a.vfgtf.com/ab267e05-23a0-430a-bac4-772f7f629740?subID1=REDIRECTED_FROM_LEGACY_LANDING_PAGES;102028fb5476bd15a676b932ed1d19&affiliateID=44542&source=10256975595b8c819baa68e237485e&subID2=44543&s2=10256975595b8c819baa68e237485e&s3=REDIRECTED_FROM_LEGACY_LANDING_PAGES;102028fb5476bd15a676b932ed1d19&s4=44543&url=1&affsub=REDIRECTED_FROM_LEGACY_LANDING_PAGES&affsource=102028fb5476bd15a676b932ed1d19&aff_click_id=10256975595b8c819baa68e237485e&bo=2753,2754,2755,2756
18.192.108.151302 0 B URL HTTP/1.1 a.vfgtf.com/ab267e05-23a0-430a-bac4-772f7f629740?subID1=REDIRECTED_FROM_LEGACY_LANDING_PAGES;102028fb5476bd15a676b932ed1d19&affiliateID=44542&source=10256975595b8c819baa68e237485e&subID2=44543&s2=10256975595b8c819baa68e237485e&s3=REDIRECTED_FROM_LEGACY_LANDING_PAGES;102028fb5476bd15a676b932ed1d19&s4=44543&url=1&affsub=REDIRECTED_FROM_LEGACY_LANDING_PAGES&affsource=102028fb5476bd15a676b932ed1d19&aff_click_id=10256975595b8c819baa68e237485e&bo=2753,2754,2755,2756
IP 18.192.108.151:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ab267e05-23a0-430a-bac4-772f7f629740?subID1=REDIRECTED_FROM_LEGACY_LANDING_PAGES;102028fb5476bd15a676b932ed1d19&affiliateID=44542&source=10256975595b8c819baa68e237485e&subID2=44543&s2=10256975595b8c819baa68e237485e&s3=REDIRECTED_FROM_LEGACY_LANDING_PAGES;102028fb5476bd15a676b932ed1d19&s4=44543&url=1&affsub=REDIRECTED_FROM_LEGACY_LANDING_PAGES&affsource=102028fb5476bd15a676b932ed1d19&aff_click_id=10256975595b8c819baa68e237485e&bo=2753,2754,2755,2756 HTTP/1.1
Host: a.vfgtf.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302
Server: nginx
Date: Thu, 01 Dec 2022 12:13:48 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: https://a.vfgtc.com/dff0a39e-b61c-4ead-9255-78be047ae39f?aff_sub4=_bucket&subID1=REDIRECTED_FROM_LEGACY_LANDING_PAGES%3B102028fb5476bd15a676b932ed1d19&affiliateID=44542&source=10256975595b8c819baa68e237485e&subID2=44543&Target=&Site=&Bnr=&cid=w50rp17due7lj4sk2sk8slak
Pragma: no-cache
Set-Cookie: ab267e05-23a0-430a-bac4-772f7f629740-v4=OJKluzoJwiqpjPeHD5WuCwHv8Grswom8NmpHYz09QAk; Max-Age=86400; Expires=Fri, 02-Dec-2022 12:13:48 GMT; Domain=a.vfgtf.com; Path=/; HttpOnly
cc-v4=CXaqfKcqOJt4%2Fh2yL10NP1A%2FU8wDUErXrCBG8A6e6VVZK4%2B%2BCai3pU%2FnQWK%2BAS8LHLUMtjF5EDtVwqinkBcvMKvQaCIMVhYuu9rMUTE1chpj3DKORs0k1UzUPg3NrVM7ZlRNCvFpYzICKXfLeyCnOA%3D%3D; Max-Age=31536000; Expires=Fri, 01-Dec-2023 12:13:48 GMT; Domain=a.vfgtf.com; Path=/; HttpOnly
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a5daf4dc99951793ae2315d4795e8146
4427507ca4d3a5632cc8f598afbc85e2195d00bd
94fb64c1c826ed7099283c0bedb3cea7ac7e1d9526794cb9fad6e761f5989d32
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "94FB64C1C826ED7099283C0BEDB3CEA7AC7E1D9526794CB9FAD6E761F5989D32"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2268
Expires: Thu, 01 Dec 2022 12:51:36 GMT
Date: Thu, 01 Dec 2022 12:13:48 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 0c748388899e8a8d3680355da2ea5020
903c620cd137613daafb0da0508c37b2f4a67212
39eab80e022a9a1732872d9926b0ace80f818ec5c535e36a18b539ea63786fb2
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2514
Cache-Control: max-age=169158
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 12:13:48 GMT
Etag: "63888270-1d7"
Expires: Sat, 03 Dec 2022 11:13:06 GMT
Last-Modified: Thu, 01 Dec 2022 10:31:12 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 9fce5679881bf302a8978a0b462f01a9
b699fe030ea13ac73813e655c42ed9b531925e2b
a3ec545a8f9364ac9062eddb41279e1465687a1b60f9c1dec6b3a3df8b033eb3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A3EC545A8F9364AC9062EDDB41279E1465687A1B60F9C1DEC6B3A3DF8B033EB3"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5245
Expires: Thu, 01 Dec 2022 13:41:13 GMT
Date: Thu, 01 Dec 2022 12:13:48 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: m6FKR3Nv27V9w/ssHMYIysXP5tQMHa/TB68rpzBE5jvNOshw6ywWH/9vvtMAPgsAWhLI6dKJFsI=
x-amz-request-id: PKK2NDMKTBN8HYQK
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 01 Dec 2022 11:46:15 GMT
age: 1653
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 01 Dec 2022 11:19:46 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 3242
alt-svc: clear
X-Firefox-Spdy: h2
a.vfgtc.com/dff0a39e-b61c-4ead-9255-78be047ae39f?aff_sub4=_bucket&subID1=REDIRECTED_FROM_LEGACY_LANDING_PAGES%3B102028fb5476bd15a676b932ed1d19&affiliateID=44542&source=10256975595b8c819baa68e237485e&subID2=44543&Target=&Site=&Bnr=&cid=w50rp17due7lj4sk2sk8slak
18.192.108.151302 Found 0 B URL HTTP/2 a.vfgtc.com/dff0a39e-b61c-4ead-9255-78be047ae39f?aff_sub4=_bucket&subID1=REDIRECTED_FROM_LEGACY_LANDING_PAGES%3B102028fb5476bd15a676b932ed1d19&affiliateID=44542&source=10256975595b8c819baa68e237485e&subID2=44543&Target=&Site=&Bnr=&cid=w50rp17due7lj4sk2sk8slak
IP 18.192.108.151:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /dff0a39e-b61c-4ead-9255-78be047ae39f?aff_sub4=_bucket&subID1=REDIRECTED_FROM_LEGACY_LANDING_PAGES%3B102028fb5476bd15a676b932ed1d19&affiliateID=44542&source=10256975595b8c819baa68e237485e&subID2=44543&Target=&Site=&Bnr=&cid=w50rp17due7lj4sk2sk8slak HTTP/1.1
Host: a.vfgtc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
server: nginx
date: Thu, 01 Dec 2022 12:13:48 GMT
content-length: 0
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://t.anmdr.link/44542/5447/?aff_sub4=_bucket&aff_sub=REDIRECTED_FROM_LEGACY_LANDING_PAGES%3B102028fb5476bd15a676b932ed1d19&aff_sub2=44543&aff_sub3=wdqotmnsio6ur4ski72clmb6&source=10256975595b8c819baa68e237485e&bo=2754,2755,2756&aff_sub5=_
pragma: no-cache
set-cookie: dff0a39e-b61c-4ead-9255-78be047ae39f-v4=IcFLL4m6JULh7qbp8mQ0zieExntjoM8dQoOxECE5-wY; Max-Age=86400; Expires=Fri, 02-Dec-2022 12:13:48 GMT; Domain=a.vfgtc.com; Path=/; Secure; HttpOnly;SameSite=None
cc-v4=7SCyB6Ki1GjgGBOKvW22xKH%2BAIcnoBBvCJ5ES2KiENptiIjaijjw3Z2htuYCK023He%2BwdO70S1pvLm2KJifNOAD0hLGMz8e%2BLuV7kvW7oiyJXXmvZk6SqRIqMAsmDK29H%2FgCbAxEfqEXMMlGY30eDw%3D%3D; Max-Age=31536000; Expires=Fri, 01-Dec-2023 12:13:48 GMT; Domain=a.vfgtc.com; Path=/; Secure; HttpOnly;SameSite=None
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 12:13:48 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.158200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.158:0
Hash bd2422b1bd848db729c67324c198ae0e
99ef01ea958d3811958e6175f8dc7c94c3d17691
f6300440d56f190b52796e679e850f4919a7e3f15b1021c90a78eea3e798c6fe
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=116078
Date: Thu, 01 Dec 2022 12:13:48 GMT
Etag: "6387ab20-1d7"
Expires: Fri, 02 Dec 2022 20:28:26 GMT
Last-Modified: Wed, 30 Nov 2022 19:12:32 GMT
Server: ECS (bsa/EB16)
X-Cache: Miss from cloudfront
Via: 1.1 6a757ab2991da716151f94ca00b38098.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 5_V0lBlWvMB5jcbYaO_GS5mlqYKXf2KlNKIwE3HkjtBQ6TFgo5FdXg==
Age: 4554
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 01 Dec 2022 12:08:56 GMT
cache-control: public,max-age=3600
age: 292
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
t.anmdr.link/44542/5447/?aff_sub4=_bucket&aff_sub=REDIRECTED_FROM_LEGACY_LANDING_PAGES%3B102028fb5476bd15a676b932ed1d19&aff_sub2=44543&aff_sub3=wdqotmnsio6ur4ski72clmb6&source=10256975595b8c819baa68e237485e&bo=2754,2755,2756&aff_sub5=_
54.230.111.50303 See Other 340 B URL HTTP/2 t.anmdr.link/44542/5447/?aff_sub4=_bucket&aff_sub=REDIRECTED_FROM_LEGACY_LANDING_PAGES%3B102028fb5476bd15a676b932ed1d19&aff_sub2=44543&aff_sub3=wdqotmnsio6ur4ski72clmb6&source=10256975595b8c819baa68e237485e&bo=2754,2755,2756&aff_sub5=_
IP 54.230.111.50:0
File type HTML document, ASCII text, with very long lines (340), with no line terminators
Hash f8f4c29b474f3df7544412d230d9b90c
df57bf433e695a33370d1bdbfa3f46da27ceacb7
6f67f24e85f346aa5e333aca9e33dac76ddc12c11d1681dd6114de189d0a44b8
GET /44542/5447/?aff_sub4=_bucket&aff_sub=REDIRECTED_FROM_LEGACY_LANDING_PAGES%3B102028fb5476bd15a676b932ed1d19&aff_sub2=44543&aff_sub3=wdqotmnsio6ur4ski72clmb6&source=10256975595b8c819baa68e237485e&bo=2754,2755,2756&aff_sub5=_ HTTP/1.1
Host: t.anmdr.link
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 303 See Other
content-type: text/html; charset=utf-8
content-length: 340
location: https://go.moartraffic.com/go.php?t=49549&aid=106472&sid=44542_44543_&clickid=1020df78d1794ead6ab163c15bbdc9&bo=2754%2C2755%2C2756
server: nginx/1.19.0
date: Thu, 01 Dec 2022 12:13:49 GMT
set-cookie: aff_ran_url_8062=27690; Path=/; Expires=Fri, 02 Dec 2022 12:13:49 GMT; Secure
enc_aff_session_8062=ENC0339c3e807907158b140b60ec42704b30d5f80cd3bce1cae92081df5abc6155b2cf36ec7fe6e7dd70569db6ed0c9568f394c8c581c7f49792c2b1f66c4ce51229334397e61130523a2d434e384113606cef455c5f2065f26c9d1b5b38f1675612da92fe32c32837c2e319c0710bc7a93e1037d6f001c03f7a21b454b1c1bdab00363c5cfefc78879617b791632f73617dd225f63776ebea255c6464b78e6e01db6c17b4c5eef44f1d35d9cf01a70c81bfb8587c84dbddfcd9f77a6a2abbe4bffb949dbc22ca64f6dcfe8d9bd0651e0217162e6440cd9df471401c0cff2be5c59d743c40652ecb32491520e99636f5b72be9b63a20eaf199f4ad70fc27e197c6f8118f8b1dd; Path=/; Expires=Sat, 30 Nov 2024 12:13:49 GMT; Secure
ho_mob=eyJtb2JpbGVfZGV2aWNlX29zIjoiRGVza3RvcCIsIm1vYmlsZV9kZXZpY2VfbW9kZWwiOiJGaXJlZm94IiwibW9iaWxlX2RldmljZV9icmFuZCI6Ik1vemlsbGEiLCJtb2JpbGVfYnJvd3NlciI6IkZpcmVmb3ggRGVza3RvcCIsIm1vYmlsZV9icm93c2VyX3ZlcnNpb24iOiIxMDUuMCIsIm1vYmlsZV9jYXJyaWVyIjoiPyIsInVzZXJfYWdlbnQiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgWDY0OyBSdjoxMDUuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC8xMDUuMCIsImNvbm5lY3Rpb25fc3BlZWQiOiJicm9hZGJhbmQifQ%3D%3D; Path=/; Expires=Sat, 25 Oct 2025 22:53:49 GMT; Secure
tracking_id: 1020df78d1794ead6ab163c15bbdc9
vary: Accept
strict-transport-security: max-age=15724800; includeSubDomains
x-cache: Miss from cloudfront
via: 1.1 c26775cc34c23943f6f5cfc9a3da9b4a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: o7lJtox1owc5xbWbr7XinorgWdT3ljUTR4_C-tzL__7XVuYQ4H1B6w==
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 1f88399f3fdd89dbb9ca1229cb67143a
325c9dbfd932cf9a6fb9fab2dd8e27083f55a9a3
831ecd45dcd2d5ae2ae86cd63ea5e94ecd85281b7e51054af5df9a6386fb8d79
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2504
Cache-Control: max-age=164084
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 12:13:49 GMT
Etag: "63886ea9-1d7"
Expires: Sat, 03 Dec 2022 09:48:33 GMT
Last-Modified: Thu, 01 Dec 2022 09:06:49 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 02b27e65c1e613a1a51f500c907f1c8c
d6c7d8e4bf959b25b90730cd700f78b6955412a8
e234a84a1a6384dcd72f443324fefca0a71ec567eb4dc737d04329d507ecf887
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E234A84A1A6384DCD72F443324FEFCA0A71EC567EB4DC737D04329D507ECF887"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6667
Expires: Thu, 01 Dec 2022 14:04:56 GMT
Date: Thu, 01 Dec 2022 12:13:49 GMT
Connection: keep-alive
push.services.mozilla.com/
34.210.158.59101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.210.158.59:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: f3Ry57YenQY8GKPytaGkQQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: tJyQdcfvRYWW8HbJuMpDx03m6L4=
go.moartraffic.com/go.php?t=49549&aid=106472&sid=44542_44543_&clickid=1020df78d1794ead6ab163c15bbdc9&bo=2754%2C2755%2C2756
64.188.52.46200 OK 547 B URL HTTP/1.1 go.moartraffic.com/go.php?t=49549&aid=106472&sid=44542_44543_&clickid=1020df78d1794ead6ab163c15bbdc9&bo=2754%2C2755%2C2756
IP 64.188.52.46:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (442)
Hash fd76153c6d0438f3d54232d113876e1e
95c148bf9e68ddc81a63c40e0f25bf0430f43317
21eb90b7c6a42e8b576a38b4ad9d2e6016b5ae8a6ea4d79ac67199cef477a18b
GET /go.php?t=49549&aid=106472&sid=44542_44543_&clickid=1020df78d1794ead6ab163c15bbdc9&bo=2754%2C2755%2C2756 HTTP/1.1
Host: go.moartraffic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 200 OK
date: Thu, 01 Dec 2022 12:13:49 GMT
server: Apache
set-cookie: bd_ovtu=1; expires=Fri, 02-Dec-2022 12:13:50 GMT; Max-Age=86400; path=/; domain=.moartraffic.com
bdreff=NONE; expires=Tue, 30-May-2023 12:13:50 GMT; Max-Age=15552000; path=/; domain=.moartraffic.com
tour=49549; expires=Tue, 30-May-2023 12:13:50 GMT; Max-Age=15552000; path=/; domain=.moartraffic.com
affsubid=106472-44542_44543_; expires=Tue, 30-May-2023 12:13:50 GMT; Max-Age=15552000; path=/; domain=.moartraffic.com
bdvisit=106472; expires=Fri, 02-Dec-2022 12:13:50 GMT; Max-Age=86400; path=/; domain=.moartraffic.com
bdcounter=1; expires=Fri, 02-Dec-2022 12:13:50 GMT; Max-Age=86400; path=/; domain=.moartraffic.com
xk=5021d032e1c934088c51e8cdc76e191a; expires=Tue, 30-May-2023 12:13:50 GMT; Max-Age=15552000; path=/; domain=.moartraffic.com
cache-control: no-store, no-cache, must-revalidate
expires: Thu, 01 Jan 1970 00:00:00 GMT
x-robots-tag: otherbot: noindex, nofollow, googlebot: noindex, nofollow
vary: Accept-Encoding
content-encoding: gzip
content-length: 547
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
go.moartraffic.com/native.history.js
64.188.52.46200 OK 6.5 kB URL HTTP/1.1 go.moartraffic.com/native.history.js
IP 64.188.52.46:0
File type ASCII text, with very long lines (22102), with no line terminators
Hash 8353bbacfdb868f80448dcdb30c2e2d2
7232562be4f0f7a1aaa403c9d6c5d2ed17345cfd
fd7be3058aae52c67b43703962b3b6039b0ac2709a82a68a150aebae3e19ae38
GET /native.history.js HTTP/1.1
Host: go.moartraffic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://go.moartraffic.com/go.php?t=49549&aid=106472&sid=44542_44543_&clickid=1020df78d1794ead6ab163c15bbdc9&bo=2754%2C2755%2C2756
Cookie: bd_ovtu=1; bdreff=NONE; tour=49549; affsubid=106472-44542_44543_; bdvisit=106472; bdcounter=1; xk=5021d032e1c934088c51e8cdc76e191a
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
date: Thu, 01 Dec 2022 12:13:50 GMT
server: Apache
vary: Accept-Encoding
content-encoding: gzip
content-type: application/javascript
content-length: 6519
x-content-type-options: nosniff
go.moartraffic.com/go.min.js
64.188.52.46200 OK 221 B URL HTTP/1.1 go.moartraffic.com/go.min.js
IP 64.188.52.46:0
File type ASCII text, with very long lines (305)
Hash 77d3c60f4f2cc6ab7f7c0f9187dfd6fe
7a8ce851238850aeadfb637638c52891aeb53c42
98de9958ac1d81fdeea1f165dfe95f2da4d7e592f452d7c8ca699a1c914e3f2e
GET /go.min.js HTTP/1.1
Host: go.moartraffic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://go.moartraffic.com/go.php?t=49549&aid=106472&sid=44542_44543_&clickid=1020df78d1794ead6ab163c15bbdc9&bo=2754%2C2755%2C2756
Cookie: bd_ovtu=1; bdreff=NONE; tour=49549; affsubid=106472-44542_44543_; bdvisit=106472; bdcounter=1; xk=5021d032e1c934088c51e8cdc76e191a
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
date: Thu, 01 Dec 2022 12:13:50 GMT
server: Apache
vary: Accept-Encoding
content-encoding: gzip
content-type: application/javascript
content-length: 221
x-content-type-options: nosniff
go.moartraffic.com/favicon.ico
64.188.52.46200 OK 198 B URL HTTP/1.1 go.moartraffic.com/favicon.ico
IP 64.188.52.46:0
File type MS Windows icon resource - 1 icon, 16x16, 2 colors\012- data
Hash c6acedaff906029fc5455d9ec52c7f42
92cbd806ca421aa2c9ff5e1ff76bbc20913a2f81
9deb629637088856fe61dc868bf40a7d21ed942e4117659f3d6c3408f59b906b
GET /favicon.ico HTTP/1.1
Host: go.moartraffic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://go.moartraffic.com/go.php?t=49549&aid=106472&sid=44542_44543_&clickid=1020df78d1794ead6ab163c15bbdc9&bo=2754%2C2755%2C2756
Cookie: bd_ovtu=1; bdreff=NONE; tour=49549; affsubid=106472-44542_44543_; bdvisit=106472; bdcounter=1; xk=5021d032e1c934088c51e8cdc76e191a
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
date: Thu, 01 Dec 2022 12:13:50 GMT
server: Apache
last-modified: Thu, 01 Dec 2022 11:45:48 GMT
etag: "c6-5eec2c31deca8"
accept-ranges: bytes
content-length: 198
content-type: image/vnd.microsoft.icon
x-content-type-options: nosniff
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4695
Expires: Thu, 01 Dec 2022 13:32:05 GMT
Date: Thu, 01 Dec 2022 12:13:50 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4695
Expires: Thu, 01 Dec 2022 13:32:05 GMT
Date: Thu, 01 Dec 2022 12:13:50 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4695
Expires: Thu, 01 Dec 2022 13:32:05 GMT
Date: Thu, 01 Dec 2022 12:13:50 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F966ff24e-ea85-4a2e-aead-22f1a723c59f.jpeg
34.120.237.76200 OK 9.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F966ff24e-ea85-4a2e-aead-22f1a723c59f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5508d05a290b663fd89ead9b58f2efd8
53650399f9a986ba54addd668b4557109d12003b
65704a961410fdd318c491fedf002c8e9b184cd34b76fe1b67026d42ce21be3f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F966ff24e-ea85-4a2e-aead-22f1a723c59f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9674
x-amzn-requestid: 7e7d0183-9667-462a-8d44-d125998c1ae3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYgEoHVAoAMFvAQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867a1d-280ba97e3fe1bf7244cbde35;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:31:09 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ym_L3s5E6MLy6BxqNkVxok6L6hA4c-ilSsEqt42j2IbiXYPb4c6-VQ==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 6a9b42e38e76b7d4a4044ebe0e0eca08.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 21:52:57 GMT
age: 51653
etag: "53650399f9a986ba54addd668b4557109d12003b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F600016d1-5abb-4a6c-996a-933a8d4bc6df.jpeg
34.120.237.76200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F600016d1-5abb-4a6c-996a-933a8d4bc6df.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 26d6dffbf400da4803a2e76e2a8ef2f8
2e62f9ed8f5e7b2f888a73320dd98b0cda9303b8
04c6e31623fe48cbe83dc91635bfa47b337590f18919995b08d5bde27e929e03
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F600016d1-5abb-4a6c-996a-933a8d4bc6df.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8740
x-amzn-requestid: c6c3e3dc-c9a2-4fda-a83b-cdd6ae81166b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cP7uyE9CoAMF6Xg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63830cc4-2c8940405044071a082ee678;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 07:07:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: qykE_oaoqqPTgqGnfUo74mH29IOS97b5sZb_3VmB9yW7KUiJ1a7dnA==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 18:58:06 GMT
age: 62144
etag: "2e62f9ed8f5e7b2f888a73320dd98b0cda9303b8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb0e1339e-3c63-4033-8b5b-e21137509777.jpeg
34.120.237.76200 OK 16 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb0e1339e-3c63-4033-8b5b-e21137509777.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ffd12f9c423ffc627d9e3b3145944fe4
5cf9a7a784952e1bb0cbe499104f1774b1269d08
a25f1b752d9af599aefd73073c105853130f1759905269de3d582d2eb35fe167
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb0e1339e-3c63-4033-8b5b-e21137509777.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 16038
x-amzn-requestid: 925134ee-dd35-45ed-8da7-d60c9c484993
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cbz80EHboAMFtmQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6387cd1e-48de287757e82632291365ee;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 21:37:34 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: I8qQQUMSVzFmXqjWM1n_F1XEE-ZQcpEF81OwJgf9i3Q5M8XiFAa8Zg==
via: 1.1 a20e81b65d2465c729ce2f6bfe539dd0.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 21:52:00 GMT
age: 51710
etag: "5cf9a7a784952e1bb0cbe499104f1774b1269d08"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg
34.120.237.76200 OK 4.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash cc0a257323f882caff067adb86d906e4
cedf2f21be7cd366bd46055b62b5513db3011dfc
c16a9296d5e840a468fef7fb2764b9f7d4b3131d7ade2ce4999de1eead5469e0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4803
x-amzn-requestid: ad2d9243-5e32-4faf-8ff3-b9abd3af1e89
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cb1_hEJJIAMF4Vg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6387d063-596f5833509112ee6cbedf54;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 21:51:31 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: jM-fTqLsmU3c_gc9Wle-lvCwXelA9Sid9axtzJQDsfOHv23yUbKsBw==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 22:43:35 GMT
age: 48615
etag: "cedf2f21be7cd366bd46055b62b5513db3011dfc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F83cd87b8-4041-419b-ab34-9f8e5a326f4b.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F83cd87b8-4041-419b-ab34-9f8e5a326f4b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 820cf89fcab8380adff42982c9fb11ed
84241ddddbbfd7de30118307fb1a62800d0a4cb3
0d051495f06ac84de934283b40cbfee7a042d32153a73486dd7c017430e882d8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F83cd87b8-4041-419b-ab34-9f8e5a326f4b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12898
x-amzn-requestid: 9b594c3c-6b8c-4589-8fcb-b3d7518b46f6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cQZBNFxToAMF_9A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63833ba1-767f510d72eef86d0cc892df;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 10:27:45 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: kZfRQsF_Fo2UtTqK0ByOPeQK-IzTQO9JtTmxIMlapmsd93SJk_4VYw==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 21:47:30 GMT
age: 51980
etag: "84241ddddbbfd7de30118307fb1a62800d0a4cb3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffc2c1d47-fc4a-4f23-a6f7-5ac8f3a68490.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffc2c1d47-fc4a-4f23-a6f7-5ac8f3a68490.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash acffcb88ce68b2d70c9c046a7b5a4aa8
cd016e6c0bf5c6eef06e933c9a5257ff4fca9bc1
692d782ac1d812de6dadbcfe46034b6b5d8bbd586e56beedd96dc4d65445dd4c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffc2c1d47-fc4a-4f23-a6f7-5ac8f3a68490.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12035
x-amzn-requestid: 2711a135-b390-43ef-9e95-92438058bc27
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cbz81FIpIAMFs9Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6387cd1e-742f7f293df074340ab6a217;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 21:37:34 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ygs-Qd7UU_k4t4_breZTyqkHqGjJzlH1UMa9ncww5_IGpJ1n781jfg==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 21:51:55 GMT
age: 51715
etag: "cd016e6c0bf5c6eef06e933c9a5257ff4fca9bc1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.158200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.158:0
Hash 812045d81159ff349f469b4ffac2d9cb
49790c0705b001ac5f200d4b7206f94ed1746517
3036d1e02efe3ac6e5d9ddd2b9103f6a3c799d78700ccc91a827594857c13f65
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=120863
Date: Thu, 01 Dec 2022 12:13:50 GMT
Etag: "6387c73a-1d7"
Expires: Fri, 02 Dec 2022 21:48:13 GMT
Last-Modified: Wed, 30 Nov 2022 21:12:26 GMT
Server: ECS (dcb/7F5C)
X-Cache: Miss from cloudfront
Via: 1.1 6a757ab2991da716151f94ca00b38098.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: Lz4woRtSKlm-B0Jxc76TP5r5MdhSPtbOxk6FVvEjDWhkjnD6oXYLng==
Age: 2147
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash caa6c1decc77e798e7ebf5116d5c2a65
e83369a834099d4127525a60fe6eb73ee93d52a7
234b03b86b8b77a019c3c3638f4edfad114f5519fe82338b0d89ac4666f37fa0
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4319
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 12:13:51 GMT
Etag: "6386db03-116"
Last-Modified: Thu, 01 Dec 2022 11:01:52 GMT
Server: ECS (amb/6B79)
X-Cache: HIT
Content-Length: 280
tours.specia1.com/t/common/js/repoUtilsV2.js
143.204.55.40200 OK 2.7 kB URL HTTP/2 tours.specia1.com/t/common/js/repoUtilsV2.js
IP 143.204.55.40:0
Hash b1ce2f35864e2dda9606c9d620fc83b1
71892a7a201186f5f4dfc87aa63b62e9d93f771a
2a72332d8d15a72cbd1ece4cca50402789188d546cb2e7e0f3c6187842d0a88e
Analyzer Verdict Alert fortinet Phishing
GET /t/common/js/repoUtilsV2.js HTTP/1.1
Host: tours.specia1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/t/798/?t=49549&aid=106472&sid=44542_44543_&xk=5021d032e1c934088c51e8cdc76e191a&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49549%26aid%3D106472%26sid%3D44542_44543_%26clickid%3D1020df78d1794ead6ab163c15bbdc9%26bo%3D2754%252C2755%252C2756%26hts_id%3D78bf0395-671d-44b5-980e-4e8494ba6449&clickid=1020df78d1794ead6ab163c15bbdc9&i18n_country=NO&hts_id=78bf0395-671d-44b5-980e-4e8494ba6449
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
last-modified: Wed, 30 Nov 2022 13:35:25 GMT
server: AmazonS3
content-encoding: gzip
date: Thu, 01 Dec 2022 12:13:51 GMT
etag: W/"463ab17c7b265e702f3c4390d78b31b3"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 6480520a5e02f3163410e3134bd77baa.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: O734dC9qfeULRXO4SJY7FAOfmv42JcTL86lFNiM5Dim-bhIpT16Fjw==
age: 56
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 15ac18ae605231ff47a99ed952163c19
5f73579a6fcd3c2d2d1d807457f8d26d04056725
c2732c3d7d34d9a0616877bc88f6b28a3e904d980fd25893cf3025a80c7a6047
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1462
Cache-Control: max-age=146827
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 12:13:51 GMT
Etag: "63882f54-116"
Expires: Sat, 03 Dec 2022 05:00:58 GMT
Last-Modified: Thu, 01 Dec 2022 04:36:36 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 278
fonts.googleapis.com/css?family=Roboto+Condensed:400,700|Roboto:400,700
142.250.74.106200 OK 1.3 kB URL HTTP/2 fonts.googleapis.com/css?family=Roboto+Condensed:400,700|Roboto:400,700
IP 142.250.74.106:0
Hash bdad71dbe57f24841601bbb85d4fd9a5
163bdc360e1296362226d81e61531a295276726f
3ac62be89569f7d6d2bd0a26a66c8bf8f59449f5ef69aa6cb54c56f770d36908
GET /css?family=Roboto+Condensed:400,700|Roboto:400,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 01 Dec 2022 12:13:51 GMT
date: Thu, 01 Dec 2022 12:13:51 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
tours.specia1.com/t/798/img/svg/arrow.svg
143.204.55.40200 OK 181 B URL HTTP/2 tours.specia1.com/t/798/img/svg/arrow.svg
IP 143.204.55.40:0
File type SVG Scalable Vector Graphics image\012- , ASCII text
Hash d2af819d42d8e9cd567e98d5cb2a23b4
5b5c2d37c4be1ca5ef442fdc9b7012156557b2b5
3af9c600bd2aa3222752e5ce23a88fec23318da1c6bf6c94e29c09bb7d64373c
Analyzer Verdict Alert fortinet Phishing
GET /t/798/img/svg/arrow.svg HTTP/1.1
Host: tours.specia1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/t/798/?t=49549&aid=106472&sid=44542_44543_&xk=5021d032e1c934088c51e8cdc76e191a&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49549%26aid%3D106472%26sid%3D44542_44543_%26clickid%3D1020df78d1794ead6ab163c15bbdc9%26bo%3D2754%252C2755%252C2756%26hts_id%3D78bf0395-671d-44b5-980e-4e8494ba6449&clickid=1020df78d1794ead6ab163c15bbdc9&i18n_country=NO&hts_id=78bf0395-671d-44b5-980e-4e8494ba6449
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/svg+xml
content-length: 181
last-modified: Wed, 30 Nov 2022 13:35:00 GMT
server: AmazonS3
date: Thu, 01 Dec 2022 12:13:52 GMT
etag: "d2af819d42d8e9cd567e98d5cb2a23b4"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 6480520a5e02f3163410e3134bd77baa.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: wnCtCq6OWW1ColrUZHdcKMm-LgwtL641ZjAfsYYq-6PEHS2YPqTOTA==
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.158200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.158:0
Hash 0eda0d0690d52ff5a4fbfdd2cbf11421
df790bb9d0515044c340bbc0a001fd74ecf5393c
ce77ba3c7c5471a95bbd9679f7a6e00614f9b3e1ca18fa5b5953e5e5cbd2597d
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=100599
Date: Thu, 01 Dec 2022 12:13:51 GMT
Etag: "63877a17-1d7"
Expires: Fri, 02 Dec 2022 16:10:30 GMT
Last-Modified: Wed, 30 Nov 2022 15:43:19 GMT
Server: ECS (nyb/1D0D)
X-Cache: Miss from cloudfront
Via: 1.1 a6d89f7e2d55548b941f1ff5d5b3c8d4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: s6T3jJlXouHyrXNjWRrnoXLL9WK_uyysWgwVHQiA9VtMbT2iIwBKzA==
Age: 1631
ocsp.sca1b.amazontrust.com/
143.204.42.158200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.158:0
Hash 0eda0d0690d52ff5a4fbfdd2cbf11421
df790bb9d0515044c340bbc0a001fd74ecf5393c
ce77ba3c7c5471a95bbd9679f7a6e00614f9b3e1ca18fa5b5953e5e5cbd2597d
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=100599
Date: Thu, 01 Dec 2022 12:13:51 GMT
Etag: "63877a17-1d7"
Expires: Fri, 02 Dec 2022 16:10:30 GMT
Last-Modified: Wed, 30 Nov 2022 15:43:19 GMT
Server: ECS (dcb/7F15)
X-Cache: Miss from cloudfront
Via: 1.1 6a757ab2991da716151f94ca00b38098.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: PkN44hnqNrb-DbrOL17xDvGEMbmphgR4VS6nCjTrokVUyiru-VcpQA==
Age: 1631
utl-1.com/1.6.38/utl.min.js
143.204.55.5200 OK 312 kB URL HTTP/2 utl-1.com/1.6.38/utl.min.js
IP 143.204.55.5:0
File type ASCII text, with very long lines (65536), with no line terminators
Size 312 kB (311771 bytes)
Hash dedd14a7c951d3cc8f16918c53ca760f
7b8b1137964d253303b614f331a064dcd92f0ad3
a95f875f338c46afba8d8175e28e73917fe6080019c8ffc19fb3322161dc6872
GET /1.6.38/utl.min.js HTTP/1.1
Host: utl-1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
content-length: 311771
date: Fri, 03 Jun 2022 11:33:10 GMT
last-modified: Thu, 02 Dec 2021 13:26:25 GMT
etag: "dedd14a7c951d3cc8f16918c53ca760f"
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 814e8c24454087e83cd261a6cf477166.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: HxC0FmXID4mObkc51SrQ4Xu8TRydIaafS5N4CHSYH7uV1jiwhOQh9Q==
age: 15640842
X-Firefox-Spdy: h2
utl-1.com/1.6.38/mst2.min.js
143.204.55.5200 OK 18 kB URL HTTP/2 utl-1.com/1.6.38/mst2.min.js
IP 143.204.55.5:0
File type ASCII text, with very long lines (17794), with no line terminators
Hash 3a2e1fe5f9de68d28807b0b5675235f4
1ec71f3bf36850118f94eacb5c7949f449b3a0b7
252d3a0ef9c3754cdf38a02570d1a84fa4d94d53ac2eaeeada2e141f9c11a2e2
GET /1.6.38/mst2.min.js HTTP/1.1
Host: utl-1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
content-length: 17794
date: Fri, 15 Jul 2022 22:19:08 GMT
last-modified: Thu, 02 Dec 2021 13:26:25 GMT
etag: "3a2e1fe5f9de68d28807b0b5675235f4"
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 814e8c24454087e83cd261a6cf477166.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: F4UGSy1_IfgsXh5Zrn62JSmedxYLIAaaX_oOqWAFCB4KX6Wo_J0SMA==
age: 11973284
X-Firefox-Spdy: h2
tours.specia1.com/t/798/img/svg/yes.svg
143.204.55.40200 OK 281 B URL HTTP/2 tours.specia1.com/t/798/img/svg/yes.svg
IP 143.204.55.40:0
File type SVG Scalable Vector Graphics image\012- , ASCII text
Hash 6eaabb6ef93caadac27e2b783ba4fabc
64f8619ac1de5109877bcbe3660ad22bfd05bd49
93772d9dfff4fc7c6e4ad08c204721ac5b75df620d1eec379d665742d4c886a1
Analyzer Verdict Alert fortinet Phishing
GET /t/798/img/svg/yes.svg HTTP/1.1
Host: tours.specia1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/t/798/?t=49549&aid=106472&sid=44542_44543_&xk=5021d032e1c934088c51e8cdc76e191a&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49549%26aid%3D106472%26sid%3D44542_44543_%26clickid%3D1020df78d1794ead6ab163c15bbdc9%26bo%3D2754%252C2755%252C2756%26hts_id%3D78bf0395-671d-44b5-980e-4e8494ba6449&clickid=1020df78d1794ead6ab163c15bbdc9&i18n_country=NO&hts_id=78bf0395-671d-44b5-980e-4e8494ba6449
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/svg+xml
content-length: 281
last-modified: Wed, 30 Nov 2022 13:35:00 GMT
server: AmazonS3
date: Thu, 01 Dec 2022 12:13:52 GMT
etag: "6eaabb6ef93caadac27e2b783ba4fabc"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 6480520a5e02f3163410e3134bd77baa.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 0KeGv6c2Rl1TUMlKwP_kIv6_oftqr-2XU5_GobIqdT-yzykN9x5H9g==
X-Firefox-Spdy: h2
tours.specia1.com/t/798/img/svg/eye-on.svg
143.204.55.40200 OK 315 B URL HTTP/2 tours.specia1.com/t/798/img/svg/eye-on.svg
IP 143.204.55.40:0
File type SVG Scalable Vector Graphics image\012- , ASCII text
Hash 30defca025013f8fde64d94e424d06e6
920a23fb25a4d5122c4624478995dacf99246b02
716d9649b8acbd0594b5c2d4f927cd1f1eb599305f7ebecd9f4c8d9831d91b7b
Analyzer Verdict Alert fortinet Phishing
GET /t/798/img/svg/eye-on.svg HTTP/1.1
Host: tours.specia1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/t/798/?t=49549&aid=106472&sid=44542_44543_&xk=5021d032e1c934088c51e8cdc76e191a&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49549%26aid%3D106472%26sid%3D44542_44543_%26clickid%3D1020df78d1794ead6ab163c15bbdc9%26bo%3D2754%252C2755%252C2756%26hts_id%3D78bf0395-671d-44b5-980e-4e8494ba6449&clickid=1020df78d1794ead6ab163c15bbdc9&i18n_country=NO&hts_id=78bf0395-671d-44b5-980e-4e8494ba6449
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/svg+xml
content-length: 315
last-modified: Wed, 30 Nov 2022 13:35:00 GMT
server: AmazonS3
date: Thu, 01 Dec 2022 12:13:52 GMT
etag: "30defca025013f8fde64d94e424d06e6"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 6480520a5e02f3163410e3134bd77baa.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: F9UwauD7qezBAnbYfCPN7E96Ne49VIV7Wj_mQwpCztq7SElUPG14xA==
X-Firefox-Spdy: h2
tours.specia1.com/t/798/img/svg/eye-off.svg
143.204.55.40200 OK 316 B URL HTTP/2 tours.specia1.com/t/798/img/svg/eye-off.svg
IP 143.204.55.40:0
File type SVG Scalable Vector Graphics image\012- , ASCII text
Hash 453f5a5f2c7dccca3bdab622bec9bfa9
7fbf1fbf5d8d8769ea728962061b6dddf00859ba
1ce9a6f6d80b6873db1fc406070809aac4872ffc693cd280346a3a7d0586ea69
Analyzer Verdict Alert fortinet Phishing
GET /t/798/img/svg/eye-off.svg HTTP/1.1
Host: tours.specia1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/t/798/?t=49549&aid=106472&sid=44542_44543_&xk=5021d032e1c934088c51e8cdc76e191a&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49549%26aid%3D106472%26sid%3D44542_44543_%26clickid%3D1020df78d1794ead6ab163c15bbdc9%26bo%3D2754%252C2755%252C2756%26hts_id%3D78bf0395-671d-44b5-980e-4e8494ba6449&clickid=1020df78d1794ead6ab163c15bbdc9&i18n_country=NO&hts_id=78bf0395-671d-44b5-980e-4e8494ba6449
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/svg+xml
content-length: 316
last-modified: Wed, 30 Nov 2022 13:35:00 GMT
server: AmazonS3
date: Thu, 01 Dec 2022 12:13:52 GMT
etag: "453f5a5f2c7dccca3bdab622bec9bfa9"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 6480520a5e02f3163410e3134bd77baa.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: gcptAoqrGvnNxIjcqFU-tQyo8ykVJlVsUMLSowPH3rNUy7TcrkfOWw==
X-Firefox-Spdy: h2
tours.specia1.com/t/798/img/svg/no.svg
143.204.55.40200 OK 632 B URL HTTP/2 tours.specia1.com/t/798/img/svg/no.svg
IP 143.204.55.40:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (560)
Hash 87b63fc664ac355cd3cd4545554e228c
bbdacfea3ed51682ec47bf5c9d66ecc81b357c03
c12c42c5899cc196bc084b410b7afed117f6c6e8763425a1c049d018778fb50c
Analyzer Verdict Alert fortinet Phishing
GET /t/798/img/svg/no.svg HTTP/1.1
Host: tours.specia1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/t/798/?t=49549&aid=106472&sid=44542_44543_&xk=5021d032e1c934088c51e8cdc76e191a&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49549%26aid%3D106472%26sid%3D44542_44543_%26clickid%3D1020df78d1794ead6ab163c15bbdc9%26bo%3D2754%252C2755%252C2756%26hts_id%3D78bf0395-671d-44b5-980e-4e8494ba6449&clickid=1020df78d1794ead6ab163c15bbdc9&i18n_country=NO&hts_id=78bf0395-671d-44b5-980e-4e8494ba6449
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/svg+xml
content-length: 632
last-modified: Wed, 30 Nov 2022 13:35:00 GMT
server: AmazonS3
date: Thu, 01 Dec 2022 12:13:52 GMT
etag: "87b63fc664ac355cd3cd4545554e228c"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 6480520a5e02f3163410e3134bd77baa.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: sWJRcg7y1IqFVvNIQL_2bOyRfYABeCkEH4CZ9itaP-ptZTtsOuPQWA==
X-Firefox-Spdy: h2
tours.specia1.com/t/798/img/svg/logo.svg
143.204.55.40200 OK 1.5 kB URL HTTP/2 tours.specia1.com/t/798/img/svg/logo.svg
IP 143.204.55.40:0
Hash 99d70c18e24bc8a6355fb16ed31bc840
cd63a11dfda386411ebcd76aa365bcbd24b45c66
0230cd072011c37795a621e8c968fc7618e21027d634e2ea64bb04ab4e8dea60
Analyzer Verdict Alert fortinet Phishing
GET /t/798/img/svg/logo.svg HTTP/1.1
Host: tours.specia1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/t/798/?t=49549&aid=106472&sid=44542_44543_&xk=5021d032e1c934088c51e8cdc76e191a&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49549%26aid%3D106472%26sid%3D44542_44543_%26clickid%3D1020df78d1794ead6ab163c15bbdc9%26bo%3D2754%252C2755%252C2756%26hts_id%3D78bf0395-671d-44b5-980e-4e8494ba6449&clickid=1020df78d1794ead6ab163c15bbdc9&i18n_country=NO&hts_id=78bf0395-671d-44b5-980e-4e8494ba6449
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/svg+xml
last-modified: Wed, 30 Nov 2022 13:35:00 GMT
server: AmazonS3
content-encoding: gzip
date: Thu, 01 Dec 2022 12:13:52 GMT
etag: W/"7538625b5b49c597782eccfe996d8bbd"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 6480520a5e02f3163410e3134bd77baa.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 1QFsmU9-Y_dkrh-MTX3FBcs-NDdiXtnUxlq3b0Ud9ZdrXEpE_9NNIQ==
X-Firefox-Spdy: h2
utl-1.com/1.6.38/utl.min.js
143.204.55.5304 Not Modified 0 B URL HTTP/2 utl-1.com/1.6.38/utl.min.js
IP 143.204.55.5:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /1.6.38/utl.min.js HTTP/1.1
Host: utl-1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
If-Modified-Since: Thu, 02 Dec 2021 13:26:25 GMT
If-None-Match: "dedd14a7c951d3cc8f16918c53ca760f"
TE: trailers
HTTP/2 304 Not Modified
date: Thu, 01 Dec 2022 12:13:51 GMT
etag: "dedd14a7c951d3cc8f16918c53ca760f"
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 814e8c24454087e83cd261a6cf477166.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: jG6eW8AbaKrNMmYSSj83jH9Y2YbY1K_BILJ2-YJTUdzqEL6vFXilxg==
age: 15640842
X-Firefox-Spdy: h2
tours.specia1.com/t/common/js/footer_override.min.js
143.204.55.40200 OK 1.4 kB URL HTTP/2 tours.specia1.com/t/common/js/footer_override.min.js
IP 143.204.55.40:0
File type ASCII text, with very long lines (7843), with no line terminators
Hash 1c85d9b5186d68f37fafaf86b616fd27
fdc288a0b2b7922705d54aa1c28b691ec3732504
5339aaf650602b1e20048f57713ebfbbc4fb3e762c12f5742cbc5d195b1b854b
Analyzer Verdict Alert fortinet Phishing
GET /t/common/js/footer_override.min.js HTTP/1.1
Host: tours.specia1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/t/798/?t=49549&aid=106472&sid=44542_44543_&xk=5021d032e1c934088c51e8cdc76e191a&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49549%26aid%3D106472%26sid%3D44542_44543_%26clickid%3D1020df78d1794ead6ab163c15bbdc9%26bo%3D2754%252C2755%252C2756%26hts_id%3D78bf0395-671d-44b5-980e-4e8494ba6449&clickid=1020df78d1794ead6ab163c15bbdc9&i18n_country=NO&hts_id=78bf0395-671d-44b5-980e-4e8494ba6449
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
last-modified: Wed, 30 Nov 2022 13:35:25 GMT
server: AmazonS3
content-encoding: gzip
date: Thu, 01 Dec 2022 12:13:51 GMT
etag: W/"bce527ef9e6ea886fffc7cee9fc69826"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 6480520a5e02f3163410e3134bd77baa.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: IIidtrtmHyBDNmlfKT3oVpJy5Z4a_k8GKcfPQvTJwKQnRlXiI-TnwQ==
age: 68
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 28af367be8d4dd4a93cf35aeb4343efb
ecc6af34a7e5494bad954a92a5e42cf44096fa78
c6d018db3610fe07affa98b756d282874f09efe99e34229198f7812857d35686
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4896
Cache-Control: max-age=149552
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 12:13:52 GMT
Etag: "63882c90-117"
Expires: Sat, 03 Dec 2022 05:46:24 GMT
Last-Modified: Thu, 01 Dec 2022 04:24:48 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 279
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 980f31229421fd11df958496bea34502
648e03f048e6741beb1d4e10099b1429b79e4f00
887d1a1020b73fa3221c168713525f99474ac02fa10e251b5b23f6c0c519afce
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 12:13:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.207.227200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://tours.specia1.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 30 Nov 2022 19:33:54 GMT
expires: Thu, 30 Nov 2023 19:33:54 GMT
cache-control: public, max-age=31536000
age: 59998
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.izooto.com/scripts/6d0d9819e611e28a165c1c894e7998790112eec4.js
104.18.216.65200 OK 1.5 kB URL HTTP/2 cdn.izooto.com/scripts/6d0d9819e611e28a165c1c894e7998790112eec4.js
IP 104.18.216.65:0
File type ASCII text, with very long lines (2530), with no line terminators
Hash 690752e268da274383a993a16c2cbbee
bb4c8acf040f5ece3ca2696f752bcbf63e8bbb06
e1082551af8bc8433259dd9d7fe8b5bc7582d271a367ea5ed4bc1cd207174698
GET /scripts/6d0d9819e611e28a165c1c894e7998790112eec4.js HTTP/1.1
Host: cdn.izooto.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 01 Dec 2022 12:13:52 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=2678400
cf-bgj: minify
etag: W/"6336ac72-9e2"
last-modified: Fri, 30 Sep 2022 08:44:34 GMT
vary: Accept-Encoding
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 133512
expires: Sun, 01 Jan 2023 12:13:52 GMT
server: cloudflare
cf-ray: 772bbd406adeb512-OSL
content-encoding: br
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
216.58.207.227200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://tours.specia1.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 30 Nov 2022 19:34:15 GMT
expires: Thu, 30 Nov 2023 19:34:15 GMT
cache-control: public, max-age=31536000
age: 59977
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
tours.specia1.com/assets/specia1/ga.js?_=1669896830575
143.204.55.40200 OK 392 B URL HTTP/2 tours.specia1.com/assets/specia1/ga.js?_=1669896830575
IP 143.204.55.40:0
Hash eac15786f9b8937b5689ddf3faf0351d
c3bc0f68e5b6ec584c0034c1264ce966d354f341
6003f930e7a6ff14bd5520a7324f5a4ffcecbd182aaff2e8ace7ec65d885aa45
GET /assets/specia1/ga.js?_=1669896830575 HTTP/1.1
Host: tours.specia1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://tours.specia1.com/t/798/?t=49549&aid=106472&sid=44542_44543_&xk=5021d032e1c934088c51e8cdc76e191a&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49549%26aid%3D106472%26sid%3D44542_44543_%26clickid%3D1020df78d1794ead6ab163c15bbdc9%26bo%3D2754%252C2755%252C2756%26hts_id%3D78bf0395-671d-44b5-980e-4e8494ba6449&clickid=1020df78d1794ead6ab163c15bbdc9&i18n_country=NO&hts_id=78bf0395-671d-44b5-980e-4e8494ba6449&initialized=true&nrui=0
Cookie: tour=49549; affsubid=106472-44542_44543_; reff=https%3A%2F%2Ftours.specia1.com%2Ft%2F798%2F%3Ft%3D49549%26aid%3D106472%26sid%3D44542_44543_%26xk%3D5021d032e1c934088c51e8cdc76e191a%26bn%3D38%26gu%3Dhttp%253A%252F%252Fgo.moartraffic.com%252Fgo.php%253Ft%253D49549%2526aid%253D106472%2526sid%253D44542_44543_%2526clickid%253D1020df78d1794ead6ab163c15bbdc9%2526bo%253D2754%25252C2755%25252C2756%2526hts_id%253D78bf0395-671d-44b5-980e-4e8494ba6449%26clickid%3D1020df78d1794ead6ab163c15bbdc9%26i18n_country%3DNO%26hts_id%3D78bf0395-671d-44b5-980e-4e8494ba6449%26initialized%3Dtrue%26nrui%3D0; upgrade_tour=0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
content-length: 392
last-modified: Wed, 30 Nov 2022 13:33:25 GMT
server: AmazonS3
date: Thu, 01 Dec 2022 12:11:26 GMT
etag: "eac15786f9b8937b5689ddf3faf0351d"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 6480520a5e02f3163410e3134bd77baa.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: Kczf9UthO6jwOAvm7gD7wwkKt0QvAfIQtq8QFJaccMGjac-aYFrWYA==
age: 191
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 980f31229421fd11df958496bea34502
648e03f048e6741beb1d4e10099b1429b79e4f00
887d1a1020b73fa3221c168713525f99474ac02fa10e251b5b23f6c0c519afce
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 12:13:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 6c97d298a080a7fbd0376c464b56386f
6eacd2420773bde804c3888ba18c9cd0028a5fe2
25a046adce9675fb8de0e236337258c3b327e83cb3ebcb292c63d59a92e20a63
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "25A046ADCE9675FB8DE0E236337258C3B327E83CB3EBCB292C63D59A92E20A63"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19946
Expires: Thu, 01 Dec 2022 17:46:18 GMT
Date: Thu, 01 Dec 2022 12:13:52 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 6c97d298a080a7fbd0376c464b56386f
6eacd2420773bde804c3888ba18c9cd0028a5fe2
25a046adce9675fb8de0e236337258c3b327e83cb3ebcb292c63d59a92e20a63
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "25A046ADCE9675FB8DE0E236337258C3B327E83CB3EBCB292C63D59A92E20A63"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19946
Expires: Thu, 01 Dec 2022 17:46:18 GMT
Date: Thu, 01 Dec 2022 12:13:52 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 6c97d298a080a7fbd0376c464b56386f
6eacd2420773bde804c3888ba18c9cd0028a5fe2
25a046adce9675fb8de0e236337258c3b327e83cb3ebcb292c63d59a92e20a63
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "25A046ADCE9675FB8DE0E236337258C3B327E83CB3EBCB292C63D59A92E20A63"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19946
Expires: Thu, 01 Dec 2022 17:46:18 GMT
Date: Thu, 01 Dec 2022 12:13:52 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 6c97d298a080a7fbd0376c464b56386f
6eacd2420773bde804c3888ba18c9cd0028a5fe2
25a046adce9675fb8de0e236337258c3b327e83cb3ebcb292c63d59a92e20a63
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "25A046ADCE9675FB8DE0E236337258C3B327E83CB3EBCB292C63D59A92E20A63"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19946
Expires: Thu, 01 Dec 2022 17:46:18 GMT
Date: Thu, 01 Dec 2022 12:13:52 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 6c97d298a080a7fbd0376c464b56386f
6eacd2420773bde804c3888ba18c9cd0028a5fe2
25a046adce9675fb8de0e236337258c3b327e83cb3ebcb292c63d59a92e20a63
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "25A046ADCE9675FB8DE0E236337258C3B327E83CB3EBCB292C63D59A92E20A63"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19946
Expires: Thu, 01 Dec 2022 17:46:18 GMT
Date: Thu, 01 Dec 2022 12:13:52 GMT
Connection: keep-alive
secure.authbill.com/tour/api.php
68.169.87.223200 OK 385 B URL HTTP/1.1 secure.authbill.com/tour/api.php
IP 68.169.87.223:0
File type JSON data\012- , ASCII text, with very long lines (804), with no line terminators
Hash 673c190a4e2e73a6d3038928b8598f4c
6318b3faf1ccacf7f381d3c423d6a9882950c24c
39c4489106d62ae1d75f7c483c1a1a15311010cfe8445440c74d7582c6bba28c
POST /tour/api.php HTTP/1.1
Host: secure.authbill.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 41
Origin: https://tours.specia1.com
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
date: Thu, 01 Dec 2022 12:13:52 GMT
server: Apache
set-cookie: PHPSESSID=74D2~540c456583040ff93a92b294a45d7df9; path=/; secure; HttpOnly
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-headers: X-Requested-With, content-type
vary: Accept-Encoding
content-encoding: gzip
content-length: 385
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
secure.authbill.com/tour/api.php
68.169.87.223200 OK 4.8 kB URL HTTP/1.1 secure.authbill.com/tour/api.php
IP 68.169.87.223:0
File type JSON data\012- , ASCII text, with very long lines (20405), with no line terminators
Hash 2c52104cbb6259e25de3f430d981f6a0
0794c091b4c15a50e328317de1050efb6151795b
6aba8684a9eb0aab82c8aa6aa3c73e86b5fb8d34f9d991ad9b6c847ae8b44b36
POST /tour/api.php HTTP/1.1
Host: secure.authbill.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 38
Origin: https://tours.specia1.com
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
date: Thu, 01 Dec 2022 12:13:52 GMT
server: Apache
set-cookie: PHPSESSID=120F~51c83b6d9adbc4d3223b263029fd3f3a; path=/; secure; HttpOnly
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-headers: X-Requested-With, content-type
vary: Accept-Encoding
content-encoding: gzip
content-length: 4820
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
secure.authbill.com/tour/api.php
68.169.87.223200 OK 21 B URL HTTP/1.1 secure.authbill.com/tour/api.php
IP 68.169.87.223:0
File type very short file (no magic)
Hash 7ac8c27439ed6e2a30373651a2898777
1249bc89db36deb369d6388319453f015bd83e04
e240a7a561e7c84b32d4695ddc4c0d6c38a8e0c3f2581711c1971680f033437e
POST /tour/api.php HTTP/1.1
Host: secure.authbill.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 61
Origin: https://tours.specia1.com
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
date: Thu, 01 Dec 2022 12:13:52 GMT
server: Apache
set-cookie: PHPSESSID=D420~76f0a737e682deb466000d6cb5dd7f0f; path=/; secure; HttpOnly
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-headers: X-Requested-With, content-type
vary: Accept-Encoding
content-encoding: gzip
content-length: 21
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
secure.authbill.com/tour/api.php
68.169.87.223200 OK 159 B URL HTTP/1.1 secure.authbill.com/tour/api.php
IP 68.169.87.223:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 704f552bf9e91ed7a41ef3fe15f41e6c
ddb3f6202a07d626c2883ad589f457ad554d1025
5305b10c313709f6d27c70e321d5810292e915a8d2b45f0aacb0d668201f129d
POST /tour/api.php HTTP/1.1
Host: secure.authbill.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 31
Origin: https://tours.specia1.com
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
date: Thu, 01 Dec 2022 12:13:52 GMT
server: Apache
set-cookie: PHPSESSID=4DD2~b3506f40510b0725c682c5e5ef3e1cff; path=/; secure; HttpOnly
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-headers: X-Requested-With, content-type
vary: Accept-Encoding
content-encoding: gzip
content-length: 159
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
secure.authbill.com/tour/api.php
68.169.87.223200 OK 159 B URL HTTP/1.1 secure.authbill.com/tour/api.php
IP 68.169.87.223:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 704f552bf9e91ed7a41ef3fe15f41e6c
ddb3f6202a07d626c2883ad589f457ad554d1025
5305b10c313709f6d27c70e321d5810292e915a8d2b45f0aacb0d668201f129d
POST /tour/api.php HTTP/1.1
Host: secure.authbill.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 31
Origin: https://tours.specia1.com
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
date: Thu, 01 Dec 2022 12:13:52 GMT
server: Apache
set-cookie: PHPSESSID=237E~1070d6a532312d63b1ebce445baa7d12; path=/; secure; HttpOnly
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-headers: X-Requested-With, content-type
vary: Accept-Encoding
content-encoding: gzip
content-length: 159
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
secure.authbill.com/tour/api.php
68.169.87.223200 OK 20 B URL HTTP/1.1 secure.authbill.com/tour/api.php
IP 68.169.87.223:0
Hash 7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2
POST /tour/api.php HTTP/1.1
Host: secure.authbill.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 1224
Origin: https://tours.specia1.com
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
date: Thu, 01 Dec 2022 12:13:52 GMT
server: Apache
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-headers: X-Requested-With, content-type
set-cookie: PHPSESSID=237E~f2914fd010e76692572f52ce8633ce0f; path=/; secure; HttpOnly
bd_ovtu=11; expires=Fri, 02-Dec-2022 12:13:52 GMT; Max-Age=86400; path=/; domain=.authbill.com
vary: Accept-Encoding
content-encoding: gzip
content-length: 20
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 188c50963e7939b1f26a31dbcb8c8200
859416e6148ea6618584e53604efcf072bb989cc
3a313cd3c1693a886bfbf6ffc6fbac78f87e6ded2b9a7749553444ada65ce36e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 12:13:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google-analytics.com/analytics.js
142.250.74.110200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.110:0
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Thu, 01 Dec 2022 10:41:08 GMT
expires: Thu, 01 Dec 2022 12:41:08 GMT
cache-control: public, max-age=7200
age: 5565
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
secure.authbill.com/tour/api.php
68.169.87.223200 OK 55 B URL HTTP/1.1 secure.authbill.com/tour/api.php
IP 68.169.87.223:0
File type ASCII text, with no line terminators
Hash 113ee80614b025e6a29240260cd0a74a
5f53af7c64ad3ac6bace2b9513ec933e60278f11
23b71777b3023af5531aaa75c5c4f3f9695260bef4dfd2e89e91034ff023f253
POST /tour/api.php HTTP/1.1
Host: secure.authbill.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 39
Origin: https://tours.specia1.com
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
date: Thu, 01 Dec 2022 12:13:52 GMT
server: Apache
set-cookie: PHPSESSID=D420~d3033b38eb0d22d24535a85872cf1d13; path=/; secure; HttpOnly
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-headers: X-Requested-With, content-type
vary: Accept-Encoding
content-encoding: gzip
content-length: 55
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 188c50963e7939b1f26a31dbcb8c8200
859416e6148ea6618584e53604efcf072bb989cc
3a313cd3c1693a886bfbf6ffc6fbac78f87e6ded2b9a7749553444ada65ce36e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 12:13:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google-analytics.com/j/collect?v=1&_v=j98&a=2046738050&t=event&_s=1&dl=https%3A%2F%2Ftours.specia1.com%2Ft%2F798%2F%3Ft%3D49549%26aid%3D106472%26sid%3D44542_44543_%26xk%3D5021d032e1c934088c51e8cdc76e191a%26bn%3D38%26gu%3Dhttp%253A%252F%252Fgo.moartraffic.com%252Fgo.php%253Ft%253D49549%2526aid%253D106472%2526sid%253D44542_44543_%2526clickid%253D1020df78d1794ead6ab163c15bbdc9%2526bo%253D2754%25252C2755%25252C2756%2526hts_id%253D78bf0395-671d-44b5-980e-4e8494ba6449%26clickid%3D1020df78d1794ead6ab163c15bbdc9%26i18n_country%3DNO%26hts_id%3D78bf0395-671d-44b5-980e-4e8494ba6449%26initialized%3Dtrue%26nrui%3D0&ul=en-us&de=UTF-8&dt=GetFlirty&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&ci=Tour%3A%2049549&ec=Tour%3A%2049549&ea=Current%20step%3A%2001&el=Total%20steps%3A%2015&_u=YEBAAEABAAAAACAAI~&jid=433472453&gjid=1595588669&cid=1425039635.1669896832&tid=UA-148167200-1&_gid=339724313.1669896832&_r=1&_slc=1&z=2056364372
142.250.74.110200 OK 4 B URL HTTP/2 www.google-analytics.com/j/collect?v=1&_v=j98&a=2046738050&t=event&_s=1&dl=https%3A%2F%2Ftours.specia1.com%2Ft%2F798%2F%3Ft%3D49549%26aid%3D106472%26sid%3D44542_44543_%26xk%3D5021d032e1c934088c51e8cdc76e191a%26bn%3D38%26gu%3Dhttp%253A%252F%252Fgo.moartraffic.com%252Fgo.php%253Ft%253D49549%2526aid%253D106472%2526sid%253D44542_44543_%2526clickid%253D1020df78d1794ead6ab163c15bbdc9%2526bo%253D2754%25252C2755%25252C2756%2526hts_id%253D78bf0395-671d-44b5-980e-4e8494ba6449%26clickid%3D1020df78d1794ead6ab163c15bbdc9%26i18n_country%3DNO%26hts_id%3D78bf0395-671d-44b5-980e-4e8494ba6449%26initialized%3Dtrue%26nrui%3D0&ul=en-us&de=UTF-8&dt=GetFlirty&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&ci=Tour%3A%2049549&ec=Tour%3A%2049549&ea=Current%20step%3A%2001&el=Total%20steps%3A%2015&_u=YEBAAEABAAAAACAAI~&jid=433472453&gjid=1595588669&cid=1425039635.1669896832&tid=UA-148167200-1&_gid=339724313.1669896832&_r=1&_slc=1&z=2056364372
IP 142.250.74.110:0
File type ASCII text, with no line terminators
Hash 9e92e190700c1af4539b40c2171320a9
209bcdb79e6067b51091ce8586d4b977f25b67d8
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
POST /j/collect?v=1&_v=j98&a=2046738050&t=event&_s=1&dl=https%3A%2F%2Ftours.specia1.com%2Ft%2F798%2F%3Ft%3D49549%26aid%3D106472%26sid%3D44542_44543_%26xk%3D5021d032e1c934088c51e8cdc76e191a%26bn%3D38%26gu%3Dhttp%253A%252F%252Fgo.moartraffic.com%252Fgo.php%253Ft%253D49549%2526aid%253D106472%2526sid%253D44542_44543_%2526clickid%253D1020df78d1794ead6ab163c15bbdc9%2526bo%253D2754%25252C2755%25252C2756%2526hts_id%253D78bf0395-671d-44b5-980e-4e8494ba6449%26clickid%3D1020df78d1794ead6ab163c15bbdc9%26i18n_country%3DNO%26hts_id%3D78bf0395-671d-44b5-980e-4e8494ba6449%26initialized%3Dtrue%26nrui%3D0&ul=en-us&de=UTF-8&dt=GetFlirty&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&ci=Tour%3A%2049549&ec=Tour%3A%2049549&ea=Current%20step%3A%2001&el=Total%20steps%3A%2015&_u=YEBAAEABAAAAACAAI~&jid=433472453&gjid=1595588669&cid=1425039635.1669896832&tid=UA-148167200-1&_gid=339724313.1669896832&_r=1&_slc=1&z=2056364372 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://tours.specia1.com
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://tours.specia1.com
date: Thu, 01 Dec 2022 12:13:53 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google-analytics.com/collect?v=1&_v=j98&a=2046738050&t=pageview&_s=2&dl=https%3A%2F%2Ftours.specia1.com%2Ft%2F798%2F%3Ft%3D49549%26aid%3D106472%26sid%3D44542_44543_%26xk%3D5021d032e1c934088c51e8cdc76e191a%26bn%3D38%26gu%3Dhttp%253A%252F%252Fgo.moartraffic.com%252Fgo.php%253Ft%253D49549%2526aid%253D106472%2526sid%253D44542_44543_%2526clickid%253D1020df78d1794ead6ab163c15bbdc9%2526bo%253D2754%25252C2755%25252C2756%2526hts_id%253D78bf0395-671d-44b5-980e-4e8494ba6449%26clickid%3D1020df78d1794ead6ab163c15bbdc9%26i18n_country%3DNO%26hts_id%3D78bf0395-671d-44b5-980e-4e8494ba6449%26initialized%3Dtrue%26nrui%3D0&ul=en-us&de=UTF-8&dt=GetFlirty&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&ci=Tour%3A%2049549&_u=YEBAAEABAAAAACAAI~&jid=&gjid=&cid=1425039635.1669896832&tid=UA-148167200-1&_gid=339724313.1669896832&z=2105340383
142.250.74.110200 OK 35 B URL HTTP/2 www.google-analytics.com/collect?v=1&_v=j98&a=2046738050&t=pageview&_s=2&dl=https%3A%2F%2Ftours.specia1.com%2Ft%2F798%2F%3Ft%3D49549%26aid%3D106472%26sid%3D44542_44543_%26xk%3D5021d032e1c934088c51e8cdc76e191a%26bn%3D38%26gu%3Dhttp%253A%252F%252Fgo.moartraffic.com%252Fgo.php%253Ft%253D49549%2526aid%253D106472%2526sid%253D44542_44543_%2526clickid%253D1020df78d1794ead6ab163c15bbdc9%2526bo%253D2754%25252C2755%25252C2756%2526hts_id%253D78bf0395-671d-44b5-980e-4e8494ba6449%26clickid%3D1020df78d1794ead6ab163c15bbdc9%26i18n_country%3DNO%26hts_id%3D78bf0395-671d-44b5-980e-4e8494ba6449%26initialized%3Dtrue%26nrui%3D0&ul=en-us&de=UTF-8&dt=GetFlirty&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&ci=Tour%3A%2049549&_u=YEBAAEABAAAAACAAI~&jid=&gjid=&cid=1425039635.1669896832&tid=UA-148167200-1&_gid=339724313.1669896832&z=2105340383
IP 142.250.74.110:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
GET /collect?v=1&_v=j98&a=2046738050&t=pageview&_s=2&dl=https%3A%2F%2Ftours.specia1.com%2Ft%2F798%2F%3Ft%3D49549%26aid%3D106472%26sid%3D44542_44543_%26xk%3D5021d032e1c934088c51e8cdc76e191a%26bn%3D38%26gu%3Dhttp%253A%252F%252Fgo.moartraffic.com%252Fgo.php%253Ft%253D49549%2526aid%253D106472%2526sid%253D44542_44543_%2526clickid%253D1020df78d1794ead6ab163c15bbdc9%2526bo%253D2754%25252C2755%25252C2756%2526hts_id%253D78bf0395-671d-44b5-980e-4e8494ba6449%26clickid%3D1020df78d1794ead6ab163c15bbdc9%26i18n_country%3DNO%26hts_id%3D78bf0395-671d-44b5-980e-4e8494ba6449%26initialized%3Dtrue%26nrui%3D0&ul=en-us&de=UTF-8&dt=GetFlirty&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&ci=Tour%3A%2049549&_u=YEBAAEABAAAAACAAI~&jid=&gjid=&cid=1425039635.1669896832&tid=UA-148167200-1&_gid=339724313.1669896832&z=2105340383 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
pragma: no-cache
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 35
date: Thu, 01 Dec 2022 03:35:40 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
age: 31093
last-modified: Sun, 17 May 1998 03:00:00 GMT
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 51d5484b700426c5612c309bbf14b114
026994960bfaaa4e2604b66cb795b2787fe300a2
e3e30a64f2e4fc59120c46b320d104f1b9d9a8af90106ab78715d14e49e11ae0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 12:13:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-148167200-1&cid=1425039635.1669896832&jid=433472453&gjid=1595588669&_gid=339724313.1669896832&_u=YEBAAEAAAAAAACAAI~&z=587871826
64.233.165.154200 OK 4 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-148167200-1&cid=1425039635.1669896832&jid=433472453&gjid=1595588669&_gid=339724313.1669896832&_u=YEBAAEAAAAAAACAAI~&z=587871826
IP 64.233.165.154:0
File type ASCII text, with no line terminators
Hash 48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-148167200-1&cid=1425039635.1669896832&jid=433472453&gjid=1595588669&_gid=339724313.1669896832&_u=YEBAAEAAAAAAACAAI~&z=587871826 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://tours.specia1.com
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://tours.specia1.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Thu, 01 Dec 2022 12:13:53 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
tours.specia1.com/t/798/img/gf_favicon.png
143.204.55.40200 OK 727 B URL HTTP/2 tours.specia1.com/t/798/img/gf_favicon.png
IP 143.204.55.40:0
File type PNG image data, 64 x 64, 8-bit colormap, non-interlaced\012- data
Hash 70ae7487b024158bd6ee8ecf55412d03
74dd9d551cf04f8cd6e8cee7646dbe7ac8ba9c08
cee30a5e031f3895fb1de39c8ac7fc81098cf0344ec1181ec795d0009afe9051
GET /t/798/img/gf_favicon.png HTTP/1.1
Host: tours.specia1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/t/798/?t=49549&aid=106472&sid=44542_44543_&xk=5021d032e1c934088c51e8cdc76e191a&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49549%26aid%3D106472%26sid%3D44542_44543_%26clickid%3D1020df78d1794ead6ab163c15bbdc9%26bo%3D2754%252C2755%252C2756%26hts_id%3D78bf0395-671d-44b5-980e-4e8494ba6449&clickid=1020df78d1794ead6ab163c15bbdc9&i18n_country=NO&hts_id=78bf0395-671d-44b5-980e-4e8494ba6449&initialized=true&nrui=0
Cookie: tour=49549; affsubid=106472-44542_44543_; reff=https%3A%2F%2Ftours.specia1.com%2Ft%2F798%2F%3Ft%3D49549%26aid%3D106472%26sid%3D44542_44543_%26xk%3D5021d032e1c934088c51e8cdc76e191a%26bn%3D38%26gu%3Dhttp%253A%252F%252Fgo.moartraffic.com%252Fgo.php%253Ft%253D49549%2526aid%253D106472%2526sid%253D44542_44543_%2526clickid%253D1020df78d1794ead6ab163c15bbdc9%2526bo%253D2754%25252C2755%25252C2756%2526hts_id%253D78bf0395-671d-44b5-980e-4e8494ba6449%26clickid%3D1020df78d1794ead6ab163c15bbdc9%26i18n_country%3DNO%26hts_id%3D78bf0395-671d-44b5-980e-4e8494ba6449%26initialized%3Dtrue%26nrui%3D0; upgrade_tour=0; custom_tracking=%5B%22address%22%2C%22ad_type%22%2C%22app_id%22%2C%22app_name%22%2C%22auth_token%22%2C%22a_aid%22%2C%22a_bid%22%2C%22banner%22%2C%22banner_id%22%2C%22banner_size%22%2C%22bn%22%2C%22c%22%2C%22cid%22%2C%22city%22%2C%22clickid%22%2C%22click_id%22%2C%22click_url%22%2C%22cmp_bo%22%2C%22cmp_member_id%22%2C%22consent%22%2C%22dx%22%2C%22email%22%2C%22exotracker%22%2C%22f%22%2C%22fbclid%22%2C%22fbid%22%2C%22first_name%22%2C%22gclid%22%2C%22gdpr%22%2C%22h%22%2C%22hts_id%22%2C%22hx%22%2C%22keyword%22%2C%22landerid%22%2C%22lander_id%22%2C%22last_name%22%2C%22misc_tour_info%22%2C%22niche%22%2C%22np%22%2C%22offer%22%2C%22origin%22%2C%22phone_number%22%2C%22placement%22%2C%22product%22%2C%22product_id%22%2C%22profile_visited%22%2C%22publisher%22%2C%22rcid%22%2C%22referer%22%2C%22reqid%22%2C%22rgc%22%2C%22rgh%22%2C%22rgm%22%2C%22schedule%22%2C%22sdaf%22%2C%22sdfsadf%22%2C%22session_initiated_by%22%2C%22sl%22%2C%22smoochy_user_id%22%2C%22snapchat_username%22%2C%22source%22%2C%22state%22%2C%22street%22%2C%22sv_cheating_mon%22%2C%22template%22%2C%22thumb_id%22%2C%22tracker_id%22%2C%22upgrade_uuid%22%2C%22upg_reason%22%2C%22userage%22%2C%22useremail%22%2C%22userzip%22%2C%22user_id%22%2C%22wellhello_profile_id%22%2C%22wellhello_upgrade_tour%22%2C%22xk%22%2C%22zip%22%5D; prop_bn=38; prop_clickid=1020df78d1794ead6ab163c15bbdc9; prop_hts_id=78bf0395-671d-44b5-980e-4e8494ba6449; prop_xk=5021d032e1c934088c51e8cdc76e191a; affiliate_106472_is_terminated=0; geoip=%7B%22country_code%22%3A%22NO%22%2C%22country_name%22%3A%22Norway%22%2C%22region%22%3A%22Oslo%22%2C%22city%22%3A%22Oslo%22%2C%22latitude%22%3A59.9127311707%2C%22longitude%22%3A10.7460899353%2C%22zipcode%22%3A%220131%22%2C%22isp_name%22%3A%22Blix%20Group%20AS%22%2C%22mobile_brand%22%3A%22%22%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: image/png
content-length: 727
last-modified: Wed, 30 Nov 2022 13:35:00 GMT
server: AmazonS3
date: Thu, 01 Dec 2022 12:13:54 GMT
etag: "70ae7487b024158bd6ee8ecf55412d03"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 6480520a5e02f3163410e3134bd77baa.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 8_9llUVBApNAsmxp6HPOaBxWJE9iIu-6e8_eZWtcxdyS-lGg3Qllsg==
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 81abfd63eeb2fadc85b31541378babb1
09d3223c1a2a4e2cbfcba0381ead2cee5ee0a200
c7665c83165956c11bdbe0509ae03bf6af1b34ca68bf352fbfd629dc3a04b815
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 12:13:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 51d5484b700426c5612c309bbf14b114
026994960bfaaa4e2604b66cb795b2787fe300a2
e3e30a64f2e4fc59120c46b320d104f1b9d9a8af90106ab78715d14e49e11ae0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 12:13:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 16c3ad4a2bc7f419fb354b37778f8b2f
d193a1336556dcf6b4975a057e7c849037eef0ff
5993deb5a53b2e844b9027a6b6906c718f6e9f69c27388199c4343a80ef067f6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 12:13:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-148167200-1&cid=1425039635.1669896832&jid=433472453&_u=YEBAAEAAAAAAACAAI~&z=1680326056
142.250.74.35200 OK 42 B URL HTTP/2 www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-148167200-1&cid=1425039635.1669896832&jid=433472453&_u=YEBAAEAAAAAAACAAI~&z=1680326056
IP 142.250.74.35:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-148167200-1&cid=1425039635.1669896832&jid=433472453&_u=YEBAAEAAAAAAACAAI~&z=1680326056 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 01 Dec 2022 12:13:53 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-148167200-1&cid=1425039635.1669896832&jid=433472453&_u=YEBAAEAAAAAAACAAI~&z=1680326056
216.58.211.4200 OK 42 B URL HTTP/2 www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-148167200-1&cid=1425039635.1669896832&jid=433472453&_u=YEBAAEAAAAAAACAAI~&z=1680326056
IP 216.58.211.4:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-148167200-1&cid=1425039635.1669896832&jid=433472453&_u=YEBAAEAAAAAAACAAI~&z=1680326056 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 01 Dec 2022 12:13:53 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 81abfd63eeb2fadc85b31541378babb1
09d3223c1a2a4e2cbfcba0381ead2cee5ee0a200
c7665c83165956c11bdbe0509ae03bf6af1b34ca68bf352fbfd629dc3a04b815
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 12:13:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 533f66ef53706466ce20dc9aebf11812
0c0d713d538eb224deeb9241917a117205f16cb2
8ce7b68022c847b59b9a132ada3a75eea73bb57bae4683901c8df08fa255ba79
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 12:13:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
tours.specia1.com/t/798/?t=49549&aid=106472&sid=44542_44543_&xk=5021d032e1c934088c51e8cdc76e191a&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49549%26aid%3D106472%26sid%3D44542_44543_%26clickid%3D1020df78d1794ead6ab163c15bbdc9%26bo%3D2754%252C2755%252C2756%26hts_id%3D78bf0395-671d-44b5-980e-4e8494ba6449&clickid=1020df78d1794ead6ab163c15bbdc9&i18n_country=NO&hts_id=78bf0395-671d-44b5-980e-4e8494ba6449
143.204.55.40200 OK 0 B URL HTTP/2 tours.specia1.com/t/798/?t=49549&aid=106472&sid=44542_44543_&xk=5021d032e1c934088c51e8cdc76e191a&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49549%26aid%3D106472%26sid%3D44542_44543_%26clickid%3D1020df78d1794ead6ab163c15bbdc9%26bo%3D2754%252C2755%252C2756%26hts_id%3D78bf0395-671d-44b5-980e-4e8494ba6449&clickid=1020df78d1794ead6ab163c15bbdc9&i18n_country=NO&hts_id=78bf0395-671d-44b5-980e-4e8494ba6449
IP 143.204.55.40:0
GET /t/798/?t=49549&aid=106472&sid=44542_44543_&xk=5021d032e1c934088c51e8cdc76e191a&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49549%26aid%3D106472%26sid%3D44542_44543_%26clickid%3D1020df78d1794ead6ab163c15bbdc9%26bo%3D2754%252C2755%252C2756%26hts_id%3D78bf0395-671d-44b5-980e-4e8494ba6449&clickid=1020df78d1794ead6ab163c15bbdc9&i18n_country=NO&hts_id=78bf0395-671d-44b5-980e-4e8494ba6449 HTTP/1.1
Host: tours.specia1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://go.moartraffic.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
last-modified: Wed, 30 Nov 2022 13:35:00 GMT
server: AmazonS3
content-encoding: gzip
date: Thu, 01 Dec 2022 12:13:52 GMT
etag: W/"da3c8f505030c68515ec2a17a72ced1d"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 6480520a5e02f3163410e3134bd77baa.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: xusrWVILmhow2-chTEhVNaW1Pka6zy8REltcAimdg4gK96UGeRA6CQ==
X-Firefox-Spdy: h2
cl0udh0st1ng.com/bo.js
188.114.96.1200 OK 0 B IP 188.114.96.1:0
GET /bo.js HTTP/1.1
Host: cl0udh0st1ng.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 01 Dec 2022 12:13:51 GMT
content-type: application/javascript; charset=utf-8
x-origin-cache: HIT
last-modified: Tue, 04 Jun 2019 22:59:12 GMT
access-control-allow-origin: *
etag: W/"5cf6f7c0-e8c"
expires: Wed, 30 Nov 2022 10:25:19 GMT
cache-control: max-age=14400
x-proxy-cache: HIT
x-github-request-id: DC4C:44B8:24A9981:25BE38B:60BF4C34
via: 1.1 varnish
age: 382
x-served-by: cache-osl6526-OSL
x-cache: MISS
x-cache-hits: 0
x-timer: S1623149621.800189,VS0,VE103
vary: Accept-Encoding
x-fastly-request-id: 46b2f065819753b0d054b6955b522d85b5c39783
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zXzvCIuwQicb1z9gXXbqQyw3SiGRnh29r0nrjgGEx3SvjOWJG%2BdMKjOHkuBc%2BjkNII%2F1zVu%2FbYi12uFiqyHn8hYjUoaf5C3Jbnu67aPq7whltkYaBVzuDxuEhwq6QxTud4Uc"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 772bbd3b29fdb4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
tour.bang.com/bb/default.js
104.22.72.97200 OK 0 B URL HTTP/2 tour.bang.com/bb/default.js
IP 104.22.72.97:0
GET /bb/default.js HTTP/1.1
Host: tour.bang.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 01 Dec 2022 12:13:51 GMT
content-type: application/javascript
cache-control: no-cache, private
vary: Accept-Encoding
cf-cache-status: BYPASS
server: cloudflare
cf-ray: 772bbd3b5f790d46-ARN
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.izooto.com/scripts/sdk/izooto.js
104.18.216.65200 OK 0 B URL HTTP/2 cdn.izooto.com/scripts/sdk/izooto.js
IP 104.18.216.65:0
GET /scripts/sdk/izooto.js HTTP/1.1
Host: cdn.izooto.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 12:13:52 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=2678400
cf-bgj: minify
etag: W/"6387663f-3bb40"
last-modified: Wed, 30 Nov 2022 14:18:39 GMT
vary: Accept-Encoding
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 78855
expires: Sun, 01 Jan 2023 12:13:52 GMT
server: cloudflare
cf-ray: 772bbd40fb9ab512-OSL
content-encoding: br
X-Firefox-Spdy: h2
tours.specia1.com/t/798/css/style.css
143.204.55.40200 OK 0 B URL HTTP/2 tours.specia1.com/t/798/css/style.css
IP 143.204.55.40:0
GET /t/798/css/style.css HTTP/1.1
Host: tours.specia1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/t/798/?t=49549&aid=106472&sid=44542_44543_&xk=5021d032e1c934088c51e8cdc76e191a&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49549%26aid%3D106472%26sid%3D44542_44543_%26clickid%3D1020df78d1794ead6ab163c15bbdc9%26bo%3D2754%252C2755%252C2756%26hts_id%3D78bf0395-671d-44b5-980e-4e8494ba6449&clickid=1020df78d1794ead6ab163c15bbdc9&i18n_country=NO&hts_id=78bf0395-671d-44b5-980e-4e8494ba6449
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/css
last-modified: Wed, 30 Nov 2022 13:35:00 GMT
server: AmazonS3
content-encoding: gzip
date: Thu, 01 Dec 2022 12:13:52 GMT
etag: W/"259c0a015a9b68e85cff0bf027ba6272"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 6480520a5e02f3163410e3134bd77baa.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 2sUWx5y7ASQxzLXkIyj7m-Qc4FGz2n6nGrtCaY6h_DHYqKhRo3ZoTA==
X-Firefox-Spdy: h2
cdn.izooto.com/scripts/sak/iz_setcid.html?v=1
104.18.216.65200 OK 0 B URL HTTP/2 cdn.izooto.com/scripts/sak/iz_setcid.html?v=1
IP 104.18.216.65:0
GET /scripts/sak/iz_setcid.html?v=1 HTTP/1.1
Host: cdn.izooto.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 01 Dec 2022 12:13:52 GMT
content-type: text/html
last-modified: Tue, 05 Apr 2022 12:00:20 GMT
vary: Accept-Encoding
x-xss-protection: 1; mode=block
cache-control: public, max-age=2678400
access-control-allow-origin: *
cf-cache-status: HIT
age: 2503854
expires: Sun, 01 Jan 2023 12:13:52 GMT
server: cloudflare
cf-ray: 772bbd425d56b512-OSL
content-encoding: br
X-Firefox-Spdy: h2
tours.specia1.com/t/798/js/custom.js
143.204.55.40200 OK 0 B URL HTTP/2 tours.specia1.com/t/798/js/custom.js
IP 143.204.55.40:0
Analyzer Verdict Alert fortinet Phishing
GET /t/798/js/custom.js HTTP/1.1
Host: tours.specia1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/t/798/?t=49549&aid=106472&sid=44542_44543_&xk=5021d032e1c934088c51e8cdc76e191a&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49549%26aid%3D106472%26sid%3D44542_44543_%26clickid%3D1020df78d1794ead6ab163c15bbdc9%26bo%3D2754%252C2755%252C2756%26hts_id%3D78bf0395-671d-44b5-980e-4e8494ba6449&clickid=1020df78d1794ead6ab163c15bbdc9&i18n_country=NO&hts_id=78bf0395-671d-44b5-980e-4e8494ba6449
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
last-modified: Wed, 30 Nov 2022 13:35:00 GMT
server: AmazonS3
content-encoding: gzip
date: Thu, 01 Dec 2022 12:13:52 GMT
etag: W/"262dc6cadb2d0e8fecd84cfe8fc4a9ac"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 6480520a5e02f3163410e3134bd77baa.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 8m-FSBzqXUEVe4e-QAPqnc_ik1glOYjFlzI8EO_bVezxeRxJ_CnHdQ==
X-Firefox-Spdy: h2
tours.specia1.com/t/798/?t=49549&aid=106472&sid=44542_44543_&xk=5021d032e1c934088c51e8cdc76e191a&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49549%26aid%3D106472%26sid%3D44542_44543_%26clickid%3D1020df78d1794ead6ab163c15bbdc9%26bo%3D2754%252C2755%252C2756%26hts_id%3D78bf0395-671d-44b5-980e-4e8494ba6449&clickid=1020df78d1794ead6ab163c15bbdc9&i18n_country=NO&hts_id=78bf0395-671d-44b5-980e-4e8494ba6449&initialized=true&nrui=0
143.204.55.40200 OK 0 B URL HTTP/2 tours.specia1.com/t/798/?t=49549&aid=106472&sid=44542_44543_&xk=5021d032e1c934088c51e8cdc76e191a&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49549%26aid%3D106472%26sid%3D44542_44543_%26clickid%3D1020df78d1794ead6ab163c15bbdc9%26bo%3D2754%252C2755%252C2756%26hts_id%3D78bf0395-671d-44b5-980e-4e8494ba6449&clickid=1020df78d1794ead6ab163c15bbdc9&i18n_country=NO&hts_id=78bf0395-671d-44b5-980e-4e8494ba6449&initialized=true&nrui=0
IP 143.204.55.40:0
GET /t/798/?t=49549&aid=106472&sid=44542_44543_&xk=5021d032e1c934088c51e8cdc76e191a&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49549%26aid%3D106472%26sid%3D44542_44543_%26clickid%3D1020df78d1794ead6ab163c15bbdc9%26bo%3D2754%252C2755%252C2756%26hts_id%3D78bf0395-671d-44b5-980e-4e8494ba6449&clickid=1020df78d1794ead6ab163c15bbdc9&i18n_country=NO&hts_id=78bf0395-671d-44b5-980e-4e8494ba6449&initialized=true&nrui=0 HTTP/1.1
Host: tours.specia1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/t/798/?t=49549&aid=106472&sid=44542_44543_&xk=5021d032e1c934088c51e8cdc76e191a&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49549%26aid%3D106472%26sid%3D44542_44543_%26clickid%3D1020df78d1794ead6ab163c15bbdc9%26bo%3D2754%252C2755%252C2756%26hts_id%3D78bf0395-671d-44b5-980e-4e8494ba6449&clickid=1020df78d1794ead6ab163c15bbdc9&i18n_country=NO&hts_id=78bf0395-671d-44b5-980e-4e8494ba6449&initialized=true&nrui=0
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: text/html
last-modified: Wed, 30 Nov 2022 13:35:00 GMT
server: AmazonS3
content-encoding: gzip
date: Thu, 01 Dec 2022 12:13:52 GMT
etag: W/"da3c8f505030c68515ec2a17a72ced1d"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 6480520a5e02f3163410e3134bd77baa.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: z1qlfGu4Bikw0VDGmPX8TPu7ietItAQmfcljjQVQxGLHU25F5ZnNpQ==
X-Firefox-Spdy: h2