Report - t.anmdr.link/44542/5447/?aff_sub4=_bucket&aff_sub=22100611_01_375669_2008fa6ecfe5e;375669&aff_sub2=1321&aff_sub3=w85icrn68eveebiji0avftco&source=10291a2f45054408dd8587ce3ad216&bo=2754,2755,2756&aff_sub5=

Report Overview

Submitted URL
t.anmdr.link/44542/5447/?aff_sub4=_bucket&aff_sub=22100611_01_375669_2008fa6ecfe5e;375669&aff_sub2=1321&aff_sub3=w85icrn68eveebiji0avftco&source=10291a2f45054408dd8587ce3ad216&bo=2754,2755,2756&aff_sub5=_
IP
54.230.111.38
ASN
#16509 AMAZON-02
Submitted
2022-10-06 19:32:15
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
10

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	401 B	5.8 kB	34.160.144.191
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	321 B	229 B	34.117.237.239
utl-1.com	164141	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	705 B	330 kB	54.230.111.7
secure.authbill.com	117022	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.9 kB	9.0 kB	68.169.87.223
stats.g.doubleclick.net	96	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	598 B	712 B	173.194.73.157
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	329 B	737 B	93.184.220.29
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	52 kB	34.120.237.76
www.google.com	7	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	508 B	694 B	142.250.74.164
t.anmdr.link	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.1 kB	2.8 kB	54.230.111.123
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	594 B	127 B	35.161.230.192
fonts.gstatic.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	942 B	34 kB	216.58.207.195
cdn.izooto.com	15273	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	497 B	2.0 kB	104.18.217.65
fonts.googleapis.com	8877	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	385 B	1.8 kB	142.250.74.10
tours.specia1.com	391408	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	10 kB	756 kB	54.230.111.54
www.google-analytics.com	40	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.9 kB	22 kB	142.250.74.174
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	758 B	2.7 kB	54.230.111.35
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.9 kB	11 kB	23.36.77.32
ocsp.sca1b.amazontrust.com	1015	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.4 kB	3.7 kB	54.230.245.118
go.moartraffic.com	191983	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.4 kB	9.3 kB	64.188.52.46
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.3 kB	7.0 kB	142.250.74.3
www.google.no	25607	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	507 B	694 B	142.250.74.3

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-10-06	medium	tours.specia1.com/t/1630/images/arrow.svg	Phishing
2022-10-06	medium	tours.specia1.com/t/1630/api.js?v=6	Phishing
2022-10-06	medium	tours.specia1.com/t/common/js/footer_override.min.js	Phishing
2022-10-06	medium	tours.specia1.com/t/1630/custom.js	Phishing
2022-10-06	medium	tours.specia1.com/t/common/js/repoUtilsV2.js	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (15)

	URL	Size	First Seen	Last Seen
	cdn.izooto.com/scripts/6d0d9819e611e28a165c1c894e7998790112eec4.js	2.5 kB	2023-03-07	2023-05-29
Pretty URL cdn.izooto.com/scripts/6d0d9819e611e28a165c1c894e7998790112eec4.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:42:41 Last Seen2023-05-29 06:36:55 Times Seen21 Hash db0978cf7984d9a04fbad61af732fe12 0a7bf5e54cbdd016b88fada17665e7d689dc2c83 61e8a955df8bd6092e9231983ddca6a47083621f2db3d125cb3e8d2d33c35b5c Loading...

	www.google-analytics.com/analytics.js	50 kB	2023-03-08	2024-04-26
Pretty URL www.google-analytics.com/analytics.js IP 142.250.74.174 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 05:22:31 Last Seen2024-04-26 05:50:27 Times Seen1534 Hash fda30e8a22c9bcd954fd8d0fadd0e77c ae47cd34cbde081a48d7f92fc80aaf06a1381193 b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719 Loading...

	go.moartraffic.com/native.history.js	22 kB	2023-03-07	2024-02-07
Pretty URL go.moartraffic.com/native.history.js IP 64.188.52.46 ASN #30602 ISPRIME Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06:59 Last Seen2024-02-07 04:52:40 Times Seen95 Hash 4391c3ebd46fb772c788c32d1885afdd 824d318a296d3ae4bc8023f254d61a94818e0866 968c9f4d687c2584b5073a12074aa9d18601af83399d4b6c420b022ecda05f7f Loading...

	go.moartraffic.com/go.min.js	306 B	2023-03-07	2023-12-01
Pretty URL go.moartraffic.com/go.min.js IP 64.188.52.46 ASN #30602 ISPRIME Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:42:41 Last Seen2023-12-01 22:24:59 Times Seen68 Hash b8891bcb893d3ee2806e7989a3031af3 de5aab743d1bd13e45a864f7413a83b215b2cb1a ccfb01fbbefd9557045ec789bdaadcca96ca9da1b27ba23c6082a58f86b90df0 Loading...

	utl-1.com/1.6.36/mst2.min.js	18 kB	2023-03-07	2023-11-25
Pretty URL utl-1.com/1.6.36/mst2.min.js IP 54.230.111.7 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:42:41 Last Seen2023-11-25 18:19:28 Times Seen19 Hash 3a2e1fe5f9de68d28807b0b5675235f4 1ec71f3bf36850118f94eacb5c7949f449b3a0b7 252d3a0ef9c3754cdf38a02570d1a84fa4d94d53ac2eaeeada2e141f9c11a2e2 Loading...

	utl-1.com/1.6.36/utl.min.js	311 kB	2023-03-07	2023-03-11
Pretty URL utl-1.com/1.6.36/utl.min.js IP 54.230.111.7 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:48:42 Last Seen2023-03-11 23:33:09 Times Seen1 Hash 40c1841c872c6a35b44ca409092a694a 739cc4c63ff81b4c70f52813d27816f8d58045b6 cd6cc181d68f681399179ce20e8b1da4eff01fc9b969c292de3e50d130243d7f Loading...

	tours.specia1.com/t/1630/?t=50496&aid=106472&sid=44542_1321_&xk=9031c01501a9f498cce59450c365f2cd&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49561%26aid%3D106472%26sid%3D44542_1321_%26clickid%3D10269e1f52a98c7079ae62fade2f7c%26bo%3D2754%252C2755%252C2756%26hts_id%3D48eb77d1-21f7-4d5d-98a5-1766393e8868&clickid=10269e1f52a98c7079ae62fade2f7c&i18n_country=NO&hts_id=48eb77d1-21f7-4d5d-98a5-1766393e8868	139 B	2023-03-08	2023-03-17
Pretty URL tours.specia1.com/t/1630/?t=50496&aid=106472&sid=44542_1321_&xk=9031c01501a9f498cce59450c365f2cd&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49561%26aid%3D106472%26sid%3D44542_1321_%26clickid%3D10269e1f52a98c7079ae62fade2f7c%26bo%3D2754%252C2755%252C2756%26hts_id%3D48eb77d1-21f7-4d5d-98a5-1766393e8868&clickid=10269e1f52a98c7079ae62fade2f7c&i18n_country=NO&hts_id=48eb77d1-21f7-4d5d-98a5-1766393e8868 IP 54.230.111.54 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 07:42:14 Last Seen2023-03-17 10:36:56 Times Seen1 Hash d3eef284394224ff72fa3362a5e72982 3c2ee730889ade9c88b1fdf52e9fa1b6670d0f1c f42d0cdafbe0c33aa43d32e04730112d50ef6e5190f5c7ea445bd851d5cc065d Loading...

	cdn.izooto.com/scripts/sdk/izooto.js	225 kB	2023-03-07	2023-03-08
Pretty URL cdn.izooto.com/scripts/sdk/izooto.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:50:31 Last Seen2023-03-08 07:42:14 Times Seen1 Hash 3aadd381ce44bcea64d5f8868e5b4fe1 5d4fdd4423434bea1582eaf9b2f35873a95c687a b4b9044673e0dbf5d355014a286851375397aadccc29e53d3b2fec0aeb056399 Loading...

	tours.specia1.com/t/common/js/repoUtilsV2.js	6.4 kB	2023-03-07	2023-05-27
Pretty URL tours.specia1.com/t/common/js/repoUtilsV2.js IP 54.230.111.54 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:08:51 Last Seen2023-05-27 18:44:29 Times Seen10 Hash 463ab17c7b265e702f3c4390d78b31b3 af44646f4e11783a1123e3748a77ba3fecd1145b 27bfd892978a1454aeace298e543a317aefe9750e74faac177d85db1fe0968c8 Loading...

	cdn.izooto.com/scripts/sak/iz_setcid.html?v=1	3.6 kB	2023-03-07	2023-03-17
Pretty URL cdn.izooto.com/scripts/sak/iz_setcid.html?v=1 IP 104.18.217.65 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:22:00 Last Seen2023-03-17 12:47:13 Times Seen1 Hash d7822001499e91d42d7ef6c89fa16adf 90f8ac1c6cd694058ab2f6bcd077510ed11f4a12 44631f01334b73cb9cd3f3babf6ed51920d7b0dcbd8c05184823a1b9820b5ad1 Loading...

	go.moartraffic.com/go.php?t=49561&aid=106472&sid=44542_1321_&clickid=10269e1f52a98c7079ae62fade2f7c&bo=2754%2C2755%2C2756	603 B	2023-03-08	2023-03-08
Pretty URL go.moartraffic.com/go.php?t=49561&aid=106472&sid=44542_1321_&clickid=10269e1f52a98c7079ae62fade2f7c&bo=2754%2C2755%2C2756 IP 64.188.52.46 ASN #30602 ISPRIME Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 07:42:14 Last Seen2023-03-08 07:42:14 Times Seen1 Hash 4520d665faccce26504247dd216a64fa 971e0c1116088580871fd73e6fe02e37090d0498 7444cd06dabc137b126709eb2584a28c08471269d4a2b13004c35ad5155bd841 Loading...

	tours.specia1.com/t/common/js/footer_override.min.js	7.8 kB	2023-03-07	2023-05-29
Pretty URL tours.specia1.com/t/common/js/footer_override.min.js IP 54.230.111.54 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:42:41 Last Seen2023-05-29 06:36:55 Times Seen13 Hash bce527ef9e6ea886fffc7cee9fc69826 191e11c27855a895d29095f677f5c8ed75300b9d 45ef13c44a036731f700e5d6351134334e3f436a4c9af3d577be419e51f412bb Loading...

	tours.specia1.com/t/1630/api.js?v=6	8.1 kB	2023-03-08	2023-03-11
Pretty URL tours.specia1.com/t/1630/api.js?v=6 IP 54.230.111.54 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 07:42:14 Last Seen2023-03-11 22:50:37 Times Seen1 Hash 20272ce723aa2251cc2c3f0da461b426 eb2ded2dd583e8fe903d7ea37ce1d0d517b6c667 26a2e5c190906fe3cdd8b60759d92425965b087016c684671147ec7f470ccf87 Loading...

	tours.specia1.com/t/1630/custom.js	6.6 kB	2023-03-08	2023-03-11
Pretty URL tours.specia1.com/t/1630/custom.js IP 54.230.111.54 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 07:42:14 Last Seen2023-03-11 22:50:37 Times Seen1 Hash 6a97362bdc5ae1b7aadfe5907e0c8692 880e9d688a8601c0f7a45b3f4d08654673dc5690 e2eb44d649a47facb4e720fa2f569af266a9607a4ac622c2f7d72a61e5f8048f Loading...

		Size	First Seen	Last Seen
	#1 Eval - 5e153aec474218aff822ad71c30ea586	391 B	2023-03-07	2023-11-25
Pretty Observations First Seen2023-03-07 01:42:41 Last Seen2023-11-25 18:19:28 Times Seen24 Hash 5e153aec474218aff822ad71c30ea586 4562dc0e68c0682f401f5d9990a43b69d7325c59 0f79ce0b39dd2f788cadb6e9d464423192f8a7748fc01a289ee4cadc3813f00a Loading...

HTTP Transactions (73)

URL IP Response Size

t.anmdr.link/44542/5447/?aff_sub4=_bucket&aff_sub=22100611_01_375669_2008fa6ecfe5e;375669&aff_sub2=1321&aff_sub3=w85icrn68eveebiji0avftco&source=10291a2f45054408dd8587ce3ad216&bo=2754,2755,2756&aff_sub5=_

54.230.111.123

301 Moved Permanently

167 B

URL HTTP/1.1
t.anmdr.link/44542/5447/?aff_sub4=_bucket&aff_sub=22100611_01_375669_2008fa6ecfe5e;375669&aff_sub2=1321&aff_sub3=w85icrn68eveebiji0avftco&source=10291a2f45054408dd8587ce3ad216&bo=2754,2755,2756&aff_sub5=_
IP
54.230.111.123:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
167 B (167 bytes)
Hash
f5d40b7259645010f9a248858ad14178
b3051d17a6ec8c9e166bf09a62b48261ab86957b
7f5007068d2b56ea9735e2490d60cff2e72cae312024ac1f6c91158eba47d05d

HTTP Headers

GET /44542/5447/?aff_sub4=_bucket&aff_sub=22100611_01_375669_2008fa6ecfe5e;375669&aff_sub2=1321&aff_sub3=w85icrn68eveebiji0avftco&source=10291a2f45054408dd8587ce3ad216&bo=2754,2755,2756&aff_sub5=_ HTTP/1.1
Host: t.anmdr.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Server: CloudFront
Date: Thu, 06 Oct 2022 19:32:03 GMT
Content-Type: text/html
Content-Length: 167
Connection: keep-alive
Location: https://t.anmdr.link/44542/5447/?aff_sub4=_bucket&aff_sub=22100611_01_375669_2008fa6ecfe5e;375669&aff_sub2=1321&aff_sub3=w85icrn68eveebiji0avftco&source=10291a2f45054408dd8587ce3ad216&bo=2754,2755,2756&aff_sub5=_
X-Cache: Redirect from cloudfront
Via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: VBdtfd7SG1Aa1U7SWrzvXtvJdh4W76Wrrlib_MoGB7J2G1hqDWkhTQ==

firefox.settings.services.mozilla.com/v1/

54.230.111.35

200 OK

939 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/
IP
54.230.111.35:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Content-Type, Retry-After, Alert
Cache-Control: max-age=259200
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Wed, 05 Oct 2022 15:47:18 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 6lRR4BsqpzutPChrbhp7SmaCKqZrpxeKXPVlo_k-YJE7-ZZWEay56Q==
Age: 99885

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
282f6e1328452c1cb41f6a6272fff757
20b9ff1b5f4f81b645769bd4b4cf7bf7dfc16262
6a8070ebe51259cb11db68cca2c81f3c7408fad481d8c14cc1c38912442c63f4

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6A8070EBE51259CB11DB68CCA2C81F3C7408FAD481D8C14CC1C38912442C63F4"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2664
Expires: Thu, 06 Oct 2022 20:16:28 GMT
Date: Thu, 06 Oct 2022 19:32:04 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
94a09d62ab3057cda67a091c8d7478f5
b1c9d223a951d0bc9f17c9f3b84501266a552b58
582364f9f6014520c269f1f794e7c34027bd2697b53e5d02fad43e74a735e471

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "582364F9F6014520C269F1F794E7C34027BD2697B53E5D02FAD43E74A735E471"
Last-Modified: Thu, 06 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13870
Expires: Thu, 06 Oct 2022 23:23:14 GMT
Date: Thu, 06 Oct 2022 19:32:04 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: qW+tRNZkvJ4YNzkKJf9e7KaRu37G1mvCKxhWIrBfG8vvE/UdNY5ld25F75ReUMzmWEWa2XQq+hc=
x-amz-request-id: SMYMYXR62ZHES6GS
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 06 Oct 2022 18:58:51 GMT
age: 1993
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.sca1b.amazontrust.com/

54.230.245.118

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
54.230.245.118:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
c8833cffe92c27d80e422ff29ae10b9c
9e6a580adc198105ec30e383d7bf9cbbebc4e3fd
8b8755cc7e2379f5b26e5949f442343d186ddce0d5006f41571c8091a095e198

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Thu, 06 Oct 2022 19:32:04 GMT
Last-Modified: Thu, 06 Oct 2022 17:58:34 GMT
Server: ECS (dcb/7F5E)
X-Cache: Miss from cloudfront
Via: 1.1 ab09332bca1a3bd382d2e408f65b98d2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: DgBRbUSJG5Mo0GI-t5l8Yc_NT9X_sSoyPaGM72d5iuuMml8clYwpHQ==
Age: 5610

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 06 Oct 2022 19:32:04 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

54.230.111.35

200 OK

329 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
54.230.111.35:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Pragma, Content-Length, Backoff, Last-Modified, Cache-Control, Content-Type, Retry-After, ETag, Expires, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600, max-age=3600
Date: Thu, 06 Oct 2022 19:29:41 GMT
Expires: Thu, 06 Oct 2022 20:07:30 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 9037b7743a833da13439f0d4e2619b52.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: tU72VX7yF-aeOluXpKN68XELUqubQROUebu_UeBTg7460lazZ3pYiQ==
Age: 143

54.230.111.123

303 See Other

338 B

URL HTTP/2
t.anmdr.link/44542/5447/?aff_sub4=_bucket&aff_sub=22100611_01_375669_2008fa6ecfe5e;375669&aff_sub2=1321&aff_sub3=w85icrn68eveebiji0avftco&source=10291a2f45054408dd8587ce3ad216&bo=2754,2755,2756&aff_sub5=_
IP
54.230.111.123:0
ASN
#16509 AMAZON-02

File type
HTML document, ASCII text, with very long lines (338), with no line terminators
Size
338 B (338 bytes)
Hash
f2402ccdf5d533b11333ad77fbde6314
343372156ba8a8b6c587271ec213a961e9fdfd81
a9ba7f1393c8c47217adc3d53d92367e3a5c98bc831f62e0dc7aa36e188364c0

HTTP Headers

GET /44542/5447/?aff_sub4=_bucket&aff_sub=22100611_01_375669_2008fa6ecfe5e;375669&aff_sub2=1321&aff_sub3=w85icrn68eveebiji0avftco&source=10291a2f45054408dd8587ce3ad216&bo=2754,2755,2756&aff_sub5=_ HTTP/1.1
Host: t.anmdr.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 303 See Other
content-type: text/html; charset=utf-8
content-length: 338
location: https://go.moartraffic.com/go.php?t=49561&aid=106472&sid=44542_1321_&clickid=10269e1f52a98c7079ae62fade2f7c&bo=2754%2C2755%2C2756
server: nginx/1.19.0
date: Thu, 06 Oct 2022 19:32:04 GMT
set-cookie: aff_ran_url_8062=27597; Path=/; Expires=Fri, 07 Oct 2022 19:32:04 GMT; Secure
enc_aff_session_8062=ENC03cca23c9a32688ccfbaed30e88f13d957dcaca6420472279a1d2c47a01b9f385d583f1084483380f52a60df56ea05ee9c302a25e4c134b0e71ac94f2f13b4f58ae1b98ed08b7d227b9114252a13f59197f59d0ec546669bdc58829b5ad62712720435cb2ba1b406f5d2f7e2cc8b9c3d6db1c74d080744795b5d17e59a14da834864f4eebc67b724f35f22bc22d6c23ddb9fc7587feed1923d619f429520b57628a18c35c23be4db0f4458d2f75c8e24c6c17d557e552066b45a7f6f8aafa8f291781f5e196dd685b16ecf823b7d219dab00547e1880f804c3791ed0038cd05d970385cf88; Path=/; Expires=Sat, 05 Oct 2024 19:32:04 GMT; Secure
ho_mob=eyJtb2JpbGVfZGV2aWNlX29zIjoiRGVza3RvcCIsIm1vYmlsZV9kZXZpY2VfbW9kZWwiOiJGaXJlZm94IiwibW9iaWxlX2RldmljZV9icmFuZCI6Ik1vemlsbGEiLCJtb2JpbGVfYnJvd3NlciI6IkZpcmVmb3ggRGVza3RvcCIsIm1vYmlsZV9icm93c2VyX3ZlcnNpb24iOiI5Ni4wIiwibW9iaWxlX2NhcnJpZXIiOiI%2FIiwidXNlcl9hZ2VudCI6Ik1vemlsbGEvNS4wIChYMTE7IExpbnV4IFg4Nl82NDsgUnY6OTYuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC85Ni4wIiwiY29ubmVjdGlvbl9zcGVlZCI6ImJyb2FkYmFuZCJ9; Path=/; Expires=Sun, 31 Aug 2025 06:12:04 GMT; Secure
tracking_id: 10269e1f52a98c7079ae62fade2f7c
vary: Accept
strict-transport-security: max-age=15724800; includeSubDomains
x-cache: Miss from cloudfront
via: 1.1 94eee494c19905cb6933ec8a32a577a0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: HiYl2pQe-_2XAJb1hDv-QDUZAieXzhOzXJhu8hAzbfG0Z7XeQCS_pg==
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
8be5570b9a5ca76c580da007a824b029
38840f2ac6476bdd5608121c5653e338c7ad9715
0b94e05080ef85432b1815eb3c6c7594c9613cfde1b51eeabee46d0d9fde64b2

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4954
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 19:32:04 GMT
Last-Modified: Thu, 06 Oct 2022 18:09:30 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1c42849ff73c48be2dcb1d54e83a89c9
b62ddd7aa59c4630313731912d63ed370ef32d61
a49a8acc6067e623dd7280a44aaa46c0b31c8b36d7f4220573da62989f20d191

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A49A8ACC6067E623DD7280A44AAA46C0B31C8B36D7F4220573DA62989F20D191"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7909
Expires: Thu, 06 Oct 2022 21:43:53 GMT
Date: Thu, 06 Oct 2022 19:32:04 GMT
Connection: keep-alive

push.services.mozilla.com/

35.161.230.192

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
35.161.230.192:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 5cAnWX5ncxkrDjtr56mIiw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: sUeSZGJdn0VLMF/PfWJpeBQHR/E=

go.moartraffic.com/go.php?t=49561&aid=106472&sid=44542_1321_&clickid=10269e1f52a98c7079ae62fade2f7c&bo=2754%2C2755%2C2756

64.188.52.46

200 OK

549 B

URL HTTP/1.1
go.moartraffic.com/go.php?t=49561&aid=106472&sid=44542_1321_&clickid=10269e1f52a98c7079ae62fade2f7c&bo=2754%2C2755%2C2756
IP
64.188.52.46:0
ASN
#30602 ISPRIME

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (441)
Size
549 B (549 bytes)
Hash
ac0c025364945d05ec7acfa42ec7cdc3
448d46d18b7f053bc67a1145e4c469e08112f709
a8cd5cede8cacfa017d16ad75fa242bf3cce6d892a8d61cfe6fa2df589cd9605

HTTP Headers

GET /go.php?t=49561&aid=106472&sid=44542_1321_&clickid=10269e1f52a98c7079ae62fade2f7c&bo=2754%2C2755%2C2756 HTTP/1.1
Host: go.moartraffic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/1.1 200 OK
date: Thu, 06 Oct 2022 19:32:04 GMT
server: Apache
set-cookie: bd_ovtu=1; expires=Fri, 07-Oct-2022 19:32:05 GMT; Max-Age=86400; path=/; domain=.moartraffic.com
bdreff=NONE; expires=Tue, 04-Apr-2023 19:32:05 GMT; Max-Age=15552000; path=/; domain=.moartraffic.com
tour=50496; expires=Tue, 04-Apr-2023 19:32:05 GMT; Max-Age=15552000; path=/; domain=.moartraffic.com
affsubid=106472-44542_1321_; expires=Tue, 04-Apr-2023 19:32:05 GMT; Max-Age=15552000; path=/; domain=.moartraffic.com
bdvisit=106472; expires=Fri, 07-Oct-2022 19:32:05 GMT; Max-Age=86400; path=/; domain=.moartraffic.com
bdcounter=1; expires=Fri, 07-Oct-2022 19:32:05 GMT; Max-Age=86400; path=/; domain=.moartraffic.com
xk=9031c01501a9f498cce59450c365f2cd; expires=Tue, 04-Apr-2023 19:32:05 GMT; Max-Age=15552000; path=/; domain=.moartraffic.com
cache-control: no-store, no-cache, must-revalidate
expires: Thu, 01 Jan 1970 00:00:00 GMT
x-robots-tag: otherbot: noindex, nofollow, googlebot: noindex, nofollow
vary: Accept-Encoding
content-encoding: gzip
content-length: 549
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff

go.moartraffic.com/native.history.js

64.188.52.46

200 OK

6.5 kB

URL HTTP/1.1
go.moartraffic.com/native.history.js
IP
64.188.52.46:0
ASN
#30602 ISPRIME

File type
ASCII text, with very long lines (22102), with no line terminators
Size
6.5 kB (6519 bytes)
Hash
8353bbacfdb868f80448dcdb30c2e2d2
7232562be4f0f7a1aaa403c9d6c5d2ed17345cfd
fd7be3058aae52c67b43703962b3b6039b0ac2709a82a68a150aebae3e19ae38

HTTP Headers

GET /native.history.js HTTP/1.1
Host: go.moartraffic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://go.moartraffic.com/go.php?t=49561&aid=106472&sid=44542_1321_&clickid=10269e1f52a98c7079ae62fade2f7c&bo=2754%2C2755%2C2756
Cookie: bd_ovtu=1; bdreff=NONE; tour=50496; affsubid=106472-44542_1321_; bdvisit=106472; bdcounter=1; xk=9031c01501a9f498cce59450c365f2cd
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
date: Thu, 06 Oct 2022 19:32:05 GMT
server: Apache
vary: Accept-Encoding
content-encoding: gzip
content-type: application/javascript
content-length: 6519
x-content-type-options: nosniff

go.moartraffic.com/go.min.js

64.188.52.46

200 OK

221 B

URL HTTP/1.1
go.moartraffic.com/go.min.js
IP
64.188.52.46:0
ASN
#30602 ISPRIME

File type
ASCII text, with very long lines (305)
Size
221 B (221 bytes)
Hash
77d3c60f4f2cc6ab7f7c0f9187dfd6fe
7a8ce851238850aeadfb637638c52891aeb53c42
98de9958ac1d81fdeea1f165dfe95f2da4d7e592f452d7c8ca699a1c914e3f2e

HTTP Headers

GET /go.min.js HTTP/1.1
Host: go.moartraffic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://go.moartraffic.com/go.php?t=49561&aid=106472&sid=44542_1321_&clickid=10269e1f52a98c7079ae62fade2f7c&bo=2754%2C2755%2C2756
Cookie: bd_ovtu=1; bdreff=NONE; tour=50496; affsubid=106472-44542_1321_; bdvisit=106472; bdcounter=1; xk=9031c01501a9f498cce59450c365f2cd
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
date: Thu, 06 Oct 2022 19:32:06 GMT
server: Apache
vary: Accept-Encoding
content-encoding: gzip
content-type: application/javascript
content-length: 221
x-content-type-options: nosniff

go.moartraffic.com/favicon.ico

64.188.52.46

200 OK

198 B

URL HTTP/1.1
go.moartraffic.com/favicon.ico
IP
64.188.52.46:0
ASN
#30602 ISPRIME

File type
MS Windows icon resource - 1 icon, 16x16, 2 colors\012- data
Size
198 B (198 bytes)
Hash
c6acedaff906029fc5455d9ec52c7f42
92cbd806ca421aa2c9ff5e1ff76bbc20913a2f81
9deb629637088856fe61dc868bf40a7d21ed942e4117659f3d6c3408f59b906b

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: go.moartraffic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://go.moartraffic.com/go.php?t=49561&aid=106472&sid=44542_1321_&clickid=10269e1f52a98c7079ae62fade2f7c&bo=2754%2C2755%2C2756
Cookie: bd_ovtu=1; bdreff=NONE; tour=50496; affsubid=106472-44542_1321_; bdvisit=106472; bdcounter=1; xk=9031c01501a9f498cce59450c365f2cd
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
date: Thu, 06 Oct 2022 19:32:06 GMT
server: Apache
last-modified: Thu, 06 Oct 2022 16:30:39 GMT
etag: "c6-5ea6036b66e33"
accept-ranges: bytes
content-length: 198
content-type: image/vnd.microsoft.icon
x-content-type-options: nosniff

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e825fc3ba1ec6c169fbc10ffef8dffb0
6bf9cffa8468b37068aebed5a43dbc911086fc84
b0c59e715d8c38c061cfa06ec64c69f442f9417d6bc9c76e393c1fa00b11af86

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B0C59E715D8C38C061CFA06EC64C69F442F9417D6BC9C76E393C1FA00B11AF86"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2658
Expires: Thu, 06 Oct 2022 20:16:24 GMT
Date: Thu, 06 Oct 2022 19:32:06 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e825fc3ba1ec6c169fbc10ffef8dffb0
6bf9cffa8468b37068aebed5a43dbc911086fc84
b0c59e715d8c38c061cfa06ec64c69f442f9417d6bc9c76e393c1fa00b11af86

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B0C59E715D8C38C061CFA06EC64C69F442F9417D6BC9C76E393C1FA00B11AF86"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2658
Expires: Thu, 06 Oct 2022 20:16:24 GMT
Date: Thu, 06 Oct 2022 19:32:06 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e825fc3ba1ec6c169fbc10ffef8dffb0
6bf9cffa8468b37068aebed5a43dbc911086fc84
b0c59e715d8c38c061cfa06ec64c69f442f9417d6bc9c76e393c1fa00b11af86

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B0C59E715D8C38C061CFA06EC64C69F442F9417D6BC9C76E393C1FA00B11AF86"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2658
Expires: Thu, 06 Oct 2022 20:16:24 GMT
Date: Thu, 06 Oct 2022 19:32:06 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e825fc3ba1ec6c169fbc10ffef8dffb0
6bf9cffa8468b37068aebed5a43dbc911086fc84
b0c59e715d8c38c061cfa06ec64c69f442f9417d6bc9c76e393c1fa00b11af86

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B0C59E715D8C38C061CFA06EC64C69F442F9417D6BC9C76E393C1FA00B11AF86"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2658
Expires: Thu, 06 Oct 2022 20:16:24 GMT
Date: Thu, 06 Oct 2022 19:32:06 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e825fc3ba1ec6c169fbc10ffef8dffb0
6bf9cffa8468b37068aebed5a43dbc911086fc84
b0c59e715d8c38c061cfa06ec64c69f442f9417d6bc9c76e393c1fa00b11af86

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B0C59E715D8C38C061CFA06EC64C69F442F9417D6BC9C76E393C1FA00B11AF86"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2658
Expires: Thu, 06 Oct 2022 20:16:24 GMT
Date: Thu, 06 Oct 2022 19:32:06 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7fac259b-7a22-4aa2-ba3f-682cb749091c.jpeg

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7fac259b-7a22-4aa2-ba3f-682cb749091c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (11080 bytes)
Hash
2277f8f2d93b4bc3b05d348343177892
531d9e4ec9078cd2d7376a19fcb287084af36c82
62907648de4a2ed390232a71ab7dce49f1e9c3363cde6a2f30ecae10ab67f93a

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7fac259b-7a22-4aa2-ba3f-682cb749091c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11080
x-amzn-requestid: 8fa4d19d-87a5-46c5-96c5-4aec793daad9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZjO7xE5eoAMFQLw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633df84b-5c422c7a168c014f57559037;Sampled=0
x-amzn-remapped-date: Wed, 05 Oct 2022 21:34:03 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Miss from cloudfront
x-amz-cf-id: TlEKsCdhNhlKmA2Yhz8FarEUG18gQZMKGRD6SnzCnUMiKyGS9-UeOQ==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 73b60e9a9fd08eae9e034cedba707280.cloudfront.net (CloudFront), 1.1 google
date: Wed, 05 Oct 2022 21:38:04 GMT
etag: "531d9e4ec9078cd2d7376a19fcb287084af36c82"
content-type: image/jpeg
age: 78842
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd38ec9d6-fb69-4c6e-aae2-136fd254ae50.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.3 kB (7270 bytes)
Hash
e238ccaa3b9fa88476a8514855e8232f
447cbf348ef10d0136a1811e843c46937defbba1
43dce3c1eb388dfaddca4176acb6eb32f76fc4c03fca18e7a315c9ddb43d2b02

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd38ec9d6-fb69-4c6e-aae2-136fd254ae50.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7270
x-amzn-requestid: f2f15f43-6054-40f5-943a-530671e772dd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZjOZjF3aIAMFW9Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633df770-5e2253791a927c8c40a0ff0d;Sampled=0
x-amzn-remapped-date: Wed, 05 Oct 2022 21:30:24 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Miss from cloudfront
x-amz-cf-id: xRuMce_9OkP3R2DqHjZI34GwkDezdfGKsgntCMTZG2c6SJUcyv0Ckg==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 583992e175976bd59a21b4416890271e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 05 Oct 2022 21:56:40 GMT
etag: "447cbf348ef10d0136a1811e843c46937defbba1"
content-type: image/jpeg
age: 77726
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feda182b7-6bc8-4aea-82c3-d9fa08748b61.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.4 kB (7385 bytes)
Hash
e5a5ee14d41747f46e71f04782e1a3d3
b0205176a58913f57056b91674097bfb58046e97
b3bae0b56b50374cb85fc7fe4c9b551383d1969bf31e7adccb867e3467c59269

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feda182b7-6bc8-4aea-82c3-d9fa08748b61.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7385
x-amzn-requestid: f3b30c95-2f19-4d70-b358-ff7e1e1c56f6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZjO6uHJrIAMF3WA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633df844-5211c3087ea4f0023b32b284;Sampled=0
x-amzn-remapped-date: Wed, 05 Oct 2022 21:33:56 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: uka14Zb4NhZEmseL9817VqWrplnl8Yrmnp3oTVs6OeMjdCLI89QoVg==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 b47618c03bd47cf085f27b1e215f76cc.cloudfront.net (CloudFront), 1.1 google
date: Wed, 05 Oct 2022 21:36:41 GMT
age: 78925
etag: "b0205176a58913f57056b91674097bfb58046e97"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2ecef3b6-b278-4a22-86dd-6a19875e1cc1.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.5 kB (7511 bytes)
Hash
9e520f87cae411cfc2ed1c8a14184385
69ad212cb7ae309d4f02019552887135bfae67da
723b10bfbcde201b5811e3bd0560f02f90775e4d18b28d19e6c814899f2da71a

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2ecef3b6-b278-4a22-86dd-6a19875e1cc1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7511
x-amzn-requestid: 995b51dd-5484-4b4c-ad40-550f7fd85930
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZjO6uG70IAMFjBw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633df844-70f17f6f24dce0003d03902a;Sampled=0
x-amzn-remapped-date: Wed, 05 Oct 2022 21:33:56 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: 3lKuGlFCBN2wEsp9-Oa3ysQg62py090H30jy6_bR02Ufs0KGPrVC4w==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 d8d9c12d1a621129f4bc739038e7c72e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 05 Oct 2022 21:36:41 GMT
age: 78925
etag: "69ad212cb7ae309d4f02019552887135bfae67da"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fccecc8c9-b6da-4470-b2be-fa8d46df1cc2.webp
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.0 kB (9044 bytes)
Hash
70ea26af79226e9ff06d6198e2c019dc
ae2c476667f63c7f642f0d9f4d0bc0d846b0ef57
f9393e7b8cbaedc8e1ef87fd89c617cf102f58813d84d866ff68e3124f94d44c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fccecc8c9-b6da-4470-b2be-fa8d46df1cc2.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9044
x-amzn-requestid: 127bce04-9f75-4bb1-bbe7-33bf1694d96c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZdZPmHG5oAMFehw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633ba263-3896085b3b73ff5403237206;Sampled=0
x-amzn-remapped-date: Tue, 04 Oct 2022 03:02:59 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: E4yZTPRLFdK717YfwjOIFOJDi0wYpyA736dQELeM5iPLvGDXBosEWg==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google
date: Thu, 06 Oct 2022 04:27:43 GMT
age: 54263
etag: "ae2c476667f63c7f642f0d9f4d0bc0d846b0ef57"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

3.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb3178d2f-9a52-4d0e-a26b-5a90ef8578f2.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
3.4 kB (3430 bytes)
Hash
488ec5b4267ccb1cdc4e6e08556f7f3b
42dd7ec0c606dbd3ccc0074f61d3b4b12f2e3c88
d9b05fe92962a58b9a8e8dbd4757969aa361be12018107ae649ffcdb8a0f8d84

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb3178d2f-9a52-4d0e-a26b-5a90ef8578f2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 3430
x-amzn-requestid: 9b3b52d6-08b4-4893-962b-3dfe67e2f11d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZjTijF0vIAMFq3Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633dffa9-0a128734418b6c4d6375e2ac;Sampled=0
x-amzn-remapped-date: Wed, 05 Oct 2022 22:05:29 GMT
x-amz-cf-pop: SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: iRuujAZLL_0mf5_-FhMXpuWwHy-jidhBkFuBIZLo0tLlJArZgFEcbA==
via: 1.1 9b311162717b41c968f6f00426d88aaa.cloudfront.net (CloudFront), 1.1 45d6a557ecb29942f314e3dd736d817a.cloudfront.net (CloudFront), 1.1 google
date: Thu, 06 Oct 2022 16:10:55 GMT
age: 12071
etag: "42dd7ec0c606dbd3ccc0074f61d3b4b12f2e3c88"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.sca1b.amazontrust.com/

54.230.245.118

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
54.230.245.118:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
d3e53e0ae81210634f62479f4542f57f
f35e6e8d6fa34e76da37a99bdf38f447c7bbd536
58e2d543f8dadc9922cafaf9d5e181cafcd181b899f52f5852e2a8fe98131961

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Thu, 06 Oct 2022 19:32:06 GMT
Last-Modified: Thu, 06 Oct 2022 18:14:32 GMT
Server: ECS (bsa/EB17)
X-Cache: Miss from cloudfront
Via: 1.1 ab09332bca1a3bd382d2e408f65b98d2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: P2PFM9UNSDSGHmaTg4CqnYoXuU1gs0VLmedQOqpwBEDUFQ1mrwHCZw==
Age: 4654

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
b0e8a79f3e381ab34a44278947ac7c7e
70d01e6fdc8565c661b6ae8c5a043ddf2da16530
885a8c234fca85e6f6bb3e8fcab6672b9a9742b5d3f74681b17a330fa295d549

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 19:32:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.googleapis.com/css?family=Roboto:400,700

142.250.74.10

200 OK

1.1 kB

URL HTTP/2
fonts.googleapis.com/css?family=Roboto:400,700
IP
142.250.74.10:0
ASN
#15169 GOOGLE

File type
data
Size
1.1 kB (1064 bytes)
Hash
846b5912599610c8523bcb8a98fcde29
c9fba11ca270d9d78320f8c5e40896b428506d4c
5e962a0def5feb7896fd458762b5a9cdec7ec783770d81cfb274591e6220dd44

HTTP Headers

GET /css?family=Roboto:400,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 06 Oct 2022 19:32:06 GMT
date: Thu, 06 Oct 2022 19:32:06 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

tours.specia1.com/t/1630/images/arrow.svg

54.230.111.54

200 OK

867 B

URL HTTP/2
tours.specia1.com/t/1630/images/arrow.svg
IP
54.230.111.54:0
ASN
#16509 AMAZON-02

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
867 B (867 bytes)
Hash
d1482bd31dde1707b316f22bbe818ff4
98b63cc34e21b7d3092b70c00dc5a579ce0825ba
6efee9ca3dd0b249814e53fab132821a3c1b5370fdb02c704947399485ec43b9

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /t/1630/images/arrow.svg HTTP/1.1
Host: tours.specia1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/t/1630/?t=50496&aid=106472&sid=44542_1321_&xk=9031c01501a9f498cce59450c365f2cd&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49561%26aid%3D106472%26sid%3D44542_1321_%26clickid%3D10269e1f52a98c7079ae62fade2f7c%26bo%3D2754%252C2755%252C2756%26hts_id%3D48eb77d1-21f7-4d5d-98a5-1766393e8868&clickid=10269e1f52a98c7079ae62fade2f7c&i18n_country=NO&hts_id=48eb77d1-21f7-4d5d-98a5-1766393e8868
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: image/svg+xml
content-length: 867
last-modified: Wed, 05 Oct 2022 10:43:48 GMT
server: AmazonS3
date: Thu, 06 Oct 2022 19:32:07 GMT
etag: "d1482bd31dde1707b316f22bbe818ff4"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 0KL8BYjGE9rtPGQgdMfE8sfrqfZGPDoyxhDXjjRP-cUHqshiCy-yhQ==
X-Firefox-Spdy: h2

ocsp.sca1b.amazontrust.com/

54.230.245.118

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
54.230.245.118:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
22038bee42b926a6314fe272dcd8281d
ee776eacc51dc1f9f102ceebd826c7adc0c4e244
f9d6e519d64d29b1a110619c72049070d5371e1f06a6d13e634b75b5b12aad13

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: 'max-age=158059'
Date: Thu, 06 Oct 2022 19:32:06 GMT
Server: ECS (dcb/7EA2)
X-Cache: Miss from cloudfront
Via: 1.1 ab09332bca1a3bd382d2e408f65b98d2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: sB23S92gKVggx8FwcBO1OWF6ofctjt7lwktcJWED-q_jG2d52e3tKw==

tours.specia1.com/t/1630/?t=50496&aid=106472&sid=44542_1321_&xk=9031c01501a9f498cce59450c365f2cd&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49561%26aid%3D106472%26sid%3D44542_1321_%26clickid%3D10269e1f52a98c7079ae62fade2f7c%26bo%3D2754%252C2755%252C2756%26hts_id%3D48eb77d1-21f7-4d5d-98a5-1766393e8868&clickid=10269e1f52a98c7079ae62fade2f7c&i18n_country=NO&hts_id=48eb77d1-21f7-4d5d-98a5-1766393e8868

54.230.111.54

200 OK

4.5 kB

URL HTTP/2
tours.specia1.com/t/1630/?t=50496&aid=106472&sid=44542_1321_&xk=9031c01501a9f498cce59450c365f2cd&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49561%26aid%3D106472%26sid%3D44542_1321_%26clickid%3D10269e1f52a98c7079ae62fade2f7c%26bo%3D2754%252C2755%252C2756%26hts_id%3D48eb77d1-21f7-4d5d-98a5-1766393e8868&clickid=10269e1f52a98c7079ae62fade2f7c&i18n_country=NO&hts_id=48eb77d1-21f7-4d5d-98a5-1766393e8868
IP
54.230.111.54:0
ASN
#16509 AMAZON-02

File type
data
Size
4.5 kB (4530 bytes)
Hash
289698147ecf582abfdc23e397f3ab9f
1084cbea219edc5d4eac2be98daad211d9c06619
b2cd3ee297dfab8703bfbb7b0bdbfd2b013c41a6f83ab297187fc2f13c4d46f3

HTTP Headers

GET /t/1630/?t=50496&aid=106472&sid=44542_1321_&xk=9031c01501a9f498cce59450c365f2cd&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49561%26aid%3D106472%26sid%3D44542_1321_%26clickid%3D10269e1f52a98c7079ae62fade2f7c%26bo%3D2754%252C2755%252C2756%26hts_id%3D48eb77d1-21f7-4d5d-98a5-1766393e8868&clickid=10269e1f52a98c7079ae62fade2f7c&i18n_country=NO&hts_id=48eb77d1-21f7-4d5d-98a5-1766393e8868 HTTP/1.1
Host: tours.specia1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://go.moartraffic.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/html
last-modified: Wed, 05 Oct 2022 10:43:48 GMT
server: AmazonS3
content-encoding: gzip
date: Thu, 06 Oct 2022 19:32:07 GMT
etag: W/"044e6a289a886ae66fe4b0220ad0e33f"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 4IshJQpSOxpe1om7Z5Bh2458wxADaO5Q5Bva8kWooemVDlwlaDUIew==
X-Firefox-Spdy: h2

ocsp.sca1b.amazontrust.com/

54.230.245.118

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
54.230.245.118:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
22038bee42b926a6314fe272dcd8281d
ee776eacc51dc1f9f102ceebd826c7adc0c4e244
f9d6e519d64d29b1a110619c72049070d5371e1f06a6d13e634b75b5b12aad13

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Thu, 06 Oct 2022 19:32:06 GMT
Last-Modified: Thu, 06 Oct 2022 18:57:55 GMT
Server: ECS (dcb/7F5E)
X-Cache: Miss from cloudfront
Via: 1.1 a343e36742f64defd0a2caf1f96ff772.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: PWRUVQSKtYAJICD5ssTAl7ICJIy9bNujXHE3k0mp4gv1-_0_JRFgEw==
Age: 2052

utl-1.com/1.6.36/mst2.min.js

54.230.111.7

200 OK

18 kB

URL HTTP/2
utl-1.com/1.6.36/mst2.min.js
IP
54.230.111.7:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (17794), with no line terminators
Size
18 kB (17794 bytes)
Hash
3a2e1fe5f9de68d28807b0b5675235f4
1ec71f3bf36850118f94eacb5c7949f449b3a0b7
252d3a0ef9c3754cdf38a02570d1a84fa4d94d53ac2eaeeada2e141f9c11a2e2

HTTP Headers

GET /1.6.36/mst2.min.js HTTP/1.1
Host: utl-1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript
content-length: 17794
date: Sat, 01 Oct 2022 18:17:52 GMT
last-modified: Mon, 08 Nov 2021 10:23:59 GMT
etag: "3a2e1fe5f9de68d28807b0b5675235f4"
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 0e39dca74306d7aab723ed3d73dbfbb4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: MRFd0I1hOJI9aPIIxnb9kvybmTtNiklre7zqQrVE19wXTW7fAJif3g==
age: 436455
X-Firefox-Spdy: h2

tours.specia1.com/t/1630/images/logo@2x.png

54.230.111.54

200 OK

5.7 kB

URL HTTP/2
tours.specia1.com/t/1630/images/logo@2x.png
IP
54.230.111.54:0
ASN
#16509 AMAZON-02

File type
PNG image data, 402 x 62, 8-bit/color RGBA, non-interlaced\012- data
Size
5.7 kB (5734 bytes)
Hash
fbf17061e3e49f037f05c213e373539a
89bf142dd312845a02b63092720a8cba9e153fef
2a07b3c1686632fcf1e3ddc0fb8c5c9a7787ac70845ce6db0a900996537b1ebc

HTTP Headers

GET /t/1630/images/logo@2x.png HTTP/1.1
Host: tours.specia1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/t/1630/?t=50496&aid=106472&sid=44542_1321_&xk=9031c01501a9f498cce59450c365f2cd&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49561%26aid%3D106472%26sid%3D44542_1321_%26clickid%3D10269e1f52a98c7079ae62fade2f7c%26bo%3D2754%252C2755%252C2756%26hts_id%3D48eb77d1-21f7-4d5d-98a5-1766393e8868&clickid=10269e1f52a98c7079ae62fade2f7c&i18n_country=NO&hts_id=48eb77d1-21f7-4d5d-98a5-1766393e8868
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: image/png
content-length: 5734
last-modified: Wed, 05 Oct 2022 10:43:48 GMT
server: AmazonS3
date: Thu, 06 Oct 2022 19:32:07 GMT
etag: "fbf17061e3e49f037f05c213e373539a"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: FCFugnM6l98tk_F5qFhPWKMPCvNQN1Vx0RLBUeVz08c-8swulzUdTQ==
X-Firefox-Spdy: h2

utl-1.com/1.6.36/utl.min.js

54.230.111.7

200 OK

311 kB

URL HTTP/2
utl-1.com/1.6.36/utl.min.js
IP
54.230.111.7:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (65536), with no line terminators
Size
311 kB (311300 bytes)
Hash
40c1841c872c6a35b44ca409092a694a
739cc4c63ff81b4c70f52813d27816f8d58045b6
cd6cc181d68f681399179ce20e8b1da4eff01fc9b969c292de3e50d130243d7f

HTTP Headers

GET /1.6.36/utl.min.js HTTP/1.1
Host: utl-1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript
content-length: 311300
date: Sun, 02 Oct 2022 01:14:09 GMT
last-modified: Mon, 08 Nov 2021 10:23:59 GMT
etag: "40c1841c872c6a35b44ca409092a694a"
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 0e39dca74306d7aab723ed3d73dbfbb4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: -J5pBSUaKyX-OLtmqO1r2SbE8MQ9L_5QgtRAe-am9UM9riUKSgg1pA==
age: 411478
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
ff5f22aafa6751c60631736c305a4c7c
278b89e5c1a978e070be4b66bb780862894b8504
b501664d7591e6dfe95c8641e0020e04b76f16f5cb80a7fc0ee0b36af60a6382

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 19:32:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
ff5f22aafa6751c60631736c305a4c7c
278b89e5c1a978e070be4b66bb780862894b8504
b501664d7591e6dfe95c8641e0020e04b76f16f5cb80a7fc0ee0b36af60a6382

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 19:32:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

216.58.207.195

200 OK

16 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
216.58.207.195:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://tours.specia1.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 05 Oct 2022 19:34:08 GMT
expires: Thu, 05 Oct 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 86279
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

216.58.207.195

200 OK

16 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
216.58.207.195:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Size
16 kB (15860 bytes)
Hash
e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://tours.specia1.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 05 Oct 2022 19:34:08 GMT
expires: Thu, 05 Oct 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 86279
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
ff5f22aafa6751c60631736c305a4c7c
278b89e5c1a978e070be4b66bb780862894b8504
b501664d7591e6dfe95c8641e0020e04b76f16f5cb80a7fc0ee0b36af60a6382

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 19:32:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

tours.specia1.com/assets/specia1/ga.js?_=1665084727012

54.230.111.54

200 OK

392 B

URL HTTP/2
tours.specia1.com/assets/specia1/ga.js?_=1665084727012
IP
54.230.111.54:0
ASN
#16509 AMAZON-02

File type
ASCII text
Size
392 B (392 bytes)
Hash
eac15786f9b8937b5689ddf3faf0351d
c3bc0f68e5b6ec584c0034c1264ce966d354f341
6003f930e7a6ff14bd5520a7324f5a4ffcecbd182aaff2e8ace7ec65d885aa45

HTTP Headers

GET /assets/specia1/ga.js?_=1665084727012 HTTP/1.1
Host: tours.specia1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://tours.specia1.com/t/1630/?t=50496&aid=106472&sid=44542_1321_&xk=9031c01501a9f498cce59450c365f2cd&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49561%26aid%3D106472%26sid%3D44542_1321_%26clickid%3D10269e1f52a98c7079ae62fade2f7c%26bo%3D2754%252C2755%252C2756%26hts_id%3D48eb77d1-21f7-4d5d-98a5-1766393e8868&clickid=10269e1f52a98c7079ae62fade2f7c&i18n_country=NO&hts_id=48eb77d1-21f7-4d5d-98a5-1766393e8868
Cookie: tour=50496; affsubid=106472-44542_1321_; reff=https%3A%2F%2Fgo.moartraffic.com%2F; upgrade_tour=0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: application/javascript
content-length: 392
last-modified: Wed, 05 Oct 2022 10:43:19 GMT
server: AmazonS3
date: Thu, 06 Oct 2022 19:32:07 GMT
etag: "eac15786f9b8937b5689ddf3faf0351d"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: jns0YjvmJdCkJN1nRaC2Mh1GpfUE1z-iJIzhVVhVgsNH_rUO6Auf9A==
age: 113
X-Firefox-Spdy: h2

tours.specia1.com/t/1630/images/1.gif

54.230.111.54

200 OK

732 kB

URL HTTP/2
tours.specia1.com/t/1630/images/1.gif
IP
54.230.111.54:0
ASN
#16509 AMAZON-02

File type
GIF image data, version 89a, 326 x 500\012- data
Size
732 kB (732200 bytes)
Hash
5a7f11318716d28301785e5ad5132c13
e03f8142c03ce5a2e21b2237a22eea149089d8ba
e59425999076368670c90e3828e967036b2e0cfdf7b10a026537794b237edce1

HTTP Headers

GET /t/1630/images/1.gif HTTP/1.1
Host: tours.specia1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/t/1630/css/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: image/gif
content-length: 732200
last-modified: Wed, 05 Oct 2022 10:43:47 GMT
server: AmazonS3
date: Thu, 06 Oct 2022 19:32:08 GMT
etag: "5a7f11318716d28301785e5ad5132c13"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: chpbiuw_ZBdlv9SGeMrjVN0qkWgOGEy_Cg43pZt__a0kitwwoHOFRA==
X-Firefox-Spdy: h2

cdn.izooto.com/scripts/sak/iz_setcid.html?v=1

104.18.217.65

200 OK

1.6 kB

URL HTTP/2
cdn.izooto.com/scripts/sak/iz_setcid.html?v=1
IP
104.18.217.65:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document, ASCII text
Size
1.6 kB (1613 bytes)
Hash
ec49d184d0b67938e73475fbc31e09e3
8829ef08af3b23665ee4cce83a15d274ee8facc6
0ca1591ebbd55c707f65a377da1c1c464be2b0835fd379258afbb55a1dddf590

HTTP Headers

GET /scripts/sak/iz_setcid.html?v=1 HTTP/1.1
Host: cdn.izooto.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Thu, 06 Oct 2022 19:32:07 GMT
content-type: text/html
last-modified: Tue, 05 Apr 2022 12:00:20 GMT
vary: Accept-Encoding
x-xss-protection: 1; mode=block
cache-control: public, max-age=2678400
access-control-allow-origin: *
cf-cache-status: HIT
age: 370152
expires: Sun, 06 Nov 2022 19:32:07 GMT
server: cloudflare
cf-ray: 7560d238792cb512-OSL
content-encoding: br
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
2561c4fa9079cd666c3048eb9c0af282
d8004e441b392600202bee78a1cd15cf2523ae78
bcc82bb3cc6584041fb1323b270b782a407a078e8a7a2b72814711a78281c6a7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BCC82BB3CC6584041FB1323B270B782A407A078E8A7A2B72814711A78281C6A7"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7181
Expires: Thu, 06 Oct 2022 21:31:48 GMT
Date: Thu, 06 Oct 2022 19:32:07 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
2561c4fa9079cd666c3048eb9c0af282
d8004e441b392600202bee78a1cd15cf2523ae78
bcc82bb3cc6584041fb1323b270b782a407a078e8a7a2b72814711a78281c6a7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BCC82BB3CC6584041FB1323B270B782A407A078E8A7A2B72814711A78281C6A7"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7181
Expires: Thu, 06 Oct 2022 21:31:48 GMT
Date: Thu, 06 Oct 2022 19:32:07 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
2561c4fa9079cd666c3048eb9c0af282
d8004e441b392600202bee78a1cd15cf2523ae78
bcc82bb3cc6584041fb1323b270b782a407a078e8a7a2b72814711a78281c6a7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BCC82BB3CC6584041FB1323B270B782A407A078E8A7A2B72814711A78281C6A7"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7181
Expires: Thu, 06 Oct 2022 21:31:48 GMT
Date: Thu, 06 Oct 2022 19:32:07 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
2561c4fa9079cd666c3048eb9c0af282
d8004e441b392600202bee78a1cd15cf2523ae78
bcc82bb3cc6584041fb1323b270b782a407a078e8a7a2b72814711a78281c6a7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BCC82BB3CC6584041FB1323B270B782A407A078E8A7A2B72814711A78281C6A7"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7181
Expires: Thu, 06 Oct 2022 21:31:48 GMT
Date: Thu, 06 Oct 2022 19:32:07 GMT
Connection: keep-alive

secure.authbill.com/tour/api.php

68.169.87.223

200 OK

56 B

URL HTTP/1.1
secure.authbill.com/tour/api.php
IP
68.169.87.223:0
ASN
#30602 ISPRIME

File type
Clarion Developer (v2 and above) data file, read only, 759575096 records\012- , ASCII text, with no line terminators
Size
56 B (56 bytes)
Hash
d96c5367fa91d5c626dcd1e79a134c52
78d72e3a7a0cd79d807a46930ce78c9f5045ce75
5ca7a426c47a823f7a1befb5bd977e3950091c47c398e4ba685e1e4cf4b98402

HTTP Headers

POST /tour/api.php HTTP/1.1
Host: secure.authbill.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 39
Origin: https://tours.specia1.com
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
date: Thu, 06 Oct 2022 19:32:07 GMT
server: Apache
set-cookie: PHPSESSID=237E~f766bd6ad6fe9ae7944dad707bf24154; path=/; secure; HttpOnly
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-headers: X-Requested-With, content-type
vary: Accept-Encoding
content-encoding: gzip
content-length: 56
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff

secure.authbill.com/tour/api.php

68.169.87.223

200 OK

385 B

URL HTTP/1.1
secure.authbill.com/tour/api.php
IP
68.169.87.223:0
ASN
#30602 ISPRIME

File type
JSON data\012- , ASCII text, with very long lines (804), with no line terminators
Size
385 B (385 bytes)
Hash
673c190a4e2e73a6d3038928b8598f4c
6318b3faf1ccacf7f381d3c423d6a9882950c24c
39c4489106d62ae1d75f7c483c1a1a15311010cfe8445440c74d7582c6bba28c

HTTP Headers

POST /tour/api.php HTTP/1.1
Host: secure.authbill.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 41
Origin: https://tours.specia1.com
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
date: Thu, 06 Oct 2022 19:32:07 GMT
server: Apache
set-cookie: PHPSESSID=4DD2~2a4953397c06f31bec4b38485df7379b; path=/; secure; HttpOnly
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-headers: X-Requested-With, content-type
vary: Accept-Encoding
content-encoding: gzip
content-length: 385
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff

secure.authbill.com/tour/api.php

68.169.87.223

200 OK

4.8 kB

URL HTTP/1.1
secure.authbill.com/tour/api.php
IP
68.169.87.223:0
ASN
#30602 ISPRIME

File type
JSON data\012- , ASCII text, with very long lines (20405), with no line terminators
Size
4.8 kB (4820 bytes)
Hash
2c52104cbb6259e25de3f430d981f6a0
0794c091b4c15a50e328317de1050efb6151795b
6aba8684a9eb0aab82c8aa6aa3c73e86b5fb8d34f9d991ad9b6c847ae8b44b36

HTTP Headers

POST /tour/api.php HTTP/1.1
Host: secure.authbill.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 38
Origin: https://tours.specia1.com
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
date: Thu, 06 Oct 2022 19:32:07 GMT
server: Apache
set-cookie: PHPSESSID=D420~b20a3737bb3e138049394afd9113cd57; path=/; secure; HttpOnly
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-headers: X-Requested-With, content-type
vary: Accept-Encoding
content-encoding: gzip
content-length: 4820
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff

secure.authbill.com/tour/api.php

68.169.87.223

200 OK

21 B

URL HTTP/1.1
secure.authbill.com/tour/api.php
IP
68.169.87.223:0
ASN
#30602 ISPRIME

File type
very short file (no magic)
Size
21 B (21 bytes)
Hash
7ac8c27439ed6e2a30373651a2898777
1249bc89db36deb369d6388319453f015bd83e04
e240a7a561e7c84b32d4695ddc4c0d6c38a8e0c3f2581711c1971680f033437e

HTTP Headers

POST /tour/api.php HTTP/1.1
Host: secure.authbill.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 61
Origin: https://tours.specia1.com
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
date: Thu, 06 Oct 2022 19:32:07 GMT
server: Apache
set-cookie: PHPSESSID=120F~9b77b248cce4dfc2bb51fe37db0c73d8; path=/; secure; HttpOnly
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-headers: X-Requested-With, content-type
vary: Accept-Encoding
content-encoding: gzip
content-length: 21
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff

secure.authbill.com/tour/api.php

68.169.87.223

200 OK

159 B

URL HTTP/1.1
secure.authbill.com/tour/api.php
IP
68.169.87.223:0
ASN
#30602 ISPRIME

File type
JSON data\012- , ASCII text, with no line terminators
Size
159 B (159 bytes)
Hash
704f552bf9e91ed7a41ef3fe15f41e6c
ddb3f6202a07d626c2883ad589f457ad554d1025
5305b10c313709f6d27c70e321d5810292e915a8d2b45f0aacb0d668201f129d

HTTP Headers

POST /tour/api.php HTTP/1.1
Host: secure.authbill.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 31
Origin: https://tours.specia1.com
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
date: Thu, 06 Oct 2022 19:32:07 GMT
server: Apache
set-cookie: PHPSESSID=74D2~9525a331d71e18e95d44273ddd1c33fd; path=/; secure; HttpOnly
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-headers: X-Requested-With, content-type
vary: Accept-Encoding
content-encoding: gzip
content-length: 159
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff

secure.authbill.com/tour/api.php

68.169.87.223

200 OK

20 B

URL HTTP/1.1
secure.authbill.com/tour/api.php
IP
68.169.87.223:0
ASN
#30602 ISPRIME

File type
data
Size
20 B (20 bytes)
Hash
7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2

HTTP Headers

POST /tour/api.php HTTP/1.1
Host: secure.authbill.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 687
Origin: https://tours.specia1.com
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
date: Thu, 06 Oct 2022 19:32:07 GMT
server: Apache
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-headers: X-Requested-With, content-type
set-cookie: PHPSESSID=4DD2~f8e1255813282c51d473b676b1a55dc4; path=/; secure; HttpOnly
bd_ovtu=11; expires=Fri, 07-Oct-2022 19:32:07 GMT; Max-Age=86400; path=/; domain=.authbill.com
vary: Accept-Encoding
content-encoding: gzip
content-length: 20
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
f763a685d14b05b6ced9792151da30b8
b25be5359245be857ffa1bddcb197cb771a36a45
505ad6dc6417d58207f0d68862c4423f4611660ccc6afe165fd3ec2ccb1c893d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 19:32:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google-analytics.com/analytics.js

142.250.74.174

200 OK

20 kB

URL HTTP/2
www.google-analytics.com/analytics.js
IP
142.250.74.174:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1325)
Size
20 kB (20039 bytes)
Hash
47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e

HTTP Headers

GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Thu, 06 Oct 2022 18:41:09 GMT
expires: Thu, 06 Oct 2022 20:41:09 GMT
cache-control: public, max-age=7200
age: 3058
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
f763a685d14b05b6ced9792151da30b8
b25be5359245be857ffa1bddcb197cb771a36a45
505ad6dc6417d58207f0d68862c4423f4611660ccc6afe165fd3ec2ccb1c893d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 19:32:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google-analytics.com/collect?v=1&_v=j98&a=1967867621&t=pageview&_s=2&dl=https%3A%2F%2Ftours.specia1.com%2Ft%2F1630%2F%3Ft%3D50496%26aid%3D106472%26sid%3D44542_1321_%26xk%3D9031c01501a9f498cce59450c365f2cd%26bn%3D38%26gu%3Dhttp%253A%252F%252Fgo.moartraffic.com%252Fgo.php%253Ft%253D49561%2526aid%253D106472%2526sid%253D44542_1321_%2526clickid%253D10269e1f52a98c7079ae62fade2f7c%2526bo%253D2754%25252C2755%25252C2756%2526hts_id%253D48eb77d1-21f7-4d5d-98a5-1766393e8868%26clickid%3D10269e1f52a98c7079ae62fade2f7c%26i18n_country%3DNO%26hts_id%3D48eb77d1-21f7-4d5d-98a5-1766393e8868&dr=https%3A%2F%2Fgo.moartraffic.com%2F&ul=en-us&de=UTF-8&dt=GetFlirty&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&ci=Tour%3A%2050496&_u=YEBAAEABAAAAACAAI~&jid=&gjid=&cid=1564817702.1665084728&tid=UA-148167200-1&_gid=961893437.1665084728&z=174150531

142.250.74.174

200 OK

35 B

URL HTTP/2
www.google-analytics.com/collect?v=1&_v=j98&a=1967867621&t=pageview&_s=2&dl=https%3A%2F%2Ftours.specia1.com%2Ft%2F1630%2F%3Ft%3D50496%26aid%3D106472%26sid%3D44542_1321_%26xk%3D9031c01501a9f498cce59450c365f2cd%26bn%3D38%26gu%3Dhttp%253A%252F%252Fgo.moartraffic.com%252Fgo.php%253Ft%253D49561%2526aid%253D106472%2526sid%253D44542_1321_%2526clickid%253D10269e1f52a98c7079ae62fade2f7c%2526bo%253D2754%25252C2755%25252C2756%2526hts_id%253D48eb77d1-21f7-4d5d-98a5-1766393e8868%26clickid%3D10269e1f52a98c7079ae62fade2f7c%26i18n_country%3DNO%26hts_id%3D48eb77d1-21f7-4d5d-98a5-1766393e8868&dr=https%3A%2F%2Fgo.moartraffic.com%2F&ul=en-us&de=UTF-8&dt=GetFlirty&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&ci=Tour%3A%2050496&_u=YEBAAEABAAAAACAAI~&jid=&gjid=&cid=1564817702.1665084728&tid=UA-148167200-1&_gid=961893437.1665084728&z=174150531
IP
142.250.74.174:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
35 B (35 bytes)
Hash
28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

HTTP Headers

GET /collect?v=1&_v=j98&a=1967867621&t=pageview&_s=2&dl=https%3A%2F%2Ftours.specia1.com%2Ft%2F1630%2F%3Ft%3D50496%26aid%3D106472%26sid%3D44542_1321_%26xk%3D9031c01501a9f498cce59450c365f2cd%26bn%3D38%26gu%3Dhttp%253A%252F%252Fgo.moartraffic.com%252Fgo.php%253Ft%253D49561%2526aid%253D106472%2526sid%253D44542_1321_%2526clickid%253D10269e1f52a98c7079ae62fade2f7c%2526bo%253D2754%25252C2755%25252C2756%2526hts_id%253D48eb77d1-21f7-4d5d-98a5-1766393e8868%26clickid%3D10269e1f52a98c7079ae62fade2f7c%26i18n_country%3DNO%26hts_id%3D48eb77d1-21f7-4d5d-98a5-1766393e8868&dr=https%3A%2F%2Fgo.moartraffic.com%2F&ul=en-us&de=UTF-8&dt=GetFlirty&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&ci=Tour%3A%2050496&_u=YEBAAEABAAAAACAAI~&jid=&gjid=&cid=1564817702.1665084728&tid=UA-148167200-1&_gid=961893437.1665084728&z=174150531 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
pragma: no-cache
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 35
date: Wed, 05 Oct 2022 23:24:34 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
age: 72453
last-modified: Sun, 17 May 1998 03:00:00 GMT
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.google-analytics.com/j/collect?v=1&_v=j98&a=1967867621&t=event&_s=1&dl=https%3A%2F%2Ftours.specia1.com%2Ft%2F1630%2F%3Ft%3D50496%26aid%3D106472%26sid%3D44542_1321_%26xk%3D9031c01501a9f498cce59450c365f2cd%26bn%3D38%26gu%3Dhttp%253A%252F%252Fgo.moartraffic.com%252Fgo.php%253Ft%253D49561%2526aid%253D106472%2526sid%253D44542_1321_%2526clickid%253D10269e1f52a98c7079ae62fade2f7c%2526bo%253D2754%25252C2755%25252C2756%2526hts_id%253D48eb77d1-21f7-4d5d-98a5-1766393e8868%26clickid%3D10269e1f52a98c7079ae62fade2f7c%26i18n_country%3DNO%26hts_id%3D48eb77d1-21f7-4d5d-98a5-1766393e8868&dr=https%3A%2F%2Fgo.moartraffic.com%2F&ul=en-us&de=UTF-8&dt=GetFlirty&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&ci=Tour%3A%2050496&ec=Tour%3A%2050496&ea=Current%20step%3A%2001&el=Total%20steps%3A%207&_u=YEBAAEABAAAAACAAI~&jid=1388463923&gjid=1782791155&cid=1564817702.1665084728&tid=UA-148167200-1&_gid=961893437.1665084728&_r=1&_slc=1&z=1750669217

142.250.74.174

200 OK

4 B

URL HTTP/2
www.google-analytics.com/j/collect?v=1&_v=j98&a=1967867621&t=event&_s=1&dl=https%3A%2F%2Ftours.specia1.com%2Ft%2F1630%2F%3Ft%3D50496%26aid%3D106472%26sid%3D44542_1321_%26xk%3D9031c01501a9f498cce59450c365f2cd%26bn%3D38%26gu%3Dhttp%253A%252F%252Fgo.moartraffic.com%252Fgo.php%253Ft%253D49561%2526aid%253D106472%2526sid%253D44542_1321_%2526clickid%253D10269e1f52a98c7079ae62fade2f7c%2526bo%253D2754%25252C2755%25252C2756%2526hts_id%253D48eb77d1-21f7-4d5d-98a5-1766393e8868%26clickid%3D10269e1f52a98c7079ae62fade2f7c%26i18n_country%3DNO%26hts_id%3D48eb77d1-21f7-4d5d-98a5-1766393e8868&dr=https%3A%2F%2Fgo.moartraffic.com%2F&ul=en-us&de=UTF-8&dt=GetFlirty&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&ci=Tour%3A%2050496&ec=Tour%3A%2050496&ea=Current%20step%3A%2001&el=Total%20steps%3A%207&_u=YEBAAEABAAAAACAAI~&jid=1388463923&gjid=1782791155&cid=1564817702.1665084728&tid=UA-148167200-1&_gid=961893437.1665084728&_r=1&_slc=1&z=1750669217
IP
142.250.74.174:0
ASN
#15169 GOOGLE

File type
ASCII text, with no line terminators
Size
4 B (4 bytes)
Hash
9e92e190700c1af4539b40c2171320a9
209bcdb79e6067b51091ce8586d4b977f25b67d8
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

HTTP Headers

POST /j/collect?v=1&_v=j98&a=1967867621&t=event&_s=1&dl=https%3A%2F%2Ftours.specia1.com%2Ft%2F1630%2F%3Ft%3D50496%26aid%3D106472%26sid%3D44542_1321_%26xk%3D9031c01501a9f498cce59450c365f2cd%26bn%3D38%26gu%3Dhttp%253A%252F%252Fgo.moartraffic.com%252Fgo.php%253Ft%253D49561%2526aid%253D106472%2526sid%253D44542_1321_%2526clickid%253D10269e1f52a98c7079ae62fade2f7c%2526bo%253D2754%25252C2755%25252C2756%2526hts_id%253D48eb77d1-21f7-4d5d-98a5-1766393e8868%26clickid%3D10269e1f52a98c7079ae62fade2f7c%26i18n_country%3DNO%26hts_id%3D48eb77d1-21f7-4d5d-98a5-1766393e8868&dr=https%3A%2F%2Fgo.moartraffic.com%2F&ul=en-us&de=UTF-8&dt=GetFlirty&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&ci=Tour%3A%2050496&ec=Tour%3A%2050496&ea=Current%20step%3A%2001&el=Total%20steps%3A%207&_u=YEBAAEABAAAAACAAI~&jid=1388463923&gjid=1782791155&cid=1564817702.1665084728&tid=UA-148167200-1&_gid=961893437.1665084728&_r=1&_slc=1&z=1750669217 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://tours.specia1.com
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: https://tours.specia1.com
date: Thu, 06 Oct 2022 19:32:07 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
eac86f868b3967f1946c7f5fc712b25f
e2ae8eb09715a0af0791c085eb35bf66e0548e30
bceb14e7a478c0e34a0f1d8286eb954566c62051e996bc36189de922a76a6e06

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 19:32:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

tours.specia1.com/t/1630/images/favicon_GF_pink.png

54.230.111.54

200 OK

2.3 kB

URL HTTP/2
tours.specia1.com/t/1630/images/favicon_GF_pink.png
IP
54.230.111.54:0
ASN
#16509 AMAZON-02

File type
PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced\012- data
Size
2.3 kB (2338 bytes)
Hash
780c6a02cee9e8a95c1967769dc7b3f2
1776475d6b9b408d99bbe4b6a6124dded80d3d68
260ef5be9e78253dcfa39715d4d8254ffa0b36c6cc2bbad00b6213e0db0cb821

HTTP Headers

GET /t/1630/images/favicon_GF_pink.png HTTP/1.1
Host: tours.specia1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/t/1630/?t=50496&aid=106472&sid=44542_1321_&xk=9031c01501a9f498cce59450c365f2cd&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49561%26aid%3D106472%26sid%3D44542_1321_%26clickid%3D10269e1f52a98c7079ae62fade2f7c%26bo%3D2754%252C2755%252C2756%26hts_id%3D48eb77d1-21f7-4d5d-98a5-1766393e8868&clickid=10269e1f52a98c7079ae62fade2f7c&i18n_country=NO&hts_id=48eb77d1-21f7-4d5d-98a5-1766393e8868
Cookie: tour=50496; affsubid=106472-44542_1321_; reff=https%3A%2F%2Fgo.moartraffic.com%2F; upgrade_tour=50496; guid=C3B3A82F-D81B-4A34-9D4D-FAEE25707792; custom_tracking=%5B%22address%22%2C%22ad_type%22%2C%22app_id%22%2C%22app_name%22%2C%22auth_token%22%2C%22a_aid%22%2C%22a_bid%22%2C%22banner%22%2C%22banner_id%22%2C%22banner_size%22%2C%22bn%22%2C%22c%22%2C%22cid%22%2C%22city%22%2C%22clickid%22%2C%22click_id%22%2C%22click_url%22%2C%22cmp_bo%22%2C%22cmp_member_id%22%2C%22consent%22%2C%22dx%22%2C%22email%22%2C%22exotracker%22%2C%22f%22%2C%22fbclid%22%2C%22fbid%22%2C%22first_name%22%2C%22gclid%22%2C%22gdpr%22%2C%22h%22%2C%22hts_id%22%2C%22hx%22%2C%22keyword%22%2C%22landerid%22%2C%22lander_id%22%2C%22last_name%22%2C%22misc_tour_info%22%2C%22niche%22%2C%22np%22%2C%22offer%22%2C%22origin%22%2C%22phone_number%22%2C%22placement%22%2C%22product%22%2C%22product_id%22%2C%22profile_visited%22%2C%22publisher%22%2C%22rcid%22%2C%22referer%22%2C%22reqid%22%2C%22rgc%22%2C%22rgh%22%2C%22rgm%22%2C%22schedule%22%2C%22sdaf%22%2C%22sdfsadf%22%2C%22session_initiated_by%22%2C%22sl%22%2C%22smoochy_user_id%22%2C%22snapchat_username%22%2C%22source%22%2C%22state%22%2C%22street%22%2C%22sv_cheating_mon%22%2C%22template%22%2C%22thumb_id%22%2C%22tracker_id%22%2C%22upgrade_uuid%22%2C%22upg_reason%22%2C%22userage%22%2C%22useremail%22%2C%22userzip%22%2C%22user_id%22%2C%22wellhello_profile_id%22%2C%22wellhello_upgrade_tour%22%2C%22xk%22%2C%22zip%22%5D; prop_bn=38; prop_clickid=10269e1f52a98c7079ae62fade2f7c; prop_hts_id=48eb77d1-21f7-4d5d-98a5-1766393e8868; prop_xk=9031c01501a9f498cce59450c365f2cd; affiliate_106472_is_terminated=0; geoip=%7B%22country_code%22%3A%22NO%22%2C%22country_name%22%3A%22Norway%22%2C%22region%22%3A%22Oslo%22%2C%22city%22%3A%22Oslo%22%2C%22latitude%22%3A59.9127311707%2C%22longitude%22%3A10.7460899353%2C%22zipcode%22%3A%220131%22%2C%22isp_name%22%3A%22Blix%20Group%20AS%22%2C%22mobile_brand%22%3A%22%22%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: image/png
content-length: 2338
last-modified: Wed, 05 Oct 2022 10:43:48 GMT
server: AmazonS3
date: Thu, 06 Oct 2022 19:32:08 GMT
etag: "780c6a02cee9e8a95c1967769dc7b3f2"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: vifSV2aHrLW-ocxaB75pBBpBVgcrEly4n-pbhwLnQcp-cmtVr_eBqA==
X-Firefox-Spdy: h2

stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-148167200-1&cid=1564817702.1665084728&jid=1388463923&gjid=1782791155&_gid=961893437.1665084728&_u=YEBAAEAAAAAAACAAI~&z=828930003

173.194.73.157

200 OK

4 B

URL HTTP/2
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-148167200-1&cid=1564817702.1665084728&jid=1388463923&gjid=1782791155&_gid=961893437.1665084728&_u=YEBAAEAAAAAAACAAI~&z=828930003
IP
173.194.73.157:0
ASN
#15169 GOOGLE

File type
ASCII text, with no line terminators
Size
4 B (4 bytes)
Hash
48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a

HTTP Headers

POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-148167200-1&cid=1564817702.1665084728&jid=1388463923&gjid=1782791155&_gid=961893437.1665084728&_u=YEBAAEAAAAAAACAAI~&z=828930003 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://tours.specia1.com
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: https://tours.specia1.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Thu, 06 Oct 2022 19:32:07 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
1cecd042e106c70af7e8f0d9863ca3d9
fa94604e9e99c752d18708abcec8584a5eee66ea
3525f542ce5a72795646c2bba144333920f67f3e9938748f9d3bd3aff9ac496e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 19:32:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
40a4de06678d96242b71d5318f2fd4ef
546a7d1d92df81916f14155943427b5453ae3924
aed9af25ae57c181702a137d48cb00f5b30297180161451de3b628359dc9ec6f

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 19:32:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

tours.specia1.com/t/1630/api.js?v=6

54.230.111.54

200 OK

3.1 kB

URL HTTP/2
tours.specia1.com/t/1630/api.js?v=6
IP
54.230.111.54:0
ASN
#16509 AMAZON-02

File type
data
Size
3.1 kB (3085 bytes)
Hash
f3971668059f113d660899c671af8483
c16152af5a4d99a19cb649f32f9427a19e1c9009
2998af3ecd6c18ba2860aaa2f942f3a0a746b86e2a6b6d4d237319ab64a2d36f

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /t/1630/api.js?v=6 HTTP/1.1
Host: tours.specia1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/t/1630/?t=50496&aid=106472&sid=44542_1321_&xk=9031c01501a9f498cce59450c365f2cd&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49561%26aid%3D106472%26sid%3D44542_1321_%26clickid%3D10269e1f52a98c7079ae62fade2f7c%26bo%3D2754%252C2755%252C2756%26hts_id%3D48eb77d1-21f7-4d5d-98a5-1766393e8868&clickid=10269e1f52a98c7079ae62fade2f7c&i18n_country=NO&hts_id=48eb77d1-21f7-4d5d-98a5-1766393e8868
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: application/javascript
last-modified: Wed, 05 Oct 2022 10:43:47 GMT
server: AmazonS3
content-encoding: gzip
date: Thu, 06 Oct 2022 19:32:07 GMT
etag: W/"20272ce723aa2251cc2c3f0da461b426"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: qjw_qAnj-RWLKVZB1krpA1fE7Yqc4VIraC7LmMibri1dQr5QeD0lyQ==
X-Firefox-Spdy: h2

www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-148167200-1&cid=1564817702.1665084728&jid=1388463923&_u=YEBAAEAAAAAAACAAI~&z=1351935204

142.250.74.3

200 OK

42 B

URL HTTP/2
www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-148167200-1&cid=1564817702.1665084728&jid=1388463923&_u=YEBAAEAAAAAAACAAI~&z=1351935204
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-148167200-1&cid=1564817702.1665084728&jid=1388463923&_u=YEBAAEAAAAAAACAAI~&z=1351935204 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 06 Oct 2022 19:32:07 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-148167200-1&cid=1564817702.1665084728&jid=1388463923&_u=YEBAAEAAAAAAACAAI~&z=1351935204

142.250.74.164

200 OK

42 B

URL HTTP/2
www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-148167200-1&cid=1564817702.1665084728&jid=1388463923&_u=YEBAAEAAAAAAACAAI~&z=1351935204
IP
142.250.74.164:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-148167200-1&cid=1564817702.1665084728&jid=1388463923&_u=YEBAAEAAAAAAACAAI~&z=1351935204 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 06 Oct 2022 19:32:07 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
1d4c3917173bd92c4b3208cdf2c7c345
726a9aa16eef5844afde825f9faf1b505d31e69b
572eebfaf735eb8aa1b3563d0317d52f5d22e9e83e5f5b6723f65da83fb15f22

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 06 Oct 2022 19:32:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

tours.specia1.com/t/common/js/footer_override.min.js

54.230.111.54

200 OK

1.8 kB

URL HTTP/2
tours.specia1.com/t/common/js/footer_override.min.js
IP
54.230.111.54:0
ASN
#16509 AMAZON-02

File type
data
Size
1.8 kB (1836 bytes)
Hash
c487db1dbba7542bb059f971ff53ad6f
e59cdbf9d50819488f77a2aab4d19c0c7a73a4d6
c0004121c48b727db6ca4242e973340a4018dcf36ba9b0a176a214753dbde611

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /t/common/js/footer_override.min.js HTTP/1.1
Host: tours.specia1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/t/1630/?t=50496&aid=106472&sid=44542_1321_&xk=9031c01501a9f498cce59450c365f2cd&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49561%26aid%3D106472%26sid%3D44542_1321_%26clickid%3D10269e1f52a98c7079ae62fade2f7c%26bo%3D2754%252C2755%252C2756%26hts_id%3D48eb77d1-21f7-4d5d-98a5-1766393e8868&clickid=10269e1f52a98c7079ae62fade2f7c&i18n_country=NO&hts_id=48eb77d1-21f7-4d5d-98a5-1766393e8868
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: application/javascript
last-modified: Wed, 05 Oct 2022 10:45:08 GMT
server: AmazonS3
content-encoding: gzip
date: Thu, 06 Oct 2022 19:30:52 GMT
etag: W/"bce527ef9e6ea886fffc7cee9fc69826"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: M_wIWBs86pgonbb79LhkBk_mwrxpQrQ4pI9gaN3zwSNfvvtbl3PzBQ==
age: 75
X-Firefox-Spdy: h2

tours.specia1.com/t/1630/custom.js

54.230.111.54

200 OK

0 B

URL HTTP/2
tours.specia1.com/t/1630/custom.js
IP
54.230.111.54:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /t/1630/custom.js HTTP/1.1
Host: tours.specia1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/t/1630/?t=50496&aid=106472&sid=44542_1321_&xk=9031c01501a9f498cce59450c365f2cd&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49561%26aid%3D106472%26sid%3D44542_1321_%26clickid%3D10269e1f52a98c7079ae62fade2f7c%26bo%3D2754%252C2755%252C2756%26hts_id%3D48eb77d1-21f7-4d5d-98a5-1766393e8868&clickid=10269e1f52a98c7079ae62fade2f7c&i18n_country=NO&hts_id=48eb77d1-21f7-4d5d-98a5-1766393e8868
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: application/javascript
last-modified: Wed, 05 Oct 2022 10:43:47 GMT
server: AmazonS3
content-encoding: gzip
date: Thu, 06 Oct 2022 19:32:07 GMT
etag: W/"6a97362bdc5ae1b7aadfe5907e0c8692"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: aweBlK9ELH3kED_mb28B9P82n6Tbz8-xl2EQRL5pcz9RyytJrSJVrQ==
X-Firefox-Spdy: h2

tours.specia1.com/t/common/js/repoUtilsV2.js

54.230.111.54

200 OK

0 B

URL HTTP/2
tours.specia1.com/t/common/js/repoUtilsV2.js
IP
54.230.111.54:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /t/common/js/repoUtilsV2.js HTTP/1.1
Host: tours.specia1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/t/1630/?t=50496&aid=106472&sid=44542_1321_&xk=9031c01501a9f498cce59450c365f2cd&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49561%26aid%3D106472%26sid%3D44542_1321_%26clickid%3D10269e1f52a98c7079ae62fade2f7c%26bo%3D2754%252C2755%252C2756%26hts_id%3D48eb77d1-21f7-4d5d-98a5-1766393e8868&clickid=10269e1f52a98c7079ae62fade2f7c&i18n_country=NO&hts_id=48eb77d1-21f7-4d5d-98a5-1766393e8868
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: application/javascript
last-modified: Wed, 05 Oct 2022 10:45:08 GMT
server: AmazonS3
content-encoding: gzip
date: Thu, 06 Oct 2022 19:31:49 GMT
etag: W/"463ab17c7b265e702f3c4390d78b31b3"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: QK3oJnCGflClMSgL-euHbBITNHjyygsXrG88AZgoY4O1kpQeWouUFg==
age: 225
X-Firefox-Spdy: h2

tours.specia1.com/t/1630/css/style.css

54.230.111.54

200 OK

0 B

URL HTTP/2
tours.specia1.com/t/1630/css/style.css
IP
54.230.111.54:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /t/1630/css/style.css HTTP/1.1
Host: tours.specia1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tours.specia1.com/t/1630/?t=50496&aid=106472&sid=44542_1321_&xk=9031c01501a9f498cce59450c365f2cd&bn=38&gu=http%3A%2F%2Fgo.moartraffic.com%2Fgo.php%3Ft%3D49561%26aid%3D106472%26sid%3D44542_1321_%26clickid%3D10269e1f52a98c7079ae62fade2f7c%26bo%3D2754%252C2755%252C2756%26hts_id%3D48eb77d1-21f7-4d5d-98a5-1766393e8868&clickid=10269e1f52a98c7079ae62fade2f7c&i18n_country=NO&hts_id=48eb77d1-21f7-4d5d-98a5-1766393e8868
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: text/css
last-modified: Wed, 05 Oct 2022 10:43:47 GMT
server: AmazonS3
content-encoding: gzip
date: Thu, 06 Oct 2022 19:32:07 GMT
etag: W/"2c33245a6525d33873c44d3e3544c767"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Y1166UHNJl91XZZNMxWKF4rTizaYoWnEAOmxDkmabofxCI68muOZbQ==
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (15)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations