:28 GMT
Etag: "638f19f6-1d7"
Expires: Thu, 08 Dec 2022 11:36:47 GMT
Last-Modified: Tue, 06 Dec 2022 10:31:18 GMT
Server: ECS (ska/F70F)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash a0abf10fb7e96c1c98dacf2f013a68b4
acdd839bce85eadc78a8e821e32e00a958d5c0c8
b85d98f8df05431777d96c767ce4c152302ec3f653cdf6e61c8c3fa9574f3255
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B85D98F8DF05431777D96C767CE4C152302EC3F653CDF6E61C8C3FA9574F3255"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16028
Expires: Tue, 06 Dec 2022 19:54:36 GMT
Date: Tue, 06 Dec 2022 15:27:28 GMT
Connection: keep-alive
www.rule34ideo.com/
64.225.91.73200 OK 329 B IP 64.225.91.73:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash ecbcb8bae64098de3e587487b474f8b8
e275409fb40ea27c3826af493f70faf147d0f995
2597a3f2418586d8a9fb0764743a84486ba066c6af3ff194922fb6c65a783688
GET / HTTP/1.1
Host: www.rule34ideo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Tue, 06 Dec 2022 15:27:28 GMT
content-type: text/html
last-modified: Wed, 12 Jan 2022 17:20:45 GMT
etag: W/"61df0ded-1ad"
content-encoding: gzip
transfer-encoding: chunked
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Backoff, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 06 Dec 2022 15:20:25 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 423
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 6VNO6D0ON2kzPDc8Od7sS9Ca7crPMUdNv/HXd7tHxysV9+yrNWZIrzUrE1Q3vtg7N4k6NNGV4OQ=
x-amz-request-id: QHBD3AKD2Y14HHV2
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 06 Dec 2022 14:48:59 GMT
age: 2309
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 06 Dec 2022 15:27:28 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 3f4ef8a54bffe08abfd72fbbe3b259e8
28770087be63936aabfdd9d802739767c8fca454
642f68596c1c285397713d2b1147f77a94a5e2eadcb8b18632133f1f87276639
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4109
Cache-Control: max-age=108364
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 15:27:28 GMT
Etag: "638e539f-118"
Expires: Wed, 07 Dec 2022 21:33:32 GMT
Last-Modified: Mon, 05 Dec 2022 20:25:03 GMT
Server: ECS (ska/F70F)
X-Cache: HIT
Content-Length: 280
cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js
104.17.25.14200 OK 28 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js
IP 104.17.25.14:0
File type ASCII text, with very long lines (65451)
Hash 4b5f47439b640180cc3450f7de05d0d8
5a0dc9bcab80ddc409dd35fcb00a88fe6846fee2
1f85e8b327f42c17c025d69849914068536d9aa95412fe473ae90ffb2f4ebd82
GET /ajax/libs/jquery/3.5.1/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.rule34ideo.com
Connection: keep-alive
Referer: http://www.rule34ideo.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 06 Dec 2022 15:27:28 GMT
content-type: application/javascript; charset=utf-8
content-length: 27958
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb09ed3-15d84"
last-modified: Mon, 04 May 2020 23:01:39 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 15784152
expires: Sun, 26 Nov 2023 15:27:28 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PTBwLGdauPd76%2FrtNyyBQQrCuQGSMJud7saFmZ8imnYX9zXozuy4IVus3H%2B5L4NkjFDeF09t95TJ5P62Q%2F3VkEVc01TvhJDNFlUEpfZo%2BV%2FJ8GE3DaRKXydvF%2BTjCbRMmczuS5%2FS"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 77560bbe293f0b65-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 3f4ef8a54bffe08abfd72fbbe3b259e8
28770087be63936aabfdd9d802739767c8fca454
642f68596c1c285397713d2b1147f77a94a5e2eadcb8b18632133f1f87276639
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4110
Cache-Control: max-age=108364
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 15:27:29 GMT
Etag: "638e539f-118"
Expires: Wed, 07 Dec 2022 21:33:33 GMT
Last-Modified: Mon, 05 Dec 2022 20:25:03 GMT
Server: ECS (ska/F70F)
X-Cache: HIT
Content-Length: 280
e1.o.lencr.org/
95.101.11.115200 OK 345 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 0c2ba1659dd6ec6bc35327cf76ac6f4e
928c229bba3e3c5e77704f249736c8b771aec318
21f6c89ab01f1f8fa9c188c69692b7919ef8030ab42a3fbfbc0a9073058a184a
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "21F6C89AB01F1F8FA9C188C69692B7919EF8030AB42A3FBFBC0A9073058A184A"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4677
Expires: Tue, 06 Dec 2022 16:45:26 GMT
Date: Tue, 06 Dec 2022 15:27:29 GMT
Connection: keep-alive
www.rule34ideo.com/favicon.ico
64.225.91.73200 OK 329 B URL HTTP/1.1 www.rule34ideo.com/favicon.ico
IP 64.225.91.73:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash ecbcb8bae64098de3e587487b474f8b8
e275409fb40ea27c3826af493f70faf147d0f995
2597a3f2418586d8a9fb0764743a84486ba066c6af3ff194922fb6c65a783688
GET /favicon.ico HTTP/1.1
Host: www.rule34ideo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.rule34ideo.com/
HTTP/1.1 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Tue, 06 Dec 2022 15:27:29 GMT
content-type: text/html
last-modified: Wed, 12 Jan 2022 17:20:45 GMT
etag: W/"61df0ded-1ad"
content-encoding: gzip
transfer-encoding: chunked
domaincntrol.com/?orighost=http://www.rule34ideo.com/
104.26.10.61200 OK 27 B URL HTTP/2 domaincntrol.com/?orighost=http://www.rule34ideo.com/
IP 104.26.10.61:0
File type ASCII text, with no line terminators
Hash 68515d8373f0524742bd0cbd9d1c1ae3
abc40a19c0749281b3876d6c8fefde984b067426
9b8efad526cd5304241e8f6221b2fc5257d76a816862458e718a8c0c9fd5d4ea
GET /?orighost=http://www.rule34ideo.com/ HTTP/1.1
Host: domaincntrol.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.rule34ideo.com
Connection: keep-alive
Referer: http://www.rule34ideo.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 06 Dec 2022 15:27:29 GMT
content-type: text/javascript;charset=UTF-8
content-length: 27
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BB8ChagKqNsj%2BZL2b1IJx3RWRQvY48kgkcMUwrVCnaOIWThB7H4E1jo1bUNxhR31jVmygjJrMgonky0MOFAZkzyIHoMrw201oPJHB1%2FB03Y5SSowchdz03d2qFRcx7TtO1s%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77560bbeedccb4eb-OSL
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 06 Dec 2022 15:08:58 GMT
cache-control: public,max-age=3600
age: 1111
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 0f7dcaa590e32cfd1c075255188d5f06
d4bb4954fefdb3b59560b54adf500e806e252e39
195795c2511b31519134f5eb4442d8708918ecaff72f8e821a5473ad7c97c448
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3916
Cache-Control: max-age=153877
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 15:27:29 GMT
Etag: "638f062a-1d7"
Expires: Thu, 08 Dec 2022 10:12:06 GMT
Last-Modified: Tue, 06 Dec 2022 09:06:50 GMT
Server: ECS (ska/F70F)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
35.163.1.35101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.163.1.35:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: K+8iHOaquAotT9j8AtKDQw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: ihDMMd5Kh035m2hveSsdKRJdn8o=
ww2.rule34ideo.com/
64.190.63.136200 OK 1.3 kB IP 64.190.63.136:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (696)
Hash d1e58e3de76ce0f956992e5ba0de3f10
effc1aa8e349a231d65da8bedf345c2f7ff05379
0e6da03cf93e1d870b8b1e022e4b4eedab2586433640472f4ab0c91a66d92c04
GET / HTTP/1.1
Host: ww2.rule34ideo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.rule34ideo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
date: Tue, 06 Dec 2022 15:27:30 GMT
content-type: text/html; charset=UTF-8
transfer-encoding: chunked
vary: Accept-Encoding
x-powered-by: PHP/8.1.9
expires: Mon, 26 Jul 1997 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_K2jWmNtN2pAIdt7tHyLnjLVDS1+YFZ9ma+9XmvVL+757UmMYjVgRn+4Yh7MxNS1BOIVPbEPDFIISlszbY7a9AA==
last-modified: Tue, 06 Dec 2022 15:27:29 GMT
x-cache-miss-from: parking-d7dbd8c4d-pnx5c
server: NginX
content-encoding: gzip
img.sedoparking.com/images/js_preloader.gif
205.234.175.175200 OK 4.3 kB URL HTTP/1.1 img.sedoparking.com/images/js_preloader.gif
IP 205.234.175.175:0
File type GIF image data, version 89a, 16 x 16\012- data
Hash 90c93102a88c2ab94bff1575b7a6e86e
56d71bf13de464534643db9d127629a0a3bf677a
5f6ad7031600056b578a6e8c6b34bc718d13125cc8256aa4a9050e549576f81a
GET /images/js_preloader.gif HTTP/1.1
Host: img.sedoparking.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww2.rule34ideo.com/
HTTP/1.1 200 OK
Date: Tue, 06 Dec 2022 15:27:30 GMT
Content-Type: image/gif
Content-Length: 4254
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: max-age=604800
Expires: Tue, 13 Dec 2022 15:27:30 GMT
X-CFHash: "90c93102a88c2ab94bff1575b7a6e86e"
X-CFF: B
Last-Modified: Fri, 15 Mar 2019 12:24:07 GMT
X-CF3: H
CF4Age: 156700
x-cf-tsc: 1648179742
CF4ttl: 31536000.000
X-CF2: H
Server: CFS 0215
X-CF-ReqID: 649cece24204d8b606bcd8df75ac802a
X-CF1: 11696:fA.arn1:cf:cacheN.arn1-01:H
Accept-Ranges: bytes
ww2.rule34ideo.com/search/tsc.php?200=NDY2NjQxMDMy&21=OTEuOTAuNDIuMTU0&681=MTY3MDM0MDQ1MDIzNDk3NWRmMWEyOWY3Zjk1YTRjZmE2M2EzNTQ3OTdl&crc=78a03d6a0db2894cab345080eaa80c1b17d71669&cv=1
64.190.63.136200 OK 0 B URL HTTP/1.1 ww2.rule34ideo.com/search/tsc.php?200=NDY2NjQxMDMy&21=OTEuOTAuNDIuMTU0&681=MTY3MDM0MDQ1MDIzNDk3NWRmMWEyOWY3Zjk1YTRjZmE2M2EzNTQ3OTdl&crc=78a03d6a0db2894cab345080eaa80c1b17d71669&cv=1
IP 64.190.63.136:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /search/tsc.php?200=NDY2NjQxMDMy&21=OTEuOTAuNDIuMTU0&681=MTY3MDM0MDQ1MDIzNDk3NWRmMWEyOWY3Zjk1YTRjZmE2M2EzNTQ3OTdl&crc=78a03d6a0db2894cab345080eaa80c1b17d71669&cv=1 HTTP/1.1
Host: ww2.rule34ideo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww2.rule34ideo.com/
HTTP/1.1 200 OK
date: Tue, 06 Dec 2022 15:27:30 GMT
content-type: text/html; charset=UTF-8
content-length: 0
x-powered-by: PHP/8.1.9
x-cache-miss-from: parking-d7dbd8c4d-94z7l
server: NginX
ww2.rule34ideo.com/search/redirect.php?f=http%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DAaZG7BGrCqo_0&v=NTRmYTIxZDBjNWY4MDAxMGJiZWYyZDM3NzkzZWYzYjAJMQl3dzIucnVsZTM0aWRlby5jb202MzhmNWY2MTk1MTE3OS45Nzg2MDUyNAl3dzIucnVsZTM0aWRlby5jb202MzhmNWY2MTk1MTU4MS45OTYwOTc3NQkxNjcwMzQwNDUwCWFkXzYzXzA=&l=OAljNjM1YjliODVmOThkMmJhNDAyYzU2MmY3YmMyNTllMgkwCTM1CTAJYTI5OTI5ZmIwNTI3NTc1ODViNWY2YmMyZDk0NGExZWQJNDY2NjQxMDMyCXJ1bGUzNGlkZW8JMAk2Mwk2CTIJMTY3MDM0MDQ1MAkwLjAwMDYwMwlOCTAJMQkxODA1CTEyMDUJNDU0NDI1OTI0CTkxLjkwLjQyLjE1NAkw
64.190.63.136302 Found 0 B URL HTTP/1.1 ww2.rule34ideo.com/search/redirect.php?f=http%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DAaZG7BGrCqo_0&v=NTRmYTIxZDBjNWY4MDAxMGJiZWYyZDM3NzkzZWYzYjAJMQl3dzIucnVsZTM0aWRlby5jb202MzhmNWY2MTk1MTE3OS45Nzg2MDUyNAl3dzIucnVsZTM0aWRlby5jb202MzhmNWY2MTk1MTU4MS45OTYwOTc3NQkxNjcwMzQwNDUwCWFkXzYzXzA=&l=OAljNjM1YjliODVmOThkMmJhNDAyYzU2MmY3YmMyNTllMgkwCTM1CTAJYTI5OTI5ZmIwNTI3NTc1ODViNWY2YmMyZDk0NGExZWQJNDY2NjQxMDMyCXJ1bGUzNGlkZW8JMAk2Mwk2CTIJMTY3MDM0MDQ1MAkwLjAwMDYwMwlOCTAJMQkxODA1CTEyMDUJNDU0NDI1OTI0CTkxLjkwLjQyLjE1NAkw
IP 64.190.63.136:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /search/redirect.php?f=http%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DAaZG7BGrCqo_0&v=NTRmYTIxZDBjNWY4MDAxMGJiZWYyZDM3NzkzZWYzYjAJMQl3dzIucnVsZTM0aWRlby5jb202MzhmNWY2MTk1MTE3OS45Nzg2MDUyNAl3dzIucnVsZTM0aWRlby5jb202MzhmNWY2MTk1MTU4MS45OTYwOTc3NQkxNjcwMzQwNDUwCWFkXzYzXzA=&l=OAljNjM1YjliODVmOThkMmJhNDAyYzU2MmY3YmMyNTllMgkwCTM1CTAJYTI5OTI5ZmIwNTI3NTc1ODViNWY2YmMyZDk0NGExZWQJNDY2NjQxMDMyCXJ1bGUzNGlkZW8JMAk2Mwk2CTIJMTY3MDM0MDQ1MAkwLjAwMDYwMwlOCTAJMQkxODA1CTEyMDUJNDU0NDI1OTI0CTkxLjkwLjQyLjE1NAkw HTTP/1.1
Host: ww2.rule34ideo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ww2.rule34ideo.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
date: Tue, 06 Dec 2022 15:27:30 GMT
content-type: text/html; charset=UTF-8
content-length: 0
x-powered-by: PHP/8.1.9
expires: Mon, 26 Jul 1997 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
last-modified: Tue, 06 Dec 2022 15:27:30 GMT
location: /search/tcerider.php?f=http%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DAaZG7BGrCqo_0&v=NTRmYTIxZDBjNWY4MDAxMGJiZWYyZDM3NzkzZWYzYjAJMQl3dzIucnVsZTM0aWRlby5jb202MzhmNWY2MTk1MTE3OS45Nzg2MDUyNAl3dzIucnVsZTM0aWRlby5jb202MzhmNWY2MTk1MTU4MS45OTYwOTc3NQkxNjcwMzQwNDUwCWFkXzYzXzA=&l=OAljNjM1YjliODVmOThkMmJhNDAyYzU2MmY3YmMyNTllMgkwCTM1CTAJYTI5OTI5ZmIwNTI3NTc1ODViNWY2YmMyZDk0NGExZWQJNDY2NjQxMDMyCXJ1bGUzNGlkZW8JMAk2Mwk2CTIJMTY3MDM0MDQ1MAkwLjAwMDYwMwlOCTAJMQkxODA1CTEyMDUJNDU0NDI1OTI0CTkxLjkwLjQyLjE1NAkw
x-cache-miss-from: parking-d7dbd8c4d-94z7l
server: NginX
ww2.rule34ideo.com/search/tcerider.php?f=http%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DAaZG7BGrCqo_0&v=NTRmYTIxZDBjNWY4MDAxMGJiZWYyZDM3NzkzZWYzYjAJMQl3dzIucnVsZTM0aWRlby5jb202MzhmNWY2MTk1MTE3OS45Nzg2MDUyNAl3dzIucnVsZTM0aWRlby5jb202MzhmNWY2MTk1MTU4MS45OTYwOTc3NQkxNjcwMzQwNDUwCWFkXzYzXzA=&l=OAljNjM1YjliODVmOThkMmJhNDAyYzU2MmY3YmMyNTllMgkwCTM1CTAJYTI5OTI5ZmIwNTI3NTc1ODViNWY2YmMyZDk0NGExZWQJNDY2NjQxMDMyCXJ1bGUzNGlkZW8JMAk2Mwk2CTIJMTY3MDM0MDQ1MAkwLjAwMDYwMwlOCTAJMQkxODA1CTEyMDUJNDU0NDI1OTI0CTkxLjkwLjQyLjE1NAkw
64.190.63.136302 Found 311 B URL HTTP/1.1 ww2.rule34ideo.com/search/tcerider.php?f=http%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DAaZG7BGrCqo_0&v=NTRmYTIxZDBjNWY4MDAxMGJiZWYyZDM3NzkzZWYzYjAJMQl3dzIucnVsZTM0aWRlby5jb202MzhmNWY2MTk1MTE3OS45Nzg2MDUyNAl3dzIucnVsZTM0aWRlby5jb202MzhmNWY2MTk1MTU4MS45OTYwOTc3NQkxNjcwMzQwNDUwCWFkXzYzXzA=&l=OAljNjM1YjliODVmOThkMmJhNDAyYzU2MmY3YmMyNTllMgkwCTM1CTAJYTI5OTI5ZmIwNTI3NTc1ODViNWY2YmMyZDk0NGExZWQJNDY2NjQxMDMyCXJ1bGUzNGlkZW8JMAk2Mwk2CTIJMTY3MDM0MDQ1MAkwLjAwMDYwMwlOCTAJMQkxODA1CTEyMDUJNDU0NDI1OTI0CTkxLjkwLjQyLjE1NAkw
IP 64.190.63.136:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash bdb1c83a572f3f6c8d52c1f789ec3097
ffc8aca7ecbeeabce1fc48d7c465c755ebbbb5f5
cd842f682901109feea07eab6ff24a54f830bf14154c1d15e1d155f267c56c2d
GET /search/tcerider.php?f=http%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DAaZG7BGrCqo_0&v=NTRmYTIxZDBjNWY4MDAxMGJiZWYyZDM3NzkzZWYzYjAJMQl3dzIucnVsZTM0aWRlby5jb202MzhmNWY2MTk1MTE3OS45Nzg2MDUyNAl3dzIucnVsZTM0aWRlby5jb202MzhmNWY2MTk1MTU4MS45OTYwOTc3NQkxNjcwMzQwNDUwCWFkXzYzXzA=&l=OAljNjM1YjliODVmOThkMmJhNDAyYzU2MmY3YmMyNTllMgkwCTM1CTAJYTI5OTI5ZmIwNTI3NTc1ODViNWY2YmMyZDk0NGExZWQJNDY2NjQxMDMyCXJ1bGUzNGlkZW8JMAk2Mwk2CTIJMTY3MDM0MDQ1MAkwLjAwMDYwMwlOCTAJMQkxODA1CTEyMDUJNDU0NDI1OTI0CTkxLjkwLjQyLjE1NAkw HTTP/1.1
Host: ww2.rule34ideo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww2.rule34ideo.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
date: Tue, 06 Dec 2022 15:27:30 GMT
content-type: text/html; charset=UTF-8
transfer-encoding: chunked
x-powered-by: PHP/8.1.9
expires: Mon, 26 Jul 1997 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
last-modified: Tue, 06 Dec 2022 15:27:30 GMT
location: http://xml.sedodna.com/click?i=AaZG7BGrCqo_0
x-cache-miss-from: parking-d7dbd8c4d-lpd8s
server: NginX
xml.sedodna.com/click?i=AaZG7BGrCqo_0
173.239.53.32302 Found 0 B URL HTTP/1.1 xml.sedodna.com/click?i=AaZG7BGrCqo_0
IP 173.239.53.32:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /click?i=AaZG7BGrCqo_0 HTTP/1.1
Host: xml.sedodna.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww2.rule34ideo.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Location: http://clarus-che.com/zcvisitor/7f284980-757a-11ed-abb0-12b7b429c0c9/9232f590-d991-493f-b95d-d38c0c6cdd28?campaignid=471b8660-2377-11ed-a767-128084d1ce51
Pragma: no-cache
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 1ab1615b2c8cc26b12fc0cf41734ff07
a7d54b3709ce75a20210e20013e6f06b0aa88e2d
22b22118173565879d7c4a2d54a3546aeab6a4a30e69268b294a98019fbd6ba1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "22B22118173565879D7C4A2D54A3546AEAB6A4A30E69268B294A98019FBD6BA1"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6030
Expires: Tue, 06 Dec 2022 17:08:01 GMT
Date: Tue, 06 Dec 2022 15:27:31 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 1ab1615b2c8cc26b12fc0cf41734ff07
a7d54b3709ce75a20210e20013e6f06b0aa88e2d
22b22118173565879d7c4a2d54a3546aeab6a4a30e69268b294a98019fbd6ba1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "22B22118173565879D7C4A2D54A3546AEAB6A4A30E69268B294A98019FBD6BA1"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6030
Expires: Tue, 06 Dec 2022 17:08:01 GMT
Date: Tue, 06 Dec 2022 15:27:31 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 1ab1615b2c8cc26b12fc0cf41734ff07
a7d54b3709ce75a20210e20013e6f06b0aa88e2d
22b22118173565879d7c4a2d54a3546aeab6a4a30e69268b294a98019fbd6ba1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "22B22118173565879D7C4A2D54A3546AEAB6A4A30E69268B294A98019FBD6BA1"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6030
Expires: Tue, 06 Dec 2022 17:08:01 GMT
Date: Tue, 06 Dec 2022 15:27:31 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 1ab1615b2c8cc26b12fc0cf41734ff07
a7d54b3709ce75a20210e20013e6f06b0aa88e2d
22b22118173565879d7c4a2d54a3546aeab6a4a30e69268b294a98019fbd6ba1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "22B22118173565879D7C4A2D54A3546AEAB6A4A30E69268B294A98019FBD6BA1"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6030
Expires: Tue, 06 Dec 2022 17:08:01 GMT
Date: Tue, 06 Dec 2022 15:27:31 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc8b8df80-ffce-4960-a0e3-83eaf7ee52f3.jpeg
34.120.237.76200 OK 6.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc8b8df80-ffce-4960-a0e3-83eaf7ee52f3.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ebd3528452aecd80e39bbf82d3f71f2c
eaa956309d27052d466f7c4bd75b3bdf8443f251
680066dadbddc2cd7179ad5bdfbf9b2014ea601561e585d18dfcda73512ae84a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc8b8df80-ffce-4960-a0e3-83eaf7ee52f3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6352
x-amzn-requestid: cd970b83-2a99-4e38-afed-580d733040a4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csSuWF1bIAMFcpg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e64c2-1ba552306e857bb37424d679;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:38:10 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: P9Yc2Lh9Kw4AEDZyc9R9WExLdUnCitDeuy0NjttQM-EL1cdVndZxFA==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 22:30:36 GMT
age: 61015
etag: "eaa956309d27052d466f7c4bd75b3bdf8443f251"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffaf0de04-19bf-4944-9ac5-5178afafb192.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffaf0de04-19bf-4944-9ac5-5178afafb192.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7f2c354a00ab51d4a41221b6bf191c10
01ceb7233fe05ad8dff3a0a43eef879ea2b83ec4
7d3c8417e1db0db41ceb8b4bf3f506864392dd1ad29319a06a8a6055f6f2ed12
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffaf0de04-19bf-4944-9ac5-5178afafb192.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11352
x-amzn-requestid: 7c3fc7bb-eb1f-46ec-8e92-b6ffc6261848
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csSwuF1ToAMFiIA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e64d1-7c53152a279f00595b9886bd;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:38:25 GMT
x-amz-cf-pop: SFO5-P2, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: aYf5d6wAJlPSXVwF5uQXUb1g_65z-v6tInk7IF64bBV-w31d3MKeIQ==
via: 1.1 b6d577696b14c86cbfeb5b3459f38c50.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 22:22:23 GMT
age: 61508
etag: "01ceb7233fe05ad8dff3a0a43eef879ea2b83ec4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F962c65f4-b402-46b4-83ba-50f3159341f2.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F962c65f4-b402-46b4-83ba-50f3159341f2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b15136d60fd0a5e0f657a4f5c75d540f
36082b7329d473829178f280cb71a83b1531e486
79478269b1f5dcfd1e45ccd4264fa44805b37c5c8fec820bcbd2fa1689dfbbd8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F962c65f4-b402-46b4-83ba-50f3159341f2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11224
x-amzn-requestid: 938de0b8-1055-4416-9ad7-162ab5f4db9f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csUINEwdoAMFuOw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e6701-38b079ef341bb17e567de773;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:47:45 GMT
x-amz-cf-pop: YVR50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: tGtiCE9C3j0BUruNaFN2j1mKxCSouLmocmTXpmLMBJaLNyVwkXu1gQ==
via: 1.1 f0ac467993db44dbfc36b778dfcaf73c.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 22:23:09 GMT
age: 61462
etag: "36082b7329d473829178f280cb71a83b1531e486"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7663e5fc-37de-4be8-9be7-49805622f85d.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7663e5fc-37de-4be8-9be7-49805622f85d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 99d1ff8fa2e095dcf2bda3d1e1af1221
f914f04a0e1fb45a221d31d2105bfc73015b03e6
90325d4299a44dbd213857ada6f6880db8c33ad61685cfcb60c4a2455a84cf87
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7663e5fc-37de-4be8-9be7-49805622f85d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10183
x-amzn-requestid: 557e6b38-7be9-4953-968b-2e5bd3491ef4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csUDYEQbIAMFwRg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e66e2-1fcd8fc4719bc0bc7d11abd2;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:47:14 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: z1_zJTJMuk724WMOmIc660b54AyZK8ffNVF5N7ehZ00W2kaL3Lcd1A==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 32c16f33c8f5601364fa8229b0d74dc2.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 21:47:14 GMT
age: 63617
etag: "f914f04a0e1fb45a221d31d2105bfc73015b03e6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6aff31b2-ef3e-4782-ae28-38f9aee8b1b7.jpeg
34.120.237.76200 OK 6.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6aff31b2-ef3e-4782-ae28-38f9aee8b1b7.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3801236dc22938e1cc18947e90ea5326
5979d7dc3ba0eb61947282a4adeac8208b4148ae
3bd4eab29590ec3c316597abd2be65281cd9a6137add037ad57c093f1fca12e2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6aff31b2-ef3e-4782-ae28-38f9aee8b1b7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5995
x-amzn-requestid: 25b34277-c486-4642-aea7-21e0598babc3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csSzOGGjoAMF4kw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e64e1-6f43ab8e0c1a5260327bce11;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:38:41 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: cO5j7BIPh3GSOUqKDYYY2qmG6__Hn2XB9lFhhYT_WpOXya-9TTGtgw==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 22:22:24 GMT
age: 61507
etag: "5979d7dc3ba0eb61947282a4adeac8208b4148ae"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F00b01871-cd98-4bab-b47d-4a29bb438277.jpeg
34.120.237.76200 OK 9.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F00b01871-cd98-4bab-b47d-4a29bb438277.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2e11524d75503e35c404d6c9a12ac540
5626b75f5c2523f1a0fc301839a06a4e2407f106
d5eb74d026014c0a68893bde1107a9a111b1f0af835e28bb740308017ef80b7f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F00b01871-cd98-4bab-b47d-4a29bb438277.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9354
x-amzn-requestid: fb2dad44-2f8c-4f02-bbc5-405e9586e5af
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cmctYGLdoAMFyDw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638c0e55-28b5680933de0ff4208240be;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 03:04:53 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 6jWrhftx7tANXoWkKtCCjzm66zJDY13bpoA-7qVaZJNHEGsJS8dniw==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 36810aa1793ee589dc8c194860296078.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Dec 2022 04:05:41 GMT
age: 40910
etag: "5626b75f5c2523f1a0fc301839a06a4e2407f106"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
clarus-che.com/zcvisitor/7f284980-757a-11ed-abb0-12b7b429c0c9/9232f590-d991-493f-b95d-d38c0c6cdd28?campaignid=471b8660-2377-11ed-a767-128084d1ce51
3.212.50.125200 1.1 kB URL HTTP/1.1 clarus-che.com/zcvisitor/7f284980-757a-11ed-abb0-12b7b429c0c9/9232f590-d991-493f-b95d-d38c0c6cdd28?campaignid=471b8660-2377-11ed-a767-128084d1ce51
IP 3.212.50.125:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 3dc82e4e9ff4a18dda756dc227fa1e44
9d524b9c867ebab4b841b18f480fc8a36096ac0c
97b531e4459ed20ed88c826b50face42d0750714e75bf95cddc49ba385646cf9
GET /zcvisitor/7f284980-757a-11ed-abb0-12b7b429c0c9/9232f590-d991-493f-b95d-d38c0c6cdd28?campaignid=471b8660-2377-11ed-a767-128084d1ce51 HTTP/1.1
Host: clarus-che.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww2.rule34ideo.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200
Date: Tue, 06 Dec 2022 15:27:31 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
Server: yzQxFTyY
clarus-che.com/zcredirect?visitid=7f284980-757a-11ed-abb0-12b7b429c0c9&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false
3.212.50.125200 714 B URL HTTP/1.1 clarus-che.com/zcredirect?visitid=7f284980-757a-11ed-abb0-12b7b429c0c9&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false
IP 3.212.50.125:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (314)
Hash 6bf6d69070200ecb58b70cc9d9cb53f1
868d1b6d064701befbb65271419a008e9426221b
cc64c7e9ea11d5f03f642e29edd9cc8ff7d814bd82a020cc7f98ca6823530e68
GET /zcredirect?visitid=7f284980-757a-11ed-abb0-12b7b429c0c9&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false HTTP/1.1
Host: clarus-che.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://clarus-che.com/zcvisitor/7f284980-757a-11ed-abb0-12b7b429c0c9/9232f590-d991-493f-b95d-d38c0c6cdd28?campaignid=471b8660-2377-11ed-a767-128084d1ce51
Upgrade-Insecure-Requests: 1
HTTP/1.1 200
Date: Tue, 06 Dec 2022 15:27:31 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
redirected: JS
Server: PvvurGMM
clarus-che.com/favicon.ico
3.212.50.125404 653 B URL HTTP/1.1 clarus-che.com/favicon.ico
IP 3.212.50.125:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (649), with no line terminators
Hash ba2732b1b2fa2626ffaa15f62f9e7d66
203d4e7fbb1d80449d6e4e1f3ae7a9bf8625debe
879861cb72fe9fbb476dab246021c4c83b4066327de2529e05ec54d3afb0a1c8
GET /favicon.ico HTTP/1.1
Host: clarus-che.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://clarus-che.com/zcredirect?visitid=7f284980-757a-11ed-abb0-12b7b429c0c9&type=js&browserWidth=1280&browserHeight=939&iframeDetected=false&webdriverDetected=false
HTTP/1.1 404
Date: Tue, 06 Dec 2022 15:27:31 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 653
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Content-Language: en
Server: ufnwlPsM
ocsp.sca1b.amazontrust.com/
143.204.42.165200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.165:0
Hash b7586f8507a1f272e62d3a891be76112
e4512d0ef586eec80851c29efc3361a47eef3995
69a415b11c81ff50c287cab8b712002feb1007e3ef6396a97d441b7b543947ed
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=164770
Date: Tue, 06 Dec 2022 15:27:31 GMT
Etag: "638f3e5e-1d7"
Expires: Thu, 08 Dec 2022 13:13:41 GMT
Last-Modified: Tue, 06 Dec 2022 13:06:38 GMT
Server: ECS (dcb/7EC6)
X-Cache: Miss from cloudfront
Via: 1.1 475d4ecb64796af058573c6f1048e898.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: nToZeR1KFqKe9Sb_AG4citSuefypn3mJfVy67f1zMtEEXw46eBHgzQ==
Age: 423
ayxvy.trackvoluum.com/zp-redirect?target=https%3A%2F%2Fthetakebestbonus.life%2F%3Fu%3Dxunwwwr%26o%3Db0hp0zn%26cid%3Dwn6u46vlinsklvvk2p4u23eo&caid=38928ef7-8c8c-4386-b312-9aa50728681f&zpid=7f284980-757a-11ed-abb0-12b7b429c0c9&cid=wn6u46vlinsklvvk2p4u23eo&rt=R
35.156.91.109302 Found 0 B URL HTTP/2 ayxvy.trackvoluum.com/zp-redirect?target=https%3A%2F%2Fthetakebestbonus.life%2F%3Fu%3Dxunwwwr%26o%3Db0hp0zn%26cid%3Dwn6u46vlinsklvvk2p4u23eo&caid=38928ef7-8c8c-4386-b312-9aa50728681f&zpid=7f284980-757a-11ed-abb0-12b7b429c0c9&cid=wn6u46vlinsklvvk2p4u23eo&rt=R
IP 35.156.91.109:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /zp-redirect?target=https%3A%2F%2Fthetakebestbonus.life%2F%3Fu%3Dxunwwwr%26o%3Db0hp0zn%26cid%3Dwn6u46vlinsklvvk2p4u23eo&caid=38928ef7-8c8c-4386-b312-9aa50728681f&zpid=7f284980-757a-11ed-abb0-12b7b429c0c9&cid=wn6u46vlinsklvvk2p4u23eo&rt=R HTTP/1.1
Host: ayxvy.trackvoluum.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://clarus-che.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Tue, 06 Dec 2022 15:27:31 GMT
content-length: 0
location: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=wn6u46vlinsklvvk2p4u23eo
cache-control: no-store, no-cache, pre-check=0, post-check=0
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
set-cookie: voluum-cid-v4=%7B%22cid%22%3A%22wn6u46vlinsklvvk2p4u23eo%22%2C%22caid%22%3A%2238928ef7-8c8c-4386-b312-9aa50728681f%22%7D; Max-Age=31536000; Expires=Wed, 06-Dec-2023 15:27:31 GMT; Domain=ayxvy.trackvoluum.com; Path=/; Secure; HttpOnly;SameSite=None
server: nginx
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash aa3e5e62792abd4b9c79d1ec7a94e252
4bc06be691fd7723ef0b371489f8ecd07455ca84
6b1556d239cec807dea5ee96de52654bcbfb58aa55d0356b73e56379c952df55
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6B1556D239CEC807DEA5EE96DE52654BCBFB58AA55D0356B73E56379C952DF55"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21575
Expires: Tue, 06 Dec 2022 21:27:07 GMT
Date: Tue, 06 Dec 2022 15:27:32 GMT
Connection: keep-alive
thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=wn6u46vlinsklvvk2p4u23eo
194.87.208.61200 OK 19 kB URL HTTP/1.1 thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=wn6u46vlinsklvvk2p4u23eo
IP 194.87.208.61:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with very long lines (552)
Hash aecb664822f705445270222d4019039b
9720cff99b79c6f10b5caa9c872a2524c814666c
cb2507c869377b32fc094aa5d7d8dc3d563080a807032852749fb173ac7e4f1a
Analyzer Verdict Alert quad9 Sinkholed
GET /?u=xunwwwr&o=b0hp0zn&cid=wn6u46vlinsklvvk2p4u23eo HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://clarus-che.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Dec 2022 15:27:32 GMT
Content-Type: text/html
Content-Length: 19425
Connection: keep-alive
set-cookie: sid=t1~kmepx5fjvpdzdhlo3ctaxkxy; path=/
cache-control: private, no-transform
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash c10bc583c46449dc192a809398b4e814
ff0f7ad905d32d7f3d01e4054552d0ad551503a5
defd2b2559e55c9c6c0f8be9b23c53c4e781a736feae3dd73b4d203b69cfcc57
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 15:27:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ajax.googleapis.com/ajax/libs/jquery/2.2.0/jquery.min.js
142.250.74.42200 OK 30 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/2.2.0/jquery.min.js
IP 142.250.74.42:0
File type ASCII text, with very long lines (32069)
Hash 4ae540714475aa934955496d990ab15f
b7724c4d72a422b86f5dc06571ff4bc86f0308a3
ca0222f8799d862ca8c427d6c612878f47043c9445ad0e1567f1f80e83c965e2
GET /ajax/libs/jquery/2.2.0/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30089
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 05 Dec 2022 11:02:32 GMT
expires: Tue, 05 Dec 2023 11:02:32 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 102301
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash c10bc583c46449dc192a809398b4e814
ff0f7ad905d32d7f3d01e4054552d0ad551503a5
defd2b2559e55c9c6c0f8be9b23c53c4e781a736feae3dd73b4d203b69cfcc57
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 15:27:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
thetakebestbonus.life/media/gambling/en/slotbar/style.css
194.87.208.61200 OK 20 kB URL HTTP/1.1 thetakebestbonus.life/media/gambling/en/slotbar/style.css
IP 194.87.208.61:0
File type ASCII text, with very long lines (492), with CRLF line terminators
Hash 8c38a209d98ec6a54d6b7cd42046af41
8b84ce3e95d745d2d6b6057344552b647aefe86d
d3b04d04ba4fa44ce3cee6fd4d97958d8ea9bebd93a14a12be14a3259fab0022
Analyzer Verdict Alert quad9 Sinkholed
GET /media/gambling/en/slotbar/style.css HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=wn6u46vlinsklvvk2p4u23eo
Cookie: sid=t1~kmepx5fjvpdzdhlo3ctaxkxy
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Dec 2022 15:27:33 GMT
Content-Type: text/css
Content-Length: 20006
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "8c38a209d98ec6a54d6b7cd42046af41"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E3DC9210B6359
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Wed, 06 Dec 2023 15:27:33 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
thetakebestbonus.life/cookie/js.cookie9.js
194.87.208.61200 OK 4.4 kB URL HTTP/1.1 thetakebestbonus.life/cookie/js.cookie9.js
IP 194.87.208.61:0
File type ASCII text, with very long lines (1709)
Hash 16e07bf02a8e81d2cd5679dc45cc318c
7c205205935a3a56a8976b2ac648502b43103b5f
96e91577f6be403fc263780e07e6b7839373588026f793d2b4edd77dcbba871e
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /cookie/js.cookie9.js HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=wn6u46vlinsklvvk2p4u23eo
Cookie: sid=t1~kmepx5fjvpdzdhlo3ctaxkxy
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Dec 2022 15:27:33 GMT
Content-Type: application/javascript
Content-Length: 4395
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "16e07bf02a8e81d2cd5679dc45cc318c"
Last-Modified: Wed, 31 Aug 2022 09:31:17 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E3D4E469D9D3C
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Wed, 06 Dec 2023 15:27:33 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
thetakebestbonus.life/media/gambling/sound.js
194.87.208.61200 OK 1.1 kB URL HTTP/1.1 thetakebestbonus.life/media/gambling/sound.js
IP 194.87.208.61:0
File type ASCII text, with CRLF line terminators
Hash 3787b349cb8b744b6917fe43f96b1ccd
ab26d82699a166f520a51f722bc6262ef1d5421f
8e4cbdda4f0a209714e470984de7250f946c3afd35ded05302ef431be048e918
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /media/gambling/sound.js HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=wn6u46vlinsklvvk2p4u23eo
Cookie: sid=t1~kmepx5fjvpdzdhlo3ctaxkxy
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Dec 2022 15:27:33 GMT
Content-Type: application/javascript
Content-Length: 1083
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "3787b349cb8b744b6917fe43f96b1ccd"
Last-Modified: Wed, 31 Aug 2022 09:34:56 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E3D4E7F995C4A
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Wed, 06 Dec 2023 15:27:33 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
thetakebestbonus.life/media/gambling/icon.js
194.87.208.61200 OK 1.6 kB URL HTTP/1.1 thetakebestbonus.life/media/gambling/icon.js
IP 194.87.208.61:0
File type ASCII text, with CRLF line terminators
Hash 2b25502a979c3b240fc77e52689e4c29
790d306577b490abe99d88fb55bce2e815689843
328a90c5503266ebe4dda1e9c84558e62016811f112a159aecb36fc489563577
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /media/gambling/icon.js HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=wn6u46vlinsklvvk2p4u23eo
Cookie: sid=t1~kmepx5fjvpdzdhlo3ctaxkxy
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Dec 2022 15:27:33 GMT
Content-Type: application/javascript
Content-Length: 1580
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "2b25502a979c3b240fc77e52689e4c29"
Last-Modified: Wed, 31 Aug 2022 09:34:54 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E3D71C2E9AE62
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Wed, 06 Dec 2023 15:27:33 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
thetakebestbonus.life/util/utils-gmb.js
194.87.208.61200 OK 4.7 kB URL HTTP/1.1 thetakebestbonus.life/util/utils-gmb.js
IP 194.87.208.61:0
File type ASCII text, with very long lines (641), with CRLF line terminators
Hash 570df3f849036a1a4a75ca2a28047d36
f69147076e3912116a9765a2ed34afe3cae67978
221e1a80f62592306f7a357aa9ee1a43b32a10314f340b64604ca9d351cf33c4
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /util/utils-gmb.js HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=wn6u46vlinsklvvk2p4u23eo
Cookie: sid=t1~kmepx5fjvpdzdhlo3ctaxkxy
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Dec 2022 15:27:33 GMT
Content-Type: application/javascript
Content-Length: 4651
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "570df3f849036a1a4a75ca2a28047d36"
Last-Modified: Wed, 31 Aug 2022 09:38:20 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E3D4E30FC4F7B
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Wed, 06 Dec 2023 15:27:33 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
thetakebestbonus.life/media/gambling/en/slotbar/comment.js
194.87.208.61200 OK 2.8 kB URL HTTP/1.1 thetakebestbonus.life/media/gambling/en/slotbar/comment.js
IP 194.87.208.61:0
File type ASCII text, with very long lines (2753), with no line terminators
Hash 8441712705c040dc2ecfd7966c11f131
2f776d7927b20cf9813436f83e3007002979cccb
b18340e4cacb8244292577c44d3a37be71c75977ab74e417c8b8cb0da4d84246
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /media/gambling/en/slotbar/comment.js HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=wn6u46vlinsklvvk2p4u23eo
Cookie: sid=t1~kmepx5fjvpdzdhlo3ctaxkxy
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Dec 2022 15:27:33 GMT
Content-Type: application/javascript
Content-Length: 2753
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "8441712705c040dc2ecfd7966c11f131"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E3DC958C4FED7
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Wed, 06 Dec 2023 15:27:33 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
thetakebestbonus.life/media/gambling/backbutton_gmb.js
194.87.208.61200 OK 3.9 kB URL HTTP/1.1 thetakebestbonus.life/media/gambling/backbutton_gmb.js
IP 194.87.208.61:0
File type ASCII text, with CRLF line terminators
Hash 42a42a2180debd55caba94527379964c
562c1754c94ce49326b0381805ee14d175487778
52afe26d88ec86edf4a46d872db86007597b8ff5f6d9e79e47c9e6b899d0b781
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /media/gambling/backbutton_gmb.js HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=wn6u46vlinsklvvk2p4u23eo
Cookie: sid=t1~kmepx5fjvpdzdhlo3ctaxkxy
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Dec 2022 15:27:33 GMT
Content-Type: application/javascript
Content-Length: 3923
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "42a42a2180debd55caba94527379964c"
Last-Modified: Wed, 31 Aug 2022 09:34:51 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E3DBC75E0016E
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Wed, 06 Dec 2023 15:27:33 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
thetakebestbonus.life/media/gambling/en/slotbar/returnDate.no.js
194.87.208.61200 OK 1.2 kB URL HTTP/1.1 thetakebestbonus.life/media/gambling/en/slotbar/returnDate.no.js
IP 194.87.208.61:0
Hash dbdb981f8658c845968ec8226f81d1d8
d679b7bf47f71cd55b6c307cf96146a95660d667
5c9b1b4991000ba0178363dd1c57556fe2d6b433f6d4eef927c2cd15d55660fa
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /media/gambling/en/slotbar/returnDate.no.js HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=wn6u46vlinsklvvk2p4u23eo
Cookie: sid=t1~kmepx5fjvpdzdhlo3ctaxkxy
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Dec 2022 15:27:33 GMT
Content-Type: application/javascript
Content-Length: 1242
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "dbdb981f8658c845968ec8226f81d1d8"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E3DCAEF555ECB
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Wed, 06 Dec 2023 15:27:33 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
thetakebestbonus.life/media/gambling/exit_gmb.js
194.87.208.61200 OK 1.6 kB URL HTTP/1.1 thetakebestbonus.life/media/gambling/exit_gmb.js
IP 194.87.208.61:0
File type ASCII text, with CRLF line terminators
Hash 5202df93e55f911a83a995fa38af7ee6
6c0ce8fd3d83e819b40bdff250b8c9331a2bbcf8
28ef9927757f823b79b11ebc2b24e22940e84492d5d78ede4591e4e520a43681
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /media/gambling/exit_gmb.js HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=wn6u46vlinsklvvk2p4u23eo
Cookie: sid=t1~kmepx5fjvpdzdhlo3ctaxkxy
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Dec 2022 15:27:33 GMT
Content-Type: application/javascript
Content-Length: 1550
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "5202df93e55f911a83a995fa38af7ee6"
Last-Modified: Wed, 31 Aug 2022 09:34:54 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E3CFB6B9594ED
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Wed, 06 Dec 2023 15:27:33 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
thetakebestbonus.life/media/gambling/confetti.js
194.87.208.61200 OK 3.5 kB URL HTTP/1.1 thetakebestbonus.life/media/gambling/confetti.js
IP 194.87.208.61:0
File type ASCII text, with very long lines (3533), with no line terminators
Hash 116c9460f5e882a7fcf4e837f7efc72a
13a88e74735d05985e5d07e8cbff716329f5d81c
651141c8290087af54c66793aa063ee5697661fb914925f56bd09390a2895ce4
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /media/gambling/confetti.js HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=wn6u46vlinsklvvk2p4u23eo
Cookie: sid=t1~kmepx5fjvpdzdhlo3ctaxkxy
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Dec 2022 15:27:33 GMT
Content-Type: application/javascript
Content-Length: 3533
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "116c9460f5e882a7fcf4e837f7efc72a"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E3D4E371BF928
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Wed, 06 Dec 2023 15:27:33 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
thetakebestbonus.life/util/pgamble.js?v=8
194.87.208.61200 OK 4.2 kB URL HTTP/1.1 thetakebestbonus.life/util/pgamble.js?v=8
IP 194.87.208.61:0
File type ASCII text, with very long lines (4237), with no line terminators
Hash c43bdd4ef0fd292dca304ff4c8f56058
62ddd2026ea77bc7e7bc0c479ecd1b645a5f3b95
270f557d605568785502706a54f3c43811958ffae143753a6515aa2c8d95ae2a
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /util/pgamble.js?v=8 HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=wn6u46vlinsklvvk2p4u23eo
Cookie: sid=t1~kmepx5fjvpdzdhlo3ctaxkxy
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Dec 2022 15:27:33 GMT
Content-Type: application/javascript
Content-Length: 4237
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "c43bdd4ef0fd292dca304ff4c8f56058"
Last-Modified: Wed, 31 Aug 2022 09:38:18 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E3C44F0D60AB1
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Wed, 06 Dec 2023 15:27:33 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
thetakebestbonus.life/media/gambling/en/slotbar/red-arrow-right.png
194.87.208.61200 OK 1.1 kB URL HTTP/1.1 thetakebestbonus.life/media/gambling/en/slotbar/red-arrow-right.png
IP 194.87.208.61:0
File type PNG image data, 50 x 50, 8-bit colormap, non-interlaced\012- data
Hash c4d30de24dab6f826e7f27286beaceaa
b42751f5e5ebb1561fc9809235df332e8eb0f8c8
124c45624ec8d62cec06559dcfcd78ae0c686964ffe05911a836a0e4e1410081
Analyzer Verdict Alert quad9 Sinkholed
GET /media/gambling/en/slotbar/red-arrow-right.png HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=wn6u46vlinsklvvk2p4u23eo
Cookie: sid=t1~kmepx5fjvpdzdhlo3ctaxkxy
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Dec 2022 15:27:33 GMT
Content-Type: image/png
Content-Length: 1089
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "c4d30de24dab6f826e7f27286beaceaa"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E3C318EAC0DD3
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Wed, 06 Dec 2023 15:27:33 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
thetakebestbonus.life/media/gambling/en/slotbar/img2.jpg
194.87.208.61200 OK 1.3 kB URL HTTP/1.1 thetakebestbonus.life/media/gambling/en/slotbar/img2.jpg
IP 194.87.208.61:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 50x50, components 3\012- data
Hash 92b944714cea3e478a8e50dea1a80b26
f12fc267be0ab02e2f3585b42df5b8c10d3cd3a5
fa07d78345204bf48b255523990b544e1b28f9a7810aaf2b8a5a356d05575205
Analyzer Verdict Alert quad9 Sinkholed
GET /media/gambling/en/slotbar/img2.jpg HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=wn6u46vlinsklvvk2p4u23eo
Cookie: sid=t1~kmepx5fjvpdzdhlo3ctaxkxy
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Dec 2022 15:27:33 GMT
Content-Type: image/jpeg
Content-Length: 1297
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "92b944714cea3e478a8e50dea1a80b26"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E3CB3BCED3D82
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Wed, 06 Dec 2023 15:27:33 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
thetakebestbonus.life/media/gambling/en/slotbar/img1.jpg
194.87.208.61200 OK 1.3 kB URL HTTP/1.1 thetakebestbonus.life/media/gambling/en/slotbar/img1.jpg
IP 194.87.208.61:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 50x50, components 3\012- data
Hash c3c59916d3b4977017c89125dc42b664
c8e5a97a6e9fbf41558c09c65b2ca6df9ba8723a
aa05de326a8afd2a7b16c253d8c10fc41857b474f23a814ffa7684d4ef17c1a9
Analyzer Verdict Alert quad9 Sinkholed
GET /media/gambling/en/slotbar/img1.jpg HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=wn6u46vlinsklvvk2p4u23eo
Cookie: sid=t1~kmepx5fjvpdzdhlo3ctaxkxy
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Dec 2022 15:27:33 GMT
Content-Type: image/jpeg
Content-Length: 1315
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "c3c59916d3b4977017c89125dc42b664"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E3CB3BCE8C6AC
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Wed, 06 Dec 2023 15:27:33 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
thetakebestbonus.life/media/gambling/en/slotbar/yWwCB4c.jpg
194.87.208.61200 OK 2.3 kB URL HTTP/1.1 thetakebestbonus.life/media/gambling/en/slotbar/yWwCB4c.jpg
IP 194.87.208.61:0
File type JPEG image data, baseline, precision 8, 50x50, components 3\012- data
Hash 5edf4db493423ac10c72a27ad5c4a618
5c535d00eaeaa725b39e3e1167a12de5bd66a1f2
a7c86ca5470f7d68b4c5f1c87f29f7daf816d1bd95353091bba8753341bb6f5f
Analyzer Verdict Alert quad9 Sinkholed
GET /media/gambling/en/slotbar/yWwCB4c.jpg HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=wn6u46vlinsklvvk2p4u23eo
Cookie: sid=t1~kmepx5fjvpdzdhlo3ctaxkxy
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Dec 2022 15:27:33 GMT
Content-Type: image/jpeg
Content-Length: 2336
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "5edf4db493423ac10c72a27ad5c4a618"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E3CB3C2D1ED7C
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Wed, 06 Dec 2023 15:27:33 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
thetakebestbonus.life/media/gambling/en/slotbar/3temv7e.jpg
194.87.208.61200 OK 1.2 kB URL HTTP/1.1 thetakebestbonus.life/media/gambling/en/slotbar/3temv7e.jpg
IP 194.87.208.61:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 50x50, components 3\012- data
Hash a848711320a9df61e6457f65b0dfa9fb
68a62a84d89f4f9e1e831a6cef920797c7f2e7d5
aea3443ffa2df4454daac365b37a61f9b9b1ba24dc0899ff3afca9f770765ce0
Analyzer Verdict Alert quad9 Sinkholed
GET /media/gambling/en/slotbar/3temv7e.jpg HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=wn6u46vlinsklvvk2p4u23eo
Cookie: sid=t1~kmepx5fjvpdzdhlo3ctaxkxy
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Dec 2022 15:27:33 GMT
Content-Type: image/jpeg
Content-Length: 1169
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "a848711320a9df61e6457f65b0dfa9fb"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E3CB3EAAAA42A
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Wed, 06 Dec 2023 15:27:33 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
thetakebestbonus.life/media/gambling/en/slotbar/7wSpKDu.jpg
194.87.208.61200 OK 2.0 kB URL HTTP/1.1 thetakebestbonus.life/media/gambling/en/slotbar/7wSpKDu.jpg
IP 194.87.208.61:0
File type JPEG image data, baseline, precision 8, 50x50, components 3\012- data
Hash 6d02d5cf49120718501b9a6629290c48
a7bfde16cd37f6a331e8f17fbfc2f1772a5929a1
84d7f0648aeba8d80bb0f47e781cba8955b8fa7425748d9830c7a8c9bc35e5e9
Analyzer Verdict Alert quad9 Sinkholed
GET /media/gambling/en/slotbar/7wSpKDu.jpg HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=wn6u46vlinsklvvk2p4u23eo
Cookie: sid=t1~kmepx5fjvpdzdhlo3ctaxkxy
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Dec 2022 15:27:33 GMT
Content-Type: image/jpeg
Content-Length: 2037
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "6d02d5cf49120718501b9a6629290c48"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E3CB3D96A9F4A
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Wed, 06 Dec 2023 15:27:33 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
thetakebestbonus.life/media/gambling/en/slotbar/win.mp3
194.87.208.61206 Partial Content 10 kB URL HTTP/1.1 thetakebestbonus.life/media/gambling/en/slotbar/win.mp3
IP 194.87.208.61:0
File type Audio file with ID3 version 2.3.0, contains: MPEG ADTS, layer III, v1, 32 kbps, 32 kHz, Monaural\012- data
Hash bca40777013dec4a99eaa8b0b98a7fef
bc1c833577a1dcd82ad01a90e82898bc7b47cad7
635e9ee8fcd18bd4c3ae173f00f4c5cbf15ee90a27a302440e2e77c371314176
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /media/gambling/en/slotbar/win.mp3 HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=wn6u46vlinsklvvk2p4u23eo
Cookie: sid=t1~kmepx5fjvpdzdhlo3ctaxkxy
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 206 Partial Content
Server: nginx
Date: Tue, 06 Dec 2022 15:27:33 GMT
Content-Type: audio/mpeg
Content-Length: 10391
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "bca40777013dec4a99eaa8b0b98a7fef"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
No-Gzip-Compression: true
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E3CD9B43F65FB
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Wed, 06 Dec 2023 15:27:33 GMT
Cache-Control: max-age=31536000, no-transform
Content-Range: bytes 0-10390/10391
thetakebestbonus.life/media/gambling/en/slotbar/spin.mp3
194.87.208.61206 Partial Content 8.8 kB URL HTTP/1.1 thetakebestbonus.life/media/gambling/en/slotbar/spin.mp3
IP 194.87.208.61:0
File type MPEG ADTS, layer III, v2, 32 kbps, 16 kHz, JntStereo\012- data
Hash 5a2e10964c7fea8b0181831184bc0d97
8f5233dd6be372e7749c6cd8440db5b43de5a9c9
9b8fa3d6ccb98804102ffd59ee70c19e5d7ca7efabbe6c0d4471a1935348ee3d
Analyzer Verdict Alert fortinet Phishing
quad9 Sinkholed
GET /media/gambling/en/slotbar/spin.mp3 HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=wn6u46vlinsklvvk2p4u23eo
Cookie: sid=t1~kmepx5fjvpdzdhlo3ctaxkxy
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 206 Partial Content
Server: nginx
Date: Tue, 06 Dec 2022 15:27:33 GMT
Content-Type: audio/mpeg
Content-Length: 8784
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "5a2e10964c7fea8b0181831184bc0d97"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
No-Gzip-Compression: true
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E3CD9B6B580B7
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Wed, 06 Dec 2023 15:27:33 GMT
Cache-Control: max-age=31536000, no-transform
Content-Range: bytes 0-8783/8784
thetakebestbonus.life/media/gambling/en/slotbar/9PH2QqX.jpg
194.87.208.61200 OK 2.1 kB URL HTTP/1.1 thetakebestbonus.life/media/gambling/en/slotbar/9PH2QqX.jpg
IP 194.87.208.61:0
File type JPEG image data, baseline, precision 8, 50x50, components 3\012- data
Hash f48aa7778890400e3be6131e64cd4236
9341d039b9f7de4eac9070c36fecac2772cc1ba0
388e1eb0cb648490ea1c4913f4ea3128f3fbfbda0608bf85e471d947db905302
Analyzer Verdict Alert quad9 Sinkholed
GET /media/gambling/en/slotbar/9PH2QqX.jpg HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=wn6u46vlinsklvvk2p4u23eo
Cookie: sid=t1~kmepx5fjvpdzdhlo3ctaxkxy
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Dec 2022 15:27:33 GMT
Content-Type: image/jpeg
Content-Length: 2143
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "f48aa7778890400e3be6131e64cd4236"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E3CB3DF125F26
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Wed, 06 Dec 2023 15:27:33 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
thetakebestbonus.life/media/gambling/en/slotbar/EKZrmbS.jpg
194.87.208.61200 OK 2.3 kB URL HTTP/1.1 thetakebestbonus.life/media/gambling/en/slotbar/EKZrmbS.jpg
IP 194.87.208.61:0
File type JPEG image data, baseline, precision 8, 50x50, components 3\012- data
Hash 7364bf39dcf0941d3a1760e46a562710
a358405162193128cceae8551e14648798bd4254
ba858c8ecc8f498253509a9251e5070ce3b3ad9950b704a22a9a1fb1efc62541
Analyzer Verdict Alert quad9 Sinkholed
GET /media/gambling/en/slotbar/EKZrmbS.jpg HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=wn6u46vlinsklvvk2p4u23eo
Cookie: sid=t1~kmepx5fjvpdzdhlo3ctaxkxy
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Dec 2022 15:27:33 GMT
Content-Type: image/jpeg
Content-Length: 2264
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "7364bf39dcf0941d3a1760e46a562710"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E3CB43068FEC2
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Wed, 06 Dec 2023 15:27:33 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
thetakebestbonus.life/media/gambling/en/slotbar/yEUMY3v.jpg
194.87.208.61200 OK 1.6 kB URL HTTP/1.1 thetakebestbonus.life/media/gambling/en/slotbar/yEUMY3v.jpg
IP 194.87.208.61:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 50x50, components 3\012- data
Hash 5da3831556c780010e0e5c5b967e43ce
574623afde349258b91d44849ef16d483b61e223
45f901bd7a281c73db028f014eb9196ad0297d6eaede94151bf2832946eb8f07
Analyzer Verdict Alert quad9 Sinkholed
GET /media/gambling/en/slotbar/yEUMY3v.jpg HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=wn6u46vlinsklvvk2p4u23eo
Cookie: sid=t1~kmepx5fjvpdzdhlo3ctaxkxy
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Dec 2022 15:27:33 GMT
Content-Type: image/jpeg
Content-Length: 1608
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "5da3831556c780010e0e5c5b967e43ce"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E3CB3F59C2AF2
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Wed, 06 Dec 2023 15:27:33 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
thetakebestbonus.life/media/gambling/en/slotbar/KqX499j.png
194.87.208.61200 OK 2.2 kB URL HTTP/1.1 thetakebestbonus.life/media/gambling/en/slotbar/KqX499j.png
IP 194.87.208.61:0
File type PNG image data, 48 x 48, 8-bit colormap, non-interlaced\012- data
Hash 8fe70ee687801d77e99e45efa5af9aa7
e49eefbb1115151d92af0285dc58416f0e9ab0f1
4d1d8a5b765092760f02f78036d8df58ad04f835c15619e9522c3f2ac932a0da
Analyzer Verdict Alert quad9 Sinkholed
GET /media/gambling/en/slotbar/KqX499j.png HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=wn6u46vlinsklvvk2p4u23eo
Cookie: sid=t1~kmepx5fjvpdzdhlo3ctaxkxy
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Dec 2022 15:27:33 GMT
Content-Type: image/png
Content-Length: 2153
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "8fe70ee687801d77e99e45efa5af9aa7"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E3CB3FA6CFB96
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Wed, 06 Dec 2023 15:27:33 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
thetakebestbonus.life/media/gambling/en/slotbar/DsrKpkj.jpg
194.87.208.61200 OK 1.5 kB URL HTTP/1.1 thetakebestbonus.life/media/gambling/en/slotbar/DsrKpkj.jpg
IP 194.87.208.61:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 48x48, components 3\012- data
Hash 0d0f29abfcedc7dfffe3811a5100a6cd
19567e85aab4fd05d752cfa86f88087465042b0a
e3da7d20be42da6e260d3085d2a3f3965a549065345ee2d139e28625104e2393
Analyzer Verdict Alert quad9 Sinkholed
GET /media/gambling/en/slotbar/DsrKpkj.jpg HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=wn6u46vlinsklvvk2p4u23eo
Cookie: sid=t1~kmepx5fjvpdzdhlo3ctaxkxy
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Dec 2022 15:27:34 GMT
Content-Type: image/jpeg
Content-Length: 1506
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "0d0f29abfcedc7dfffe3811a5100a6cd"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E3CB412E25D75
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Wed, 06 Dec 2023 15:27:34 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
thetakebestbonus.life/media/gambling/en/slotbar/plR22yu.jpg
194.87.208.61200 OK 1.0 kB URL HTTP/1.1 thetakebestbonus.life/media/gambling/en/slotbar/plR22yu.jpg
IP 194.87.208.61:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 51x51, components 3\012- data
Hash 7a532123e2eda81e018b8c1f90c8b3bd
e03576434acd69d708fae0f3f8df07e93d152280
9545948eefe774be5121de01ef9c14207891c35116bba14056471a59e4c212a1
Analyzer Verdict Alert quad9 Sinkholed
GET /media/gambling/en/slotbar/plR22yu.jpg HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=wn6u46vlinsklvvk2p4u23eo
Cookie: sid=t1~kmepx5fjvpdzdhlo3ctaxkxy
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Dec 2022 15:27:34 GMT
Content-Type: image/jpeg
Content-Length: 1017
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "7a532123e2eda81e018b8c1f90c8b3bd"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E3CB44EF7695C
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Wed, 06 Dec 2023 15:27:34 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
thetakebestbonus.life/media/gambling/en/slotbar/slot-result-2.png
194.87.208.61200 OK 25 kB URL HTTP/1.1 thetakebestbonus.life/media/gambling/en/slotbar/slot-result-2.png
IP 194.87.208.61:0
File type PNG image data, 410 x 279, 8-bit colormap, non-interlaced\012- data
Hash 4922e4f8c0c5d208c89921d9a525cbe5
b756a0d6c3f726f00300c87fac1d3a915784ebdf
f13a99343fae8de26ee2e996fcc80487e9687ac5929eefd899db967fd124208c
Analyzer Verdict Alert quad9 Sinkholed
GET /media/gambling/en/slotbar/slot-result-2.png HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=wn6u46vlinsklvvk2p4u23eo
Cookie: sid=t1~kmepx5fjvpdzdhlo3ctaxkxy
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Dec 2022 15:27:34 GMT
Content-Type: image/png
Content-Length: 25004
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "4922e4f8c0c5d208c89921d9a525cbe5"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E3D86DA84EE31
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Wed, 06 Dec 2023 15:27:34 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
thetakebestbonus.life/media/gambling/en/slotbar/red-arrow-left.png
194.87.208.61200 OK 1.1 kB URL HTTP/1.1 thetakebestbonus.life/media/gambling/en/slotbar/red-arrow-left.png
IP 194.87.208.61:0
File type PNG image data, 50 x 50, 8-bit colormap, non-interlaced\012- data
Hash 58f67f1674f5133b9925d3ae27dc0498
81c764ff6133a59dac942dfc76d77ee7c942fc03
29879956bc91fc604349179daa4c866d15cc6a6b120e0e6abb5ff0d078c7484b
Analyzer Verdict Alert quad9 Sinkholed
GET /media/gambling/en/slotbar/red-arrow-left.png HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=wn6u46vlinsklvvk2p4u23eo
Cookie: sid=t1~kmepx5fjvpdzdhlo3ctaxkxy
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Dec 2022 15:27:34 GMT
Content-Type: image/png
Content-Length: 1059
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "58f67f1674f5133b9925d3ae27dc0498"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E3C31837F1C6F
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Wed, 06 Dec 2023 15:27:34 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
thetakebestbonus.life/media/gambling/en/slotbar/slot-spin.gif
194.87.208.61200 OK 88 kB URL HTTP/1.1 thetakebestbonus.life/media/gambling/en/slotbar/slot-spin.gif
IP 194.87.208.61:0
File type GIF image data, version 89a, 410 x 279\012- data
Hash 617c16c5e04c8603dd7f157862b1c682
1306296f9a666a7fc50f339a2a924ce8a3a18169
7f8e36cf7ac437d7c42440ef5f522c8e27adb06348b573192308038fa7c1dc7e
Analyzer Verdict Alert quad9 Sinkholed
GET /media/gambling/en/slotbar/slot-spin.gif HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=wn6u46vlinsklvvk2p4u23eo
Cookie: sid=t1~kmepx5fjvpdzdhlo3ctaxkxy
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Dec 2022 15:27:34 GMT
Content-Type: image/gif
Content-Length: 87599
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "617c16c5e04c8603dd7f157862b1c682"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E3DC974A0CD4D
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Wed, 06 Dec 2023 15:27:34 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
thetakebestbonus.life/media/gambling/en/slotbar/slot-result-1.png
194.87.208.61200 OK 20 kB URL HTTP/1.1 thetakebestbonus.life/media/gambling/en/slotbar/slot-result-1.png
IP 194.87.208.61:0
File type PNG image data, 410 x 279, 8-bit colormap, non-interlaced\012- data
Hash 54c5bc3e91c88eeff2a8f7f9b07f1fe1
2751cefef9a5045394300d8bfc97e40bc0b7cd9a
989811ca7ffc1465a01cba4e46074e231acb6cf0881a0bb82652025f5cefa3de
Analyzer Verdict Alert quad9 Sinkholed
GET /media/gambling/en/slotbar/slot-result-1.png HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=wn6u46vlinsklvvk2p4u23eo
Cookie: sid=t1~kmepx5fjvpdzdhlo3ctaxkxy
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Dec 2022 15:27:34 GMT
Content-Type: image/png
Content-Length: 19469
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "54c5bc3e91c88eeff2a8f7f9b07f1fe1"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E3DC997E87D71
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Wed, 06 Dec 2023 15:27:34 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
thetakebestbonus.life/media/gambling/en/slotbar/slot-win.png
194.87.208.61200 OK 14 kB URL HTTP/1.1 thetakebestbonus.life/media/gambling/en/slotbar/slot-win.png
IP 194.87.208.61:0
File type PNG image data, 410 x 279, 8-bit colormap, non-interlaced\012- data
Hash efb5cc057d90910eac87b874ae4dba74
6e24b4b704bee110a184ebe7b560bd3e91c73171
89c8a97b460a4fdca3c3bae5cc2f0aac9ca347ba18b6edf90c1c83ea953a6194
Analyzer Verdict Alert quad9 Sinkholed
GET /media/gambling/en/slotbar/slot-win.png HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=wn6u46vlinsklvvk2p4u23eo
Cookie: sid=t1~kmepx5fjvpdzdhlo3ctaxkxy
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Dec 2022 15:27:34 GMT
Content-Type: image/png
Content-Length: 13853
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "efb5cc057d90910eac87b874ae4dba74"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E3D86942B3DAA
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Wed, 06 Dec 2023 15:27:34 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
thetakebestbonus.life/media/gambling/en/slotbar/slot-start.png
194.87.208.61200 OK 25 kB URL HTTP/1.1 thetakebestbonus.life/media/gambling/en/slotbar/slot-start.png
IP 194.87.208.61:0
File type PNG image data, 410 x 279, 8-bit colormap, non-interlaced\012- data
Hash 794c929de9d8b06cf941920aeeceecee
e411636320af6e768cdde0a1ed3cc3cbc5eecc11
c9b63b519ca7e209c7adc6268f0112d83913e09ec44bebb3a8308897eebdef6f
Analyzer Verdict Alert quad9 Sinkholed
GET /media/gambling/en/slotbar/slot-start.png HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=wn6u46vlinsklvvk2p4u23eo
Cookie: sid=t1~kmepx5fjvpdzdhlo3ctaxkxy
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 06 Dec 2022 15:27:34 GMT
Content-Type: image/png
Content-Length: 24873
Connection: keep-alive
Content-Security-Policy: block-all-mixed-content
ETag: "794c929de9d8b06cf941920aeeceecee"
Last-Modified: Wed, 31 Aug 2022 09:34:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin, Accept-Encoding
X-Amz-Request-Id: 172E3DC91E0A4AC5
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Expires: Wed, 06 Dec 2023 15:27:34 GMT
Cache-Control: max-age=31536000, no-transform
Accept-Ranges: bytes
thetakebestbonus.life/favicon.ico
194.87.208.61204 No Content 0 B URL HTTP/1.1 thetakebestbonus.life/favicon.ico
IP 194.87.208.61:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /favicon.ico HTTP/1.1
Host: thetakebestbonus.life
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://thetakebestbonus.life/?u=xunwwwr&o=b0hp0zn&cid=wn6u46vlinsklvvk2p4u23eo
Cookie: sid=t1~kmepx5fjvpdzdhlo3ctaxkxy
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 204 No Content
Server: nginx
Date: Tue, 06 Dec 2022 15:27:35 GMT
Connection: keep-alive
Cache-Control: no-transform