Report - a.vfgtf.com/ab267e05-23a0-430a-bac4-772f7f629740?subID1=REDIRECTED_FROM_LEGACY_LANDING_PAGES;102028fb5476bd15a676b932ed1d19&affiliateID=44542&source=10256975595b8c819baa68e237485e&subID2=44543&s2=10256975595b8c819baa68e237485e&s3=REDIRECTED_FROM_LEGACY_LANDING_PAGES;102028fb5476bd15a676b932ed1d19&s4=44543&url=1&affsub=REDIRECTED_FROM_LEGACY_LANDING_PAGES&affsource=102028fb5476bd15a676b932ed1d19&aff_click_id=10256975595b8c819baa68e237485e&bo=2753,2754,2755,2756

Report Overview

Submitted URL
a.vfgtf.com/ab267e05-23a0-430a-bac4-772f7f629740?subID1=REDIRECTED_FROM_LEGACY_LANDING_PAGES;102028fb5476bd15a676b932ed1d19&affiliateID=44542&source=10256975595b8c819baa68e237485e&subID2=44543&s2=10256975595b8c819baa68e237485e&s3=REDIRECTED_FROM_LEGACY_LANDING_PAGES;102028fb5476bd15a676b932ed1d19&s4=44543&url=1&affsub=REDIRECTED_FROM_LEGACY_LANDING_PAGES&affsource=102028fb5476bd15a676b932ed1d19&aff_click_id=10256975595b8c819baa68e237485e&bo=2753,2754,2755,2756
IP
18.192.108.151
ASN
#16509 AMAZON-02
Submitted
2022-12-01 12:13:59
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
18

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
a.vfgtc.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	688 B	983 B	18.192.108.151
fonts.googleapis.com	8877	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	422 B	2.0 kB	142.250.74.106
www.google.com	7	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	519 B	694 B	216.58.211.4
ocsp.sca1b.amazontrust.com	1015	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.4 kB	4.0 kB	143.204.42.158
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	34.210.158.59
tours.specia1.com	391408	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	15 kB	15 kB	143.204.55.40
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.4 kB	7.0 kB	142.250.74.131
tour.bang.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	364 B	318 B	104.22.72.97
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	70 kB	34.120.237.76
utl-1.com	164141	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.2 kB	331 kB	143.204.55.5
a.vfgtf.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	795 B	968 B	18.192.108.151
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.7 kB	9.8 kB	23.36.77.32
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.7 kB	3.4 kB	93.184.220.29
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	34.102.187.140
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	229 B	34.117.237.239
t.anmdr.link	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	664 B	2.1 kB	54.230.111.50
secure.authbill.com	117022	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.5 kB	9.8 kB	68.169.87.223
stats.g.doubleclick.net	96	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	609 B	712 B	64.233.165.154
cl0udh0st1ng.com	235524	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	359 B	1.1 kB	188.114.96.1
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
go.moartraffic.com	191983	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.4 kB	9.3 kB	64.188.52.46
fonts.gstatic.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	966 B	34 kB	216.58.207.227
cdn.izooto.com	15273	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.3 kB	2.8 kB	104.18.216.65
www.google-analytics.com	40	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.9 kB	22 kB	142.250.74.110
www.google.no	25607	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	518 B	694 B	142.250.74.35

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-12-01	medium	tours.specia1.com/t/common/js/repoUtilsV2.js	Phishing
2022-12-01	medium	tours.specia1.com/t/798/img/svg/arrow.svg	Phishing
2022-12-01	medium	tours.specia1.com/t/798/img/svg/yes.svg	Phishing
2022-12-01	medium	tours.specia1.com/t/798/img/svg/eye-on.svg	Phishing
2022-12-01	medium	tours.specia1.com/t/798/img/svg/eye-off.svg	Phishing
2022-12-01	medium	tours.specia1.com/t/798/img/svg/no.svg	Phishing
2022-12-01	medium	tours.specia1.com/t/798/img/svg/logo.svg	Phishing
2022-12-01	medium	tours.specia1.com/t/common/js/footer_override.min.js	Phishing
2022-12-01	medium	tours.specia1.com/t/798/js/custom.js	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (15)

	URL	Size	First Seen	Last Seen
	go.moartraffic.com/native.history.js	22 kB	2023-03-07	2024-02-07
Pretty URL go.moartraffic.com/native.history.js IP 64.188.52.46 ASN #30602 ISPRIME Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06:59 Last Seen2024-02-07 04:52:40 Times Seen95 Hash 4391c3ebd46fb772c788c32d1885afdd 824d318a296d3ae4bc8023f254d61a94818e0866 968c9f4d687c2584b5073a12074aa9d18601af83399d4b6c420b022ecda05f7f Loading...

	tours.specia1.com/t/common/js/footer_override.min.js	7.8 kB	2023-03-07	2023-05-29
Pretty URL tours.specia1.com/t/common/js/footer_override.min.js IP 143.204.55.40 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:42:41 Last Seen2023-05-29 06:36:55 Times Seen13 Hash bce527ef9e6ea886fffc7cee9fc69826 191e11c27855a895d29095f677f5c8ed75300b9d 45ef13c44a036731f700e5d6351134334e3f436a4c9af3d577be419e51f412bb Loading...

	utl-1.com/1.6.38/utl.min.js	312 kB	2023-03-07	2023-11-08
Pretty URL utl-1.com/1.6.38/utl.min.js IP 143.204.55.5 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:10:18 Last Seen2023-11-08 06:47:26 Times Seen14 Hash dedd14a7c951d3cc8f16918c53ca760f 7b8b1137964d253303b614f331a064dcd92f0ad3 a95f875f338c46afba8d8175e28e73917fe6080019c8ffc19fb3322161dc6872 Loading...

	www.google-analytics.com/analytics.js	50 kB	2023-03-08	2024-04-19
Pretty URL www.google-analytics.com/analytics.js IP 142.250.74.110 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 05:22:31 Last Seen2024-04-19 07:47:47 Times Seen1515 Hash fda30e8a22c9bcd954fd8d0fadd0e77c ae47cd34cbde081a48d7f92fc80aaf06a1381193 b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719 Loading...

	go.moartraffic.com/go.php?t=49549&aid=106472&sid=44542_44543_&clickid=1020df78d1794ead6ab163c15bbdc9&bo=2754%2C2755%2C2756	604 B	2023-03-11	2023-03-11
Pretty URL go.moartraffic.com/go.php?t=49549&aid=106472&sid=44542_44543_&clickid=1020df78d1794ead6ab163c15bbdc9&bo=2754%2C2755%2C2756 IP 64.188.52.46 ASN #30602 ISPRIME Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 23:33:23 Last Seen2023-03-11 23:33:23 Times Seen1 Hash 9c867ed9e78739d0a142c1c5b4c441ac 56ee4a5490d4c711bfa410dd3b4f997f0f81ef5e 1b3b4c67ea84ac0babf157bd63a61cc51aa50bf403dcf76d7e57f47d4ad0874d Loading...

	tours.specia1.com/t/common/js/repoUtilsV2.js	6.4 kB	2023-03-07	2023-05-27
Pretty URL tours.specia1.com/t/common/js/repoUtilsV2.js IP 143.204.55.40 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:08:51 Last Seen2023-05-27 18:44:29 Times Seen10 Hash 463ab17c7b265e702f3c4390d78b31b3 af44646f4e11783a1123e3748a77ba3fecd1145b 27bfd892978a1454aeace298e543a317aefe9750e74faac177d85db1fe0968c8 Loading...

	cl0udh0st1ng.com/bo.js	3.7 kB	2023-03-07	2023-03-29
Pretty URL cl0udh0st1ng.com/bo.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:08:51 Last Seen2023-03-29 22:30:02 Times Seen4 Hash 335823ff7cf62de3f8c7a26d3d2c30bc a427fd985ea08abec4bdcf77ebdc916f04fbc5d7 852d19ed390414ca431837cc185a237cc5c5a393e193182efd17420a5bb4b651 Loading...

	utl-1.com/1.6.38/mst2.min.js	18 kB	2023-03-07	2023-11-25
Pretty URL utl-1.com/1.6.38/mst2.min.js IP 143.204.55.5 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:42:41 Last Seen2023-11-25 18:19:28 Times Seen19 Hash 3a2e1fe5f9de68d28807b0b5675235f4 1ec71f3bf36850118f94eacb5c7949f449b3a0b7 252d3a0ef9c3754cdf38a02570d1a84fa4d94d53ac2eaeeada2e141f9c11a2e2 Loading...

	tours.specia1.com/t/798/js/custom.js	7.5 kB	2023-03-10	2023-03-11
Pretty URL tours.specia1.com/t/798/js/custom.js IP 143.204.55.40 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 09:36:09 Last Seen2023-03-11 23:33:23 Times Seen1 Hash 262dc6cadb2d0e8fecd84cfe8fc4a9ac cf5dfcf6909a041debe944b31fb1c5fb438d2cf3 a6f97162bf3ba6cf5d0834e9b3488019ada192978d95e80ea47853bb7be53e47 Loading...

	tour.bang.com/bb/default.js	11 kB	2023-03-10	2023-03-11
Pretty URL tour.bang.com/bb/default.js IP 104.22.72.97 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 09:36:09 Last Seen2023-03-11 23:33:23 Times Seen1 Hash 687cb136083123eca553d94e04afe3b2 962b317e0c8e2483990905a5d583d3dba2e727a3 6f5de29320b0da9bea94aef01481ffdee7b671a2dd164c655e1089daad0fd467 Loading...

	cdn.izooto.com/scripts/6d0d9819e611e28a165c1c894e7998790112eec4.js	2.5 kB	2023-03-07	2023-05-29
Pretty URL cdn.izooto.com/scripts/6d0d9819e611e28a165c1c894e7998790112eec4.js IP 104.18.216.65 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:42:41 Last Seen2023-05-29 06:36:55 Times Seen21 Hash db0978cf7984d9a04fbad61af732fe12 0a7bf5e54cbdd016b88fada17665e7d689dc2c83 61e8a955df8bd6092e9231983ddca6a47083621f2db3d125cb3e8d2d33c35b5c Loading...

	go.moartraffic.com/go.min.js	306 B	2023-03-07	2023-12-01
Pretty URL go.moartraffic.com/go.min.js IP 64.188.52.46 ASN #30602 ISPRIME Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:42:41 Last Seen2023-12-01 22:24:59 Times Seen68 Hash b8891bcb893d3ee2806e7989a3031af3 de5aab743d1bd13e45a864f7413a83b215b2cb1a ccfb01fbbefd9557045ec789bdaadcca96ca9da1b27ba23c6082a58f86b90df0 Loading...

	unknown	0 B	2023-03-07	2024-04-19
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-19 10:17:56 Times Seen36956271 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	cdn.izooto.com/scripts/sak/iz_setcid.html?v=1	3.6 kB	2023-03-07	2023-03-17
Pretty URL cdn.izooto.com/scripts/sak/iz_setcid.html?v=1 IP 104.18.216.65 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:22:00 Last Seen2023-03-17 12:47:13 Times Seen1 Hash d7822001499e91d42d7ef6c89fa16adf 90f8ac1c6cd694058ab2f6bcd077510ed11f4a12 44631f01334b73cb9cd3f3babf6ed51920d7b0dcbd8c05184823a1b9820b5ad1 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 5e153aec474218aff822ad71c30ea586	391 B	2023-03-07	2023-11-25
Pretty Observations First Seen2023-03-07 01:42:41 Last Seen2023-11-25 18:19:28 Times Seen24 Hash 5e153aec474218aff822ad71c30ea586 4562dc0e68c0682f401f5d9990a43b69d7325c59 0f79ce0b39dd2f788cadb6e9d464423192f8a7748fc01a289ee4cadc3813f00a Loading...

HTTP Transactions (86)

URL IP Response Size

a.vfgtf.com/ab267e05-23a0-430a-bac4-772f7f629740?subID1=REDIRECTED_FROM_LEGACY_LANDING_PAGES;102028fb5476bd15a676b932ed1d19&affiliateID=44542&source=10256975595b8c819baa68e237485e&subID2=44543&s2=10256975595b8c819baa68e237485e&s3=REDIRECTED_FROM_LEGACY_LANDING_PAGES;102028fb5476bd15a676b932ed1d19&s4=44543&url=1&affsub=REDIRECTED_FROM_LEGACY_LANDING_PAGES&affsource=102028fb5476bd15a676b932ed1d19&aff_click_id=10256975595b8c819baa68e237485e&bo=2753,2754,2755,2756

18.192.108.151

302

0 B

URL HTTP/1.1
a.vfgtf.com/ab267e05-23a0-430a-bac4-772f7f629740?subID1=REDIRECTED_FROM_LEGACY_LANDING_PAGES;102028fb5476bd15a676b932ed1d19&affiliateID=44542&source=10256975595b8c819baa68e237485e&subID2=44543&s2=10256975595b8c819baa68e237485e&s3=REDIRECTED_FROM_LEGACY_LANDING_PAGES;102028fb5476bd15a676b932ed1d19&s4=44543&url=1&affsub=REDIRECTED_FROM_LEGACY_LANDING_PAGES&affsource=102028fb5476bd15a676b932ed1d19&aff_click_id=10256975595b8c819baa68e237485e&bo=2753,2754,2755,2756
IP
18.192.108.151:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ab267e05-23a0-430a-bac4-772f7f629740?subID1=REDIRECTED_FROM_LEGACY_LANDING_PAGES;102028fb5476bd15a676b932ed1d19&affiliateID=44542&source=10256975595b8c819baa68e237485e&subID2=44543&s2=10256975595b8c819baa68e237485e&s3=REDIRECTED_FROM_LEGACY_LANDING_PAGES;102028fb5476bd15a676b932ed1d19&s4=44543&url=1&affsub=REDIRECTED_FROM_LEGACY_LANDING_PAGES&affsource=102028fb5476bd15a676b932ed1d19&aff_click_id=10256975595b8c819baa68e237485e&bo=2753,2754,2755,2756 HTTP/1.1
Host: a.vfgtf.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 302 
Server: nginx
Date: Thu, 01 Dec 2022 12:13:48 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: https://a.vfgtc.com/dff0a39e-b61c-4ead-9255-78be047ae39f?aff_sub4=_bucket&subID1=REDIRECTED_FROM_LEGACY_LANDING_PAGES%3B102028fb5476bd15a676b932ed1d19&affiliateID=44542&source=10256975595b8c819baa68e237485e&subID2=44543&Target=&Site=&Bnr=&cid=w50rp17due7lj4sk2sk8slak
Pragma: no-cache
Set-Cookie: ab267e05-23a0-430a-bac4-772f7f629740-v4=OJKluzoJwiqpjPeHD5WuCwHv8Grswom8NmpHYz09QAk; Max-Age=86400; Expires=Fri, 02-Dec-2022 12:13:48 GMT; Domain=a.vfgtf.com; Path=/; HttpOnly
cc-v4=CXaqfKcqOJt4%2Fh2yL10NP1A%2FU8wDUErXrCBG8A6e6VVZK4%2B%2BCai3pU%2FnQWK%2BAS8LHLUMtjF5EDtVwqinkBcvMKvQaCIMVhYuu9rMUTE1chpj3DKORs0k1UzUPg3NrVM7ZlRNCvFpYzICKXfLeyCnOA%3D%3D; Max-Age=31536000; Expires=Fri, 01-Dec-2023 12:13:48 GMT; Domain=a.vfgtf.com; Path=/; HttpOnly

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
a5daf4dc99951793ae2315d4795e8146
4427507ca4d3a5632cc8f598afbc85e2195d00bd
94fb64c1c826ed7099283c0bedb3cea7ac7e1d9526794cb9fad6e761f5989d32

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "94FB64C1C826ED7099283C0BEDB3CEA7AC7E1D9526794CB9FAD6E761F5989D32"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2268
Expires: Thu, 01 Dec 2022 12:51:36 GMT
Date: Thu, 01 Dec 2022 12:13:48 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
0c748388899e8a8d3680355da2ea5020
903c620cd137613daafb0da0508c37b2f4a67212
39eab80e022a9a1732872d9926b0ace80f818ec5c535e36a18b539ea63786fb2

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2514
Cache-Control: max-age=169158
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 12:13:48 GMT
Etag: "63888270-1d7"
Expires: Sat, 03 Dec 2022 11:13:06 GMT
Last-Modified: Thu, 01 Dec 2022 10:31:12 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 471

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
9fce5679881bf302a8978a0b462f01a9
b699fe030ea13ac73813e655c42ed9b531925e2b
a3ec545a8f9364ac9062eddb41279e1465687a1b60f9c1dec6b3a3df8b033eb3

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A3EC545A8F9364AC9062EDDB41279E1465687A1B60F9C1DEC6B3A3DF8B033EB3"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5245
Expires: Thu, 01 Dec 2022 13:41:13 GMT
Date: Thu, 01 Dec 2022 12:13:48 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: m6FKR3Nv27V9w/ssHMYIysXP5tQMHa/TB68rpzBE5jvNOshw6ywWH/9vvtMAPgsAWhLI6dKJFsI=
x-amz-request-id: PKK2NDMKTBN8HYQK
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 01 Dec 2022 11:46:15 GMT
age: 1653
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/

34.102.187.140

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 01 Dec 2022 11:19:46 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 3242
alt-svc: clear
X-Firefox-Spdy: h2

a.vfgtc.com/dff0a39e-b61c-4ead-9255-78be047ae39f?aff_sub4=_bucket&subID1=REDIRECTED_FROM_LEGACY_LANDING_PAGES%3B102028fb5476bd15a676b932ed1d19&affiliateID=44542&source=10256975595b8c819baa68e237485e&subID2=44543&Target=&Site=&Bnr=&cid=w50rp17due7lj4sk2sk8slak

18.192.108.151

302 Found

0 B

URL HTTP/2
a.vfgtc.com/dff0a39e-b61c-4ead-9255-78be047ae39f?aff_sub4=_bucket&subID1=REDIRECTED_FROM_LEGACY_LANDING_PAGES%3B102028fb5476bd15a676b932ed1d19&affiliateID=44542&source=10256975595b8c819baa68e237485e&subID2=44543&Target=&Site=&Bnr=&cid=w50rp17due7lj4sk2sk8slak
IP
18.192.108.151:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /dff0a39e-b61c-4ead-9255-78be047ae39f?aff_sub4=_bucket&subID1=REDIRECTED_FROM_LEGACY_LANDING_PAGES%3B102028fb5476bd15a676b932ed1d19&affiliateID=44542&source=10256975595b8c819baa68e237485e&subID2=44543&Target=&Site=&Bnr=&cid=w50rp17due7lj4sk2sk8slak HTTP/1.1
Host: a.vfgtc.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 302 Found
server: nginx
date: Thu, 01 Dec 2022 12:13:48 GMT
content-length: 0
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://t.anmdr.link/44542/5447/?aff_sub4=_bucket&aff_sub=REDIRECTED_FROM_LEGACY_LANDING_PAGES%3B102028fb5476bd15a676b932ed1d19&aff_sub2=44543&aff_sub3=wdqotmnsio6ur4ski72clmb6&source=10256975595b8c819baa68e237485e&bo=2754,2755,2756&aff_sub5=_
pragma: no-cache
set-cookie: dff0a39e-b61c-4ead-9255-78be047ae39f-v4=IcFLL4m6JULh7qbp8mQ0zieExntjoM8dQoOxECE5-wY; Max-Age=86400; Expires=Fri, 02-Dec-2022 12:13:48 GMT; Domain=a.vfgtc.com; Path=/; Secure; HttpOnly;SameSite=None
cc-v4=7SCyB6Ki1GjgGBOKvW22xKH%2BAIcnoBBvCJ5ES2KiENptiIjaijjw3Z2htuYCK023He%2BwdO70S1pvLm2KJifNOAD0hLGMz8e%2BLuV7kvW7oiyJXXmvZk6SqRIqMAsmDK29H%2FgCbAxEfqEXMMlGY30eDw%3D%3D; Max-Age=31536000; Expires=Fri, 01-Dec-2023 12:13:48 GMT; Domain=a.vfgtc.com; Path=/; Secure; HttpOnly;SameSite=None
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 12:13:48 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.sca1b.amazontrust.com/

143.204.42.158

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
143.204.42.158:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
bd2422b1bd848db729c67324c198ae0e
99ef01ea958d3811958e6175f8dc7c94c3d17691
f6300440d56f190b52796e679e850f4919a7e3f15b1021c90a78eea3e798c6fe

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=116078
Date: Thu, 01 Dec 2022 12:13:48 GMT
Etag: "6387ab20-1d7"
Expires: Fri, 02 Dec 2022 20:28:26 GMT
Last-Modified: Wed, 30 Nov 2022 19:12:32 GMT
Server: ECS (bsa/EB16)
X-Cache: Miss from cloudfront
Via: 1.1 6a757ab2991da716151f94ca00b38098.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 5_V0lBlWvMB5jcbYaO_GS5mlqYKXf2KlNKIwE3HkjtBQ6TFgo5FdXg==
Age: 4554

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

34.102.187.140

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 01 Dec 2022 12:08:56 GMT
cache-control: public,max-age=3600
age: 292
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

t.anmdr.link/44542/5447/?aff_sub4=_bucket&aff_sub=REDIRECTED_FROM_LEGACY_LANDING_PAGES%3B102028fb5476bd15a676b932ed1d19&aff_sub2=44543&aff_sub3=wdqotmnsio6ur4ski72clmb6&source=10256975595b8c819baa68e237485e&bo=2754,2755,2756&aff_sub5=_

54.230.111.50

303 See Other

340 B

URL HTTP/2
t.anmdr.link/44542/5447/?aff_sub4=_bucket&aff_sub=REDIRECTED_FROM_LEGACY_LANDING_PAGES%3B102028fb5476bd15a676b932ed1d19&aff_sub2=44543&aff_sub3=wdqotmnsio6ur4ski72clmb6&source=10256975595b8c819baa68e237485e&bo=2754,2755,2756&aff_sub5=_
IP
54.230.111.50:0
ASN
#16509 AMAZON-02

File type
HTML document, ASCII text, with very long lines (340), with no line terminators
Size
340 B (340 bytes)
Hash
f8f4c29b474f3df7544412d230d9b90c
df57bf433e695a33370d1bdbfa3f46da27ceacb7
6f67f24e85f346aa5e333aca9e33dac76ddc12c11d1681dd6114de189d0a44b8

HTTP Headers

GET /44542/5447/?aff_sub4=_bucket&aff_sub=REDIRECTED_FROM_LEGACY_LANDING_PAGES%3B102028fb5476bd15a676b932ed1d19&aff_sub2=44543&aff_sub3=wdqotmnsio6ur4ski72clmb6&source=10256975595b8c819baa68e237485e&bo=2754,2755,2756&aff_sub5=_ HTTP/1.1
Host: t.anmdr.link
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 303 See Other
content-type: text/html; charset=utf-8
content-length: 340
location: https://go.moartraffic.com/go.php?t=49549&aid=106472&sid=44542_44543_&clickid=1020df78d1794ead6ab163c15bbdc9&bo=2754%2C2755%2C2756
server: nginx/1.19.0
date: Thu, 01 Dec 2022 12:13:49 GMT
set-cookie: aff_ran_url_8062=27690; Path=/; Expires=Fri, 02 Dec 2022 12:13:49 GMT; Secure
enc_aff_session_8062=ENC0339c3e807907158b140b60ec42704b30d5f80cd3bce1cae92081df5abc6155b2cf36ec7fe6e7dd70569db6ed0c9568f394c8c581c7f49792c2b1f66c4ce51229334397e61130523a2d434e384113606cef455c5f2065f26c9d1b5b38f1675612da92fe32c32837c2e319c0710bc7a93e1037d6f001c03f7a21b454b1c1bdab00363c5cfefc78879617b791632f73617dd225f63776ebea255c6464b78e6e01db6c17b4c5eef44f1d35d9cf01a70c81bfb8587c84dbddfcd9f77a6a2abbe4bffb949dbc22ca64f6dcfe8d9bd0651e0217162e6440cd9df471401c0cff2be5c59d743c40652ecb32491520e99636f5b72be9b63a20eaf199f4ad70fc27e197c6f8118f8b1dd; Path=/; Expires=Sat, 30 Nov 2024 12:13:49 GMT; Secure
ho_mob=eyJtb2JpbGVfZGV2aWNlX29zIjoiRGVza3RvcCIsIm1vYmlsZV9kZXZpY2VfbW9kZWwiOiJGaXJlZm94IiwibW9iaWxlX2RldmljZV9icmFuZCI6Ik1vemlsbGEiLCJtb2JpbGVfYnJvd3NlciI6IkZpcmVmb3ggRGVza3RvcCIsIm1vYmlsZV9icm93c2VyX3ZlcnNpb24iOiIxMDUuMCIsIm1vYmlsZV9jYXJyaWVyIjoiPyIsInVzZXJfYWdlbnQiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgWDY0OyBSdjoxMDUuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC8xMDUuMCIsImNvbm5lY3Rpb25fc3BlZWQiOiJicm9hZGJhbmQifQ%3D%3D; Path=/; Expires=Sat, 25 Oct 2025 22:53:49 GMT; Secure
tracking_id: 1020df78d1794ead6ab163c15bbdc9
vary: Accept
strict-transport-security: max-age=15724800; includeSubDomains
x-cache: Miss from cloudfront
via: 1.1 c26775cc34c23943f6f5cfc9a3da9b4a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: o7lJtox1owc5xbWbr7XinorgWdT3ljUTR4_C-tzL__7XVuYQ4H1B6w==
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
1f88399f3fdd89dbb9ca1229cb67143a
325c9dbfd932cf9a6fb9fab2dd8e27083f55a9a3
831ecd45dcd2d5ae2ae86cd63ea5e94ecd85281b7e51054af5df9a6386fb8d79

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2504
Cache-Control: max-age=164084
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 12:13:49 GMT
Etag: "63886ea9-1d7"
Expires: Sat, 03 Dec 2022 09:48:33 GMT
Last-Modified: Thu, 01 Dec 2022 09:06:49 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 471

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
02b27e65c1e613a1a51f500c907f1c8c
d6c7d8e4bf959b25b90730cd700f78b6955412a8
e234a84a1a6384dcd72f443324fefca0a71ec567eb4dc737d04329d507ecf887

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E234A84A1A6384DCD72F443324FEFCA0A71EC567EB4DC737D04329D507ECF887"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6667
Expires: Thu, 01 Dec 2022 14:04:56 GMT
Date: Thu, 01 Dec 2022 12:13:49 GMT
Connection: keep-alive

push.services.mozilla.com/

34.210.158.59

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
34.210.158.59:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: f3Ry57YenQY8GKPytaGkQQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: tJyQdcfvRYWW8HbJuMpDx03m6L4=

go.moartraffic.com/go.php?t=49549&aid=106472&sid=44542_44543_&clickid=1020df78d1794ead6ab163c15bbdc9&bo=2754%2C2755%2C2756

64.188.52.46

200 OK

547 B

URL HTTP/1.1
go.moartraffic.com/go.php?t=49549&aid=106472&sid=44542_44543_&clickid=1020df78d1794ead6ab163c15bbdc9&bo=2754%2C2755%2C2756
IP
64.188.52.46:0
ASN
#30602 ISPRIME

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (442)
Size
547 B (547 bytes)
Hash
fd76153c6d0438f3d54232d113876e1e
95c148bf9e68ddc81a63c40e0f25bf0430f43317
21eb90b7c6a42e8b576a38b4ad9d2e6016b5ae8a6ea4d79ac67199cef477a18b

HTTP Headers

GET /go.php?t=49549&aid=106472&sid=44542_44543_&clickid=1020df78d1794ead6ab163c15bbdc9&bo=2754%2C2755%2C2756 HTTP/1.1
Host: go.moartraffic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/1.1 200 OK
date: Thu, 01 Dec 2022 12:13:49 GMT
server: Apache
set-cookie: bd_ovtu=1; expires=Fri, 02-Dec-2022 12:13:50 GMT; Max-Age=86400; path=/; domain=.moartraffic.com
bdreff=NONE; expires=Tue, 30-May-2023 12:13:50 GMT; Max-Age=15552000; path=/; domain=.moartraffic.com
tour=49549; expires=Tue, 30-May-2023 12:13:50 GMT; Max-Age=15552000; path=/; domain=.moartraffic.com
affsubid=106472-44542_44543_; expires=Tue, 30-May-2023 12:13:50 GMT; Max-Age=15552000; path=/; domain=.moartraffic.com
bdvisit=106472; expires=Fri, 02-Dec-2022 12:13:50 GMT; Max-Age=86400; path=/; domain=.moartraffic.com
bdcounter=1; expires=Fri, 02-Dec-2022 12:13:50 GMT; Max-Age=86400; path=/; domain=.moartraffic.com
xk=5021d032e1c934088c51e8cdc76e191a; expires=Tue, 30-May-2023 12:13:50 GMT; Max-Age=15552000; path=/; domain=.moartraffic.com
cache-control: no-store, no-cache, must-revalidate
expires: Thu, 01 Jan 1970 00:00:00 GMT
x-robots-tag: otherbot: noindex, nofollow, googlebot: noindex, nofollow
vary: Accept-Encoding
content-encoding: gzip
content-length: 547
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff

go.moartraffic.com/native.history.js

64.188.52.46

200 OK

6.5 kB

URL HTTP/1.1
go.moartraffic.com/native.history.js
IP
64.188.52.46:0
ASN
#30602 ISPRIME

File type
ASCII text, with very long lines (22102), with no line terminators
Size
6.5 kB (6519 bytes)
Hash
8353bbacfdb868f80448dcdb30c2e2d2
7232562be4f0f7a1aaa403c9d6c5d2ed17345cfd
fd7be3058aae52c67b43703962b3b6039b0ac2709a82a68a150aebae3e19ae38

HTTP Headers

GET /native.history.js HTTP/1.1
Host: go.moartraffic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://go.moartraffic.com/go.php?t=49549&aid=106472&sid=44542_44543_&clickid=1020df78d1794ead6ab163c15bbdc9&bo=2754%2C2755%2C2756
Cookie: bd_ovtu=1; bdreff=NONE; tour=49549; affsubid=106472-44542_44543_; bdvisit=106472; bdcounter=1; xk=5021d032e1c934088c51e8cdc76e191a
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
date: Thu, 01 Dec 2022 12:13:50 GMT
server: Apache
vary: Accept-Encoding
content-encoding: gzip
content-type: application/javascript
content-length: 6519
x-content-type-options: nosniff

go.moartraffic.com/go.min.js

64.188.52.46

200 OK

221 B

URL HTTP/1.1
go.moartraffic.com/go.min.js
IP
64.188.52.46:0
ASN
#30602 ISPRIME

File type
ASCII text, with very long lines (305)
Size
221 B (221 bytes)
Hash
77d3c60f4f2cc6ab7f7c0f9187dfd6fe
7a8ce851238850aeadfb637638c52891aeb53c42
98de9958ac1d81fdeea1f165dfe95f2da4d7e592f452d7c8ca699a1c914e3f2e

HTTP Headers

GET /go.min.js HTTP/1.1
Host: go.moartraffic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://go.moartraffic.com/go.php?t=49549&aid=106472&sid=44542_44543_&clickid=1020df78d1794ead6ab163c15bbdc9&bo=2754%2C2755%2C2756
Cookie: bd_ovtu=1; bdreff=NONE; tour=49549; affsubid=106472-44542_44543_; bdvisit=106472; bdcounter=1; xk=5021d032e1c934088c51e8cdc76e191a
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
date: Thu, 01 Dec 2022 12:13:50 GMT
server: Apache
vary: Accept-Encoding
content-encoding: gzip
content-type: application/javascript
content-length: 221
x-content-type-options: nosniff

go.moartraffic.com/favicon.ico

64.188.52.46

200 OK

198 B

URL HTTP/1.1
go.moartraffic.com/favicon.ico
IP
64.188.52.46:0
ASN
#30602 ISPRIME

File type
MS Windows icon resource - 1 icon, 16x16, 2 colors\012- data
Size
198 B (198 bytes)
Hash
c6acedaff906029fc5455d9ec52c7f42
92cbd806ca421aa2c9ff5e1ff76bbc20913a2f81
9deb629637088856fe61dc868bf40a7d21ed942e4117659f3d6c3408f59b906b

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: go.moartraffic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://go.moartraffic.com/go.php?t=49549&aid=106472&sid=44542_44543_&clickid=1020df78d1794ead6ab163c15bbdc9&bo=2754%2C2755%2C2756
Cookie: bd_ovtu=1; bdreff=NONE; tour=49549; affsubid=106472-44542_44543_; bdvisit=106472; bdcounter=1; xk=5021d032e1c934088c51e8cdc76e191a
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
date: Thu, 01 Dec 2022 12:13:50 GMT
server: Apache
last-modified: Thu, 01 Dec 2022 11:45:48 GMT
etag: "c6-5eec2c31deca8"
accept-ranges: bytes
content-length: 198
content-type: image/vnd.microsoft.icon
x-content-type-options: nosniff

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4695
Expires: Thu, 01 Dec 2022 13:32:05 GMT
Date: Thu, 01 Dec 2022 12:13:50 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4695
Expires: Thu, 01 Dec 2022 13:32:05 GMT
Date: Thu, 01 Dec 2022 12:13:50 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ac3edd07bb0a4ebdaae6ec26e91d2079
b6efe3811dfa37cdcde1e9d411c171732ac7e12a
c5dbd471d178ae4505b28e30aee1e8eed77fffd81b9f7815ad2bda1a0d09a02c

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5DBD471D178AE4505B28E30AEE1E8EED77FFFD81B9F7815AD2BDA1A0D09A02C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4695
Expires: Thu, 01 Dec 2022 13:32:05 GMT
Date: Thu, 01 Dec 2022 12:13:50 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F966ff24e-ea85-4a2e-aead-22f1a723c59f.jpeg

34.120.237.76

200 OK

9.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F966ff24e-ea85-4a2e-aead-22f1a723c59f.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.7 kB (9674 bytes)
Hash
5508d05a290b663fd89ead9b58f2efd8
53650399f9a986ba54addd668b4557109d12003b
65704a961410fdd318c491fedf002c8e9b184cd34b76fe1b67026d42ce21be3f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F966ff24e-ea85-4a2e-aead-22f1a723c59f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9674
x-amzn-requestid: 7e7d0183-9667-462a-8d44-d125998c1ae3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYgEoHVAoAMFvAQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867a1d-280ba97e3fe1bf7244cbde35;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:31:09 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ym_L3s5E6MLy6BxqNkVxok6L6hA4c-ilSsEqt42j2IbiXYPb4c6-VQ==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 6a9b42e38e76b7d4a4044ebe0e0eca08.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 21:52:57 GMT
age: 51653
etag: "53650399f9a986ba54addd668b4557109d12003b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F600016d1-5abb-4a6c-996a-933a8d4bc6df.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.7 kB (8740 bytes)
Hash
26d6dffbf400da4803a2e76e2a8ef2f8
2e62f9ed8f5e7b2f888a73320dd98b0cda9303b8
04c6e31623fe48cbe83dc91635bfa47b337590f18919995b08d5bde27e929e03

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F600016d1-5abb-4a6c-996a-933a8d4bc6df.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8740
x-amzn-requestid: c6c3e3dc-c9a2-4fda-a83b-cdd6ae81166b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cP7uyE9CoAMF6Xg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63830cc4-2c8940405044071a082ee678;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 07:07:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: qykE_oaoqqPTgqGnfUo74mH29IOS97b5sZb_3VmB9yW7KUiJ1a7dnA==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 18:58:06 GMT
age: 62144
etag: "2e62f9ed8f5e7b2f888a73320dd98b0cda9303b8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

16 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb0e1339e-3c63-4033-8b5b-e21137509777.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
16 kB (16038 bytes)
Hash
ffd12f9c423ffc627d9e3b3145944fe4
5cf9a7a784952e1bb0cbe499104f1774b1269d08
a25f1b752d9af599aefd73073c105853130f1759905269de3d582d2eb35fe167

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb0e1339e-3c63-4033-8b5b-e21137509777.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 16038
x-amzn-requestid: 925134ee-dd35-45ed-8da7-d60c9c484993
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cbz80EHboAMFtmQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6387cd1e-48de287757e82632291365ee;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 21:37:34 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: I8qQQUMSVzFmXqjWM1n_F1XEE-ZQcpEF81OwJgf9i3Q5M8XiFAa8Zg==
via: 1.1 a20e81b65d2465c729ce2f6bfe539dd0.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 21:52:00 GMT
age: 51710
etag: "5cf9a7a784952e1bb0cbe499104f1774b1269d08"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.8 kB (4803 bytes)
Hash
cc0a257323f882caff067adb86d906e4
cedf2f21be7cd366bd46055b62b5513db3011dfc
c16a9296d5e840a468fef7fb2764b9f7d4b3131d7ade2ce4999de1eead5469e0

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4803
x-amzn-requestid: ad2d9243-5e32-4faf-8ff3-b9abd3af1e89
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cb1_hEJJIAMF4Vg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6387d063-596f5833509112ee6cbedf54;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 21:51:31 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: jM-fTqLsmU3c_gc9Wle-lvCwXelA9Sid9axtzJQDsfOHv23yUbKsBw==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 22:43:35 GMT
age: 48615
etag: "cedf2f21be7cd366bd46055b62b5513db3011dfc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

13 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F83cd87b8-4041-419b-ab34-9f8e5a326f4b.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
13 kB (12898 bytes)
Hash
820cf89fcab8380adff42982c9fb11ed
84241ddddbbfd7de30118307fb1a62800d0a4cb3
0d051495f06ac84de934283b40cbfee7a042d32153a73486dd7c017430e882d8

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F83cd87b8-4041-419b-ab34-9f8e5a326f4b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 12898
x-amzn-requestid: 9b594c3c-6b8c-4589-8fcb-b3d7518b46f6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cQZBNFxToAMF_9A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63833ba1-767f510d72eef86d0cc892df;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 10:27:45 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: kZfRQsF_Fo2UtTqK0ByOPeQK-IzTQO9JtTmxIMlapmsd93SJk_4VYw==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 21:47:30 GMT
age: 51980
etag: "84241ddddbbfd7de30118307fb1a62800d0a4cb3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffc2c1d47-fc4a-4f23-a6f7-5ac8f3a68490.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (12035 bytes)
Hash
acffcb88ce68b2d70c9c046a7b5a4aa8
cd016e6c0bf5c6eef06e933c9a5257ff4fca9bc1
692d782ac1d812de6dadbcfe46034b6b5d8bbd586e56beedd96dc4d65445dd4c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffc2c1d47-fc4a-4f23-a6f7-5ac8f3a68490.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 12035
x-amzn-requestid: 2711a135-b390-43ef-9e95-92438058bc27
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cbz81FIpIAMFs9Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6387cd1e-742f7f293df074340ab6a217;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 21:37:34 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ygs-Qd7UU_k4t4_breZTyqkHqGjJzlH1UMa9ncww5_IGpJ1n781jfg==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 21:51:55 GMT
age: 51715
etag: "cd016e6c0bf5c6eef06e933c9a5257ff4fca9bc1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.sca1b.amazontrust.com/

143.204.42.158

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
143.204.42.158:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
812045d81159ff349f469b4ffac2d9cb
49790c0705b001ac5f200d4b7206f94ed1746517
3036d1e02efe3ac6e5d9ddd2b9103f6a3c799d78700ccc91a827594857c13f65

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=120863
Date: Thu, 01 Dec 2022 12:13:50 GMT
Etag: "6387c73a-1d7"
Expires: Fri, 02 Dec 2022 21:48:13 GMT
Last-Modified: Wed, 30 Nov 2022 21:12:26 GMT
Server: ECS (dcb/7F5C)
X-Cache: Miss from cloudfront
Via: 1.1 6a757ab2991da716151f94ca00b38098.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: Lz4woRtSKlm-B0Jxc76TP5r5MdhSPtbOxk6FVvEjDWhkjnD6oXYLng==
Age: 2147

ocsp.digicert.com/

93.184.220.29

200 OK

280 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
280 B (280 bytes)
Hash
caa6c1decc77e798e7ebf5116d5c2a65
e83369a834099d4127525a60fe6eb73ee93d52a7
234b03b86b8b77a019c3c3638f4edfad114f5519fe82338b0d89ac4666f37fa0

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4319
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 12:13:51 GMT
Etag: "6386db03-116"
Last-Modified: Thu, 01 Dec 2022 11:01:52 GMT
Server: ECS (amb/6B79)
X-Cache: HIT
Content-Length: 280

tours.specia1.com/t/common/js/repoUtilsV2.js

143.204.55.40

200 OK

2.7 kB

URL HTTP/2
tours.specia1.com/t/common/js/repoUtilsV2.js
IP
143.204.55.40:0
ASN
#16509 AMAZON-02

File type
data
Size
2.7 kB (2685 bytes)
Hash
b1ce2f35864e2dda9606c9d620fc83b1
71892a7a201186f5f4dfc87aa63b62e9d93f771a
2a72332d8d15a72cbd1ece4cca50402789188d546cb2e7e0f3c6187842d0a88e

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /t/common/js/repoUtilsV2.js HTTP/1.1
Host: tours.specia1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/t/798/?t=49549&aid=106472&sid=44542_44543_&xk=5021d032e1c934088c51e8cdc76e191a&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49549%26aid%3D106472%26sid%3D44542_44543_%26clickid%3D1020df78d1794ead6ab163c15bbdc9%26bo%3D2754%252C2755%252C2756%26hts_id%3D78bf0395-671d-44b5-980e-4e8494ba6449&clickid=1020df78d1794ead6ab163c15bbdc9&i18n_country=NO&hts_id=78bf0395-671d-44b5-980e-4e8494ba6449
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: application/javascript
last-modified: Wed, 30 Nov 2022 13:35:25 GMT
server: AmazonS3
content-encoding: gzip
date: Thu, 01 Dec 2022 12:13:51 GMT
etag: W/"463ab17c7b265e702f3c4390d78b31b3"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 6480520a5e02f3163410e3134bd77baa.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: O734dC9qfeULRXO4SJY7FAOfmv42JcTL86lFNiM5Dim-bhIpT16Fjw==
age: 56
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

278 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
278 B (278 bytes)
Hash
15ac18ae605231ff47a99ed952163c19
5f73579a6fcd3c2d2d1d807457f8d26d04056725
c2732c3d7d34d9a0616877bc88f6b28a3e904d980fd25893cf3025a80c7a6047

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1462
Cache-Control: max-age=146827
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 12:13:51 GMT
Etag: "63882f54-116"
Expires: Sat, 03 Dec 2022 05:00:58 GMT
Last-Modified: Thu, 01 Dec 2022 04:36:36 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 278

fonts.googleapis.com/css?family=Roboto+Condensed:400,700|Roboto:400,700

142.250.74.106

200 OK

1.3 kB

URL HTTP/2
fonts.googleapis.com/css?family=Roboto+Condensed:400,700|Roboto:400,700
IP
142.250.74.106:0
ASN
#15169 GOOGLE

File type
data
Size
1.3 kB (1255 bytes)
Hash
bdad71dbe57f24841601bbb85d4fd9a5
163bdc360e1296362226d81e61531a295276726f
3ac62be89569f7d6d2bd0a26a66c8bf8f59449f5ef69aa6cb54c56f770d36908

HTTP Headers

GET /css?family=Roboto+Condensed:400,700|Roboto:400,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 01 Dec 2022 12:13:51 GMT
date: Thu, 01 Dec 2022 12:13:51 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

tours.specia1.com/t/798/img/svg/arrow.svg

143.204.55.40

200 OK

181 B

URL HTTP/2
tours.specia1.com/t/798/img/svg/arrow.svg
IP
143.204.55.40:0
ASN
#16509 AMAZON-02

File type
SVG Scalable Vector Graphics image\012- , ASCII text
Size
181 B (181 bytes)
Hash
d2af819d42d8e9cd567e98d5cb2a23b4
5b5c2d37c4be1ca5ef442fdc9b7012156557b2b5
3af9c600bd2aa3222752e5ce23a88fec23318da1c6bf6c94e29c09bb7d64373c

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /t/798/img/svg/arrow.svg HTTP/1.1
Host: tours.specia1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/t/798/?t=49549&aid=106472&sid=44542_44543_&xk=5021d032e1c934088c51e8cdc76e191a&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49549%26aid%3D106472%26sid%3D44542_44543_%26clickid%3D1020df78d1794ead6ab163c15bbdc9%26bo%3D2754%252C2755%252C2756%26hts_id%3D78bf0395-671d-44b5-980e-4e8494ba6449&clickid=1020df78d1794ead6ab163c15bbdc9&i18n_country=NO&hts_id=78bf0395-671d-44b5-980e-4e8494ba6449
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: image/svg+xml
content-length: 181
last-modified: Wed, 30 Nov 2022 13:35:00 GMT
server: AmazonS3
date: Thu, 01 Dec 2022 12:13:52 GMT
etag: "d2af819d42d8e9cd567e98d5cb2a23b4"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 6480520a5e02f3163410e3134bd77baa.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: wnCtCq6OWW1ColrUZHdcKMm-LgwtL641ZjAfsYYq-6PEHS2YPqTOTA==
X-Firefox-Spdy: h2

ocsp.sca1b.amazontrust.com/

143.204.42.158

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
143.204.42.158:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
0eda0d0690d52ff5a4fbfdd2cbf11421
df790bb9d0515044c340bbc0a001fd74ecf5393c
ce77ba3c7c5471a95bbd9679f7a6e00614f9b3e1ca18fa5b5953e5e5cbd2597d

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=100599
Date: Thu, 01 Dec 2022 12:13:51 GMT
Etag: "63877a17-1d7"
Expires: Fri, 02 Dec 2022 16:10:30 GMT
Last-Modified: Wed, 30 Nov 2022 15:43:19 GMT
Server: ECS (nyb/1D0D)
X-Cache: Miss from cloudfront
Via: 1.1 a6d89f7e2d55548b941f1ff5d5b3c8d4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: s6T3jJlXouHyrXNjWRrnoXLL9WK_uyysWgwVHQiA9VtMbT2iIwBKzA==
Age: 1631

ocsp.sca1b.amazontrust.com/

143.204.42.158

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
143.204.42.158:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
0eda0d0690d52ff5a4fbfdd2cbf11421
df790bb9d0515044c340bbc0a001fd74ecf5393c
ce77ba3c7c5471a95bbd9679f7a6e00614f9b3e1ca18fa5b5953e5e5cbd2597d

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=100599
Date: Thu, 01 Dec 2022 12:13:51 GMT
Etag: "63877a17-1d7"
Expires: Fri, 02 Dec 2022 16:10:30 GMT
Last-Modified: Wed, 30 Nov 2022 15:43:19 GMT
Server: ECS (dcb/7F15)
X-Cache: Miss from cloudfront
Via: 1.1 6a757ab2991da716151f94ca00b38098.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: PkN44hnqNrb-DbrOL17xDvGEMbmphgR4VS6nCjTrokVUyiru-VcpQA==
Age: 1631

utl-1.com/1.6.38/utl.min.js

143.204.55.5

200 OK

312 kB

URL HTTP/2
utl-1.com/1.6.38/utl.min.js
IP
143.204.55.5:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (65536), with no line terminators
Size
312 kB (311771 bytes)
Hash
dedd14a7c951d3cc8f16918c53ca760f
7b8b1137964d253303b614f331a064dcd92f0ad3
a95f875f338c46afba8d8175e28e73917fe6080019c8ffc19fb3322161dc6872

HTTP Headers

GET /1.6.38/utl.min.js HTTP/1.1
Host: utl-1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript
content-length: 311771
date: Fri, 03 Jun 2022 11:33:10 GMT
last-modified: Thu, 02 Dec 2021 13:26:25 GMT
etag: "dedd14a7c951d3cc8f16918c53ca760f"
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 814e8c24454087e83cd261a6cf477166.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: HxC0FmXID4mObkc51SrQ4Xu8TRydIaafS5N4CHSYH7uV1jiwhOQh9Q==
age: 15640842
X-Firefox-Spdy: h2

utl-1.com/1.6.38/mst2.min.js

143.204.55.5

200 OK

18 kB

URL HTTP/2
utl-1.com/1.6.38/mst2.min.js
IP
143.204.55.5:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (17794), with no line terminators
Size
18 kB (17794 bytes)
Hash
3a2e1fe5f9de68d28807b0b5675235f4
1ec71f3bf36850118f94eacb5c7949f449b3a0b7
252d3a0ef9c3754cdf38a02570d1a84fa4d94d53ac2eaeeada2e141f9c11a2e2

HTTP Headers

GET /1.6.38/mst2.min.js HTTP/1.1
Host: utl-1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript
content-length: 17794
date: Fri, 15 Jul 2022 22:19:08 GMT
last-modified: Thu, 02 Dec 2021 13:26:25 GMT
etag: "3a2e1fe5f9de68d28807b0b5675235f4"
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 814e8c24454087e83cd261a6cf477166.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: F4UGSy1_IfgsXh5Zrn62JSmedxYLIAaaX_oOqWAFCB4KX6Wo_J0SMA==
age: 11973284
X-Firefox-Spdy: h2

tours.specia1.com/t/798/img/svg/yes.svg

143.204.55.40

200 OK

281 B

URL HTTP/2
tours.specia1.com/t/798/img/svg/yes.svg
IP
143.204.55.40:0
ASN
#16509 AMAZON-02

File type
SVG Scalable Vector Graphics image\012- , ASCII text
Size
281 B (281 bytes)
Hash
6eaabb6ef93caadac27e2b783ba4fabc
64f8619ac1de5109877bcbe3660ad22bfd05bd49
93772d9dfff4fc7c6e4ad08c204721ac5b75df620d1eec379d665742d4c886a1

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /t/798/img/svg/yes.svg HTTP/1.1
Host: tours.specia1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/t/798/?t=49549&aid=106472&sid=44542_44543_&xk=5021d032e1c934088c51e8cdc76e191a&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49549%26aid%3D106472%26sid%3D44542_44543_%26clickid%3D1020df78d1794ead6ab163c15bbdc9%26bo%3D2754%252C2755%252C2756%26hts_id%3D78bf0395-671d-44b5-980e-4e8494ba6449&clickid=1020df78d1794ead6ab163c15bbdc9&i18n_country=NO&hts_id=78bf0395-671d-44b5-980e-4e8494ba6449
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: image/svg+xml
content-length: 281
last-modified: Wed, 30 Nov 2022 13:35:00 GMT
server: AmazonS3
date: Thu, 01 Dec 2022 12:13:52 GMT
etag: "6eaabb6ef93caadac27e2b783ba4fabc"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 6480520a5e02f3163410e3134bd77baa.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 0KeGv6c2Rl1TUMlKwP_kIv6_oftqr-2XU5_GobIqdT-yzykN9x5H9g==
X-Firefox-Spdy: h2

tours.specia1.com/t/798/img/svg/eye-on.svg

143.204.55.40

200 OK

315 B

URL HTTP/2
tours.specia1.com/t/798/img/svg/eye-on.svg
IP
143.204.55.40:0
ASN
#16509 AMAZON-02

File type
SVG Scalable Vector Graphics image\012- , ASCII text
Size
315 B (315 bytes)
Hash
30defca025013f8fde64d94e424d06e6
920a23fb25a4d5122c4624478995dacf99246b02
716d9649b8acbd0594b5c2d4f927cd1f1eb599305f7ebecd9f4c8d9831d91b7b

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /t/798/img/svg/eye-on.svg HTTP/1.1
Host: tours.specia1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/t/798/?t=49549&aid=106472&sid=44542_44543_&xk=5021d032e1c934088c51e8cdc76e191a&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49549%26aid%3D106472%26sid%3D44542_44543_%26clickid%3D1020df78d1794ead6ab163c15bbdc9%26bo%3D2754%252C2755%252C2756%26hts_id%3D78bf0395-671d-44b5-980e-4e8494ba6449&clickid=1020df78d1794ead6ab163c15bbdc9&i18n_country=NO&hts_id=78bf0395-671d-44b5-980e-4e8494ba6449
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: image/svg+xml
content-length: 315
last-modified: Wed, 30 Nov 2022 13:35:00 GMT
server: AmazonS3
date: Thu, 01 Dec 2022 12:13:52 GMT
etag: "30defca025013f8fde64d94e424d06e6"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 6480520a5e02f3163410e3134bd77baa.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: F9UwauD7qezBAnbYfCPN7E96Ne49VIV7Wj_mQwpCztq7SElUPG14xA==
X-Firefox-Spdy: h2

tours.specia1.com/t/798/img/svg/eye-off.svg

143.204.55.40

200 OK

316 B

URL HTTP/2
tours.specia1.com/t/798/img/svg/eye-off.svg
IP
143.204.55.40:0
ASN
#16509 AMAZON-02

File type
SVG Scalable Vector Graphics image\012- , ASCII text
Size
316 B (316 bytes)
Hash
453f5a5f2c7dccca3bdab622bec9bfa9
7fbf1fbf5d8d8769ea728962061b6dddf00859ba
1ce9a6f6d80b6873db1fc406070809aac4872ffc693cd280346a3a7d0586ea69

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /t/798/img/svg/eye-off.svg HTTP/1.1
Host: tours.specia1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/t/798/?t=49549&aid=106472&sid=44542_44543_&xk=5021d032e1c934088c51e8cdc76e191a&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49549%26aid%3D106472%26sid%3D44542_44543_%26clickid%3D1020df78d1794ead6ab163c15bbdc9%26bo%3D2754%252C2755%252C2756%26hts_id%3D78bf0395-671d-44b5-980e-4e8494ba6449&clickid=1020df78d1794ead6ab163c15bbdc9&i18n_country=NO&hts_id=78bf0395-671d-44b5-980e-4e8494ba6449
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: image/svg+xml
content-length: 316
last-modified: Wed, 30 Nov 2022 13:35:00 GMT
server: AmazonS3
date: Thu, 01 Dec 2022 12:13:52 GMT
etag: "453f5a5f2c7dccca3bdab622bec9bfa9"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 6480520a5e02f3163410e3134bd77baa.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: gcptAoqrGvnNxIjcqFU-tQyo8ykVJlVsUMLSowPH3rNUy7TcrkfOWw==
X-Firefox-Spdy: h2

tours.specia1.com/t/798/img/svg/no.svg

143.204.55.40

200 OK

632 B

URL HTTP/2
tours.specia1.com/t/798/img/svg/no.svg
IP
143.204.55.40:0
ASN
#16509 AMAZON-02

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (560)
Size
632 B (632 bytes)
Hash
87b63fc664ac355cd3cd4545554e228c
bbdacfea3ed51682ec47bf5c9d66ecc81b357c03
c12c42c5899cc196bc084b410b7afed117f6c6e8763425a1c049d018778fb50c

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /t/798/img/svg/no.svg HTTP/1.1
Host: tours.specia1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/t/798/?t=49549&aid=106472&sid=44542_44543_&xk=5021d032e1c934088c51e8cdc76e191a&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49549%26aid%3D106472%26sid%3D44542_44543_%26clickid%3D1020df78d1794ead6ab163c15bbdc9%26bo%3D2754%252C2755%252C2756%26hts_id%3D78bf0395-671d-44b5-980e-4e8494ba6449&clickid=1020df78d1794ead6ab163c15bbdc9&i18n_country=NO&hts_id=78bf0395-671d-44b5-980e-4e8494ba6449
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: image/svg+xml
content-length: 632
last-modified: Wed, 30 Nov 2022 13:35:00 GMT
server: AmazonS3
date: Thu, 01 Dec 2022 12:13:52 GMT
etag: "87b63fc664ac355cd3cd4545554e228c"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 6480520a5e02f3163410e3134bd77baa.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: sWJRcg7y1IqFVvNIQL_2bOyRfYABeCkEH4CZ9itaP-ptZTtsOuPQWA==
X-Firefox-Spdy: h2

tours.specia1.com/t/798/img/svg/logo.svg

143.204.55.40

200 OK

1.5 kB

URL HTTP/2
tours.specia1.com/t/798/img/svg/logo.svg
IP
143.204.55.40:0
ASN
#16509 AMAZON-02

File type
data
Size
1.5 kB (1540 bytes)
Hash
99d70c18e24bc8a6355fb16ed31bc840
cd63a11dfda386411ebcd76aa365bcbd24b45c66
0230cd072011c37795a621e8c968fc7618e21027d634e2ea64bb04ab4e8dea60

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /t/798/img/svg/logo.svg HTTP/1.1
Host: tours.specia1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/t/798/?t=49549&aid=106472&sid=44542_44543_&xk=5021d032e1c934088c51e8cdc76e191a&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49549%26aid%3D106472%26sid%3D44542_44543_%26clickid%3D1020df78d1794ead6ab163c15bbdc9%26bo%3D2754%252C2755%252C2756%26hts_id%3D78bf0395-671d-44b5-980e-4e8494ba6449&clickid=1020df78d1794ead6ab163c15bbdc9&i18n_country=NO&hts_id=78bf0395-671d-44b5-980e-4e8494ba6449
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: image/svg+xml
last-modified: Wed, 30 Nov 2022 13:35:00 GMT
server: AmazonS3
content-encoding: gzip
date: Thu, 01 Dec 2022 12:13:52 GMT
etag: W/"7538625b5b49c597782eccfe996d8bbd"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 6480520a5e02f3163410e3134bd77baa.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 1QFsmU9-Y_dkrh-MTX3FBcs-NDdiXtnUxlq3b0Ud9ZdrXEpE_9NNIQ==
X-Firefox-Spdy: h2

utl-1.com/1.6.38/utl.min.js

143.204.55.5

304 Not Modified

0 B

URL HTTP/2
utl-1.com/1.6.38/utl.min.js
IP
143.204.55.5:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /1.6.38/utl.min.js HTTP/1.1
Host: utl-1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
If-Modified-Since: Thu, 02 Dec 2021 13:26:25 GMT
If-None-Match: "dedd14a7c951d3cc8f16918c53ca760f"
TE: trailers

HTTP/2 304 Not Modified
date: Thu, 01 Dec 2022 12:13:51 GMT
etag: "dedd14a7c951d3cc8f16918c53ca760f"
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 814e8c24454087e83cd261a6cf477166.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: jG6eW8AbaKrNMmYSSj83jH9Y2YbY1K_BILJ2-YJTUdzqEL6vFXilxg==
age: 15640842
X-Firefox-Spdy: h2

tours.specia1.com/t/common/js/footer_override.min.js

143.204.55.40

200 OK

1.4 kB

URL HTTP/2
tours.specia1.com/t/common/js/footer_override.min.js
IP
143.204.55.40:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (7843), with no line terminators
Size
1.4 kB (1353 bytes)
Hash
1c85d9b5186d68f37fafaf86b616fd27
fdc288a0b2b7922705d54aa1c28b691ec3732504
5339aaf650602b1e20048f57713ebfbbc4fb3e762c12f5742cbc5d195b1b854b

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /t/common/js/footer_override.min.js HTTP/1.1
Host: tours.specia1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/t/798/?t=49549&aid=106472&sid=44542_44543_&xk=5021d032e1c934088c51e8cdc76e191a&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49549%26aid%3D106472%26sid%3D44542_44543_%26clickid%3D1020df78d1794ead6ab163c15bbdc9%26bo%3D2754%252C2755%252C2756%26hts_id%3D78bf0395-671d-44b5-980e-4e8494ba6449&clickid=1020df78d1794ead6ab163c15bbdc9&i18n_country=NO&hts_id=78bf0395-671d-44b5-980e-4e8494ba6449
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: application/javascript
last-modified: Wed, 30 Nov 2022 13:35:25 GMT
server: AmazonS3
content-encoding: gzip
date: Thu, 01 Dec 2022 12:13:51 GMT
etag: W/"bce527ef9e6ea886fffc7cee9fc69826"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 6480520a5e02f3163410e3134bd77baa.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: IIidtrtmHyBDNmlfKT3oVpJy5Z4a_k8GKcfPQvTJwKQnRlXiI-TnwQ==
age: 68
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
28af367be8d4dd4a93cf35aeb4343efb
ecc6af34a7e5494bad954a92a5e42cf44096fa78
c6d018db3610fe07affa98b756d282874f09efe99e34229198f7812857d35686

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4896
Cache-Control: max-age=149552
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 12:13:52 GMT
Etag: "63882c90-117"
Expires: Sat, 03 Dec 2022 05:46:24 GMT
Last-Modified: Thu, 01 Dec 2022 04:24:48 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 279

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
980f31229421fd11df958496bea34502
648e03f048e6741beb1d4e10099b1429b79e4f00
887d1a1020b73fa3221c168713525f99474ac02fa10e251b5b23f6c0c519afce

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 12:13:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

216.58.207.227

200 OK

16 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://tours.specia1.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 30 Nov 2022 19:33:54 GMT
expires: Thu, 30 Nov 2023 19:33:54 GMT
cache-control: public, max-age=31536000
age: 59998
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

cdn.izooto.com/scripts/6d0d9819e611e28a165c1c894e7998790112eec4.js

104.18.216.65

200 OK

1.5 kB

URL HTTP/2
cdn.izooto.com/scripts/6d0d9819e611e28a165c1c894e7998790112eec4.js
IP
104.18.216.65:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (2530), with no line terminators
Size
1.5 kB (1476 bytes)
Hash
690752e268da274383a993a16c2cbbee
bb4c8acf040f5ece3ca2696f752bcbf63e8bbb06
e1082551af8bc8433259dd9d7fe8b5bc7582d271a367ea5ed4bc1cd207174698

HTTP Headers

GET /scripts/6d0d9819e611e28a165c1c894e7998790112eec4.js HTTP/1.1
Host: cdn.izooto.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Thu, 01 Dec 2022 12:13:52 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=2678400
cf-bgj: minify
etag: W/"6336ac72-9e2"
last-modified: Fri, 30 Sep 2022 08:44:34 GMT
vary: Accept-Encoding
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 133512
expires: Sun, 01 Jan 2023 12:13:52 GMT
server: cloudflare
cf-ray: 772bbd406adeb512-OSL
content-encoding: br
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

216.58.207.227

200 OK

16 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Size
16 kB (15860 bytes)
Hash
e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://tours.specia1.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 30 Nov 2022 19:34:15 GMT
expires: Thu, 30 Nov 2023 19:34:15 GMT
cache-control: public, max-age=31536000
age: 59977
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

tours.specia1.com/assets/specia1/ga.js?_=1669896830575

143.204.55.40

200 OK

392 B

URL HTTP/2
tours.specia1.com/assets/specia1/ga.js?_=1669896830575
IP
143.204.55.40:0
ASN
#16509 AMAZON-02

File type
ASCII text
Size
392 B (392 bytes)
Hash
eac15786f9b8937b5689ddf3faf0351d
c3bc0f68e5b6ec584c0034c1264ce966d354f341
6003f930e7a6ff14bd5520a7324f5a4ffcecbd182aaff2e8ace7ec65d885aa45

HTTP Headers

GET /assets/specia1/ga.js?_=1669896830575 HTTP/1.1
Host: tours.specia1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://tours.specia1.com/t/798/?t=49549&aid=106472&sid=44542_44543_&xk=5021d032e1c934088c51e8cdc76e191a&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49549%26aid%3D106472%26sid%3D44542_44543_%26clickid%3D1020df78d1794ead6ab163c15bbdc9%26bo%3D2754%252C2755%252C2756%26hts_id%3D78bf0395-671d-44b5-980e-4e8494ba6449&clickid=1020df78d1794ead6ab163c15bbdc9&i18n_country=NO&hts_id=78bf0395-671d-44b5-980e-4e8494ba6449&initialized=true&nrui=0
Cookie: tour=49549; affsubid=106472-44542_44543_; reff=https%3A%2F%2Ftours.specia1.com%2Ft%2F798%2F%3Ft%3D49549%26aid%3D106472%26sid%3D44542_44543_%26xk%3D5021d032e1c934088c51e8cdc76e191a%26bn%3D38%26gu%3Dhttp%253A%252F%252Fgo.moartraffic.com%252Fgo.php%253Ft%253D49549%2526aid%253D106472%2526sid%253D44542_44543_%2526clickid%253D1020df78d1794ead6ab163c15bbdc9%2526bo%253D2754%25252C2755%25252C2756%2526hts_id%253D78bf0395-671d-44b5-980e-4e8494ba6449%26clickid%3D1020df78d1794ead6ab163c15bbdc9%26i18n_country%3DNO%26hts_id%3D78bf0395-671d-44b5-980e-4e8494ba6449%26initialized%3Dtrue%26nrui%3D0; upgrade_tour=0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: application/javascript
content-length: 392
last-modified: Wed, 30 Nov 2022 13:33:25 GMT
server: AmazonS3
date: Thu, 01 Dec 2022 12:11:26 GMT
etag: "eac15786f9b8937b5689ddf3faf0351d"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 6480520a5e02f3163410e3134bd77baa.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: Kczf9UthO6jwOAvm7gD7wwkKt0QvAfIQtq8QFJaccMGjac-aYFrWYA==
age: 191
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
980f31229421fd11df958496bea34502
648e03f048e6741beb1d4e10099b1429b79e4f00
887d1a1020b73fa3221c168713525f99474ac02fa10e251b5b23f6c0c519afce

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 12:13:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
6c97d298a080a7fbd0376c464b56386f
6eacd2420773bde804c3888ba18c9cd0028a5fe2
25a046adce9675fb8de0e236337258c3b327e83cb3ebcb292c63d59a92e20a63

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "25A046ADCE9675FB8DE0E236337258C3B327E83CB3EBCB292C63D59A92E20A63"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19946
Expires: Thu, 01 Dec 2022 17:46:18 GMT
Date: Thu, 01 Dec 2022 12:13:52 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
6c97d298a080a7fbd0376c464b56386f
6eacd2420773bde804c3888ba18c9cd0028a5fe2
25a046adce9675fb8de0e236337258c3b327e83cb3ebcb292c63d59a92e20a63

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "25A046ADCE9675FB8DE0E236337258C3B327E83CB3EBCB292C63D59A92E20A63"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19946
Expires: Thu, 01 Dec 2022 17:46:18 GMT
Date: Thu, 01 Dec 2022 12:13:52 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
6c97d298a080a7fbd0376c464b56386f
6eacd2420773bde804c3888ba18c9cd0028a5fe2
25a046adce9675fb8de0e236337258c3b327e83cb3ebcb292c63d59a92e20a63

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "25A046ADCE9675FB8DE0E236337258C3B327E83CB3EBCB292C63D59A92E20A63"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19946
Expires: Thu, 01 Dec 2022 17:46:18 GMT
Date: Thu, 01 Dec 2022 12:13:52 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
6c97d298a080a7fbd0376c464b56386f
6eacd2420773bde804c3888ba18c9cd0028a5fe2
25a046adce9675fb8de0e236337258c3b327e83cb3ebcb292c63d59a92e20a63

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "25A046ADCE9675FB8DE0E236337258C3B327E83CB3EBCB292C63D59A92E20A63"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19946
Expires: Thu, 01 Dec 2022 17:46:18 GMT
Date: Thu, 01 Dec 2022 12:13:52 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
6c97d298a080a7fbd0376c464b56386f
6eacd2420773bde804c3888ba18c9cd0028a5fe2
25a046adce9675fb8de0e236337258c3b327e83cb3ebcb292c63d59a92e20a63

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "25A046ADCE9675FB8DE0E236337258C3B327E83CB3EBCB292C63D59A92E20A63"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19946
Expires: Thu, 01 Dec 2022 17:46:18 GMT
Date: Thu, 01 Dec 2022 12:13:52 GMT
Connection: keep-alive

secure.authbill.com/tour/api.php

68.169.87.223

200 OK

385 B

URL HTTP/1.1
secure.authbill.com/tour/api.php
IP
68.169.87.223:0
ASN
#30602 ISPRIME

File type
JSON data\012- , ASCII text, with very long lines (804), with no line terminators
Size
385 B (385 bytes)
Hash
673c190a4e2e73a6d3038928b8598f4c
6318b3faf1ccacf7f381d3c423d6a9882950c24c
39c4489106d62ae1d75f7c483c1a1a15311010cfe8445440c74d7582c6bba28c

HTTP Headers

POST /tour/api.php HTTP/1.1
Host: secure.authbill.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 41
Origin: https://tours.specia1.com
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
date: Thu, 01 Dec 2022 12:13:52 GMT
server: Apache
set-cookie: PHPSESSID=74D2~540c456583040ff93a92b294a45d7df9; path=/; secure; HttpOnly
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-headers: X-Requested-With, content-type
vary: Accept-Encoding
content-encoding: gzip
content-length: 385
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff

secure.authbill.com/tour/api.php

68.169.87.223

200 OK

4.8 kB

URL HTTP/1.1
secure.authbill.com/tour/api.php
IP
68.169.87.223:0
ASN
#30602 ISPRIME

File type
JSON data\012- , ASCII text, with very long lines (20405), with no line terminators
Size
4.8 kB (4820 bytes)
Hash
2c52104cbb6259e25de3f430d981f6a0
0794c091b4c15a50e328317de1050efb6151795b
6aba8684a9eb0aab82c8aa6aa3c73e86b5fb8d34f9d991ad9b6c847ae8b44b36

HTTP Headers

POST /tour/api.php HTTP/1.1
Host: secure.authbill.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 38
Origin: https://tours.specia1.com
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
date: Thu, 01 Dec 2022 12:13:52 GMT
server: Apache
set-cookie: PHPSESSID=120F~51c83b6d9adbc4d3223b263029fd3f3a; path=/; secure; HttpOnly
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-headers: X-Requested-With, content-type
vary: Accept-Encoding
content-encoding: gzip
content-length: 4820
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff

secure.authbill.com/tour/api.php

68.169.87.223

200 OK

21 B

URL HTTP/1.1
secure.authbill.com/tour/api.php
IP
68.169.87.223:0
ASN
#30602 ISPRIME

File type
very short file (no magic)
Size
21 B (21 bytes)
Hash
7ac8c27439ed6e2a30373651a2898777
1249bc89db36deb369d6388319453f015bd83e04
e240a7a561e7c84b32d4695ddc4c0d6c38a8e0c3f2581711c1971680f033437e

HTTP Headers

POST /tour/api.php HTTP/1.1
Host: secure.authbill.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 61
Origin: https://tours.specia1.com
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
date: Thu, 01 Dec 2022 12:13:52 GMT
server: Apache
set-cookie: PHPSESSID=D420~76f0a737e682deb466000d6cb5dd7f0f; path=/; secure; HttpOnly
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-headers: X-Requested-With, content-type
vary: Accept-Encoding
content-encoding: gzip
content-length: 21
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff

secure.authbill.com/tour/api.php

68.169.87.223

200 OK

159 B

URL HTTP/1.1
secure.authbill.com/tour/api.php
IP
68.169.87.223:0
ASN
#30602 ISPRIME

File type
JSON data\012- , ASCII text, with no line terminators
Size
159 B (159 bytes)
Hash
704f552bf9e91ed7a41ef3fe15f41e6c
ddb3f6202a07d626c2883ad589f457ad554d1025
5305b10c313709f6d27c70e321d5810292e915a8d2b45f0aacb0d668201f129d

HTTP Headers

POST /tour/api.php HTTP/1.1
Host: secure.authbill.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 31
Origin: https://tours.specia1.com
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
date: Thu, 01 Dec 2022 12:13:52 GMT
server: Apache
set-cookie: PHPSESSID=4DD2~b3506f40510b0725c682c5e5ef3e1cff; path=/; secure; HttpOnly
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-headers: X-Requested-With, content-type
vary: Accept-Encoding
content-encoding: gzip
content-length: 159
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff

secure.authbill.com/tour/api.php

68.169.87.223

200 OK

159 B

URL HTTP/1.1
secure.authbill.com/tour/api.php
IP
68.169.87.223:0
ASN
#30602 ISPRIME

File type
JSON data\012- , ASCII text, with no line terminators
Size
159 B (159 bytes)
Hash
704f552bf9e91ed7a41ef3fe15f41e6c
ddb3f6202a07d626c2883ad589f457ad554d1025
5305b10c313709f6d27c70e321d5810292e915a8d2b45f0aacb0d668201f129d

HTTP Headers

POST /tour/api.php HTTP/1.1
Host: secure.authbill.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 31
Origin: https://tours.specia1.com
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
date: Thu, 01 Dec 2022 12:13:52 GMT
server: Apache
set-cookie: PHPSESSID=237E~1070d6a532312d63b1ebce445baa7d12; path=/; secure; HttpOnly
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-headers: X-Requested-With, content-type
vary: Accept-Encoding
content-encoding: gzip
content-length: 159
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff

secure.authbill.com/tour/api.php

68.169.87.223

200 OK

20 B

URL HTTP/1.1
secure.authbill.com/tour/api.php
IP
68.169.87.223:0
ASN
#30602 ISPRIME

File type
data
Size
20 B (20 bytes)
Hash
7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2

HTTP Headers

POST /tour/api.php HTTP/1.1
Host: secure.authbill.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 1224
Origin: https://tours.specia1.com
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
date: Thu, 01 Dec 2022 12:13:52 GMT
server: Apache
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-headers: X-Requested-With, content-type
set-cookie: PHPSESSID=237E~f2914fd010e76692572f52ce8633ce0f; path=/; secure; HttpOnly
bd_ovtu=11; expires=Fri, 02-Dec-2022 12:13:52 GMT; Max-Age=86400; path=/; domain=.authbill.com
vary: Accept-Encoding
content-encoding: gzip
content-length: 20
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
188c50963e7939b1f26a31dbcb8c8200
859416e6148ea6618584e53604efcf072bb989cc
3a313cd3c1693a886bfbf6ffc6fbac78f87e6ded2b9a7749553444ada65ce36e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 12:13:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google-analytics.com/analytics.js

142.250.74.110

200 OK

20 kB

URL HTTP/2
www.google-analytics.com/analytics.js
IP
142.250.74.110:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1325)
Size
20 kB (20039 bytes)
Hash
47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e

HTTP Headers

GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Thu, 01 Dec 2022 10:41:08 GMT
expires: Thu, 01 Dec 2022 12:41:08 GMT
cache-control: public, max-age=7200
age: 5565
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

secure.authbill.com/tour/api.php

68.169.87.223

200 OK

55 B

URL HTTP/1.1
secure.authbill.com/tour/api.php
IP
68.169.87.223:0
ASN
#30602 ISPRIME

File type
ASCII text, with no line terminators
Size
55 B (55 bytes)
Hash
113ee80614b025e6a29240260cd0a74a
5f53af7c64ad3ac6bace2b9513ec933e60278f11
23b71777b3023af5531aaa75c5c4f3f9695260bef4dfd2e89e91034ff023f253

HTTP Headers

POST /tour/api.php HTTP/1.1
Host: secure.authbill.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 39
Origin: https://tours.specia1.com
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
date: Thu, 01 Dec 2022 12:13:52 GMT
server: Apache
set-cookie: PHPSESSID=D420~d3033b38eb0d22d24535a85872cf1d13; path=/; secure; HttpOnly
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-headers: X-Requested-With, content-type
vary: Accept-Encoding
content-encoding: gzip
content-length: 55
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
188c50963e7939b1f26a31dbcb8c8200
859416e6148ea6618584e53604efcf072bb989cc
3a313cd3c1693a886bfbf6ffc6fbac78f87e6ded2b9a7749553444ada65ce36e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 12:13:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google-analytics.com/j/collect?v=1&_v=j98&a=2046738050&t=event&_s=1&dl=https%3A%2F%2Ftours.specia1.com%2Ft%2F798%2F%3Ft%3D49549%26aid%3D106472%26sid%3D44542_44543_%26xk%3D5021d032e1c934088c51e8cdc76e191a%26bn%3D38%26gu%3Dhttp%253A%252F%252Fgo.moartraffic.com%252Fgo.php%253Ft%253D49549%2526aid%253D106472%2526sid%253D44542_44543_%2526clickid%253D1020df78d1794ead6ab163c15bbdc9%2526bo%253D2754%25252C2755%25252C2756%2526hts_id%253D78bf0395-671d-44b5-980e-4e8494ba6449%26clickid%3D1020df78d1794ead6ab163c15bbdc9%26i18n_country%3DNO%26hts_id%3D78bf0395-671d-44b5-980e-4e8494ba6449%26initialized%3Dtrue%26nrui%3D0&ul=en-us&de=UTF-8&dt=GetFlirty&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&ci=Tour%3A%2049549&ec=Tour%3A%2049549&ea=Current%20step%3A%2001&el=Total%20steps%3A%2015&_u=YEBAAEABAAAAACAAI~&jid=433472453&gjid=1595588669&cid=1425039635.1669896832&tid=UA-148167200-1&_gid=339724313.1669896832&_r=1&_slc=1&z=2056364372

142.250.74.110

200 OK

4 B

URL HTTP/2
www.google-analytics.com/j/collect?v=1&_v=j98&a=2046738050&t=event&_s=1&dl=https%3A%2F%2Ftours.specia1.com%2Ft%2F798%2F%3Ft%3D49549%26aid%3D106472%26sid%3D44542_44543_%26xk%3D5021d032e1c934088c51e8cdc76e191a%26bn%3D38%26gu%3Dhttp%253A%252F%252Fgo.moartraffic.com%252Fgo.php%253Ft%253D49549%2526aid%253D106472%2526sid%253D44542_44543_%2526clickid%253D1020df78d1794ead6ab163c15bbdc9%2526bo%253D2754%25252C2755%25252C2756%2526hts_id%253D78bf0395-671d-44b5-980e-4e8494ba6449%26clickid%3D1020df78d1794ead6ab163c15bbdc9%26i18n_country%3DNO%26hts_id%3D78bf0395-671d-44b5-980e-4e8494ba6449%26initialized%3Dtrue%26nrui%3D0&ul=en-us&de=UTF-8&dt=GetFlirty&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&ci=Tour%3A%2049549&ec=Tour%3A%2049549&ea=Current%20step%3A%2001&el=Total%20steps%3A%2015&_u=YEBAAEABAAAAACAAI~&jid=433472453&gjid=1595588669&cid=1425039635.1669896832&tid=UA-148167200-1&_gid=339724313.1669896832&_r=1&_slc=1&z=2056364372
IP
142.250.74.110:0
ASN
#15169 GOOGLE

File type
ASCII text, with no line terminators
Size
4 B (4 bytes)
Hash
9e92e190700c1af4539b40c2171320a9
209bcdb79e6067b51091ce8586d4b977f25b67d8
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

HTTP Headers

POST /j/collect?v=1&_v=j98&a=2046738050&t=event&_s=1&dl=https%3A%2F%2Ftours.specia1.com%2Ft%2F798%2F%3Ft%3D49549%26aid%3D106472%26sid%3D44542_44543_%26xk%3D5021d032e1c934088c51e8cdc76e191a%26bn%3D38%26gu%3Dhttp%253A%252F%252Fgo.moartraffic.com%252Fgo.php%253Ft%253D49549%2526aid%253D106472%2526sid%253D44542_44543_%2526clickid%253D1020df78d1794ead6ab163c15bbdc9%2526bo%253D2754%25252C2755%25252C2756%2526hts_id%253D78bf0395-671d-44b5-980e-4e8494ba6449%26clickid%3D1020df78d1794ead6ab163c15bbdc9%26i18n_country%3DNO%26hts_id%3D78bf0395-671d-44b5-980e-4e8494ba6449%26initialized%3Dtrue%26nrui%3D0&ul=en-us&de=UTF-8&dt=GetFlirty&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&ci=Tour%3A%2049549&ec=Tour%3A%2049549&ea=Current%20step%3A%2001&el=Total%20steps%3A%2015&_u=YEBAAEABAAAAACAAI~&jid=433472453&gjid=1595588669&cid=1425039635.1669896832&tid=UA-148167200-1&_gid=339724313.1669896832&_r=1&_slc=1&z=2056364372 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://tours.specia1.com
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: https://tours.specia1.com
date: Thu, 01 Dec 2022 12:13:53 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.google-analytics.com/collect?v=1&_v=j98&a=2046738050&t=pageview&_s=2&dl=https%3A%2F%2Ftours.specia1.com%2Ft%2F798%2F%3Ft%3D49549%26aid%3D106472%26sid%3D44542_44543_%26xk%3D5021d032e1c934088c51e8cdc76e191a%26bn%3D38%26gu%3Dhttp%253A%252F%252Fgo.moartraffic.com%252Fgo.php%253Ft%253D49549%2526aid%253D106472%2526sid%253D44542_44543_%2526clickid%253D1020df78d1794ead6ab163c15bbdc9%2526bo%253D2754%25252C2755%25252C2756%2526hts_id%253D78bf0395-671d-44b5-980e-4e8494ba6449%26clickid%3D1020df78d1794ead6ab163c15bbdc9%26i18n_country%3DNO%26hts_id%3D78bf0395-671d-44b5-980e-4e8494ba6449%26initialized%3Dtrue%26nrui%3D0&ul=en-us&de=UTF-8&dt=GetFlirty&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&ci=Tour%3A%2049549&_u=YEBAAEABAAAAACAAI~&jid=&gjid=&cid=1425039635.1669896832&tid=UA-148167200-1&_gid=339724313.1669896832&z=2105340383

142.250.74.110

200 OK

35 B

URL HTTP/2
www.google-analytics.com/collect?v=1&_v=j98&a=2046738050&t=pageview&_s=2&dl=https%3A%2F%2Ftours.specia1.com%2Ft%2F798%2F%3Ft%3D49549%26aid%3D106472%26sid%3D44542_44543_%26xk%3D5021d032e1c934088c51e8cdc76e191a%26bn%3D38%26gu%3Dhttp%253A%252F%252Fgo.moartraffic.com%252Fgo.php%253Ft%253D49549%2526aid%253D106472%2526sid%253D44542_44543_%2526clickid%253D1020df78d1794ead6ab163c15bbdc9%2526bo%253D2754%25252C2755%25252C2756%2526hts_id%253D78bf0395-671d-44b5-980e-4e8494ba6449%26clickid%3D1020df78d1794ead6ab163c15bbdc9%26i18n_country%3DNO%26hts_id%3D78bf0395-671d-44b5-980e-4e8494ba6449%26initialized%3Dtrue%26nrui%3D0&ul=en-us&de=UTF-8&dt=GetFlirty&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&ci=Tour%3A%2049549&_u=YEBAAEABAAAAACAAI~&jid=&gjid=&cid=1425039635.1669896832&tid=UA-148167200-1&_gid=339724313.1669896832&z=2105340383
IP
142.250.74.110:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
35 B (35 bytes)
Hash
28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

HTTP Headers

GET /collect?v=1&_v=j98&a=2046738050&t=pageview&_s=2&dl=https%3A%2F%2Ftours.specia1.com%2Ft%2F798%2F%3Ft%3D49549%26aid%3D106472%26sid%3D44542_44543_%26xk%3D5021d032e1c934088c51e8cdc76e191a%26bn%3D38%26gu%3Dhttp%253A%252F%252Fgo.moartraffic.com%252Fgo.php%253Ft%253D49549%2526aid%253D106472%2526sid%253D44542_44543_%2526clickid%253D1020df78d1794ead6ab163c15bbdc9%2526bo%253D2754%25252C2755%25252C2756%2526hts_id%253D78bf0395-671d-44b5-980e-4e8494ba6449%26clickid%3D1020df78d1794ead6ab163c15bbdc9%26i18n_country%3DNO%26hts_id%3D78bf0395-671d-44b5-980e-4e8494ba6449%26initialized%3Dtrue%26nrui%3D0&ul=en-us&de=UTF-8&dt=GetFlirty&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&ci=Tour%3A%2049549&_u=YEBAAEABAAAAACAAI~&jid=&gjid=&cid=1425039635.1669896832&tid=UA-148167200-1&_gid=339724313.1669896832&z=2105340383 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
pragma: no-cache
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 35
date: Thu, 01 Dec 2022 03:35:40 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
age: 31093
last-modified: Sun, 17 May 1998 03:00:00 GMT
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
51d5484b700426c5612c309bbf14b114
026994960bfaaa4e2604b66cb795b2787fe300a2
e3e30a64f2e4fc59120c46b320d104f1b9d9a8af90106ab78715d14e49e11ae0

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 12:13:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-148167200-1&cid=1425039635.1669896832&jid=433472453&gjid=1595588669&_gid=339724313.1669896832&_u=YEBAAEAAAAAAACAAI~&z=587871826

64.233.165.154

200 OK

4 B

URL HTTP/2
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-148167200-1&cid=1425039635.1669896832&jid=433472453&gjid=1595588669&_gid=339724313.1669896832&_u=YEBAAEAAAAAAACAAI~&z=587871826
IP
64.233.165.154:0
ASN
#15169 GOOGLE

File type
ASCII text, with no line terminators
Size
4 B (4 bytes)
Hash
48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a

HTTP Headers

POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-148167200-1&cid=1425039635.1669896832&jid=433472453&gjid=1595588669&_gid=339724313.1669896832&_u=YEBAAEAAAAAAACAAI~&z=587871826 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://tours.specia1.com
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: https://tours.specia1.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Thu, 01 Dec 2022 12:13:53 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

tours.specia1.com/t/798/img/gf_favicon.png

143.204.55.40

200 OK

727 B

URL HTTP/2
tours.specia1.com/t/798/img/gf_favicon.png
IP
143.204.55.40:0
ASN
#16509 AMAZON-02

File type
PNG image data, 64 x 64, 8-bit colormap, non-interlaced\012- data
Size
727 B (727 bytes)
Hash
70ae7487b024158bd6ee8ecf55412d03
74dd9d551cf04f8cd6e8cee7646dbe7ac8ba9c08
cee30a5e031f3895fb1de39c8ac7fc81098cf0344ec1181ec795d0009afe9051

HTTP Headers

GET /t/798/img/gf_favicon.png HTTP/1.1
Host: tours.specia1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/t/798/?t=49549&aid=106472&sid=44542_44543_&xk=5021d032e1c934088c51e8cdc76e191a&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49549%26aid%3D106472%26sid%3D44542_44543_%26clickid%3D1020df78d1794ead6ab163c15bbdc9%26bo%3D2754%252C2755%252C2756%26hts_id%3D78bf0395-671d-44b5-980e-4e8494ba6449&clickid=1020df78d1794ead6ab163c15bbdc9&i18n_country=NO&hts_id=78bf0395-671d-44b5-980e-4e8494ba6449&initialized=true&nrui=0
Cookie: tour=49549; affsubid=106472-44542_44543_; reff=https%3A%2F%2Ftours.specia1.com%2Ft%2F798%2F%3Ft%3D49549%26aid%3D106472%26sid%3D44542_44543_%26xk%3D5021d032e1c934088c51e8cdc76e191a%26bn%3D38%26gu%3Dhttp%253A%252F%252Fgo.moartraffic.com%252Fgo.php%253Ft%253D49549%2526aid%253D106472%2526sid%253D44542_44543_%2526clickid%253D1020df78d1794ead6ab163c15bbdc9%2526bo%253D2754%25252C2755%25252C2756%2526hts_id%253D78bf0395-671d-44b5-980e-4e8494ba6449%26clickid%3D1020df78d1794ead6ab163c15bbdc9%26i18n_country%3DNO%26hts_id%3D78bf0395-671d-44b5-980e-4e8494ba6449%26initialized%3Dtrue%26nrui%3D0; upgrade_tour=0; custom_tracking=%5B%22address%22%2C%22ad_type%22%2C%22app_id%22%2C%22app_name%22%2C%22auth_token%22%2C%22a_aid%22%2C%22a_bid%22%2C%22banner%22%2C%22banner_id%22%2C%22banner_size%22%2C%22bn%22%2C%22c%22%2C%22cid%22%2C%22city%22%2C%22clickid%22%2C%22click_id%22%2C%22click_url%22%2C%22cmp_bo%22%2C%22cmp_member_id%22%2C%22consent%22%2C%22dx%22%2C%22email%22%2C%22exotracker%22%2C%22f%22%2C%22fbclid%22%2C%22fbid%22%2C%22first_name%22%2C%22gclid%22%2C%22gdpr%22%2C%22h%22%2C%22hts_id%22%2C%22hx%22%2C%22keyword%22%2C%22landerid%22%2C%22lander_id%22%2C%22last_name%22%2C%22misc_tour_info%22%2C%22niche%22%2C%22np%22%2C%22offer%22%2C%22origin%22%2C%22phone_number%22%2C%22placement%22%2C%22product%22%2C%22product_id%22%2C%22profile_visited%22%2C%22publisher%22%2C%22rcid%22%2C%22referer%22%2C%22reqid%22%2C%22rgc%22%2C%22rgh%22%2C%22rgm%22%2C%22schedule%22%2C%22sdaf%22%2C%22sdfsadf%22%2C%22session_initiated_by%22%2C%22sl%22%2C%22smoochy_user_id%22%2C%22snapchat_username%22%2C%22source%22%2C%22state%22%2C%22street%22%2C%22sv_cheating_mon%22%2C%22template%22%2C%22thumb_id%22%2C%22tracker_id%22%2C%22upgrade_uuid%22%2C%22upg_reason%22%2C%22userage%22%2C%22useremail%22%2C%22userzip%22%2C%22user_id%22%2C%22wellhello_profile_id%22%2C%22wellhello_upgrade_tour%22%2C%22xk%22%2C%22zip%22%5D; prop_bn=38; prop_clickid=1020df78d1794ead6ab163c15bbdc9; prop_hts_id=78bf0395-671d-44b5-980e-4e8494ba6449; prop_xk=5021d032e1c934088c51e8cdc76e191a; affiliate_106472_is_terminated=0; geoip=%7B%22country_code%22%3A%22NO%22%2C%22country_name%22%3A%22Norway%22%2C%22region%22%3A%22Oslo%22%2C%22city%22%3A%22Oslo%22%2C%22latitude%22%3A59.9127311707%2C%22longitude%22%3A10.7460899353%2C%22zipcode%22%3A%220131%22%2C%22isp_name%22%3A%22Blix%20Group%20AS%22%2C%22mobile_brand%22%3A%22%22%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: image/png
content-length: 727
last-modified: Wed, 30 Nov 2022 13:35:00 GMT
server: AmazonS3
date: Thu, 01 Dec 2022 12:13:54 GMT
etag: "70ae7487b024158bd6ee8ecf55412d03"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 6480520a5e02f3163410e3134bd77baa.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 8_9llUVBApNAsmxp6HPOaBxWJE9iIu-6e8_eZWtcxdyS-lGg3Qllsg==
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
81abfd63eeb2fadc85b31541378babb1
09d3223c1a2a4e2cbfcba0381ead2cee5ee0a200
c7665c83165956c11bdbe0509ae03bf6af1b34ca68bf352fbfd629dc3a04b815

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 12:13:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
51d5484b700426c5612c309bbf14b114
026994960bfaaa4e2604b66cb795b2787fe300a2
e3e30a64f2e4fc59120c46b320d104f1b9d9a8af90106ab78715d14e49e11ae0

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 12:13:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
16c3ad4a2bc7f419fb354b37778f8b2f
d193a1336556dcf6b4975a057e7c849037eef0ff
5993deb5a53b2e844b9027a6b6906c718f6e9f69c27388199c4343a80ef067f6

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 12:13:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-148167200-1&cid=1425039635.1669896832&jid=433472453&_u=YEBAAEAAAAAAACAAI~&z=1680326056

142.250.74.35

200 OK

42 B

URL HTTP/2
www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-148167200-1&cid=1425039635.1669896832&jid=433472453&_u=YEBAAEAAAAAAACAAI~&z=1680326056
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-148167200-1&cid=1425039635.1669896832&jid=433472453&_u=YEBAAEAAAAAAACAAI~&z=1680326056 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 01 Dec 2022 12:13:53 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-148167200-1&cid=1425039635.1669896832&jid=433472453&_u=YEBAAEAAAAAAACAAI~&z=1680326056

216.58.211.4

200 OK

42 B

URL HTTP/2
www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-148167200-1&cid=1425039635.1669896832&jid=433472453&_u=YEBAAEAAAAAAACAAI~&z=1680326056
IP
216.58.211.4:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-148167200-1&cid=1425039635.1669896832&jid=433472453&_u=YEBAAEAAAAAAACAAI~&z=1680326056 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 01 Dec 2022 12:13:53 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
81abfd63eeb2fadc85b31541378babb1
09d3223c1a2a4e2cbfcba0381ead2cee5ee0a200
c7665c83165956c11bdbe0509ae03bf6af1b34ca68bf352fbfd629dc3a04b815

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 12:13:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
533f66ef53706466ce20dc9aebf11812
0c0d713d538eb224deeb9241917a117205f16cb2
8ce7b68022c847b59b9a132ada3a75eea73bb57bae4683901c8df08fa255ba79

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 12:13:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

tours.specia1.com/t/798/?t=49549&aid=106472&sid=44542_44543_&xk=5021d032e1c934088c51e8cdc76e191a&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49549%26aid%3D106472%26sid%3D44542_44543_%26clickid%3D1020df78d1794ead6ab163c15bbdc9%26bo%3D2754%252C2755%252C2756%26hts_id%3D78bf0395-671d-44b5-980e-4e8494ba6449&clickid=1020df78d1794ead6ab163c15bbdc9&i18n_country=NO&hts_id=78bf0395-671d-44b5-980e-4e8494ba6449

143.204.55.40

200 OK

0 B

URL HTTP/2
tours.specia1.com/t/798/?t=49549&aid=106472&sid=44542_44543_&xk=5021d032e1c934088c51e8cdc76e191a&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49549%26aid%3D106472%26sid%3D44542_44543_%26clickid%3D1020df78d1794ead6ab163c15bbdc9%26bo%3D2754%252C2755%252C2756%26hts_id%3D78bf0395-671d-44b5-980e-4e8494ba6449&clickid=1020df78d1794ead6ab163c15bbdc9&i18n_country=NO&hts_id=78bf0395-671d-44b5-980e-4e8494ba6449
IP
143.204.55.40:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /t/798/?t=49549&aid=106472&sid=44542_44543_&xk=5021d032e1c934088c51e8cdc76e191a&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49549%26aid%3D106472%26sid%3D44542_44543_%26clickid%3D1020df78d1794ead6ab163c15bbdc9%26bo%3D2754%252C2755%252C2756%26hts_id%3D78bf0395-671d-44b5-980e-4e8494ba6449&clickid=1020df78d1794ead6ab163c15bbdc9&i18n_country=NO&hts_id=78bf0395-671d-44b5-980e-4e8494ba6449 HTTP/1.1
Host: tours.specia1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://go.moartraffic.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/html
last-modified: Wed, 30 Nov 2022 13:35:00 GMT
server: AmazonS3
content-encoding: gzip
date: Thu, 01 Dec 2022 12:13:52 GMT
etag: W/"da3c8f505030c68515ec2a17a72ced1d"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 6480520a5e02f3163410e3134bd77baa.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: xusrWVILmhow2-chTEhVNaW1Pka6zy8REltcAimdg4gK96UGeRA6CQ==
X-Firefox-Spdy: h2

cl0udh0st1ng.com/bo.js

188.114.96.1

200 OK

0 B

URL HTTP/2
cl0udh0st1ng.com/bo.js
IP
188.114.96.1:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /bo.js HTTP/1.1
Host: cl0udh0st1ng.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Thu, 01 Dec 2022 12:13:51 GMT
content-type: application/javascript; charset=utf-8
x-origin-cache: HIT
last-modified: Tue, 04 Jun 2019 22:59:12 GMT
access-control-allow-origin: *
etag: W/"5cf6f7c0-e8c"
expires: Wed, 30 Nov 2022 10:25:19 GMT
cache-control: max-age=14400
x-proxy-cache: HIT
x-github-request-id: DC4C:44B8:24A9981:25BE38B:60BF4C34
via: 1.1 varnish
age: 382
x-served-by: cache-osl6526-OSL
x-cache: MISS
x-cache-hits: 0
x-timer: S1623149621.800189,VS0,VE103
vary: Accept-Encoding
x-fastly-request-id: 46b2f065819753b0d054b6955b522d85b5c39783
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zXzvCIuwQicb1z9gXXbqQyw3SiGRnh29r0nrjgGEx3SvjOWJG%2BdMKjOHkuBc%2BjkNII%2F1zVu%2FbYi12uFiqyHn8hYjUoaf5C3Jbnu67aPq7whltkYaBVzuDxuEhwq6QxTud4Uc"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 772bbd3b29fdb4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

tour.bang.com/bb/default.js

104.22.72.97

200 OK

0 B

URL HTTP/2
tour.bang.com/bb/default.js
IP
104.22.72.97:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /bb/default.js HTTP/1.1
Host: tour.bang.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Thu, 01 Dec 2022 12:13:51 GMT
content-type: application/javascript
cache-control: no-cache, private
vary: Accept-Encoding
cf-cache-status: BYPASS
server: cloudflare
cf-ray: 772bbd3b5f790d46-ARN
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.izooto.com/scripts/sdk/izooto.js

104.18.216.65

200 OK

0 B

URL HTTP/2
cdn.izooto.com/scripts/sdk/izooto.js
IP
104.18.216.65:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /scripts/sdk/izooto.js HTTP/1.1
Host: cdn.izooto.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Thu, 01 Dec 2022 12:13:52 GMT
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=2678400
cf-bgj: minify
etag: W/"6387663f-3bb40"
last-modified: Wed, 30 Nov 2022 14:18:39 GMT
vary: Accept-Encoding
x-xss-protection: 1; mode=block
cf-cache-status: HIT
age: 78855
expires: Sun, 01 Jan 2023 12:13:52 GMT
server: cloudflare
cf-ray: 772bbd40fb9ab512-OSL
content-encoding: br
X-Firefox-Spdy: h2

tours.specia1.com/t/798/css/style.css

143.204.55.40

200 OK

0 B

URL HTTP/2
tours.specia1.com/t/798/css/style.css
IP
143.204.55.40:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /t/798/css/style.css HTTP/1.1
Host: tours.specia1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/t/798/?t=49549&aid=106472&sid=44542_44543_&xk=5021d032e1c934088c51e8cdc76e191a&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49549%26aid%3D106472%26sid%3D44542_44543_%26clickid%3D1020df78d1794ead6ab163c15bbdc9%26bo%3D2754%252C2755%252C2756%26hts_id%3D78bf0395-671d-44b5-980e-4e8494ba6449&clickid=1020df78d1794ead6ab163c15bbdc9&i18n_country=NO&hts_id=78bf0395-671d-44b5-980e-4e8494ba6449
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: text/css
last-modified: Wed, 30 Nov 2022 13:35:00 GMT
server: AmazonS3
content-encoding: gzip
date: Thu, 01 Dec 2022 12:13:52 GMT
etag: W/"259c0a015a9b68e85cff0bf027ba6272"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 6480520a5e02f3163410e3134bd77baa.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 2sUWx5y7ASQxzLXkIyj7m-Qc4FGz2n6nGrtCaY6h_DHYqKhRo3ZoTA==
X-Firefox-Spdy: h2

cdn.izooto.com/scripts/sak/iz_setcid.html?v=1

104.18.216.65

200 OK

0 B

URL HTTP/2
cdn.izooto.com/scripts/sak/iz_setcid.html?v=1
IP
104.18.216.65:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /scripts/sak/iz_setcid.html?v=1 HTTP/1.1
Host: cdn.izooto.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Thu, 01 Dec 2022 12:13:52 GMT
content-type: text/html
last-modified: Tue, 05 Apr 2022 12:00:20 GMT
vary: Accept-Encoding
x-xss-protection: 1; mode=block
cache-control: public, max-age=2678400
access-control-allow-origin: *
cf-cache-status: HIT
age: 2503854
expires: Sun, 01 Jan 2023 12:13:52 GMT
server: cloudflare
cf-ray: 772bbd425d56b512-OSL
content-encoding: br
X-Firefox-Spdy: h2

tours.specia1.com/t/798/js/custom.js

143.204.55.40

200 OK

0 B

URL HTTP/2
tours.specia1.com/t/798/js/custom.js
IP
143.204.55.40:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /t/798/js/custom.js HTTP/1.1
Host: tours.specia1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/t/798/?t=49549&aid=106472&sid=44542_44543_&xk=5021d032e1c934088c51e8cdc76e191a&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49549%26aid%3D106472%26sid%3D44542_44543_%26clickid%3D1020df78d1794ead6ab163c15bbdc9%26bo%3D2754%252C2755%252C2756%26hts_id%3D78bf0395-671d-44b5-980e-4e8494ba6449&clickid=1020df78d1794ead6ab163c15bbdc9&i18n_country=NO&hts_id=78bf0395-671d-44b5-980e-4e8494ba6449
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: application/javascript
last-modified: Wed, 30 Nov 2022 13:35:00 GMT
server: AmazonS3
content-encoding: gzip
date: Thu, 01 Dec 2022 12:13:52 GMT
etag: W/"262dc6cadb2d0e8fecd84cfe8fc4a9ac"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 6480520a5e02f3163410e3134bd77baa.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 8m-FSBzqXUEVe4e-QAPqnc_ik1glOYjFlzI8EO_bVezxeRxJ_CnHdQ==
X-Firefox-Spdy: h2

143.204.55.40

200 OK

0 B

URL HTTP/2
tours.specia1.com/t/798/?t=49549&aid=106472&sid=44542_44543_&xk=5021d032e1c934088c51e8cdc76e191a&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49549%26aid%3D106472%26sid%3D44542_44543_%26clickid%3D1020df78d1794ead6ab163c15bbdc9%26bo%3D2754%252C2755%252C2756%26hts_id%3D78bf0395-671d-44b5-980e-4e8494ba6449&clickid=1020df78d1794ead6ab163c15bbdc9&i18n_country=NO&hts_id=78bf0395-671d-44b5-980e-4e8494ba6449&initialized=true&nrui=0
IP
143.204.55.40:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /t/798/?t=49549&aid=106472&sid=44542_44543_&xk=5021d032e1c934088c51e8cdc76e191a&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49549%26aid%3D106472%26sid%3D44542_44543_%26clickid%3D1020df78d1794ead6ab163c15bbdc9%26bo%3D2754%252C2755%252C2756%26hts_id%3D78bf0395-671d-44b5-980e-4e8494ba6449&clickid=1020df78d1794ead6ab163c15bbdc9&i18n_country=NO&hts_id=78bf0395-671d-44b5-980e-4e8494ba6449&initialized=true&nrui=0 HTTP/1.1
Host: tours.specia1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/t/798/?t=49549&aid=106472&sid=44542_44543_&xk=5021d032e1c934088c51e8cdc76e191a&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49549%26aid%3D106472%26sid%3D44542_44543_%26clickid%3D1020df78d1794ead6ab163c15bbdc9%26bo%3D2754%252C2755%252C2756%26hts_id%3D78bf0395-671d-44b5-980e-4e8494ba6449&clickid=1020df78d1794ead6ab163c15bbdc9&i18n_country=NO&hts_id=78bf0395-671d-44b5-980e-4e8494ba6449&initialized=true&nrui=0
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: text/html
last-modified: Wed, 30 Nov 2022 13:35:00 GMT
server: AmazonS3
content-encoding: gzip
date: Thu, 01 Dec 2022 12:13:52 GMT
etag: W/"da3c8f505030c68515ec2a17a72ced1d"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 6480520a5e02f3163410e3134bd77baa.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: z1qlfGu4Bikw0VDGmPX8TPu7ietItAQmfcljjQVQxGLHU25F5ZnNpQ==
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (15)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations